Objective 2.3 Questions

1. 

You are the systems administrator responsible for maintaining 20 computers running Windows Server 2003, Web Edition, at a large Web-hosting company named A. Datum Corporation. You administer each system remotely by means of the Remote Desktop client. Each computer running Windows Server 2003, Web Edition, has a separate partition named drive Z that hosts the \i386 installation files. This is so that as components are added or removed you do not have to go down to the server cage and manually insert the installation media. Last month Microsoft released the first service pack for Windows Server 2003. After testing this in the lab on development computers, you are ready to install it on the 20 production systems. You log on to the first system using the Remote Desktop client and download the service pack from the FTP server where you keep it. You create a directory called z:\w2k3sp1 and copy the file there. You then run a command prompt on the Web Edition server and from the z:\w2k3sp1 directory issue the

w2k3sp1.exe –x

command and specify the z:\w2k3sp1 directory when the routine asks you where you want to place the files. When this is done you use Windows Explorer to navigate to the z:\w2k3sp1\i386\update directory and run the update.exe command, installing Windows Server 2003 Service Pack 1 on the Web server. After the service pack is installed, you reboot the server and log back on by the Remote Desktop connection. At this point you want to update the files in the z:\i386 directory so that if you install new components you will not have to re-apply Service Pack 1. Which of the commands listed below, if issued from the command line in the z:\w2k3sp1\i386\update directory on the computer running Windows Server 2003, Web Edition, will update the z:\i386 files? (Select one.)

1. slipstream.exe –s:z:\i386

2. update.exe –s:c:\windows\system32

3. slipstream.exe –s:c:\windows\system32

4. upgrade.exe –s:z:\i386

5. update.exe –s:z:\i386

2. 

Oksana is responsible for administering five Windows Server 2003 member servers for the A. Datum Corporation. Each computer running Windows Server 2003 has been patched to Service Pack 1 and is up to date with the most recent hotfixes from the Microsoft Web site. The role of two of the servers has recently changed. Rather than providing basic file and print services, the first server will now be deployed as a Web server on the Internet. Similarly, the second server will move from providing file and print services to working as an SUS server. To retask the servers, Oksana uses the Add/ Remove Windows Components section of Add/Remove programs to install Internet Information Services. On the first server she configures the new Web site and imports the relevant data. On the second server she installs and configures SUS. When she is asked to provide a location for the files, she inserts her original installation media into the CD-ROM drive. Which of the following steps should Oksana take next to ensure that both servers are up to date with hotfixes and service packs? (Select one.)

1. Oksana should run the IIS lockdown tool on each server.

2. Oksana should reinstall Service Pack 1 and then reinstall all hotfixes.

3. Oksana should reinstall all hotfixes.

4. Oksana should reinstall Service Pack 1.

5. Oksana doesn’t have to do anything. Her system will be up to date.

3. 

Rooslan is the systems administrator of a Windows Server 2003 functional level domain that encompasses two locations separated by an ISDN BRI link. The name of the domain is adatum.com. All servers on the A. Datum Corporation network run Windows Server 2003, and all clients run Windows XP Professional patched to Service Pack 1. Presently, each system on the network independently contacts the Microsoft Windows Update service to obtain all hotfixes and service packs. This has led to two problems for your organization. The first problem is that any update Microsoft flags as relevant is being downloaded and installed onto systems in the organization. Some updates have caused problems with preexisting custom applications used for the organization’s front line business. Another problem has been an increased bill for Internet traffic as 500 computers running Windows XP all successfully download the exact same file individually from the Windows Update Servers. Rooslan has the following goals:

Primary Goal: To put in place a system where only approved updates are deployed to all of the organization’s computers running Windows XP Professional and Windows Server 2003.

Secondary Goal One: To ensure that each individual update is only downloaded once to the organization.

Secondary Goal Two: To ensure that updates are installed automatically at 7:00 P.M. every Thursday.

Rooslan takes the following steps. On the network of one of the computers running Windows Server 2003, he installs Software Update Services. This server is renamed susupdates.adatum.com. He synchronizes this with Microsoft Windows Update services and then selects a set of approved service packs and hotfixes. On a domain controller he creates a new GPO. In the Computer Configuration\Administrative Templates\Windows Components\Windows Update node he configures the following policies:

Configure Automatic Updates: Enabled. Auto Download and schedule the install. Install Day Thursday. Install time 19:00.

Specify intranet Microsoft update service location: Enabled. Set the intranet update service for detecting updates: http://susupdates.adatum.com. Set the intranet statistics server: http://susupdates.adatum.com.

Rooslan then applies the GPO to the default site in Active Directory. When Rooslan has completed this step, how many of his goals has he achieved? (Select one.)

1. Rooslan has achieved his primary goal and both secondary goals.

2. Rooslan has achieved his primary goal and one secondary goal.

3. Rooslan has achieved only his primary goal.

4. Rooslan has not achieved his primary goal, but he has achieved both secondary goals.

5. Rooslan has achieved none of his goals.

4. 

You are the systems administrator of an organization that has a mix of Windows Server 2003–based systems, some Windows 2000 member servers running Exchange 2000, and clients running Windows XP Professional and Windows 2000. All are members of a Windows Server 2003 functional level domain. Microsoft has recently released a hotfix that applies to Windows Server 2003, Windows XP, Windows 2000 Server, and Windows 2000 Professional. The names of the hotfix files are as follows:

Windows2000-KB823182-x86-ENU.exe

WindowsXP-KB823182-x86-ENU.exe

WindowsServer2003-KB823182-x86-ENU.exe

Which of the following methods should you use to deploy the relevant hotfix to the correct computers in the domain? (Select one.)

1. Create three security groups: 2000hotfix, Xphotfix, and 2003hotfix. Add the computer accounts of all of the systems to the relevant group. Place the hotfixes on a globally accessible network share. Write a unique script for each group that installs the hotfix. Edit the group properties and assign the relevant unique script to the appropriate group.

2. Write a unique script for each operating system group that installs the hotfix. Using the new multiple select feature of Active Directory Users and Computers, select all of the computer accounts from a particular group. From the Profile tab, assign the appropriate unique logon script to its appropriate group.

3. Create three security groups; 2000hotfix, Xphotfix, and 2003hotfix. Add the computer accounts of all of the systems to the relevant group. Place the hotfixes on a globally accessible network share. Write a unique script for each group that installs the corresponding hotfix. Create three GPOs. Call the first 2000hotfix_deploy. In the Computer Configuration\Windows Settings\Scripts node, add the unique Windows 2000 hotfix installation script to the startup policy. Call the second GPO XPhotfix_deploy. In the Computer Configuration\Windows Settings\Scripts node, add the unique Windows XP hotfix installation script to the startup policy. Call the final GPO 2003hotfix_deploy. In the Computer Configuration\Windows Settings\Scripts node, add the unique Windows Server 2003 hotfix installation script to the startup policy. Apply each of these GPOs to the Builtin Computers group. Remove the authenticated users group from the Read and Apply Group Policy (allow) permission on all GPOs. On each GPO, assign the Read and Apply Group Policy (allow) permission to the corresponding security group. For example, for the 2000hotfix_deploy GPO, set the permission for the 2000hotfix group to Read and Apply Group Policy (allow).

4. Create three security groups: 2000hotfix, Xphotfix, and 2003hotfix. Add the computer accounts of all of the systems to the relevant group. Place the hotfixes on a globally accessible network share. Write a unique script for each group that installs the corresponding hotfix. Create three GPOs. Call the first 2000hotfix_deploy. In the Computer Configuration\Windows Settings\Scripts node, add the unique Windows 2000 hotfix installation script to the startup policy. Call the second GPO XPhotfix_deploy. In the Computer Configuration\Windows Settings\Scripts node, add the unique Windows XP hotfix installation script to the startup policy. Call the final GPO 2003hotfix_deploy. In the Computer Configuration\Windows Settings\Scripts node, add the unique Windows Server 2003 hotfix installation script to the startup policy. Apply each of these GPOs to the domain. Remove the authenticated users group from the Read and Apply Group Policy (allow) permission on all GPOs. On each GPO, assign the Read and Apply Group Policy (allow) permission to the corresponding security group. For example, for the 2000hotfix_deploy GPO, set the permission for the 2000hotfix group to Read and Apply Group Policy (allow).

5. 

Your Windows Server 2003 domain is made up of five computers running Windows Server 2003, 70 computers running Windows 2000 Professional, and 30 computers running Windows XP Professional. Your organization has a policy that no one staff member is assigned a particular office or desk. When workers arrive each morning they are assigned a desk automatically. Depending on when they arrive in the morning, a user could be using a computer running Windows XP Professional or a computer running Windows 2000 Professional. Your company has three different locations spread out across the city. Last week the fifth service pack for Windows 2000 was released. You want to roll out this service pack only to the computers that run Windows 2000 Professional in your organization. Which of the following methods will allow you to do this? (Select all that apply.)

1. Extract the Windows 2000 service pack to a shared folder and locate the update.msi file. Create a new OU named 2KPRO. Move all of the computer accounts for the 2KPRO systems into this OU. Create a new GPO and assign it to the 2KPRO OU. In the Computer Configuration\Software Settings\Software Installation node, add the update.msi file from the service pack as software to be installed. Ensure that, on the Deployment tab of the service pack software deployment properties, the option Uninstall This Application When It Falls Out Of The Scope Of Management is enabled.

2. Extract the Windows 2000 service pack to a shared folder and locate the update.msi file. Create a new GPO and assign it to the domain. In the Computer Configuration\Software Settings\Software Installation node, add the update.msi file from the service pack as software to be installed. Ensure that, on the Deployment tab of the service pack software deployment properties, the option Uninstall This Application When It Falls Out Of The Scope Of Management is enabled.

3. Copy the Windows 2000 service pack to a shared folder on the network. Create a new OU named 2KPRO. Move all of the computer accounts for the 2KPRO systems into this OU. Create a script that installs the service pack without the requirement of intervention from the user. Create a new GPO and assign it to the 2KPRO OU. In the Computer Configuration\Windows Settings\scripts node, add the new script as a startup script.

4. Copy the Windows 2000 service pack to a shared folder on the network. Create a new OU named 2KPRO. Move all of the computer accounts for the 2KPRO systems into this OU. Create a script that installs the service pack without the requirement of intervention from the user. Create a new GPO and assign it to the domain. In the Computer Configuration\Windows Settings\scripts node, add the new script as a startup script.

5. Extract the Windows 2000 service pack to a shared folder and locate the update.msi file. Create a new GPO and assign it to the head office site. In the Computer Configuration\Software Settings\Software Installation node, add the update.msi file from the service pack as software to be installed. Ensure that, on the Deployment tab of the service pack software deployment properties, the option Uninstall This Application When It Falls Out Of The Scope Of Management is enabled.

6. 

After he left the company, you learned that one of your junior administrators manually installed Windows XP Service Pack 3 on at least 30 computers in the domain. This was done before any systematic pilot program had assessed what effects, if any, deployment of the service pack would have on the organization. You want to uninstall this service pack until you’ve had time to perform a proper trial and assess the impact of the service pack. The problem is that you do not know which of the computers running Windows XP Professional have been affected by the junior administrator’s actions. Checking the job log, you find that since the release of the service pack several months ago the junior administrator worked on at least 80 computers. Although your company spans five different locations, it appears that the last time the junior administrator went out to one of them was two weeks before the service pack was released by Microsoft. Which of the following methods could you use to uninstall the service pack with the least administrative effort? (Select one.)

1. Create a Group Policy object and apply it to the site where the junior administrator worked. In this Group Policy object, assign a software deletion policy and add Windows XP Service Pack 3.

2. Create a Group Policy object and apply it to the site where the junior administrator worked. In this software policy object, assign a software installation policy and install Windows XP Service Pack 3. After all computers running Windows XP have installed Service Pack 3, remove the service pack from the software installation policy.

3. Write a script that calls the program.

%systemroot%\$ntservicepackuninstall$\spuninst\spuninst.exe –u –q

Create a Group Policy object and apply it to the site where the junior administrator worked. In this Group Policy object, in the Computer Configuration\Windows Settings\Scripts node, add the newly created script that calls spuninst.exe.

Place the service pack on a network share that is accessible to all users in the domain. Write a script that calls the program.

xpsp3_en_x86.exe –x

from the network share location. Create a Group Policy object and apply it to the site where the junior administrator worked. In this Group Policy Object, in the Computer Configuration\Windows Settings\Scripts node, add the newly created script that calls xpsp3_en_x86.exe –x

1. 

Correct Answers: E

1. Incorrect Although this process is known as slipstreaming, this is not the command used to update the files in the z:\i386 directory. The correct command is update.exe –s:z:\i386.

2. Incorrect Although the switch applied to the update command is correct, the target folder in this case is the c:\windows\system32 directory rather than the z:\i386 directory. The correct command is update.exe –s:z:\i386.

3. Incorrect Although this process is known as slipstreaming, this is not the command used to update the files in the z:\i386 directory. The correct command is update.exe –s:z:\i386.

4. Incorrect This command is quite close, but uses upgrade, which does not exist, rather than the required update. The correct command is update.exe –s:z:\i386.

5. Correct This is the correct command. The –s switch indicates that the service pack is to be slipstreamed into the current installation files, updating them so that they reflect the changes issued in the new service pack. This is a useful systems administrator trick because it ensures that if components need to be added or removed from the system at a later stage, the service pack will not need to be reapplied; the files will already be up to date.

2. 

Correct Answers: B

1. Incorrect Although it is good practice after a new installation of Internet Information Server to run the IIS lockdown tool, this will do nothing to ensure that Oksana’s server is up to date with hotfixes and service packs By installing from the original installation media, you could reintroduce to the system a fault that has since been repaired by the application of a hotfix or service pack. This is why the service pack should be reapplied, unless the installation media has had the service pack slipstreamed into it.

2. Correct After new components have been added to a Windows Server 2003 system, you should always go back and reapply any service packs or hotfixes that you have applied previously. By installing from the original installation media, you could reintroduce to the system a fault that has since been repaired by the application of a hotfix or service pack. The reinstallation of the service pack can be avoided if the service pack has been slipstreamed into the installation files.

3. Incorrect Oksana will need to reinstall Service Pack 1 and all hotfixes. By installing from the original installation media, you could reintroduce to the system a fault that has since been repaired by the application of a hotfix or service pack. The reinstallation of the service pack can be avoided if the service pack has been slipstreamed into the installation files.

4. Incorrect Oksana will need to reinstall Service Pack 1 and all hotfixes. By installing from the original installation media, you could reintroduce to the system a fault that has since been repaired by the application of a hotfix or service pack. The reinstallation of the service pack can be avoided if the service pack has been slipstreamed into the installation files.

5. Incorrect Oksana will need to reinstall Service Pack 1 and all hotfixes. By installing from the original installation media, you could reintroduce to the system a fault that has since been repaired by the application of a hotfix or service pack. The reinstallation of the service pack can be avoided if the service pack has been slipstreamed into the installation files.

3. 

Correct Answers: E

1. Incorrect Although he did everything correctly, because he applied the Group Policy to the default site rather than the domain, only computers at the default site are influenced by this policy. This means that computers at the second site will still be downloading their updates from Microsoft; they will ignore any list of approved updates and will install updates on an unscheduled basis. On the other hand, all of the computers at the default site will download only approved updates from the SUS server and install them on Thursday evening at 7:00 P.M., and they will not contact the Windows Update servers at all.

2. Incorrect Although he did everything correctly, because he applied the Group Policy to the default site rather than the domain, only computers at the default site are influenced by this policy. This means that computers at the second site will still be downloading their updates from Microsoft; they will ignore any list of approved updates and will install updates on an unscheduled basis. On the other hand, all of the computers at the default site will download only approved updates from the SUS server and install them on Thursday evening at 7:00 P.M., and they will not contact the Windows Update servers at all.

3. Incorrect Although he did everything correctly, because he applied the Group Policy to the default site rather than the domain, only computers at the default site are influenced by this policy. This means that computers at the second site will still be downloading their updates from Microsoft; they will ignore any list of approved updates and will install updates on an unscheduled basis. On the other hand, all of the computers at the default site will download only approved updates from the SUS server and install them on Thursday evening at 7:00 P.M., and they will not contact the Windows Update servers at all.

4. Incorrect Although he did everything correctly, because he applied the Group Policy to the default site rather than the domain, only computers at the default site are influenced by this policy. This means that computers at the second site will still be downloading their updates from Microsoft; they will ignore any list of approved updates and will install updates on an unscheduled basis. On the other hand, all of the computers at the default site will download only approved updates from the SUS server and install them on Thursday evening at 7:00 P.M., and they will not contact the Windows Update servers at all.

5. Correct Although he did everything correctly, because he applied the Group Policy to the default site rather than the domain, only computers at the default site are influenced by this policy. This means that computers at the second site will still be downloading their updates from Microsoft; they will ignore any list of approved updates and will install updates on an unscheduled basis. On the other hand, all of the computers at the default site will download only approved updates from the SUS server and install them on Thursday evening at 7:00 P.M., and they will not contact the Windows Update servers at all.

4. 

Correct Answers: D

1. Incorrect Login scripts cannot be assigned by editing group properties.

2. Incorrect Although user account objects have a Profile tab where logon scripts can be assigned, this is not true for computer account objects.

3. Incorrect Group Policy objects cannot be applied to the Builtin Computers group.

4. Correct To make sure that every computer in the domain gets the relevant hotfix, you’ll need to apply Group Policy at the domain level. Use security group membership to limit the scope of the Group Policy to only those systems that are appropriate. This way only the computers running Windows 2000 will be influenced by the 2000hotfix_deploy GPO, and only the computers running Windows XP will be influenced by the XPhotfix_deploy GPO.

5. 

Correct Answers: A and C

1. Correct This will deploy the service pack by the Active Directory software deployment settings to the computers running Windows 2000 Professional. This will not deploy the software to other systems within the domain. Note that if a system is removed from the OU, the service pack will be uninstalled.

2. Incorrect This will attempt to install the service pack on all systems within the domain, not just the computers running Windows 2000 Professional.

3. Correct This method of installing the service pack will also work. The downside to using this method is that it does not give you the fine level of control that installing by deployment of the update.msi would.

4. Incorrect This will attempt to install the service pack on all computers within the domain. It will not limit itself to computers running Windows 2000.

5. Incorrect This will apply the service pack to all computers within the head office site. It will not limit itself to the computers running Windows 2000.

6. 

Correct Answers: C

1. Incorrect Software can only be removed by means of the software installation node of Group Policy if it was installed by that method. Because the junior administrator installed the software manually, this method cannot be used to uninstall it.

2. Incorrect This method certainly does not involve the minimum amount of administrative effort. It is also unlikely that it will work properly because those systems that already have Service Pack 3 installed will ignore the policy.

3. Correct When applied, the script will call spuninst.exe, which in turn will uninstall the service pack.

4. Incorrect This will merely extract Service Pack 3; running this particular command will do nothing to uninstall Service Pack 3 from the systems where it was installed.