|
 |
Your MCSA/MCSE Lab
Your company is not keen on you honing your IT skills on its
WAN for good reason. Building a lab is the next best thing. Here's
how. by Andy Barkl
December 2003 - Obtaining an MCSA or MCSE certification can be
an expensive investment in time and materials, so some people choose
the self-study route to save money on training costs. For the lucky
few who work in IT and have access to hardware and software or are
able to use a portion of the network for honing their skills, the
savings there can also be tremendous. If you're not so lucky, hands-on
experience is still within reachit requires you to make a small
outlay for a two-machine lab set-up and evaluation software to simulate
a complex Windows network.
In this article, I help you plan, design and install your own MCSA/MCSE
lab by suggesting hardware and software, setup, guides and scenarios.
First, the Hardware and Software
For most scenarios that you'll encounter in the exams, your lab
set-up should haveat minimutwo or more computers with network interface
cards and a crossover network cable. If you have one, you can replace
the crossover cable with a small network hub. On the software side,
for most of the newer exams you'll need a copy of Windows XP Professional
and a copy of Windows Server 2003. This also means that your computers
should have at least the minimum required RAM that Microsoft specifies.
I recommend that you also get a copy of VMWare, the virtual machine
software that you can use to simulate a network of machines; with
this in mind, you should load your machines with at least 512MB
of RAM. This setup will give you enough to simulate and troubleshoot
multiple client and server configurations. (If you prefer, in place
of VMWare you can use Microsoft's Virtual Server. Obtain the beta
version by joining BetaPlace, which allows you to download an evaluation
kit: http://www.microsoft.com/windowsserver2003/evaluation/trial/
virtualserver.mspx.)
If you prefer to install the software in a multi-boot configuration,
be sure to install Windows XP Professional before you install Windows
Server. This will require that you restart each computer to switch
between client and server operating systems and can be time consuming
and cumbersome. Rather than go through that hassle, get VMWare.
It will allow you to create and run simultaneous virtual machines.
The latest version 4, also allows for multiple virtual drives to
support your lab's clustering scenarios.
You should eventually buy copies of the software, but if your budget
doesn't allow it right now, you can get by with the 180-day evaluation
version of Windows Server 2003; it's available at http://www.microsoft.com/windowsserver2003/evaluation/trial/
default.mspx.
VMWare Workstation 4 is also available for free via a 45-day evaluation
version at http://www.vmware.com/landing/ws4_home.html.
I don't know of any ways to obtain a free evaluation copy of Windows
XP Professional (none of the Microsoft Press exam guides offer an
evaluation version), so here's where you'll have to dip into your
piggy bank. Be sure you get the Professional versionthe Home Edition
doesn't support joining a Windows domain and you'll need that capability.
Test Your Skills Beyond Two Computers
The canned labs that you'll find in most self-study guides, such
as the ones from Microsoft Press, typically involve two computers.
They are laid out with step-by-step instructions for successful
completion and can be a good primer. To explore more complex scenarios,
I recommend you create your own lab scenarios. One way to do this
is use the "How To" articles on Microsoft TechNet:
Another great resource for creating lab scenarios can be found
in the "Top 10 Things to Study" list that I've provided in each
of the reviews I've written for the new MCSA/MCSE on Windows 2003
exams.
From the 70-290 Exam (click
here to read review):
-
Configure and troubleshoot shared folders permissions again,
and again and again. Create different scenarios for your family
and friends group accounts. Be the network administrator!
-
Configure Volume Shadow Copy Service on your server and don't
turn it off. (This has got to be one of the coolest new features
of Windows Server 2003!) Load the client component and restore
previously deleted files.
-
Run Automated System Recovery, even if you don't want to simulate
a dead server. Be sure to follow the steps I outline in the
main article and in the help files.
-
Download and install Software Update Services on your server.
Download the latest Windows updates and configure the client
to use your SUS server.
-
Run server backups if only to a file as the destination. Just
as important, restore the backups and verify EFS, compression
and NTFS permissions remain the same.
-
Create and assign permissions to printer users and change them
for fun! Find out what happens when you stop the printer spooler
service.
-
Create a few group policies and explore the different computer
and user settings available. Link a GPO to a parent OU and view
the results of computer and user accounts changes within child
OUs with and without Block Policy Inheritance and No Override.
-
Create user accounts in Active Directory for your family and
friends. Add them to groups and log on with their accounts from
a client or a second server. Change group scope and membership,
practice using the AGUDLP.
-
Configure inheritance and inheritance blocking with AD objects.
Set permissions and view their effects when accessed by different
family members and friends. Configure and recover RAID arrays. Get at least three small
hard drives and create a stripe, mirror and stripe set with
parity configuration. Disconnect one of the RAID 1 or 5 drives
and reconnect for a recovery scenario. Watch how Windows 2003
behaves and the warning and error messages it displays.
Lab extras you'll need to perform these scenarios:
These scenarios from the 70-291 exam (click
here to read review) include working with RRAS, Certificate
Services, IAS, ISA, DHCP and Event Viewer:
-
Enable RRAS on your server. Practice configuring and managing
dialup and VPN connections. Using a null-modem cable and a crossover
network cable, you can easily simulate remote-dialup and VPN
connections.
-
Deploy and distributing Certificate Services computer and user
certificates. Install a CA, issue certificates to computers
and users and publish them to AD while you're there.
-
Install, configure and manage all DNS zone types. You need
to practice creating, managing and maintaining AD anyhow-create
the DNS zones manually and understand how each is used. Practice
troubleshooting problems!
-
Understand and configure DNS conditional forwarding. Practice
this one in conjunction with #3 and configure one of your servers
using conditional forwarding.
-
Practice subnetting and understand IP addressing. You'll need
to know subnetting for this exam and how to recognize addressing
misconfigurations. Haven't you put it off long enough?
-
Install and configure IAS with RRAS. This is not a difficult
task and you'll be happy you mastered it for this exam.
-
Install and configure ISA Server. You can download an evaluation
copy for free. Even if you don't need Microsoft's proxy and
firewall server on your network, understanding the basics of
ISA Server is a must for this exam.
-
Create and manage DHCP scopes and options. Creating a scope
is an easy task, but do you really understand DHCP servers and
how to maintain them? Configure one of your servers as a router
and place a server and client on opposite segments to learn
about relay agents and DHCP server management.
-
Use and understand the capabilities of Network Monitor. This
can be boring for some, but after the initial pain, analyzing
network packets can be fun! Learn how to use this tool if nothing
else. Use and understand Event Viewer and System Monitor. Easy enough
but do you really understand how to use these tools to their fullest?
Hands-on and help files will get you through.
For these scenarios, make sure to download ISA server: http://www.microsoft.com/isaserver/evaluation/trial/
default.asp.
The next set of 10 comes from the 70-293 exam (click
here to read review) will test your expertise on PKI,
IPSec, NLB, clustering, Security Templates and TCP/IP Troubleshooting:
-
Deploy a Certificate Authority hierarchy and work with PKI.
You can use VMware if you don't have multiple servers for this.
Issue, publish and distribute certificates for EFS and IPSec.
Learn how auto-enrollment works.
-
Configure and deploy IPSec policies using the logging and planning
modes of RSoP.
-
You're going to need to know network load balancing inside
and out. Read everything you can get your hands on and practice
with the product.
-
Work with Cluster Server. You can download an evaluation copy
of Windows Server 2003 Enterprise edition at http://www.microsoft.com/windowsserver2003/evaluation/
trial/evalkit.mspx and you'll also need VMware ESX here.
What are you waiting for? Clustering technology is cool!
-
Deploy and view the results of the sample security templates
included with the Windows Server 2003 Security Guide. Practice
makes perfect!
-
Use all the TCP/IP troubleshooting tools. Ping, tracert, IPconfig,
netsh and Network Monitor are the tools of the trade. Use them
on a daily basis and become a more effective troubleshooter.
-
Configure, break and fix DNS. Have you made it this far without
feeling 100 percent comfortable with DNS? Don't sell yourself
short-every good network person knows DNS.
-
Run Automated System Recovery and restore a server even if
it's not broken.
-
Choose a favorite method for remembering the six possible steps
for both NetBIOS and host name resolution. made sure you know
how to subnet in your head so this small detail doesn't get
in the way of the bigger picture.
Except for the downloads in step 4, you don't need anything extra
to perform these tasks. But be sure to use the security templates
as suggested from the Windows Server 2003 Security Guide.
The final set of 10 lab scenarios comes from the 70-294 MCSE exam
review (click
here to read it); GPMC, RSoP, Forest Trust Relationships,
Site Links and Bridgehead servers, UG caching and Replmon.
-
Plan, deploy and manage Group Policies with GPMC and RSoP.
You'll need to download the GPMC add-on for Windows Server 2003
and practice, practice, practice.
-
Plan, deploy and manage forests, domains and OUs. Even with
only one server, you can still perform all the necessary planning,
deployment and management you'll need to master in this topic.
-
Create and manage inter and intra-forest trust relationships.
With at least two servers or VMWare, you can create multiple
forests and trust relationships.
-
Troubleshoot AD. There's no easy way to master troubleshooting
so try anything you can think of in your lab to get experience.
the TechNet article, "Active Directory in Windows 2003" (click
here to read it) and understand the possible errors
diagramed in the flowcharts.
-
Create and configure Group Policies. This is easy enough if
you spend the time and understand what's required. There are
over 200 new GPO settings available in Windows Server 2003.
With the new Group Policy Management Console, this is easier
to understand than it was with Windows 2000.
-
Configure sites, links, bridgehead servers and cost. With at
least two servers or VMware, you can configure sites, links,
bridgehead servers and replication cost values even if you don't
have separate network segments. With the ADSS snap-in, this
becomes easier the more you practice.
-
Raise the functional level of a forest and domain. This is
something you'll really want to dig into, as it can be complicated.
Using either the ADUC or ADDT snap-in, right-click the domain
and select Raise Domain Functionality.
-
Enable universal group caching on a DC. This is an easy task
but a new feature, so be sure to try it at least once. Using
the ADSS snap-in, right-click the server's NTDS settings and
select Enable Universal Group Membership Caching.
-
Explore all the reporting features found in Replmon. Load the
support tools from the CD and explore this invaluable tool even
if you don't have a complex AD lab. Check the Server Properties
option while you're there.
-
Understand the modes of RSoP and when they're most useful.
This exam topic is present in the 70-293 exam so it's time to
get a handle on all that RSoP offers if you don't already have
one. Use the planning and logging modes against your newly created
GPOs from # 1 above.
For these tasks, download the Group Policy Management Console add-on
for Windows Server 2003: http://www.microsoft.com/downloads/details.aspx?
FamilyId=F39E9D60-7E41-4947-82F5-3330F37ADFEB&displaylang=en
and the Domain Rename tools here; http://www.microsoft.com/windowsserver2003/downloads/
domainrename.mspx.
Formula for Success
When you run into a snag during your scenarios, practice your troubleshooting
research skills by referring to http://support.microsoft.com/
and http://www.microsoft.com/technet.
In your MCSA/MCSE lab, you've learned many things about Windows
Server 2003. You'll feel more confident on the exams, and you'll
be better prepared to deploy, support, administer, maintain and
troubleshoot Windows. 
Andy Barkl, MCSE, MCSE: Security, MCSA, MCSA: Security, MCT,
CCNP, CCDP, CISSP, has more than 19 years of experience in the
IT field. He's the owner of MCT & Associates LLC, a technical
training and consulting firm in Phoenix. He spends much of his
time in the classroom but has also been responsible for Windows,
Exchange and Cisco networking deployments for many clients across
Arizona. He's also the online editor for MCPMag.com, TCPMag.com,
CertCities.com, and a contributing author and editor for Sybex
and Cisco Press. He hosts a multitude of exam preparation chats
monthly on MCPmag.com. You can contact Andy about "Your MCSA/MCSE
Lab" at mailto:andy.barkl@wetrainit.com?Subject=Your
MCSA/MCSE Lab.
|
