Exam Objectives Frequently Asked Questions

1.  

What functions are available when I raise my domain functional level?

2.  

Is there any way I can increase security in trusts between multiple forests?

3.  

I have several existing Windows NT domains, with trust relationships between them that I don t want to redo. What s going to happen to these when I upgrade to Windows Server 2003?

4.  

I d like to secure the file permissions my server s hard drive as much as possible. What are the minimum permissions I can set on a Windows Server 2003 server without affecting how the server functions on the network?

1.  

The Windows Server 2003 domain functional level enables the following functions: domain rename tool, update logon timestamp, Universal groups for both security and distribution groups, full group nesting and converting, and the use of the SID history to migrate security principals between domains.

2.  

When you create new users or computer objects in a domain, the domain SID is included in the security principal s SID to identify the domain where it was created. Outgoing external trusts use SID filtering to verify that incoming authentication requests only contain SIDs from security principals in the trusted domain. Windows does this using SID filtering, which compares the SIDs of the incoming security principal to the domain SID of the trusted domain.

3.  

When you upgrade a Windows NT domain to Windows Server 2003, all existing Windows NT trusts are preserved intact. Any trust relationships between Windows Server 2003 domains and Windows NT domains will be intransitive .

4.  

At a minimum, the Authenticated Users group needs to have Read, Read & Execute, and List Folder Contents permissions to the drive where Windows Server 2003 is installed. Otherwise, many necessary services won t be able to start.