Microsoft-based Operating Systems

What is the difference between a domain and a workgroup?

Computers on a network can be part of a workgroup or a domain. The main difference between
workgroups and domains is how resources on the network are managed. Computers on home networks
are usually part of a workgroup, and computers on workplace networks are usually part of a domain.

In a workgroup:
 All computers are peers; no computer has control over another computer.

 Each computer has a set of user accounts. To use any computer in the workgroup, you must have
an account on that computer.

 There are typically no more than ten to twenty computers.

 All computers must be on the same local network or subnet.

In a domain:
 One or more computers are servers. Network administrators use servers to control the security
and permissions for all computers on the domain. This makes it easy to make changes because the
changes are automatically made to all computers.

 If you have a user account on the domain, you can log on to any computer on the domain
without needing an account on that computer.

 There can be hundreds or thousands of computers.

 The computers can be on different local networks.

Q: What are the major advantages of working in a domain model?

Advantage of Domain Environment 1.Data Centralization 2.Security 3.Effictive Permission 4.Single

Platform to manage whole network 5.User can login to any computer and access their rsourses any
time and much more.

Q: What types of operating system installation methods do you know?

 Direct Installation through CD/DVD or Removable Drive 

 Remote Installation Services (RIS) 
RIS can be used only for clean installations and can't be used to upgrade a previous version of
Windows. A RIPrep image can contain the operating system and applications. Computers that
are connected to the same network as the server and have PXE enabled, automatically start the
RIS sequence.
 Image Deployment 
 Silent installation
Installation that does not display messages or windows during its progress. "Silent installation" is
not the same as "unattended installation", though it is often improperly used as such.
 Unattended installation
Installation that is performed without user interaction during its progress or, in a stricter sense,
with no user present at all, except eventually for the initial launch of the process. An installation
process usually requires a user who "attends" it to make choices at request: accepting an EULA,
specifying preferences and passwords, etc. In graphical environments, installers that offer
a wizard-based interface are common. However these installers may also provide command
line switches that allow performing unattended installations.
 Answer file
Some unattended installations can be driven by a script providing answers to the various choices
such as the answer file which can be used when installing Microsoft Windows on a large number
of machines.
 Self installation
Unattended installation, without the need of initial launch of the process (i.e. Vodafone Mobile
Connect USB Modem or Huawei E220'sMobile Partner software that self-installs from the USB
port).
 Headless installation
Installation performed without using a monitor connected to the destination computer (in
particular, on a computer with no video output at all). This can be an (attended) installation
performed from another machine connected via LAN or via a serial cable.
Unattended and headless installations are common tasks for system administrators.
 Clean installation
Given the complexity of a typical installation there are many factors that may interfere with its
successful completion. In particular files that are leftover from old installations of the same
program or an unstable situation of the operating system may all act to prevent a given program
from installing and working correctly. An installation performed in absence of such interfering
factors (which may vary from program to program) is called a clean installation. In particular, a
clean operating system installation can be performed by formatting its destination partition before
the actual installation process.
 Flat installation
An installation of a program performed from a copy (called a flat copy) of its original media
contents (mostly CDs or DVDs) to a hard drive, rather than directly from the media. This may help
in some situations where the target machine isn't able to cope with random access reads from
CD/DVD at the same time as performing the CPU-intensive tasks often required by an
installation, or where the target machine does not have an appropriate physical drive.
  Network Installation
An installation of a program from a shared network drive. This may simply be a copy of the
original media (as in a Flat Installation), but frequently, software publishers which offer site
licenses for institutional customers provide a version intended for installation over a network.
 Virtual installation
AmigaOS features a centalized standard installation utility called Installer since version 2.0 in
1991. It is driven by a LISP language interpreter, and users have the faculty of editing the
installation scripts as these are plain text files. Installer also features the unsurpassed chance for
users to perform virtual installations and verify any possible problem before committing the real
installation.

Q: What is Syprep?

The System Preparation tool (Sysprep) is a technology that you can use with other deployment
tools to install Microsoft Windows operating systems with minimal intervention by an administrator
or technician. Sysprep is typically used during large-scale rollouts when it would be too slow and
costly to have administrators or technicians interactively install the operating system on individual
computers.

Q: What is the major difference between newsid and sysprep?

The System Preparation tool (Sysprep) is a technology that you can use with other deployment tools
to install Microsoft Windows operating systems with minimal intervention by an administrator or
technician.

NEWSID.EXE is an executable from the software NewSID by Sysinternals. NEWSID.EXE is most

commonly found under the directory "newsid" with a date of creation.

Q: What is the function of the pagefile.sys & HIBERFIL.SYS file?

HIBERFIL.SYS

HIBERFIL.SYS is a file the system creates when the computer goes into hibernation mode. Windows uses the

file when it is turned back on. If you don't need hibernation mode and want to delete the file you need to

turn the hibernation option off before Windows will allow you to delete the file. The procedure for turning

hibernation off differs markedly between Windows XP and Vista. The file size depends largely on the size of

active RAM in the computer as the contents of the file are basically a RAM image.

 Windows XP

 Procedure for Windows XP. This procedure makes use of the graphical user interface.
 o Start | Control Panel | Power Options

o Go to the Hibernate Tab.

o Uncheck the Enable Hibernation box if you don't need the hibernation function.

o The file should now be able to be deleted.

 Windows Vista

Procedure for Windows Vista and Windows 7. This procedure requires that you be an

administrator and uses the command line.

o Start | All Programs | Accessories

o Right click on the Command Prompt entry and choose Run as Administrator from the

context menu that pops up (OK any UAC queries about doing this).

o A Command Prompt window should open.

o At the command prompt (where the flashing cursor is) type powercfg.exe /hibernate off

and press the Enter key.

o The box should flash and you'll be back at the Command Prompt; type exit and press the

Enter key to exit the Command Prompt mode.

o Hibernation should now be turned off and the file HIBERFILE.SYS deleted. If you want to

turn it back on repeat the procedure and use /hibernate on instead.

Q: What is registry?

The Windows Registry is a hierarchical database that stores configuration settings and options on
Microsoft Windows operating systems. It contains settings for low-level operating system
components as well as the applications running on the platform: the kernel, device drivers,
services, SAM, user interface and third party applications all make use of the Registry. The
registry also provides a means to access counters for profiling system performance.

Q; How to edit registry?

If you are modifying settings for Word for Windows 95, use the RegOptions macro to modify Word-related

Registry entries. To modify settings for other programs, use the following steps to make changes in the

Registry itself:

1. Start RegEdit and export the key you want to modify by following the steps in the "Backup By

Exporting a Portion of the Registry" section above.

 2. Select the entry you want to modify.

3. Right-click on the entry and select Modify.

4. In the "Value data" box, make the change.

NOTE: if you are changing a path, verify that is correct before you change the Registry.

5. Click OK.

6. Exit Registry Editor.

Q: Describe the three most common types of cabling media used in LANs.

The three most common types of cabling media used in LANs are:

Coaxial Cable. Coaxial cable comes in two versions: Thinnet and Thicknet. Thinnet looks like regular TV
cable.* It is about 1/4 inch in diameter and is very flexible and easy to work with. In contrast, Thicknet is
about 1/2 inch in diameter and not very flexible. Thicknet is older and not very common anymore except
as a backbone within and between buildings. Coax transmits at 10 Mbps..

Twisted Pair. Twisted pair looks like telephone wire and consists of insulated strands of copper wire
twisted together. There are two versions of twisted pair cable: Shielded Twisted Pair (STP) and
Unshielded Twisted Pair (UTP). STP is commonly used in Token Ring networks and UTP in Ethernet
networks where it is referred to as "10baseT." Transmission rates vary between 10-100 Mbps..

Fiber-Optic Cable. Fiber-optic cable consists of a thin cylinder of glass surrounded by glass cladding,
encased in protective outer sheath. Fiber-optic cable is very fast (100 Mbps). It can transmit over long
distances (2 km +) but is expensive.

*Don’t confuse Thinnet cable (RG 58) with cable TV cable (RG 59). They look alike but they are not
interchangeable.

Q: What are the recommended maximum segment lengths for each type of cable?

The type of cable plays a role in how fast a signal will degrade as it is transmitted. The following are the
recommended maximum cable lengths:

Thinnet- maximum length of segment (terminator to terminator) is 185 meters (607 feet)

Thicknet -maximum length of segment (single run) is 500 meters (1,640 feet)

Unshielded Twisted Pair (UTP) - maximum length of cable between hub and computer is 100 meters
(328 feet)

Fiber-Optic - maximum length of cable is 2 kilometers. (6,562 feet)

Q: What is a backbone?
A backbone is a generic term used to describe media that interconnects a number of computers,
segments or subnets.

In its most common form, a backbone is used to connect hubs. Each hub represents a segment on which
individual workstations are connected via UTP cable. The hubs from different segments are then
connected to each other with thinnet cable. In this case, the thinnet cable functions as the backbone
that links the hubs.

In another example, a backbone may be a length of cable that serves as a trunk. Drop cables are
attached from the backbone to connect individual workstations.

A backbone is often used to connect networks in separate buildings. Organizations typically use fiber-
optic cable for this type of backbone. Thicknet is also used as a backbone.

Networking

Q: What is an IP Address?

An Internet Protocol address (IP address) is a numerical label that is assigned to any device participating
in a computer network that uses the Internet Protocol for communication between its nodes.

Q: What is a Subnet Mask?

A subnet mask allows you to identify which part of an IP address are reserved for the network, and
which part is available for host use. If you look at the IP address alone, especially now with classless
inter-domain routing, you can't tell which part of the address is which. Adding the subnet mask, or net
mask, gives you all the information you need to calculate network and host portions of the address with
ease. In summary, knowing the subnet mask can allow you to easily calculate whether IP addresses are
on the same subnet, or not.

Q: IP Address Series?

A 0xxx 0.0.0.0 127.255.255.255

B 10xx 128.0.0.0 191.255.255.255
C 110x 192.0.0.0 223.255.255.255
D 1110 224.0.0.0 239.255.255.255
E 1111 240.0.0.0 255.255.255.255

Q: What is ARP?

ARP stands for Address Resolution Protocol and was touched on in the previous question as a means of resolving a
IP address to an actual physical network card address.

All network cards have a unique 48 bit address, that is written as six hexadecimal pairs, e.g. 00-A0-24-7A-01-48, and
this address is hard coded into the network card. You can view your network cards hardware address by typing

ipconfig /all

Q: What is ARP caching poisoning?

ARP stands for Address Resolution Protocol.
Every computer in a LAN has 2 identifiers: IP and MAC address. IP is either entered by the user or dynamically
allocated by a server. But the MAC address is unique for any Ethernet card. For example, if you have 2 ethernet
cards, one for wired and the other for WiFi, you have 2 MAC addresses on your machine. The MAC address is a
hardware code for your ethernet card.

The communications between computers is done on the IP level. Means that if you want to send a file to a computer,
you need to know the other computer IP.

Now, ARP is the protocol that matches every IP with a certain MAC address in ARP table that is saved on your switch
in your LAN.

ARP cache poisoning is changing this ARP table on the switch.

For Normal case, when a machine tries to connect to another machine. The first machine goes to the ARP table with
the other machine IP, the ARP table provide the MAC address for the other machine and the communication starts.
But if someone plays with the table, the first machine goes with the IP and the ARP table will provide a faulty MAC
address to a 3rd machine who wants to intrude through your communication.

This Kind of attach is known as "Man in the Middle"

Q: What is a Default Gateway?

A Default gateway is a node (a router) on a TCP/IP Network that serves as an access point to

another network. A default gateway is used by a host when the ip's packet destination address
belongs to someplace outside the local subnet.

Q: Can a workstation computer be configured to browse the Internet and yet NOT have a
default gateway?

If we are using public ip address, we can browse the internet. If it is having an intranet address a
gateway is needed as a router or firewall to communicate with internet.

Q: What is a Subnet?

A sub network, or subnet, is a logically visible subdivision of an IP network.[1][2] The practice of creating
sub networks is called subnetting.

Q: Benefits of Subnetting?

1. It provides security

In larger companies, employees must be able to communicate with other employees from that
department. Subnetting allows for the department to have its own sub network. Depending on how
many departments the company has, each one can have its own private and secure sub network,
independent from the other networks.

2. It allows organization of resources.

A company has several departments or types of resources: sales, customer care, IT, executive and
research. With subnetting, these resources can be organized within the larger network.

3. It speeds up the network.

Using subnets will decrease the size of the broadcast domain, allowing data to reach its destination
much faster.

Q: What’s APIPA (Automatic Private IP Addressing)?

A Windows-based computer that is configured to use DHCP can automatically assign itself an Internet
Protocol (IP) address if a DHCP server is not available. For example, this could occur on a network
without a DHCP server or on a network if a DHCP server is temporarily down for maintenance.

Is my computer using APIPA now?

Windows 98/ME

You can also determine whether your computer is using APIPA by using the Winipcfg tool in Windows
Millennium Edition, Windows 98, or Windows 98 Second Edition:

Click Start, click Run, type "winipcfg" (without the quotation marks), and then click OK. Click More Info.
If the IP Autoconfiguration Address box contains an IP address within the 169.254.x.x range, Automatic
Private IP Addressing is enabled. If the IP Address box exists, automatic private IP addressing is not
currently enabled.

Windows 2000/XP/2003

For Windows 2000, Windows XP, or Windows Server 2003, you can determine whether your computer is
using APIPA by using the IPconfig command at a command prompt:

Click Start, click Run, type "cmd" (without the quotation marks), and then click OK to open a MS-DOS
command line window. Type "ipconfig /all" (without the quotation marks), and then hit the ENTER key.
If the 'Autoconfiguration Enabled' line says "Yes", and the 'Autoconfiguration IP Address' is 169.254.x.y
(where x.y is the client's unique identifier), then the computer is using APIPA. If the 'Autoconfiguration
Enabled' line says "No", then the computer is not currently using APIPA.

Q: What is an RFC Name a few if possible not necessarily the numbers just the idea behind
them?

A Request For Comments (RFC) document defines a protocol or policy used on the Internet. An RFC
can be submitted by anyone. Eventually, if it gains enough interest, it may evolve into an Internet
Standard Each RFC is designated by an RFC number. Once published, an RFC never changes.
Modifications to an original RFC are assigned a new RFC number.

Q: What is RFC 1918?

RFC 1918 is Address Allocation for Private Internets The Internet Assigned Numbers Authority (IANA)
has reserved the following three blocks of the IP address space for private internets: 10.0.0.0 -
10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 -
192.168.255.255 (192.168/16 prefix) We will refer to the first block as "24-bit block", the second as
"20-bit block", and to the third as "16-bit" block. Note that (in pre-CIDR notation) the first block is
nothing but a single class A network number, while the second block is a set of 16 contiguous class B
network numbers, and third block is a set of 256 contiguous class C network numbers. 
Q: You need to view at network traffic. What will you use? Name a few tools

Depends what type of traffic I want to monitor and the network design. I really liked using Fluke Networks
OptiView Network Analyzer. Software though I would say wireshark, sitrace, Iris Network Traffic Analyzer,
Airsnare, Packetcapsa. Backtrack (a linux live CD) has tons of different applications that you can use to
monitor and view network traffic.

Q: How do I know the path that a packet takes to the destination?

use "tracert" command-line 

Q: What is DHCP? What are the benefits and drawbacks of using it?

Benefits:

1. DHCP minimizes configuration errors caused by manual IP address configurationDHCP minimizes

configuration errors caused by manual IP address configuration

2. Reduced network administration.

Disadvantage

Your machine name does not change when you get a new IP address. The DNS (Domain Name
System) name is associated with your IP address and therefore does change. This only presents a
problem if other clients try to access your machine by its DNS name.

Benefits:

1. DHCP minimizes configuration errors caused by manual IP address configurationDHCP minimizes

configuration errors caused by manual IP address configuration

2. Reduced network administration.

Disadvantage

Your machine name does not change when you get a new IP address. The DNS (Domain Name
System) name is associated with your IP address and therefore does change. This only presents a
problem if other clients try to access your machine by its DNS name. 

Q: Describe the steps taken by the client and DHCP server in order to obtain an IP address.

At least one DHCP server must exist on a network. Once the DHCP server software is installed, you
create a DHCP scope, which is a pool of IP addresses that the server manages. When clients log on, they
request an IP address from the server, and the server provides an IP address from its pool of available
addresses.

DHCP was originally defined in RFC 1531 (Dynamic Host Configuration Protocol, October 1993) but the
most recent update is RFC 2131 (Dynamic Host Configuration Protocol, March 1997). The IETF Dynamic
Host Configuration (dhc) Working Group is chartered to produce a protocol for automated allocation,
configuration, and management of IP addresses and TCP/IP protocol stack parameters.
Q: What ports are used by DHCP and the DHCP clients?

Requests are on UDP port 68, Server replies on UDP 67 double check. These are reversed.

Q: Describe the process of installing a DHCP server in an AD infrastructure.

It is about how to install DHCP server...

In Windows server 2008...

Go to... START-->Administrative Tools --> Server Manager --> Roles (Right Click)

--> Add Roles (Here a Add roles wizard will appear) --> Check the box of DHCP Server --> click next -->
Next --> In IPv4 DNS settings Give the parent domain Name and DNS server

IP address and validate it... Click Next --> Add the DHCP scopes --> Disable DHCPv6... Click

Next --> Finally Click on INSTALL

Q: What is NAT?

Network Address Translation, an Internet standard that enables a local-area network (LAN) to use one
set of IP addresses for internal traffic and a second set of addresses for external traffic. A NAT box
located where the LAN meets the Internet makes all necessary IP address translations.

Q: What is the real difference between NAT and PAT?

NAT is a feature of a router that will translate IP addresses. When a packet comes in, it will be rewritten
in order to forward it to a host that is not the IP destination. A router will keep track of this translation,
and when the host sends a reply, it will translate back the other way.

PAT translates ports, as the name implies, and likewise, NAT translates addresses. Sometimes PAT is also
called Overloaded NAT

Q: How does SSL works?

Processing transactions securely on the web means that we need to be able to transmit information
between the web site and the customer in a manner that makes it difficult for other people to intercept
and read. SSL, or Secure Sockets Layer, takes care of this for us and it works through a combination of
programs and encryption/decryption routines that exist on the web hosting computer and in browser
programs (like Netscape and Internet Explorer) used by the internet public.

Q: Difference between IPv4 & IPv6?

IPv4 is 32 bits IP address that we use commonly; it can be 192.168.8.1, 10.3.4.5 or other 32 bits IP
addresses. IPv4 can support up to 232 addresses, however the 32 bits IPv4 addresses are finishing to be
used in near future, so IPv6 is developed as a replacement.
IPv6 is 128 bits, can support up to 2128 addresses to fulfill future needs with better security and
network related features. Here are some examples of IPv6 address:

1050:0:0:0:5:600:300c:326b

ff06::c3

0:0:0:0:0:0:192.1.56.1

Pv4

 Source and destination addresses are 32 bits (4 bytes) in length.

 IPSec support is optional.
 IPv4 header does not identify packet flow for QoS handling by routers.
 Both routers and the sending host fragment packets.
 Header includes a checksum.
 Header includes options.
 Address Resolution Protocol (ARP) uses broadcast ARP Request frames to resolve an
IP address to a link-layer address.
 Internet Group Management Protocol (IGMP) manages membership in local subnet
groups.
 ICMP Router Discovery is used to determine the IPv4 address of the best default
gateway, and it is optional.
 Broadcast addresses are used to send traffic to all nodes on a subnet.
 Must be configured either manually or through DHCP.
 Uses host address (A) resource records in Domain Name System (DNS) to map host
names to IPv4 addresses.
 Uses pointer (PTR) resource records in the IN-ADDR.ARPA DNS domain to map IPv4
addresses to host names.
 Must support a 576-byte packet size (possibly fragmented).

IPv6

 Source and destination addresses are 128 bits (16 bytes) in length.
 IPSec support is required.
 IPv6 header contains Flow Label field, which identifies packet flow for QoS handling
by router.
 Only the sending host fragments packets; routers do not.
 Header does not include a checksum.
 All optional data is moved to IPv6 extension headers.
 Multicast Neighbor Solicitation messages resolve IP addresses to link-layer
addresses.
 Multicast Listener Discovery (MLD) messages manage membership in local subnet
groups.
 ICMPv6 Router Solicitation and Router Advertisement messages are used to
determine the IP address of the best default gateway, and they are required.
 IPv6 uses a link-local scope all-nodes multicast address.
 Does not require manual configuration or DHCP.
 Uses host address (AAAA) resource records in DNS to map host names to IPv6
addresses.
  Uses pointer (PTR) resource records in the IP6.ARPA DNS domain to map IPv6
addresses to host names.
 Must support a 1280-byte packet size (without fragmentation).

Active Directory
Q: What is active directory?

The database that holds information about component locations, users, groups, passwords,
security, and other COM information. Some of this information is currently stored in the
Registry, but will eventually (with Windows 2000) be moved to the Active Directory.

Q: What is LDAP? What is it used for?

The Lightweight Directory Access Protocol, or LDAP, is an application protocol for querying
and modifying data using directory services running over TCP/IP.

LDAP lets you "locate organizations, individuals, and other resources such as files and
devices in a network, whether on the Internet or on a corporate intranet," and whether or
not you know the domain name, IP address, or geographic whereabouts. An LDAP directory
can be distributed among many servers on a network, then replicated and synchronized
regularly. An LDAP server is also known as a Directory System Agent (DSA).

Q: Can you connect Active Directory to other 3rd-party Directory Services? Name a
few options.

Yes we can connect. NDS(Novel Directory Services).

Q: What is the SYSVOL folder?

A: All active directory data base security related information store in SYSVOL folder and its only
created on NTFS partition.

B: The Sysvol folder on a Windows domain controller is used to replicate file-based data among
domain controllers. Because junctions are used within the Sysvol folder structure, Windows NT file
system (NTFS) version 5.0 is required on domain controllers throughout a Windows distributed file
system (DFS) forest.