Windows admin interview questions:

Describe how the DHCP lease is obtained.

Its a four-step process consisting of (a) IP request, (b) IP offer, IP selection and (d) acknowledgement.

I cant seem to access the Internet, dont have any access to the corporate network and on ipconfig my
address is 169.254.*.*. What happened?

The 169.254.*.* netmask is assigned to Windows machines running 98/2000/XP if the DHCP server is not available.
The name for the technology is APIPA (Automatic Private Internet Protocol Addressing).

Weve installed a new Windows-based DHCP server, however, the users do not seem to be getting DHCP
leases off of it.

The server must be authorized first with the Active Directory.

How can you force the client to give up the dhcp lease if you have access to the client PC?

ipconfig /release

What authentication options do Windows 2000 Servers have for remote clients?

PAP, SPAP, CHAP, MS-CHAP and EAP.

What are the networking protocol options for the Windows clients if for some reason you do not want to use
TCP/IP?

NWLink (Novell), NetBEUI, AppleTalk (Apple).

What is binding order?

The order by which the network protocols are used for client-server communications. The most frequently used
protocols should be at the top.
How do cryptography-based keys ensure the validity of data transferred across the network?

Each IP packet is assigned a checksum, so if the checksums do not match on both receiving and transmitting ends,
the data was modified or corrupted.

Should we deploy IPSEC-based security or certificate-based security?

They are really two different technologies. IPSec secures the TCP/IP communication and protects the integrity of
the packets. Certificate-based security ensures the validity of authenticated clients and servers.

What is LMHOSTS file?

Its a file stored on a host machine that is used to resolve NetBIOS to specific IP addresses.

Whats the difference between forward lookup and reverse lookup in DNS?

Forward lookup is name-to-address, the reverse lookup is address-to-name.

How can you recover a file encrypted using EFS?

Use the domain recovery agent.

What is the Difference between Windows 2003 standard Enterprise, Premium, Data center and Web Edition?

WEB EDITION:

To position windows server 2003 more competitively against other web servers, Microsoft has released a stripped-
down-yet-impressive edition of windows server 2003 designed specially for web services. the feature set and
licensing allows customers easy deployment of web pages, web sites, web applications and web services.

Web Edition supports 2GB of RAM and a two-way symmetric multiprocessor(SMP). It provides unlimited
anonymous web connections but only 10 inbound server message block(SMB) connections, which should be more
than enough for content

publishing. The server cannot be an internet gateway, DHCP or fax server. Although you can remotely administer the
server with Remote Desktop, the server can not be a terminal

server in the traditional sense. The server can belong to a domain, but cannot be a domain controller. The included
version of the microsoft SQL server database Engine can support as many as 25 concurrent connections.
How do you recover an object in Active Directory, which is accidentally deleted by you, with no backup?

Using ntdsutil.exe command,we can restored the AD objects.

What is the Logical / Physical Structures of the AD Environment?

physical structure:

Forest, Site, Domain, DC

logical structure:

Schema partition, configuration partition, domain partition and application partition

How to change the windows xp product key if wrongly installed with other product key but you have
original product key? What you will do to Make your os as Genuine?

Some third party software are available for this function or reinstall this system

If 512mb Ram is there what will be the minimum and maximum Virtual memory for the system?

To workout the total virtual memory (page file) required for windows XP you should take the amount of ram in the
system and + 25% (512MB + 25% (128MB) = 640MB total virtual memory. by setting both the min and max to 640MB
you can increase the performances of the operating system.

What is LDAP?

LDAP, Lightweight Directory Access Protocol, is an Internet protocol that email and other programs use to look up
information from a server.

What is the SYSVOL folder?

The Sysvol folder on a Windows domain controller is used to replicate file-based data among domain controllers.
Because junctions are used within the Sysvol folder structure, Windows NT file system (NTFS) version 5.0 is
required on domain controllers throughout a Windows distributed file system (DFS) forest.

What are application partitions? When do we use them?

Application Directory Partition is a partition space in Active Directory which an application can use to store that
application specific data. This partition is then replicated only to some specific domain controllers.The application
directory partition can contain any type of data except security principles (users, computers, groups).

How do we Backup Active Directory?

Backing up Active Directory is essential to maintain an Active Directory database. You can back up Active Directory
by using the Graphical User Interface (GUI) and command-line tools that the Windows Server 2003 family
provides.You frequently backup the system state data on domain controllers so that you can restore the most current
data. By establishing a regular backup schedule, you have a better chance of recovering data when necessary.To
ensure a good backup includes at least the system state data and contents of the system disk, you must be aware of
the tombstone lifetime. By default, the tombstone is 60 days. Any backup older than 60 days is not a good backup.
Plan to backup at least two domain controllers in each domain, one of at least one backup to enable an authoritative
restore of the data when necessary.

How do we restore AD?

You cant restore Active Directory (AD) to a domain controller (DC) while the Directory Service (DS) is
running. To restore AD, perform the following steps.

Reboot the computer.

The computer will boot into a special safe mode and wont start the DS. Be aware that during this time the machine
wont act as a DC and wont perform functions such as authentication.

1. Start NT Backup.

2. Select the Restore tab.

3. Select the backup media, and select System State.

4. Click Start Restore.

5. Click OK in the confirmation dialog box.

After you restore the backup, reboot the computer and start in normal mode to use the restored information. The
computer might hang after the restore completes; Ive experienced a 30-minute wait on some machines.

What are GPOs?

Group Policy gives you administrative control over users and computers in your network. By using Group Policy,
you can define the state of a users work environment once, and then rely on Windows Server 2003 to continually
force the Group Policy settings that you apply across an entire organization or to specific groups of users and
computers.
What domain services are necessary for you to deploy the Windows Deployment Services on your network?

Windows Deployment Services requires that a DHCP server and a DNS server be installed in the domain

What is the difference between a basic and dynamic drive in theWindowsServer2008environment?

A basic disk embraces the MS-DOS disk structure; a basic disk can be divided into partitions (simple volumes).
Dynamic disks consist of a single partition that can be divided into any number of volumes. Dynamic disks also
support Windows Server 2008 RAID implementations.

What is the main purpose of a DNS server?

DNS servers are used to resolve FQDN hostnames into IP addresses and vice versa

Commonly Used DNS Records?

A-Records (Host address)

CNAME-Records (Canonical name for an alias)

MX-Records (Mail exchange)

NS-Records (Authoritative name server)

PTR-Records (domain name pointer)

SOA-Records (Start of authority)

Assigning Multiple IP Address in Vista/XP/2000/2003
April 8, 2012 by: jdavid in: Windows Servers No Comment

There are several ways to set up multiple IP addresses on a Computer

1. To have multiple network interface cards (NICs) on your computer and to assign a different IP address to each
card.2. To assign multiple IP addresses to a single NIC.
3. To combine 2 previous options: have multiple NICs with multiple IPs assigned to one or more of them.

By default, each network interface card (NIC) has its own unique IP address. However, you can assign multiple IP
addresses to a single NIC.

How to assign multiple IP addresses to the same NIC

If you want to assign more than one IP address to a network card on Windows 2000/XP/Vista/2003, follow the steps
below.

In Windows 2000
Right-click on My Network Places, choose Properties.

Right-click on the Local Area Connection, choose Properties.

In Windows XP
Right-click on My Network Places, choose Properties.

Right-click on the Local Area Connection, choose Properties.

In Vista
Click Start and click Control Panel.

Select Network and Internet, then Network and Sharing Center, and click Manage network connections from the list of
tasks.
Right click your local area connection and click Properties.

In Windows 2003
Right-click on My Network Places, choose Properties.

Right-click on the Local Area Connection, choose Properties.

Highlight Internet Protocol (TCP/IP), click Properties.

If you use DHCP, you should disable it: click Use the following IP address and enter IP address, Subnet mask and
Default ateway.Click Advanced at the bottom.

Enter additional IP addresses: click the Add button and enter a new IP address and Subnet mask.Repeat the
procedure if there are additional IP Addresses to be added.

Click Add under Default Gateways and add the gateway addresses.I have entered My gateway address

Click OK 3 times to save the changes.

Test your IP Addresses

Open the command prompt (Start>Run>cmd) run the ipconfig command you can see multiple ip addresses on single
network card.

Step By Step Guide How to Install IIS 6.0 in

Win Server 2003
(IIS) 6.0 is a powerful Web server that provides a highly reliable, manageable, and scalable Web
application infrastructure for all versions of Windows Server 2003.IIS helps organizations increase Web
site and application availability while lowering system administration costs. IIS 6.0 supports the Microsoft
Dynamic Systems Initiative (DSI) with automated health monitoring,process isolation, and improved
management capabilities.
Perform the following steps to install IIS 6.0 on the Windows Server 2003 computer. The machine can be
a standalone server, a member server in an Active Directory domain, or even a domain controller

Click Start, point to Control Panel and click Add or Remove Programs.

Click the Add/Remove Windows Components button in the Add or Remove Programs

On the Windows Components window, click on the Application Server entry and click the Details button

On the Application Server page, click on the Internet Information Services (IIS) entry and click the Details
button
In the Internet Information Service (IIS) dialog box, put a check mark in the World Wide Web Service
check box and click OK
Click OK on the Application Server dialog box

Click Next on the Windows Components dialog box

IIS Server Installation in progress

Click Finish on the Completing the Windows Components Wizard page
1. Q: What does Active Directory mean?
A: The active Directory means a service that identifies and handles resources, making them
visible for different groups or members that are authorized. It has the role of an object store.
The Active directory sees as objects workstations, people, servers devices or documents and
they all have their own characteristics and access control list or ACL.

2.Q: What is the meaning of Global Catalog?

A: A Global Catalog is something that each domain has, and it is used for authenticating the
user on the network, on windows 2000 network logons were protected from failures by
assigning a Global Catalog to every site.

3.Q: What is the use for DHCP?

A: DHCP is used for the DHCP servers, personal computers can get their configuration from
a DHCP server on an IP configuration. The server knows nothing about the personal
computers until they make a request for information. Usually the most common
information sent is IP address and DHCP is used to make a large network administration
easier.

4.Q: What does a Super Scope do in DHCP?

A: The Super Scope gives the DHCP server the possibility to have leases to multiple clients
on the same physical network. The leases come from multiple scopes. All scopes must be
defined using DHCP manager before the Super Scope creation and they are named member
scopes. The DHCP problems can be resolved by the Super Scope in different ways like the
following:

a) on a physical network like a LAN network where multiple logical IP networks exist Super
Scope is very useful here. These types of networks are also named multinets.
b) there is also need for a Super Scope when the address pool for the current scope becomes
empty and there is a need for new computers on the physical network.

c) when clients have to move on another scope.

d) when DHCP clients from the other side of the relay agents (BOOTP) or the network has
many logical subnets.

e) when standard networks are limited to leasing addresses for the clients.

5.Q: How can we switch the roles in an Active Directory?

A: Switching or transferring roles in an Active Directory can be made with the use of
Ntdsutil.exe.

6.Q: What is the purpose of a Stub zone DNS?

A: The copy of a zone that has only the needed resources for finding the authoritative DNS
servers in that specific zone (DNS= Domain Name Servers) is called a Stub zone. It also
resolves names for DNS namespaces, thing required when names must be resolved from two
different DNS namespaces. The Stub zone contains: the master servers IP that is used for
updating the Stub zone and the SOA (Start of Authority), the NS (name server) and the glue
A delegated zone records.

5.Q: What main file is used for Active Directory backup and how it is made?

A: Active Directory backup is made using NTbackup utility. The backup is made once with
the system state and they are restored also together because they depend on each other. The
system state has different components like:

a) The registry

b) Boot files or startup files (files required by the operating system to start).

c) The component services

d) The system volume or the SYSVOL folder this is a folder that contains files that are
shared on a domain.

e) The Active Directory

6.Q: Does a windows administrator have to be critical?

A: Yes and I can explain how. A system administrator is responsible for an entire network
which means he/she must take care of multiple things in the same time which is not an easy
task. In order to achieve this, an administrator must have high organization skills and a high
technical knowledge and he/she must prevent the problems from happening so that he/she
wont have to be forced to fix them.

Complicated Windows System Administrator Interview Questions

7.Q: In what way is forward lookup zone different from the reverse lookup
zone in NDS?

A: There is one difference between these two: the forward lookup means name to IP and
reverse lookup means IP to name.
8.Q: As a system administrator can you make backup and recovery of data?

A: This is a responsibility that any system administrator must have assume as a basic skill.
Of course there are many types of backup that can be made but all must be known for a
successful career.

9.Q: What is the meaning of DHCP and what is the port used by it to work?

A: DHCP or Dynamic Host Configuration Protocol has the ability to assign an IP

automatically, this is done in fact by the server and has a number range. When the system
starts an IP is assigned automatically. The DHCP server has port number 68, while the
client has 67.

10.Q: Can you ensure an updated system all the time and perform market
research?

A: Staying up-to-date is another strong point of a professional administrator, technology

evolves and we must keep up with the flow, otherwise we cant do our job in a professional
way. Market research is the key to an up-to date work.

11.Q: Is it possible for a computer to be able to browse the internet without

having a default gateway?

A: Yes it is as long as we use a public IP address. The gateway is required as a router or

firewall when using an intranet address.

12.Q: What are the advantages or disadvantages of using DHCP?

A: The advantage is that the DHCP server configures all IPs automatically and the
disadvantage is that when you receive a new IP address the machine name remains the
same because of its association with the IP. Its not a real problem but when somebody tries
to access the machine by its name it become one.

13.Q: Are you familiar with monitoring?

A: Yes, monitoring is a base activity of a system administrator, he/she manages all the
access rights and the server space, security of the user accounts is one of the most important
things here. Also an administrator must make sure that the users activity doesnt affect in
any way the integrity of the server.

14.Q: How can we create a SRV record in DNS?

A: To do this we must open the DNS then we must select the abc.local domain the right click
and we must go to Other New Records and the SRV ( choose location).

15.Q: In how much time are the security changes applied on the domain
controllers?

A: Including policies for personal and public lockout, the changes apply immediately. The
changes also include passwords and LSA or Local Security Authority.

16.Q: What do you do if a an end user states that a file is gone?

A: Files are deleted constantly by end users but the backup can restore them. Anyhow
before using the backup we must check if the user didnt move the file by mistake in another
place.
Senior level Windows System Administrator Interview Questions

17.Q: Where is the storage place of the environmental settings and documents
from the roaming profile?

A: These documents and settings are deposited locally until the users log off, when they are
moved into the shared folder from the server so the log on at a fresh system may take a
while because of this.

18.Q: What are the classes that we can find in the Active Directory of Windows
Server 2003?

A: We can find:

a) the abstract class which can be made to look like a template and create other templates,
no matter if they are abstract, auxiliary or structural.

b) the structural class is the important type of class that is made from multiple abstract
classes or an existing structural class. They are the only ones that can make Active Directory
objects.

c) the auxiliary class is used as a replace for many attributes of a structural class, it is a list
of attributes.

d) The 88 class is used for objects classes that were defined before 1993 and it is not a
common class, it doesnt use abstract, structural or auxiliary classes.

19.Q: When is a good time for creating a forest?

A: Certain companies that have different bases require different trees and separate
namespaces. And unique names sometimes give birth to different identities of DNS. Also
companies are sometimes acquired and get under other influences but the continuity must
be preserved for the names.

20.Q: Can you explain to us about you experience in the past regarding
windows administration?

A: I have ten years of experience in this field, I was passionate about computers since
childhood and I installed many operating systems at home and inside organizations
including these versions of windows: 95, 98, 98 SE, NT, Millenium, 2000, 2003 Server, XP,
Seven, Vista. I also managed these systems and performed maintenance, I worked with
different applications from the windows environment.

21.Q: How can you handle a situation in which for instance if you have an
application that is not running on Windows 2003 because its older?

A: In this situation the application has to be started in the compatibility mode with a
previously windows operating system. This is made by right clicking the application icon
and choosing another Windows from the compatibility menu.

22.Q: What is the meaning of Repadmin.exe from Windows Server 2008?

A: Repadmin.exe means Replication Diagnostics Tool and helps for the diagnostic of
domain controllers in the Windows system. This tool is used by administrators to see the
replication topology from the perspective of every domain controller. The active Directory
forest can also be supervised by Repadmin.exe and replication problems can be tracked.

23.Q: What difference can we find in the usage of CSVDE versus LDIFDE?

A: CSVDE and LDIFDE are both commands and are used for importing and exporting
objects but they are different in the way that CSVDE uses the format CSV (Comma
Separated Value) which is an Excel file for files and LDIFDE uses LDIF (LDAP Data
Interchange Format) file type which can be viewed with a simple text editor. LDIFDE can be
also used for editing or deleting objects unlike CSVDE.

24.Q: What big differences exist between these two operating systems:
Windows 2000 and Windows XP?

A: Windows 2000 has more capabilities than Windows XP especially regarding features like
DHCP, Terminal Services or DNS. It has all the advantages for server usage. Windows 2000
is a little more professional than XP, but they are both coming with different versions for
every user taste. While XP has Home version, Professional or Enterprise, Windows 2000
has Professional and Server editions. The Home version of XP comes with minimal features
because the target clients are beginners.

Choosing a Server Configuration:

So, which server should you use? Which is best?

Obviously, there's no right answer to that question. Every team has different needs,
and the different servers all represent different sets of trade-offs. The Subversion
project itself doesn't endorse one server or another, or consider either server
more official than another.

Here are some reasons why you might choose one deployment over another, as well as
reasons you might notchoose one.

The svnserve Server

Why you might want to use it:
Quick and easy to set up.

Network protocol is stateful and noticeably faster than WebDAV.

No need to create system accounts on server.

Password is not passed over the network.

Why you might want to avoid it:

By default, only one authentication method is available, the network
protocol is not encrypted, and the server stores clear text passwords. (All
these things can be changed by configuring SASL, but it's a bit more
work to do.)
 No advanced logging facilities.

No built-in web browsing. (You'd have to install a separate web server

and repository browsing software to add this.)

svnserve over SSH

Why you might want to use it:
The network protocol is stateful and noticeably faster than WebDAV.

You can take advantage of existing SSH accounts and user infrastructure.

All network traffic is encrypted.

Why you might want to avoid it:

Only one choice of authentication method is available.

No advanced logging facilities.

It requires users to be in the same system group, or use a shared SSH

key.

If used improperly, it can lead to file permission problems.

The Apache HTTP Server

Why you might want to use it:
It allows Subversion to use any of the numerous authentication systems
already integrated with Apache.

There is no need to create system accounts on the server.

Full Apache logging is available.

Network traffic can be encrypted via SSL.

HTTP(S) can usually go through corporate firewalls.

Built-in repository browsing is available via web browser.

The repository can be mounted as a network drive for transparent

version control (see the section called Autoversioning).

Why you might want to avoid it:

Noticeably slower than svnserve, because HTTP is a stateless protocol
and requires more network turnarounds.
 Initial setup can be complex.

Recommendations
In general, the authors of this book recommend a vanilla svnserve installation for
small teams just trying to get started with a Subversion server; it's the simplest to set
up and has the fewest maintenance issues. You can always switch to a more complex
server deployment as your needs change.

Here are some general recommendations and tips, based on years of supporting users:

If you're trying to set up the simplest possible server for your group, a
vanilla svnserve installation is the easiest, fastest route. Note, however, that
your repository data will be transmitted in the clear over the network. If your
deployment is entirely within your company's LAN or VPN, this isn't an issue.
If the repository is exposed to the wide-open Internet, you might want to make
sure that either the repository's contents aren't sensitive (e.g., it contains only
open source code), or that you go the extra mile in configuring SASL to encrypt
network communications.

If you need to integrate with existing legacy identity systems (LDAP, Active
Directory, NTLM, X.509, etc.), you must use either the Apache-based server
or svnserve configured with SASL.

If you've decided to use either Apache or stock svnserve, create a

single svn user on your system and run the server process as that user. Be sure
to make the repository directory wholly owned by the svn user as well. From a
security point of view, this keeps the repository data nicely siloed and protected
by operating system filesystem permissions, changeable by only the Subversion
server process itself.

If you have an existing infrastructure that is heavily based on SSH accounts,

and if your users already have system accounts on your server machine, it
makes sense to deploy an svnserve-over-SSH solution. Otherwise, we don't
widely recommend this option to the public. It's generally considered safer to
have your users access the repository via (imaginary) accounts managed
by svnserve or Apache, rather than by full-blown system accounts. If your deep
desire for encrypted communication still draws you to this option, we
recommend using Apache with SSL or svnserve with SASL encryption instead.

Do not be seduced by the simple idea of having all of your users access a
repository directly via file://URLs. Even if the repository is readily available
to everyone via a network share, this is a bad idea. It removes any layers of
protection between the users and the repository: users can accidentally (or
intentionally) corrupt the repository database, it becomes hard to take the
repository offline for inspection or upgrade, and it can lead to a mess of file
permission problems (see the section called Supporting Multiple Repository
Access Methods). Note that this is also one of the reasons we warn against
accessing repositories via svn+ssh:// URLsfrom a security standpoint, it's
effectively the same as local users accessing viafile://, and it can entail all the
same problems if the administrator isn't careful.