lab manual ch. 3

Second set for the day, these chapters are relitively short but these questions are kind of a gold mind. Also got a new book today so I have two lab books to go through and two other books that are supposed to cover a test and the measure up tests. The measure up tests are probably the most helpful and I should probably get back to those asap so they don’t expire but I’m really enjoying this lab book as the format is slightly different.

Mindset Question: Traditional log files give an administrator insight on what a system or program is doing or any errors that might have occurred. What does windows use to store Windows logs and how do the logs differ from the traditional logs?

Answer:This is confusing are they talking about event viewer, im assuming as thats in context with the book? Windows uses event logs and event viewer? Is this what they are looking for? Maybe this is helpful.

Question 1.: How many events appear in the system log?

Answer: this isn’t really a helpful question as it’s doing an action then asking the question, same with the next 12.

Question 13.: What are the primary systems that you can monitor with task manager?

Answer: processes, apps, services, pretty much any code that’s executing on the machine.

Question 14.: What system is missing in Task Manager that will greatly affect system performance?

Answer: Honestly have no clue what they are talking about here.

Question 15.: Not really applicable.

Mindset question: What are the four primary systems that affect overall system performance and how does one of these systems cause a bottleneck?

Answer: processor, ram, disk I/O and networking. graphics if your a gamer.

Question 16.: What are the primary systems that you can monitor with resource monitor?

Answer: CPU, disk, memory and network

Question 17.: What process is using the disk the most?

Answer: currently chrome on the machine im using

Question 18.: What ports is chrome using (edited for context)?

Question 19.: its actually using several ports spotify is only using one though, maybe thats a better example at 50704

Mindset Question Both perf mon and task manager can help you view the systems current performance. What are the advantages of task manager and what are the advantages or performance monitoring when looking at

Answer: well the obvious thing being that you can end tasks in task man but perf mon gives better real time info in a nice dashboard.

Lab Review Questions

  • A busy server over a significant period of time will have hundreds, or even thousands of events in EV logs. What do you need to do when
    scanning through the EV looking for certain relevant events?
  • What can you use to have one server catch errors from multiple servers that are displayed in the Event Viewer?
  • What program allows you to see a history of recent changes?
  • What is a powerful tool that allows you to monitor current running programs and processes and allows you to stop those programs and processes?
  • What program allows you to monitor the four primary systems that affect the overall system performance?


1. use the create custom view, check this out around 5 minitues in

2. The video listed above also talks about the forwarded events from other servers and setting up event forwarders.

3. Im not really sure what they mean by this. Is this changes to the system or like change log of what was installed, that’s under event viewer.

4. task manager?

5. resource monitor


Lab manual ch. 2

Felt a spot sluggish today (my best english accent while typing) so im getting started on chapter two a later than I wanted to today. Any way
guess I could get to typing.

Mindset question: What factors must you consider when deciding which server to place the WSUS on?

Answer: This is going to vary based on the size of your infrastructure but it probably shouldn’t be the same as your DHCP or DNS servers. A storage server
could be a possibility depending upon how often its utilized and the times that you are doing updates, which will most likely be late at night and
in that case a storage server should be ok. That said im honestly not experienced enough as an admin to be able to say the most practical solution.

Question 1.: What does the %windir% folder represent?

Answer: Honestly no clue, going to have to google this which is exactly why im doing this. Apparently its a black metal band from norway? that
wont help me when talking to a computer…ok so apparent this is what is, (not going to link it use google) variable for the windows path so its just a
‘shortcut’ to C:\windows or wherever you installed windows.

Question 2.: What option would you pick to store the database on a dedicated SQL server?

Answer: so this is talking about WSUS and there is clearly an option labeled database.

Mindset question: After the WSUS server has been installed, in needs to be configured so that it knows where to get the updates from and what
to download. If you where getting updates from the Windows update, what would you need to configure, similarly as you configure internet explorer to access
the microsoft update website?

Answer: After watching a few youtube videos im only slightly confused by this. The only place that you can select are msft and another server
within your network. The only thing that could possibly require configuring is your firefwall to concact msft servers for a list of sites that
a WSUS needs to concact check here. For more
information on an exact configuration I found this video to be helpful.

Question 3.: After syncchroizing from another WSUS server, what default port is used?

Answer: This kind of tricky question but I did find this:

Configure the firewall to allow communication for the HTTP and HTTPS ports used by the WSUS server. By default, a
WSUS server that is configured for the default Web site uses port 80 for HTTP and port 443 for HTTPS. By default, the WSUS server
uses port 8530 for HTTP and port 8531 for HTTPS if it is using the WSUS custom Web site.

Mindset Question: You have hundreds of clients that need to get windows updates. Rather than configure each computer one-by-one,
what would be the easiest way to configure all of the computers so that the computers will get the windows updates that you specify?

Answer: Create a gp, see the video

Question 4.: If you don’t use group polices to configure client to use WSUS how would you configure the system?

Answer: Manually configure the clients individually to point to your wsus server as the windows update server. For info on how to do this
click here.

Mindset question: The WSUS server has been configured and the clients have been configured to get updates from the WSUS server. before you approve updates
what should you do first?

Answer: test them on a few clients to make sure they dont mess up proprietary software or any thing that’s critical to user job functions.

The last thing in this chapter asks to describe at a high level the steps needed to run WSUS reports. I think we should be able to find this on
youtube or technet becuase I honestly have no idea how to do this. oh wow, this is an hour and a half. I hope its interesting.

This appears to be the same thing only shorter, TechNet.

that doesnt exactly paraphrase does it? It looks like your going to need SQL, and report viewer and then your going to need to configure the
re|ports. The guy in the video goes into some serious depth. Hopefully I will watch it at some point today.

Any way there are also the lab review questions:

    lab review questions

  1. What are the two types of databases that WSUS supports?
  2. Where two sources can a WSUS server get updates from?
  3. In WSUS, how do you specify which computers get updates?
  4. What is the easiest way to configure the clients to use a WSUS server?
  5. By default what is the HTTP and the HTTPS url for WSUS?

1. SQL and WID

2. another WSUS server or msft

3. this is done via GP, you can specify which applications get updates in WSUS and enable client side targeting, maybe this is helpful
client side targeting.

4. GP

5. port 8530 for HTTP and 8531 for HTTPS


Lab manual is cool ch.1

Working on a book today, got a few new ones and i’m feeling inspired by them and also realizing there are a whole bunch of procedural things in lab manuals that I don’t know. I bought the 411 one and started realizing that it was useful and that I was kind of foolish not to get the one for the 410 and at least work through what I can in this format because its probably just as helpful as actually clicking through things on a server build. I realize for continuity’s sake I should probably keep going with the the 411 measureup questions but im kind of digging reading these books at the moment so Ill get back to those eventually but for now im going to work through two books while I await the arrival of another one then probably order the 410 lab manual to work through as well. I think this should get me my last 50 points for the 410 and then I can say im certified on server. Im not sure if I will go back and do a client cert after that to be more marketable in the sense of saying I have a current client and server cert or if I will try for the 411. I guess it depends on what my finances are looking like and what sort of chaos is going on my existance.

So this lab book has what they call “mindest questions” and lab questions so im just going to label both as such and type them out and find answers for the the best I can.

Mindset question: If you have a network infrastructure in place including a domain controller a DNS server and a DHCP server, what are the general steps that you need to perform more before you deploy windows using WDS (Note: why are they not talking about SCCM)?

Answer: First of all your probably going to be installing SCCM to use as a deployment tool so lets find a video about that. WDS still needs to be installed and configured but its still an important note. This TechNet article could also be useful in answering this question but the video is amazing. Glad I found this in the book and discovered this little gem.

Question 1.: What is the default path for the remote installation folder [for WDS]

Answer: I think if you were working through this on a server it would be obvious what the path was however Im not and I have to do some research which isnt always a bad thing So here it appears that we have to configure it but in some older info it looks like it comes preconfigured as C:\RemoteInstall. Without actually walking through this process im not sure but the paired technet resource is very helpful.

Question 2.: Why is the default location not recommended.

Answer: I have no clue this isn’t really listed anywhere and I cant find answers in this book. I would think that using a root directory in most cases would be less than ideal though.

Question 3.: What drive letter was the ISO file mounted to?

Answer: again doing my best with limited resources here but I have no way to find out this info unless there is a youtube tutorial with this lab

This video has nothing to do with the question at hand but it is something ive been looking for none the less, capturing a deployable image

Question 4.: What is the boot image based on?

Answer: The instructions say to browse to the sources folder instead of using a custom WIM file so I can only assume its just a standard install file. Is that what they are asking. It would be nice if there were answers but you know Im kind of into mysterious things and im usually ok at finding answers.

Mindset question: [this is moving into creating an answer file which ive come to question the current necessity of due to vary reasons] So far, you have installed and configured WDS However, right now, the WDS server will only allow you to install Windows remotely just as if you booted from the Windows Server 2012 installation disk What do you need to do to automate the installation?

Answer:I mean I think the answer is create an answer file however when watching vidoes of installs on Hyper-V using this tech it seems fairly automated as is.
Creating an answer file is still confusing to me becuase do I have to deploy it to each machine to a specific location and is there a tool that can do this automatically and how often does it actually work? It seems like a neat trick but im not sure of its viability.  This is helpful when walking through the next few questions.

Question: What are the two ways to create or modify an unattended XML file?

Answer: Check the previously linked TechNet article and it says Windows System Image Manager and this is using the Windows assessment and deployment
kit so im assuming those are the two ways to create an answer file? Again not 100% certain as this book has no answer key.

Mindset: You need to update a Windows Image with a critical patch. What are the general steps to add the patch to the Windows image?

Answer:The answer is outlined in steps but injecting drivers might be an important note here so let’s see if we can find both on youtube.

this one has just basic files and folders but its a helpful point of reference.

This is injecting drivers, hopefully its accurate.

this one is patching using DISM, this is actually really good.

Lab review questions

  1. What program did you use to install WDS?
  2. What two images did you have to add to the WDS server to handle the Windows installation?
  3. What program did you use to create the unattend file?
  4. What program should you use to verify a unattend file?
  5. How was the Windows System image Manager installed?
  6. What two places did you have to define an unattend file?
  7. What program did you use to modify a Windows image?

So the answers to these kind of go beyond the book which is good becuase every thing is testable.

Lab review questions

  1. Server manager?
  2. It looks like its only using the serverstandard wim from a sources folder and it mentions a windows 8 file but im not sure its a bootable image.
  3. There are two that you can use Windows ADK is what they are using and as previously mentioned Windows System Image Manager.
  4. System image manager is what you use to validate the answer file.
  5. Its part of winPE
  6. In WDS (not sure how this applies to SCCM) is the only place that I can find
  7. DISM

Thats it for chapter 1 hopefully tomorrow I can do chapter 2.


some useless reminders and some good stuff

Some of these today are actually very complicated confident reminders that people that pass this exam are expected to be experts on all sorts of technology they may not even be fully aware of. Im kind of excited by this notion but im reminded that that my capacity for studying some of these technologies is limited by my access to resources (being a copy of server or a live environment) which is kind of cool cause I feel like rocky in that one movie where he’s training to fight the russian dude.

This question is a bit confusing and it feels like there could be a better process for this and im not entirely certain I understand the idea. How does a user create a certificate that follows him that has nothing to do with AD? It just feels sketchy for some reason and like someone justfigured out that it randomly worked.

 photo 2016-07-12 6_zpsuhzldfcz.png

 photo 2016-07-12 7_zpsatnow4nq.png

 photo 2016-07-12 8_zps3ha7cpcn.png


This is confusing because it seems like the question is giving a definition while expecting an identification of the definition or its just too complicated. A PSO is my first guess becuase it seems logical however in order to understand the question you have to know the answer of each one.  There’s not much that I could possibly discover about this from books, google or youtube because its fairly obscure info.

 photo 2016-07-12 4_zpsdvgsu6hn.png

 photo 2016-07-12 5_zps1uxsgwq4.png


This is getting complicated. I’m honestly confused by radius stuff and i’m really hoping that books can clear up some of this for me. I don’t for see it being on the 70-410 but still understanding the fundamental principles could help me understand other things. Any way, I found this video to be somewhat helpful.

 photo 2016-07-12 14_zpsvro4bceq.png

 photo 2016-07-12 15_zps4xhuthen.png

 photo 2016-07-12 16_zpsjeuhi3gz.png


This is a freindly reminder of how deep the rabbit hole can go when considering testing.

 photo 2016-07-12_zpsapwyfgwu.png

 photo 2016-07-12 1_zpsvsgavtg1.png

This one isnt too complicated, just basic configuration stuff. Perhaps a knowledge of this direct access tech but the description in the answer should be enough.

 photo 2016-07-12 11_zpsk2wldsec.png

 photo 2016-07-12 12_zps1yrlg9td.png

 photo 2016-07-12 13_zpsvdzwool8.png


This is one is hard to understand the idea you they are trying to convey but once I understood that the machine was offline and the network was not connected to the outside internet you start to understand this subnet is setup to utilize the old fashioned sneaker network which requires exporting and importing.

 photo 2016-07-12 2_zpsevxnalny.png

 photo 2016-07-12 3_zps0guup1is.png


This is that good stuff that I do like. Thank you for posting this.

 photo 2016-07-12 9_zpsoovpbffp.png

 photo 2016-07-12 10_zpsipy9n4lb.png


Lots of ideas, not so many words

Kind of excited this morning. Going to find out how often I can get free measureup tests and possibly order books for the 70-411 based on the answer. When I was younger I really wanted to get heavily involved in call center ops and that actually worked out however my life kind of fell apart as things started to get going. Maybe if I with a little luck I can eventually get an systems admin job and that I feel like would be a long term sustainable job that would really be an amazing adventure. For now the only thing to do is to keep plugging away at studying. Im realizing that after going through the 70-410 so extensively a whole lot of these questions are basically the same material and not much more complicated so I dont have as much to really go in depth on. Im really learning my stuff about server and its quite exiting. I really do love this stuff so much so that I have 3 new books on the way that are all about the 70-411 but should have some questions in them that I can use for blogging. I have a feeling that that the text will be mostly redundant
reading at this point.

The first question is about using encrypted file system and DFS. The obvious answer to this that that EFS does not work with DFS. IT clearly states in the answer that encrypted files are not replicated.

 photo 2016-07-09_zpsjcsoa6nr.png

 photo 2016-07-09 1_zps7yita0sb.png


I actually found this some what confusing. I actually said use from the full back-up as opposed to the system state backup because a system state backup to me seems like a lot of unneeded process info that could take longer but as I have never done either one in practice I have no idea of the length of time that either would take. So any way they want you to say do a system state backup, non-authoritative seems obvious as new records could have been created.

 photo 2016-07-09 4_zpshqwkjppo.png

 photo 2016-07-09 5_zpswleutikf.png


This is one of those weird one off type questions that unless your a really experienced admin you will possibly miss it but once you know the answer its really easy to remember to click the second tab for this type of specific info when configuring a NAP pol.

 photo 2016-07-09 12_zpsvhauy3cv.png

 photo 2016-07-09 13_zpsecgja24f.png

 photo 2016-07-09 14_zpsrwa1oswo.png


I had no trouble with this at all. Configuring a GPO is literally the only option for client side config of a NAP.

 photo 2016-07-09 8_zpsrnvvtcpr.png

 photo 2016-07-09 9_zpsnxszdbfd.png


This one I got wrong because it seems complex enough to demand the use of PS (it doesn’t) and is a great example of where I think this product could be improved with videos.  Im coming away from this question with having no idea of how to actually do this and youtube cant help with this obscure of a question but if I had a copy of server and a machine that could run it I could create a video for this.

 photo 2016-07-09 2_zpsaebmsthx.png

 photo 2016-07-09 3_zpsewfylsir.png

Im actually not exactly sure what a RAIDUS server does so I guess I should start there before I start trying to fill in the blanks. Apparently its a type of VPN access to networks, which is kind of what I was thinking however I was thinking the answer was an authorization pol which is incorrect as the con request pol allows you to get a little more detailed.

 photo 2016-07-09 10_zpsau2tyu0o.png

 photo 2016-07-09 11_zps0n0jdnnx.png


I found this to be a little odd but I understood what they were trying to communicate and came up with the right answer. You don’t want actual NLB but you want a little bit of equal distro going on.

 photo 2016-07-09 6_zpsqnpwpcc6.png

 photo 2016-07-09 7_zpsrokc1pqw.png


one day im going to pass this test

I guess im writing less text these days because Im conceptually starting to understand things a little better. The 70-411 questions are a little more in depth but the general knowledge base of questions still seems to be the same. I doubt I will have this bank of questions done before I go back to class but I should have a good chunk of it done which should lead to a better understanding of what’s demonstrated in class. It seems like almost an impossibility to get that last 50 points but it might just be doable. We will see how it goes. Then it still seems like a long shot with a certification of finding some kind of employment but the best I can do is try at this point in time. Hope for the best and trust that society rewards those that work hard. However I do have to say im getting a great deal of satisfaction out of what im doing and realizing that im extremely fortunate to have this opportunity as a job at a kroger or something like that seems to be off the table.

The first question is about proper addressing in what im going to refer to (probably incorrectly) as a domain PS line to find a specific OU when using ADSI to create a rule. Im glad that they include a little of this as its generally over my head and it seems like its some thing best left for programmers but given that it could still be around when im of a level of understanding thats good enough enough to use it I would love to learn it. I dont really care why we are not creating a GPO and using ADSI instead but the naming conventions should stay universal if using a command line style format. Canonical name (nice bible reference there msft), org unit, dc, dc.

 photo 2016-07-05 11_zpsnswy6tcu.png

Exhibits are rarely helpful and while im on unfamiliar territory im pretty sure this is still the case here.

 photo 2016-07-05 10_zpsd5lryfoo.png

 photo 2016-07-05 12_zpsv6gfj5zo.png

However the answer is actually extremely helpful. Just wish measureup provided links to videos in some cases or made them.


This one is a little different and a good reminder of just what NTDSUTIL can be used for. The PS string is also a nice reference.

 photo 2016-07-05 4_zpszm4s3ez9.png

 photo 2016-07-05 5_zpsd1e2w4j5.png

I would absolutely love to see a WSUS server and updates in the field. Ive had the opportunity to see some really cool stuff in practice lately but this is one of things I want to know more about in an “in practice” setting. Im so thankful for the opportunities ive had so far but seeing this would be really neat. Im not sure how to do this but there are a few youtube videos on the subject, assuming its probably a good idea to check with some of those. I suppose its an important note that IIS must be installed before you can have WSUS (pronounced w-sus)

I found this one kind of helpful but there is a plethora of videos on this topic with varying degrees of relevance.

 photo 2016-07-05 6_zpsanlnwnk4.png

 photo 2016-07-05 7_zpsujz1szi5.png

Not a whole lot to talk about here other than the basic question of how do I set up a data collector set. Is this different from establishing one in permon on a client machine? Can I assume that this is getting the same info and can I set this up on one machine and monitor another machine? Im going to say probably but im not sure how to do it off the top of my head.

For not im going to assume that we are doing this locally on one server and that it works like this.

 photo 2016-07-05_zps66exikp1.png

 photo 2016-07-05 1_zps8cgyydea.png


This one is interesting because there are a whole lot of ways to create file shares and as in this case audit file shares. Turns out it this case its the simple method and they do a surprisingly good job of explaining the other options in the answers. However I still don’t know specific examples for expression based auditing. Im sure ill figure it out eventually though.

 photo 2016-07-05 8_zpsoqizdwgb.png

 photo 2016-07-05 9_zpsqzlc8vjk.png

And as usual TechNet has some what of an answer available for us. So according to that expression based should be dealing with something involving read/write but I would love to see a targeted question just so I could clear up for myself exactly what it is.

This question seems tricky but if you have any experience even using these sorts of technologies the answer becomes apparent.

 photo 2016-07-05 2_zpszgrdw8nu.png

 photo 2016-07-05 3_zpsr3lhumnu.png


Well if two is a replica then it should replicate so that only leaves two answers and deferred wouldn’t have anything to do with bandwidth.

 photo 2016-07-05 13_zpsfvrdaabh.png

 photo 2016-07-05 14_zpsih0yrrhc.png


specifics what?

So im starting to feel like I sort of know what Im doing with server and kind of debate some of these answers as well as debate the relevance of why they are asking the questions they ask. In this set of questions there is one thats such an absurdly specific reminder
of why these tests are so hard, they can ask you literally anything from a huge knowledge base of almost random things. Stuff that you would for sure use google for as opposed to actually having it memorized. I think the point of asking those questions is a reminder that this is really really hard. Its also really really fun if you enjoy challenging things. Fortunately I do.

This first bitlocker question is really cool, I realize that cool might be a bit of a stretch for some people so perhaps interesting would be a better word. So anyway there’s a BDE key issue, what do you do? We are obviously working from the standpoint that the computer is
currently up and running and that the HD hasnt been removed. The two answers I honestly didnt know before hand but are fairly simple. I would have assumed that there was a snap in for this but given that i dont personally have any BDE machines I couldn’t try it. The PS command is just remembering I suppose. It does make me wonder about current process for enterprise BDE key man. I also think BDE is generally worthless for
individuals unless you’re paranoid or doing something illegal. I know I pull hds from old machines and reference data on new builds. It might not be best practice but its easier than transferring data.

 photo 2016-07-01 20_zpsj2xyjkoe.png

 photo 2016-07-04_zpsfxs9i7no.png

 photo 2016-07-01 21_zps6dsvjnhe.png

This one we kind of discussed in the last post. So you can restore AD account objects through tombstones but you loose some specific data that’s included with them such as what groups the account is a member of. In this case they are suggesting that an authoritative restore is the way to go but my question is where is that restore launched from as they don’t seem to be providing that information. Im not certain that its
absolutely necessary but to know that I guess from any DC that has the back up on it? Im realizing I could know more about this so perhaps its good to watch a video on an authoritative restore? Also once you do this does it replicate to your forest without additional configuration? I feel like thats something that I should know.

Going to start with this recent video:

So one min into this we can see that this guy is suggesting its a good idea to do a force replication. Theres a lot going on here a lot of talk Im feeling like its a good idea to watch this one more than once becuase im not absolutely certain as to what hes doing at times. Anyway, here is the question:

 photo 2016-07-01 22_zpsskmhw5nu.png

 photo 2016-07-01 23_zpsppssbquo.png

 photo 2016-07-01 24_zpsgggy2wn4.png

Easy enough, no gMSA if your not on 2012.

 photo 2016-07-01 14_zpsox9twghs.png

 photo 2016-07-01 15_zpsjjhhqnae.png


This one is not overly confusing just make a group and apply a PSO as long as your on 08 or better at the forest level. The only thing that can be confusing is the number of options. They make it seem more complicated than it is.

 photo 2016-07-01 10_zpswxtapg8p.png

 photo 2016-07-01 11_zps8xtmbaur.png

 photo 2016-07-01 12_zps36vxxmmn.png

Again not much to talk about here, just another locational concept to remember that probably won’t be on the test but more information is better right? You honestly could see something similar though and the domain concept could be important but then we would need to know when to use the .com for the dom and when not to.

 photo 2016-07-01 8_zps7q8eqmeg.png

 photo 2016-07-04 1_zpsubuvd3gb.png

 photo 2016-07-01 9_zpsvtidncyk.png


This one is just weird, I have no idea what RDC is nor do I think I would find really solid readily available information on it nor do I think its more important than the discussion of SCCM. honestly WTF?

 photo 2016-07-01 16_zpspaqjca6i.png

 photo 2016-07-01 17_zpsoofcbhyt.png

This is the absurdly specific info that I was talking about having to use google for in the intro. I refuse to use brain space to memorize this at this point. Honestly maybe once I was better with the basics, like I completely understood how and why to do an authoritative restore then I would consider it.

 photo 2016-07-01 18_zpswaxkawii.png

 photo 2016-07-01 19_zpsc3nqaylz.png

I had to crop it weird becuase of the crazy long info on version types.


Blog at

Up ↑