Monday, 8 October 2012


Basic Windows System Administrator Interview Questions & Answers Part - II


Q: - Where is secedit?

It’s now gpupdate.

Q: -You want to create a new group policy but do not wish to inherit.

Make sure you check Block inheritance among the options when creating the policy.

Q: -What is "tattooing" the Registry?

The user can view and modify user preferences that are not stored in maintained portions of the Registry. If the group policy is removed or changed, the user preference will persist in the Registry.

Q: -How do you fight tattooing in 2003 installations?

User Configuration - Administrative Templates - System - Group Policy - enable - Enforce Show Policies Only.

Q: -What does IntelliMirror do?

It helps to reconcile desktop settings, applications, and stored files for users, particularly those who move between workstations or those who must periodically work offline.

Q: - What’s the major difference between FAT and NTFS on a local machine?
FAT and FAT32 provide no security over locally logged-on users. Only native NTFS provides extensive permission control on both remote and local files.
Q: - How do FAT and NTFS differ in approach to user shares?
They don’t, both have support for sharing.
Q: -Explan the List Folder Contents permission on the folder in NTFS.
Same as Read & Execute, but not inherited by files within a folder. However, newly created subfolders will inherit this permission.
Q: - I have a file to which the user has access, but he has no folder permission to read it. Can he access it?
It is possible for a user to navigate to a file for which he does not have folder permission. This involves simply knowing the path of the file object. Even if the user can’t drill down the file/folder tree using My Computer, he can still gain access to the file using the Universal Naming Convention (UNC). The best way to start would be to type the full path of a file into Run… window.
Q: - For a user in several groups, are Allow permissions restrictive or permissive?
Permissive, if at least one group has Allow permission for the file/folder, user will have the same permission.
Q: -For a user in several groups, are Deny permissions restrictive or permissive?
Restrictive, if at least one group has Deny permission for the file/folder, user will be denied access, regardless of other group permissions.
Q: - What hidden shares exist on Windows Server 2003 installation?
Admin$, Drive$, IPC$, NETLOGON, print$ and SYSVOL.
Q: - What’s the difference between standalone and fault-tolerant DFS (Distributed File System) installations?
The standalone server stores the DFS directory tree structure or topology locally. Thus, if a shared folder is inaccessible or if the DFS root server is down, users are left with no link to the shared resources. A fault-tolerant root node stores the DFS topology in the Active Directory, which is replicated to other domain controllers. Thus, redundant root nodes may include multiple connections to the same data residing in different shared folders.
Q: -We’re using the DFS fault-tolerant installation, but cannot access it from a Win98 box.
Use the UNC path, not client, only 2000 and 2003 clients can access Server 2003 fault-tolerant shares.
Q: - Where exactly do fault-tolerant DFS shares store information in Active Directory?
In Partition Knowledge Table, which is then replicated to other domain controllers.
Q: -Can you use Start->Search with DFS shares?
Yes.
Q: -What problems can you have with DFS installed?
Two users opening the redundant copies of the file at the same time, with no file-locking involved in DFS, changing the contents and then saving. Only one file will be propagated through DFS.
Q: - I run Microsoft Cluster Server and cannot install fault-tolerant DFS.
Yeah, you can’t. Install a standalone one.
Q: -Is Kerberos encryption symmetric or asymmetric?
Symmetric.
Q: -How does Windows 2003 Server try to prevent a middle-man attack on encrypted line?
Time stamp is attached to the initial client request, encrypted with the shared key.
Q: - What hashing algorithms are used in Windows 2003 Server?
RSA Data Security’s Message Digest 5 (MD5), produces a 128-bit hash, and the Secure Hash Algorithm 1 (SHA-1), produces a 160-bit hash.
Q: - What third-party certificate exchange protocols are used by Windows 2003 Server?
Windows Server 2003 uses the industry standard PKCS-10 certificate request and PKCS-7 certificate response to exchange CA certificates with third-party certificate authorities.
Q: -What’s the number of permitted unsuccessful logons on Administrator account?
Unlimited. Remember, though, that it’s the Administrator account, not any account that’s part of the Administrators group.
Q: - If hashing is one-way function and Windows Server uses hashing for storing passwords, how is it possible to attack the password lists, specifically the ones using NTLMv1?
A cracker would launch a dictionary attack by hashing every imaginable term used for password and then compare the hashes.
Q: -What’s the difference between guest accounts in Server 2003 and other editions?
More restrictive in Windows Server 2003.
Q: -How many passwords by default are remembered when you check "Enforce Password History Remembered"?
User’s last 6 passwords.




















No comments:

Post a Comment