Windows Group Policy Interview Questions and Answer

Windows Group Policy Interview Questions and Answer

What is group policy in active directory ? What are Group Policy objects (GPOs)?
Group Policy objects, other than the local Group Policy object, are virtual objects. The policy setting information of a GPO is actually stored in two locations: the Group Policy container and the Group Policy template.

The Group Policy container is an Active Directory container that stores GPO properties, including information on version, GPO status, and a list of components that have settings in the GPO.

The Group Policy template is a folder structure within the file system that stores Administrative Template-based policies, security settings, script files, and information regarding applications that are available for Group Policy Software Installation.
The Group Policy template is located in the system volume folder (Sysvol) in the \Policies subfolder for its domain.

What is the order in which GPOs are applied ?
Group Policy settings are processed in the following order:
1.Local Group Policy object : Each computer has exactly one Group Policy object that is stored locally. This processes for both computer and user Group Policy processing.

2.Site : Any GPOs that have been linked to the site that the computer belongs to are processed next. Processing is in the order that is specified by the administrator, on the Linked Group Policy Objects tab for the site in Group Policy Management Console (GPMC). The GPO with the lowest link order is processed last, and therefore has the highest precedence.

3.Domain: Processing of multiple domain-linked GPOs is in the order specified by the administrator, on the Linked Group Policy Objects tab for the domain in GPMC. The GPO with the lowest link order is processed last, and therefore has the highest precedence.

4.Organizational units : GPOs that are linked to the organizational unit that is highest in the Active Directory hierarchy are processed first, then POs that are linked to its child organizational unit, and so on. Finally, the GPOs that are linked to the organizational unit that contains the user or computer are processed.

At the level of each organizational unit in the Active Directory hierarchy, one, many, or no GPOs can be linked. If several GPOs are linked to an organizational unit, their processing is in the order that is specified by the administrator, on the Linked Group Policy Objects tab for the organizational unit in GPMC.

The GPO with the lowest link order is processed last, and therefore has the highest precedence.
This order means that the local GPO is processed first, and GPOs that are linked to the organizational unit of which the computer or user is a direct member are processed last, which overwrites settings in the earlier GPOs if there are conflicts. (If there are no conflicts, then the earlier and later settings are merely aggregated.)

How to backup/restore Group Policy objects ? 
Begin the process by logging on to a Windows Server 2008 domain controller, and opening the Group Policy Management console. Now, navigate through the console tree to Group Policy Management | Forest: | Domains | | Group Policy Objects.

When you do, the details pane should display all of the group policy objects that are associated with the domain. In Figure A there are only two group policy objects, but in a production environment you may have many more. The Group Policy Objects container stores all of the group policy objects for the domain.

Now, right-click on the Group Policy Objects container, and choose the Back Up All command from the shortcut menu. When you do, Windows will open the Back Up Group Policy Object dialog box.

As you can see in Figure B, this dialog box requires you to provide the path to which you want to store the backup files. You can either store the backups in a dedicated folder on a local drive, or you can place them in a folder on a mapped network drive. The dialog box also contains a Description field that you can use to provide a description of the backup that you are creating.

You must provide the path to which you want to store your backup of the group policy objects.
To initiate the backup process, just click the Back Up button. When the backup process completes, you should see a dialog box that tells you how many group policy objects were successfully backed up. Click OK to close the dialog box, and you're all done.

When it comes to restoring a backup of any Group Policy Object, you have two options. The first option is to right-click on the Group Policy Object, and choose the Restore From Backup command from the shortcut menu. When you do this, Windows will remove all of the individual settings from the Group Policy Object, and then implement the settings found in the backup.

Your other option is to right-click on the Group Policy Object you want to restore, and choose the Import Settings option. This option works more like a merge than a restore.
Any settings that presently reside within the Group Policy Object are retained unless there is a contradictory settings within the file that is being imported.

You want to standardize the desktop environments (wallpaper, My Documents, Start menu, printers etc.) on the computers in one department. How would you do that? 
go to Start->programs->Administrative tools->Active Directory Users and Computers
Right Click on Domain->click on preoperties
On New windows Click on Group Policy
Select Default Policy->click on Edit
on group Policy console
go to User Configuration->Administrative Template->Start menu and Taskbar
Select each property you want to modify and do the same

What?s the difference between software publishing and assigning?
Assign Users :The software application is advertised when the user logs on. It is installed when the user clicks on the software application icon via the start menu, or accesses a file that has been associated with the software application.

Assign Computers :The software application is advertised and installed when it is safe to do so, such as when the computer is next restarted.

Publish to users : The software application does not appear on the start menu or desktop. This means the user may not know that the software is available. The software application is made available via the Add/Remove Programs option in control panel, or by clicking on a file that has been associated with the application. Published applications do not reinstall themselves in the event of accidental deletion, and it is not possible to publish to computers.

What are administrative templates? 
Administrative Templates are a feature of Group Policy, a Microsoft technology for centralised management of machines and users in an Active Directory environment. Administrative Templates facilitate the management of registry-based policy. An ADM file is used to describe both the user interface presented to the Group Policy administrator and the registry keys that should be updated on the target machines.

An ADM file is a text file with a specific syntax which describes both the interface and the registry values which will be changed if the policy is enabled or disabled.

ADM files are consumed by the Group Policy Object Editor (GPEdit). Windows XP Service Pack 2 shipped with five ADM files (system.adm, inetres.adm, wmplayer.adm, conf.adm and wuau.adm). These are merged into a unified "namespace" in GPEdit and presented to the administrator under the Administrative Templates node (for both machine and user policy).

Can I deploy non-MSI software with GPO?
create the fiile in .zap extension.

Name some GPO settings in the computer and user parts ?
Group Policy Object (GPO) computer=Computer Configuration, User=User ConfigurationName some GPO settings in the computer and user parts.

A user claims he did not receive a GPO, yet his user and computer accounts are in the right OU, and everyone else there gets the GPO. What will you look for? 
make sure user not be member of loopback policy as in loopback policy it doesn't effect user settings only computer policy will applicable. if he is member of gpo filter grp or not?
You may also want to check the computers event logs. If you find event ID 1085 then you may want to download the patch to fix this and reboot the computer.

How frequently is the client policy refreshed ?
 90 minutes give or take.

Where is secedit ?
It’s now gpupdate.

What can be restricted on Windows Server 2003 that wasn’t there in previous products ?
Group Policy in Windows Server 2003 determines a users right to modify network and dial-up TCP/IP properties. Users may be selectively restricted from modifying their IP address and other network configuration parameters.

You want to create a new group policy but do not wish to inherit.
Make sure you check Block inheritance among the options when creating the policy.

How does the Group Policy 'No Override' and 'Block Inheritance' work ?

Group Policies can be applied at multiple levels (Sites, domains, organizational Units) and multiple GP's for each level. Obviously it may be that some policy settings conflict hence the application order of Site - Domain - Organization Unit and within each layer you set order for all defined policies but you may want to force some polices to never be overridden (No Override) and you may want some containers to not inherit settings from a parent container (Block Inheritance).

A good definition of each is as follows:

No Override - This prevents child containers from overriding policies set at higher levels

Block Inheritance - Stops containers inheriting policies from parent containers

No Override takes precedence over Block Inheritance so if a child container has Block Inheritance set but on the parent a group policy has No Override set then it will get applied.

Also the highest No Override takes precedence over lower No Override's set.

To block inheritance perform the following:

1. Start the Active Directory Users and Computer snap-in (Start - Programs - Administrative Tools - Active Directory Users and Computers)
2. Right click on the container you wish to stop inheriting settings from its parent and select 
3. Select the 'Group Policy' tab
4. Check the 'Block Policy inheritance' option
5. Click Apply then OK

To set a policy to never be overridden perform the following:

1. Start the Active Directory Users and Computer snap-in (Start - - Administrative Tools - Active Directory Users and Computers)
2. Right click on the container you wish to set a Group Policy to not be overridden and select Properties
3. Select the 'Group Policy' tab
4. Click Options
5. Check the 'No Override' option
   
6. Click OK
7. Click Apply then OK

SharePoint Interview Questions with Answers part 2

SharePoint Interview Questions with Answers part 2

Q.What are the features of the new Content management in Office SharePoint 2007?


Ans: The new and enhanced content management features in Office SharePoint Server 2007 fall within three areas:

* Document management

* Records management.

* Web content managementOffice SharePoint Server 2007 builds on the core document management functionality providedby Windows SharePoint Services 3.0, including check in and check out, versioning, metadata, and role-based granular access controls. Organizations can use this functionality to deliver enhancedauthoring, business document processing, Web content management and publishing, recordsmanagement, policy management, and support for multilingual publishing.

Q.Does a SharePoint Web site include search functionality?

Ans: Yes. SharePoint Team Services provides a powerful text-based search feature that helps you finddocuments and information fast.

Q.What are the benefits of Microsoft Office SharePoint Server 2007?

Ans: * Provide a simple, familiar, and consistent user experience.* Boost employee productivity by simplifying everyday business activities.* Help meet regulatory requirements through comprehensive control over content.* Effectively manage and repurpose content to gain increased business value.* Simplify organization-wide access to both structured and unstructured information acrossdisparate systems.* Connect people with information and expertise.* Accelerate shared business processes across organizational boundaries.* Share business data without divulging sensitive information.* Enable people to make better-informed decisions by presenting business-critical information inone central location.* Provide a single, integrated platform to manage intranet, extranet, and Internet applicationsacross the enterprise.

Q.Will SharePoint Portal Server and Team Services ever merge?

Ans: The products will come together because they are both developed by the Office team.

Q.What does partial trust mean the Web Part developer?

Ans: If an assembly is installed into the BIN directory, the code must be ensured that provides errorhandling in the event that required permissions are not available. Otherwise, unhandled securityexceptions may cause the Web Part to fail and may affect page rendering on the page where theWeb Part appears.

Q.How can I raise the trust level for assemblies installed in the BIN directory?

Ans: Windows SharePoint Services can use any of the following three options from ASP.NET and the CLR to provide assemblies installed in the BIN directory with sufficient permissions. The following table outlines the implications and requirements for each option.

1.Option Pros Cons Increase the trust level for the entire virtual server.

In a development environment,increasing the trust level allows you to test an assembly with increased permissions while allowing you to recompile assemblies directly into the BIN directory without resetting IIS. This option is least secure. This option affects all assemblies used by the virtual server.There is no guarantee the destination server has the required trust level. Therefore, Web Parts may not work once installed on the destination server.

2.Create a custom policy file for your assemblies. For more information, see "How do I create acustom policy file?" Recommended approach.This option is most secure.An assembly can operate with a unique policy that meets the minimum permission requirementsfor the assembly.By creating a custom security policy, you can ensure the destination server can run your WebParts.

3.Requires the most configuration of all three options.Install your assemblies in the GACEasy to implement.This grants Full trust to your assembly without affecting the trust level of assemblies installed inthe BIN directory.This option is less secure.Assemblies installed in the GAC are available to all virtual servers and applications on a serverrunning Windows SharePoint Services. This could represent a potential security risk as itpotentially grants a higher level of permission to your assembly across a larger scope thannecessaryIn a development environment, you must reset IIS every time you recompile assemblies.Licensing issues may arise due to the global availability of your assembly.

Q. Does SharePoint work with NFS?

Ans: Yes and no.

It can crawl documents on an NFS volume, but the sharepoint database or logs cannotbe stored there.

Q.How is SharePoint Portal Server different from the Site Server?

Ans: Site Server has search capabilities but these are more advanced using SharePoint. SPS uses digital dashboard technology which provides a nice interface for creating web parts and showing them ondashboards (pages). SS doesn't have anything as advanced as that. The biggest difference wouldbe SPS document management features which also integrate with web folders and MS Office.

SharePoint Interview Questions with Answers Part 1

SharePoint Interview Questions with Answers

Q. 1 What is the difference between SharePoint Portal Server and Windows SharePoint Services?

Ans: SharePoint Portal Server is the global portal offering features like global navigation and searching.Windows SharePoint Services is more content management based with document libraries andlists. You apply information to certain areas within your portal from windows sharepoint Services or directly to portal areas.

Q2. What is a document library?

Ans: A document library is where you upload your core documents. They consist of a row and columnview with links to the documents. When the document is updated so is the link on your site. Youcan also track metadata on your documents. Metadata would consist of document properties.

Q3. What is a meeting workspace?

Ans: A meeting workspace is a place to store information, attendees, and tasks related to a specificmeeting.

Q4. What is a document workspace?

Ans: Document workspaces consist of information surrounding a single or multiple documents.

Q5. What is the difference between a document library and a form library?

Ans:Document libraries consist of your core documents. An example would be a word document,excel, Powerpoint, visio, pdf, etc… Form libraries consist of XML forms.

Q6. What is a web part zone?

Ans: Web part zones are what your web parts reside in and help categorize your web parts when designing a page.

Q7. How is security managed in SharePoint?

Ans: Security can be handled at the machine,domain, or sharepoint level.

Q8. How are web parts developed?

Ans: Web parts are developed in Visual Studio .Net. VS.Net offers many web part and page templates and can also be downloaded from the Microsoft Site.

Q9. What is a site definition?

Ans: It’s a methods for providing prepackaged site and list content.

Q 10.What is a template?

A template is a pre-defined set of functions or settings that can be used over time. There are manytemplates within SharePoint,Site Templates, Document Templates, Document Library and ListTemplates.

Q11. How do you install web parts?

Ans: Web Parts should be distributed as a .CAB (cabinet) file using the MSI Installer.

Q 12.What is CAML?

Ans: CAML stands for Collaborative Application Markup Language and is an XML-based languagethat is used in Microsoft Windows SharePoint Services to define sites and lists, including, for Eg, fields, views, or forms, but CAML is also used to define tables in the Windows SharePoint Servies database during site provisioning.

Q 13.What is a DWP?

Ans: The file extension of a web part.

Q 14.What is the GAC?

Ans: Global Assembly Cache folder on the server hosting SharePoint. You place your assemblies there for web parts and services to share them.

Q 15.What are the differences between web part page gallery, site gallery,Virtual server galleryand online gallery?

Ans: Web Part Page Gallery is the default gallery that comes installed with SharePoint. Site Gallery isspecific to one site. Virtual Server gallery is specific to that virtual server and online gallery aredownloadable web parts from Microsoft.

Q 16.What is the difference between a site and a web?

Ans: The pages in a web site generally cover one or more topics and are interconnected through hyperlinks. Most Websites have a home page as their starting point. While a Web is simply a blank site with SharePoint functionality built in; meaning you have to create the site from the ground up.

Q17. What is Microsoft Windows SharePoint Services? How is it related to Microsoft OfficeSharePoint Server 2007?

Ans: Windows SharePoint Services is the solution that enables you to create Web site for information sharing and document collaboration. Windows SharePoint Services — a key piece of theinformation worker infrastructure delivered in Microsoft Windows Server 2003 — providesadditional functionality to the Microsoft Office system and other desktop applications, and itserves as a platform for application development.Office SharePoint Server 2007 builds on top of Windows SharePoint Services 3.0 to provideadditional capabilities including collaboration, portal, search,Enterprise content management,business process and forms, and business intelligence.

Q18. Who is Office SharePoint server 2007 designed for?

Ans: Office SharePoint Server 2007 can be used by information workers, IT administrators, and application developers.

Q19. What are the main benefits of Office SharePoint Server 2007?

Ans: Office SharePoint Server 2007 provides a single integrated platform to manage intranet, extranet,and Internetapplications across the enterprise.

* Business users gain greater control over the storage, security, distribution, and management oftheir electronic content, with tools that are easy to use and tightly integrated into familiar,everyday applications.

* Organizations can accelerate shared business processes with customers and partners acrossorganizational boundaries using InfoPath Forms Services–driven solutions.

* Information workers can find information and people efficiently and easily through thefacilitated information-sharing functionality and simplified content publishing. In addition, accessto back-end data is achieved easily through a browser, and views into this data can bepersonalized.

* Administrators have powerful tools at their fingertips that ease deployment, management, and system administration, so they can spend more time on strategic tasks.

* Developers have a rich platform to build a new class of applications, called Office BusinessApplications, that combine powerful developer functionality with the flexibility and ease ofdeployment of Office SharePoint Server 2007. Through the use of out-of-the-box applicationservices, developers can build richer applications with less code.

Q20. What is the difference between Microsoft Office SharePoint Server 2007 for Internet sites and Microsoft Office SharePoint Server 2007?

Ans: Microsoft Office SharePoint Server 2007 for Internet sites and Microsoft Office SharePoint Server2007 have identical feature functionality. While the feature functionality is similar, the usagerights are different.If you are creating an Internet, or Extranet, facing website, it is recommended that you useMicrosoft Office SharePoint Server 2007 for Internet sites which does not require the purchase client access licenses. Websites hosted using an “Internet sites” edition can only be used forInternet facing websites and all content, information, and applications must be accessible to nonemployees.Websites hosted using an “Internet sites” edition cannot be accessed by employees creating, sharing, or collaborating on content which is solely for internal use only, such as an Intranet Portal scenario.

Q21.What suites of the 2007 Microsoft Office system work with Office SharePoint Server 2007?

Ans: Office Outlook 2007 provides bidirectional offline Synchronization with SharePoint documentlibraries, discussion groups, contacts, calendars, and tasks.vabnix.page.tlMicrosoft Office Groove 2007, included as part of Microsoft Office Enterprise 2007, will enablebidirectional offline synchronization with SharePoint document libraries.Features such as the document panel and the ability to publish to Excel Services will only beenabled when using Microsoft Office Professional Plus 2007or Office Enterprise 2007.Excel Services will only work with documents saved in the new Office Excel 2007 file format(XLSX).

Q22. How do I invite users to join a Windows SharePoint Services Site? Is the site secure?

Ans: SharePoint-based Web sites can be password-protected to restrict access to registered users, whoare invited to join via e-mail. In addition, the site administrator can restrict certain members' rolesby assigning different permission levels to view post and edit.

Q23. Can I post any kind of document?

Ans: You can post documents in many formats, including .pdf, .htm and .doc. In addition, if you areusing Microsoft Office XP, you can save documents directly to your Windows SharePointServices site.

Q24. Can I create custom templates?

Ans: Yes you can. You can have templates for business plans, doctor's office, lawyer's office etc.

Q25. How can I make My site public?

Ans: By default, all sites are created private.If you want your site to be a public Web site, enable anonymous access for the entire site. Then you can give out your URL to anybody in yourbusiness card, e-mail or any other marketing material. The URL for your Web site will be:http:// yoursitename.wss.bcentral.comHence, please take special care to name your site.These Web sites are ideal for information and knowledge intensive sites and/or sites where youneed to have shared Web workspace.Remember: Under each parent Web site, you can create up to 10 sub-sites each with uniquepermissions, settings and security rights.

Q26. How do the sub sites work?

Ans: You can create a sub site for various categories.

For example:* Departments - finance, marketing, IT* Products - electrical, mechanical, hydraulics* Projects - Trey Research, Department of Transportation, FDA* Team - Retention team, BPR team* Clients - new clients, old clients* Suppliers - Supplier 1, Supplier 2, Supplier 3* Customers - Customer A, Customer B, Customer C* Real estate - property A, property BThe URLs for each will be, for example:* http://yoursitename.wss.bcentral.com/finance* http://yoursitename.wss.bcentral.com/marketingYou can keep track of permissions for each team separately so that access is restricted whilevabnix.page.tlmaintaining global access to the parent site.

Q27.How do I make my site non-restricted?

Ans: If you want your site to have anonymous access enabled (i.e., you want to treat it like any site onthe Internet that does not ask you to provide a user name and password to see the content of thesite), follow these simple steps:

# Login as an administrator

# Click on site settings

# Click on Go to Site Administration

# Click on Manage anonymous access

# Choose one of the three conditions on what Anonymous users can access:** Entire Web site** Lists and libraries** NothingDefault condition is nothing; your site has restricted access.

The default conditions allow you to create a secure site for your Web site.

Q28. Can I ask users outside of my organization to participate in my Windows SharePointServices site?

Ans: Yes. You can manage this process using the Administration Site Settings. Simply add users via their e-mail alias and assign permissions such as Reader or Contributor.

Q29. Are there any restrictions or requirements for accessing the Windows SharePoint Services?

Ans: No. There are no system or bandwidth limitations for international trial users. Additionallylanguage packs have been installed which allow users to set up sub-webs in languages other thanEnglish. These include: Arabic, Danish, Dutch, Finnish, French, German, Hebrew, Italian,Japanese, Polish, Portuguese (Brazilian), Spanish and Swedish.

Q30. Are there any browser recommendations?

Ans: Yes. Microsoft recommends using the following browsers for viewing and editing WindowsSharePoint Services sites: Microsoft Internet Explorer 5.01 with Service Pack 2, MicrosoftInternet Explorer 5.5 with Service Pack 2, Internet Explorer 6, Netscape Navigator

Q31.What security levels are assigned to users?

Ans: Security levels are assigned by the administrator who is adding the user. There are four levels bydefault and additional levels can be composed as necessary.

* Reader - Has read-only access to the Web site.

* Contributor - Can add content to existing document libraries and lists.

* Web Designer - Can create lists and document libraries and customize pages in the Web site.

* Administrator - Has full control of the Web site.

Q32.What is the difference between an Internet and an intranet site?

Ans: An internet site is a normal site that anyone on the internet can access (e.g., www.msn.com, www.microsoft.com, etc.). You can set up a site for your company that can be accessed by anyonewithout any user name and password.An intranet (or internal network), though hosted on the Web, can only be accessed by people whoare members of the network. They need to have a login and password that was assigned to them when they were added to the site by the site administrator.

Q33. What is a workspace?

Ans: A site or workspace is when you want a new place for collaborating on Web pages, lists anddocument libraries. For example, you might create a site to manage a new team or project,collaborate on a document or prepare for a meeting.

Q34.How customizable is the user-to-user access?

Ans: User permissions apply to an entire Web, not to documents themselves. However, you can haveadditional sub webs that can optionally have their own permissions. Each user can be given any offour default roles. Additional roles can be defined by the administrator.

Q35.Can each user have access to their own calendar?

Ans: Yes there are two ways to do this,

* by creating a calendar for each user, or

* by creating a calendar with a view for each user.

Q36. What types of files can I upload / post to the site?

Ans: The only files restricted are those ending with the following extensions: .asa, .asp, .ida, .idc, .idq.Microsoft reserves the right to add additional file types to this listing at any time. Also, no content that violates the terms of service may be uploaded or posted to the site.

Q37.Can SharePoint be linked to an external data source?

Ans: SharePoint data can be opened with Access and Excel as an external data source. Thus, SharePoint can be referenced as an external data source. SharePoint itself cannot reference an external datasource.

Q38. Can SharePoint be linked to a SQL database?

Ans: This is possible via a custom application, but it not natively supported by SharePoint or SQLServer.

Q39.Can I customize my Windows SharePoint Services site?

Ans: YES! Windows SharePoint Services makes updating sites and their content from the browser easier then ever.SharePoint includes tools that let you create custom lists, calendars, page views, etc. You can apply a theme; add List, Survey and Document Library Web Parts to a page; create personalviews; change logos; connect Web Parts and more.To fully customize your site, you can use Microsoft FrontPage 2003. Specifically, you can useFrontPage themes and shared borders, and also use FrontPage to create photo galleries and top tenlists, utilize standard usage reports, and integrate automatic Web content.

Q40. Will Microsoft Office SharePoint Server 2007 run on a 64-bit version of MicrosoftWindows?Ans: Windows SharePoint Services 3.0, Office SharePoint Server 2007, Office Forms Server 2007, andOffice SharePoint Server 2007 for Search will support 64-bit versions of Windows Server 2003.

Q41. What are the features that the portal components of Office SharePoint Server 2007 include?

Ans: The portal components of Office SharePoint Server 2007 include features that are especially useful for designing, deploying, and managing enterprise intranet portals, corporate Internet Websites, and divisional portal sites. The portal components make it easier to connect to people withinthe organization who have the right skills, knowledge, and project experience.

Q42.What are the advanced features of MOSS 2007?

Ans: * User Interface (UI) and navigation enhancements

* Document management enhancements

* The new Workflow engine

* Office 2007 Integration

* New Web Parts

* New Site-type templates

* Enhancements to List technology

* Web Content Management

* Business Data Catalog

* Search enhancements

* Report Center

* Records Management

* Business Intelligence and Excel Server

* Forms Server and InfoPath

* The “Features” feature

* Alternate authentication providers and Forms-based authentication

UNIX Memory Management - Interview Questions and Answers

1. What is the difference between Swapping and Paging?

Swapping: Whole process is moved from the swap device to the main memory for execution. Process size must be less than or equal to the available main memory. It is easier to implementation and overhead to the system. Swapping systems does not handle the memory more flexibly as compared to the paging systems.

Paging: Only the required memory pages are moved to main memory from the swap device for execution. Process size does not matter. Gives the concept of the virtual memory. It provides greater flexibility in mapping the virtual address space into the physical memory of the machine. Allows more number of processes to fit in the main memory simultaneously. Allows the greater process size than the available physical memory. Demand paging systems handle the memory more flexibly.

1. What is major difference between the Historic Unix and the new BSD release of Unix System V in terms of Memory Management?

Historic Unix uses Swapping - entire process is transferred to the main memory from the swap device, whereas the Unix System V uses Demand Paging - only the part of the process is moved to the main memory. Historic Unix uses one Swap Device and Unix System V allow multiple Swap Devices.

2. What is the main goal of the Memory Management?

It decides which process should reside in the main memory,

Manages the parts of the virtual address space of a process which is non-core resident,

Monitors the available main memory and periodically write the processes into the swap device to provide more processes fit in the main memory simultaneously.

1. What is a Map?

A Map is an Array, which contains the addresses of the free space in the swap device that are allocatable resources, and the number of the resource units available there.

This allows First-Fit allocation of contiguous blocks of a resource. Initially the Map contains one entry - address (block offset from the starting of the swap area) and the total number of resources.

Kernel treats each unit of Map as a group of disk blocks. On the allocation and freeing of the resources Kernel updates the Map for accurate information.

2. What scheme does the Kernel in Unix System V follow while choosing a swap device among the multiple swap devices?

Kernel follows Round Robin scheme choosing a swap device among the multiple swap devices in Unix System V.

3. What is a Region?

A Region is a continuous area of a process's address space (such as text, data and stack). The kernel in a "Region Table" that is local to the process maintains region. Regions are sharable among the process.

4. What are the events done by the Kernel after a process is being swapped out from the main memory?

When Kernel swaps the process out of the primary memory, it performs the following:

Kernel decrements the Reference Count of each region of the process. If the reference count becomes zero, swaps the region out of the main memory,

Kernel allocates the space for the swapping process in the swap device,

Kernel locks the other swapping process while the current swapping operation is going on,

The Kernel saves the swap address of the region in the region table.

5. Is the Process before and after the swap are the same? Give reason.

Process before swapping is residing in the primary memory in its original form. The regions (text, data and stack) may not be occupied fully by the process, there may be few empty slots in any of the regions and while swapping Kernel do not bother about the empty slots while swapping the process out.

After swapping the process resides in the swap (secondary memory) device. The regions swapped out will be present but only the occupied region slots but not the empty slots that were present before assigning.

While swapping the process once again into the main memory, the Kernel referring to the Process Memory Map, it assigns the main memory accordingly taking care of the empty slots in the regions.

6. What do you mean by u-area (user area) or u-block?

This contains the private data that is manipulated only by the Kernel. This is local to the Process, i.e. each process is allocated a u-area.

7. What are the entities that are swapped out of the main memory while swapping the process out of the main memory?

All memory space occupied by the process, process's u-area, and Kernel stack are swapped out, theoretically.

Practically, if the process's u-area contains the Address Translation Tables for the process then Kernel implementations do not swap the u-area.

8. What is Fork swap?

"fork()" is a system call to create a child process. When the parent process calls "fork()" system call, the child process is created and if there is short of memory then the child process is sent to the read-to-run state in the swap device, and return to the user state without swapping the parent process. When the memory will be available the child process will be swapped into the main memory.

9. What is Expansion swap?

At the time when any process requires more memory than it is currently allocated, the Kernel performs Expansion swap. To do this Kernel reserves enough space in the swap device. Then the address translation mapping is adjusted for the new virtual address space but the physical memory is not allocated. At last Kernel swaps the process into the assigned space in the swap device. Later when the Kernel swaps the process into the main memory this assigns memory according to the new address translation mapping.

10. How the Swapper works?

The swapper is the only process that swaps the processes. The Swapper operates only in the Kernel mode and it does not uses System calls instead it uses internal Kernel functions for swapping. It is the archetype of all kernel process.

11. What are the processes that are not bothered by the swapper? Give Reason.

Zombie process: They do not take any up physical memory.

Processes locked in memories that are updating the region of the process.

Kernel swaps only the sleeping processes rather than the 'ready-to-run' processes, as they have the higher probability of being scheduled than the Sleeping processes.

12. What are the requirements for a swapper to work?

The swapper works on the highest scheduling priority. Firstly it will look for any sleeping process, if not found then it will look for the ready-to-run process for swapping. But the major requirement for the swapper to work the ready-to-run process must be core-resident for at least 2 seconds before swapping out. And for swapping in the process must have been resided in the swap device for at least 2 seconds. If the requirement is not satisfied then the swapper will go into the wait state on that event and it is awaken once in a second by the Kernel.

13. What are the criteria for choosing a process for swapping into memory from the swap device?

The resident time of the processes in the swap device, the priority of the processes and the amount of time the processes had been swapped out.

14. What are the criteria for choosing a process for swapping out of the memory to the swap device?

 The process's memory resident time,

Priority of the process and

The nice value.

15. What do you mean by nice value?

Nice value is the value that controls {increments or decrements} the priority of the process. This value that is returned by the nice() system call. The equation for using nice value is:
Priority = ("recent CPU usage"/constant) + (base- priority) + (nice value)
Only the administrator can supply the nice value. The nice() system call works for the running process only. Nice value of one process cannot affect the nice value of the other process.

16. What are conditions on which deadlock can occur while swapping the processes?

 All processes in the main memory are asleep.

All "ready-to-run" processes are swapped out.

There is no space in the swap device for the new incoming process that are swapped out of the main memory.

There is no space in the main memory for the new incoming process.

system administrator interview question with answer Part -2

System administrator interview question with answer Part -2

What is the KCC
The KCC is a built-in process that runs on all domain controllers and generates replication topology for the Active Directory forest. The KCC creates separate replication topologies depending on whether replication is occurring within a site (intrasite) or between sites (intersite). The KCC also dynamically adjusts the topology to accommodate new domain controllers, domain controllers moved to and from sites, changing costs and schedules, and domain controllers that are temporarily unavailable.

How do you view replication properties for AD?
By using Active Directory Replication Monitor.
Start–> Run–> Replmon

What are sites What are they used for?
One or more well-connected (highly reliable and fast) TCP/IP subnets. A site allows administrators to configure Active Directory access and replication topology to take advantage of the physical network.

Name some OU design considerations?
OU design requires balancing requirements for delegating administrative rights – independent of Group Policy needs – and the need to scope the application of Group Policy. The following OU design recommendations address delegation and scope issues:
Applying Group Policy An OU is the lowest-level Active Directory container to which you can assign Group Policy settings. Delegating administrative authority usually don’t go more than 3 OU levels
http://technet.microsoft.com/en-us/library/cc783140.aspx

What are FMSO Roles? List them.
Fsmo roles are server roles in a Forest
There are five types of FSMO roles
1-Schema master
2-Domain naming master
3-Rid master
4-PDC Emullator
5-Infrastructure master

Logical Diagram of Active Directory ?, What is the difference between child domain & additional domain Server?
Well, if you know what a domain is then you have half the answer. Say you have the domain Microsoft.com. Now microsoft has a server named server1 in that domain, which happens to the be parent domain. So it’s FQDN is server1.microsoft.com. If you add an additional domain server and name it server2, then it’s FQDN is server2.microsoft.com.
Now Microsoft is big so it has offices in Europe and Asia. So they make child domains for them and their FQDN would look like this: europe.microsoft.com & asia.microsoft.com. Now lets say each of them have a server in those child domains named server1. Their FQDN would then look like this: server1.europe.microsoft.com & server1.asia.microsoft.com..

What are Active Directory Groups?
Groups are containers that contain user and computer objects within them as members. When security permissions are set for a group in the Access Control List on a resource, all members of that group receive those permissions. Domain Groups enable centralized administration in a domain. All domain groups are created on a domain controller.
In a domain, Active Directory provides support for different types of groups and group scopes. The group type determines the type of task that you manage with the group. The group scope determines whether the group can have members from multiple domains or a single domain.
Group Types
* Security groups: Use Security groups for granting permissions to gain access to resources. Sending an e-mail message to a group sends the message to all members of the group. Therefore security groups share the capabilities of distribution groups.
* Distribution groups: Distribution groups are used for sending e-main messages to groups of users. You cannot grant permissions to security groups. Even though security groups have all the capabilities of distribution groups, distribution groups still requires, because some applications can only read distribution groups.
Group Scopes
Group scope normally describe which type of users should be clubbed together in a way which is easy for there administration. Therefore, in domain, groups play an important part. One group can be a member of other group(s) which is normally known as Group nesting. One or more groups can be member of any group in the entire domain(s) within a forest.
* Domain Local Group: Use this scope to grant permissions to domain resources that are located in the same domain in which you created the domain local group. Domain local groups can exist in all mixed, native and interim functional level of domains and forests. Domain local group memberships are not limited as you can add members as user accounts, universal and global groups from any domain. Just to remember, nesting cannot be done in domain local group. A domain local group will not be a member of another Domain Local or any other groups in the same domain.
* Global Group: Users with similar function can be grouped under global scope and can be given permission to access a resource (like a printer or shared folder and files) available in local or another domain in same forest. To say in simple words, Global groups can be use to grant permissions to gain access to resources which are located in any domain but in a single forest as their memberships are limited. User accounts and global groups can be added only from the domain in which global group is created. Nesting is possible in Global groups within other groups as you can add a global group into another global group from any domain. Finally to provide permission to domain specific resources (like printers and published folder), they can be members of a Domain Local group. Global groups exist in all mixed, native and interim functional level of domains and forests.
* Universal Group Scope: these groups are precisely used for email distribution and can be granted access to resources in all trusted domain as these groups can only be used as a security principal (security group type) in a windows 2000 native or windows server 2003 domain functional level domain. Universal group memberships are not limited like global groups. All domain user accounts and groups can be a member of universal group. Universal groups can be nested under a global or Domain Local group in any domain.

What are the types of backup? Explain each?
Incremental
A “normal” incremental backup will only back up files that have been changed since the last backup of any type. This provides the quickest means of backup, since it only makes copies of files that have not yet been backed up. For instance, following our full backup on Friday, Monday’s tape will contain only those files changed since Friday. Tuesday’s tape contains only those files changed since Monday, and so on. The downside to this is obviously that in order to perform a full restore, you need to restore the last full backup first, followed by each of the subsequent incremental backups to the present day in the correct order. Should any one of these backup copies be damaged (particularly the full backup), the restore will be incomplete.
Differential
A cumulative backup of all changes made after the last full backup. The advantage to this is the quicker recovery time, requiring only a full backup and the latest differential backup to restore the system. The disadvantage is that for each day elapsed since the last full backup, more data needs to be backed up, especially if a majority of the data has been changed.

What is the SYSVOL folder?
The Windows Server 2003 System Volume (SYSVOL) is a collection of folders and reparse points in the file systems that exist on each domain controller in a domain. SYSVOL provides a standard location to store important elements of Group Policy objects (GPOs) and scripts so that the File Replication service (FRS) can distribute them to other domain controllers within that domain.
You can go to SYSVOL folder by typing : %systemroot%/sysvol

What is the ISTG Who has that role by default?
The first server in the site becomes the ISTG for the site, The domain controller holding this role may not necessarily also be a bridgehead server.

What is the order in which GPOs are applied?
Local, Site, Domain, OU

system administrator interview question with answers- Part 1

1. Can a workstation computer be configured to browse the Internet and yet NOT have a default gateway?
If we are using public ip address, we can browse the internet. If it is having an intranet address a gateway is needed as a router or firewall to communicate with internet.
2. What is CIDR?
CIDR (Classless Inter-Domain Routing, sometimes known as supernetting) is a way to allocate and specify the Internet addresses used in inter-domain routing more flexibly than with the original system of Internet Protocol (IP) address classes. As a result, the number of available Internet addresses has been greatly increased. CIDR is now the routing system used by virtually all gateway hosts on the Internet’s backbone network. The Internet’s regulating authorities now expect every Internet service provider (ISP) to use it for routing.
3. What is DHCP? What are the benefits and drawbacks of using it?
DHCP is Dynamic Host Configuration Protocol. In a networked environment it is a method to assign an ‘address’ to a computer when it boots up.
Advantages
All the IP configuration information gets automatically configured for your client machine by the DHCP server.
If you move your client machine to a different subnet, the client will send out its discover message at boot time and work as usual. However, when you first boot up there you will not be able to get back the IP address you had at your previous location regardless of how little time has passed.
Disadvantage
Your machine name does not change when you get a new IP address. The DNS (Domain Name System) name is associated with your IP address and therefore does change. This only presents a problem if other clients try to access your machine by its DNS name.
4. How do you manually create SRV records in DNS?
To create SRV records in DNS do below steps: -
Open DNS
Click on Zone —– Select domain abc.local ——-
Right Click to domain and go to Other New Records——
And choose service location (SRV)
5. Name 3 benefits of using AD-integrated zones?
Benefits as follows
a. you can give easy name resolution to ur clients.
b. By creating AD- integrated zone you can also trace hacker and spammer by creating reverse zone.
c. AD integrated zoned all for incremental zone transfers which on transfer changes and not the entire zone. This reduces zone transfer traffic.
d. AD Integrated zones suport both secure and dmanic updates.
e. AD integrated zones are stored as part of the active directory and support domain-wide or forest-wide replication through application pertitions in AD.
6. How do I clear the DNS cache on the DNS server?
Go to cmd prompt and type “ipconfig/flushdns” without quotes
7. What is NAT?
NAT (Network Address Translation) is a technique for preserving scarce Internet IP addresses. For more details go to Microsoft link
8. How do you configure NAT on Windows 2003?
For above answer go to below link
Configure NAT
9. How to configure special ports to allow inbound connections?
a. Click Start, Administrative Tools, and then click Routing and Remote Access to open the Routing and Remote Access management console.
b. Locate the interface that you want to configure.
c. Right-click the interface and then select Properties from the shortcut menu.
d. Click the Special Ports tab.
e. Under Protocol, select TCP or UDP and then click the Add button.
f. Enter the port number of the incoming traffic in Incoming Port.
g. Select On This Address Pool Entry, and provide the public IP address of the incoming traffic.
h. Enter the port number of the private network resource in Outgoing Port.
i. Enter the private network resource’s private IP address in Private Address.
j. Click OK.

Windows Server 2008 System / Network Administrator Questions with Answers -Part 3

What is DHCP’s purpose?
DHCP’s purpose is to enable individual computers on an IP network to extract their configurations from a server (the ‘DHCP server’) or servers, in particular, servers that have no exact information about the individual computers until they request the information. The overall purpose of this is to reduce the work necessary to administer a large IP network. The most significant piece of information distributed in this manner is the IP address.

What protocol and port does DHCP use?
DHCP, like BOOTP runs over UDP, utilizing ports 67 and 68.

What is Global Catalog? The Global Catalog authenticates network user logons and fields inquiries about objects across a forest or tree. Every domain has at least one GC that is hosted on a domain controller. In Windows 2000, there was typically one GC on every site in order to prevent user logon failures across the network.
What is Stub Zone in DNS Server?
A stub zone is a copy of a zone that contains only those resource records necessary to identify the authoritative Domain Name System (DNS) servers for that zone. A stub zone is used to resolve names between separate DNS namespaces. This type of resolution may be necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces.
A stub zone consists of:

• The start of authority (SOA) resource record, name server (NS) resource records, and the glue A resource records for the delegated zone.
• The IP address of one or more master servers that can be used to update the stub zone.

The master servers for a stub zone are one or more DNS servers authoritative for the child zone, usually the DNS server hosting the primary zone for the delegated domain name.
Where is the file of Active Directory data file stored?
Active Directory data store in %SystemRoot%\ntds\NTDS.DIT. The ntds.dit file is the heart of Active Directory including user accounts
What are the types of records in DNS?
To see the records of DNS Server checks this path - DNS Records
What is DHCP and at which port DHCP work?
Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e., a scope) configured for a given network. DHCP assigns an IP address when a system is started
DHCP client uses port 67 and the DHCP server uses port 68.
What is DORA process in DHCP and How it works?
DHCP (D)iscover
DHCP (O)ffer
DHCP (R)equest
DHCP (A)cknowledge
1) Client makes a UDP Broadcast to the server about the DHCP discovery.
2) DHCP offers to the client.
3) In response to the offer Client requests the server.
4) Server responds all the Ip Add/mask/gty/dns/wins info along with the acknowledgement packet.
What is Super Scope in DHCP?
A superscope allows a DHCP server to provide leases from more than one scope to clients on a single physical network. Before you can create a superscope, you must use DHCP Manager to define all scopes to be included in the superscope. Scopes added to a superscope are called member scopes. Superscopes can resolve DHCP service issues in several different ways; these issues include situations in which:

• Support is needed for DHCP clients on a single physical network segment—such as a single Ethernet LAN segment—where multiple logical IP networks are used. When more than one logical IP network is used on a physical network, these configurations are also known as multinets.
• The available address pool for a currently active scope is nearly depleted and more computers need to be added to the physical network segment.
• Clients need to be migrated to a new scope.
• Support is needed for DHCP clients on the other side of BOOTP relay agents, where the network on the other side of the relay agent has multiple logical subnets on one physical network. For more information, see “Supporting BOOTP Clients” later in this chapter.
• A standard network with one DHCP server on a single physical subnet is limited to leasing addresses to clients on the physical subnet.

What is Stub zone DNS?
A stub zone is a copy of a zone that contains only those resource records necessary to identify the authoritative Domain Name System (DNS) servers for that zone. A stub zone is used to resolve names between separate DNS namespaces. This type of resolution may be necessary when a corporate merger requires that the DNS servers for two separate DNS namespaces resolve names for clients in both namespaces.
A stub zone consists of:

• The start of authority (SOA) resource record, name server (NS) resource records, and the glue A resource records for the delegated zone.
• The IP address of one or more master servers that can be used to update the stub zone.

The master servers for a stub zone are one or more DNS servers authoritative for the child zone, usually the DNS server hosting the primary zone for the delegated domain name
What is Active Directory? Active Directory is a network-based object store and service that locates and manages resources, and makes these resources available to authorized users and groups. An underlying principle of the Active Directory is that everything is considered an object—people, servers, workstations, printers, documents, and devices. Each object has certain attributes and its own security access control list (ACL).
What’s the difference between forward lookup zone and reverse lookup zone in DNS?
Forward lookup is name-to-IP address; the reverse lookup is IP address-to-name.
How to transfer roles in Active Directory?
Using Ntdsutil.exe we can transfer roles in Active Directory. To know more regarding role transfer click this link.
How to backup Active Directory and which main file you take in backing of Active Directory?
We can take backup with Ntbackup utility.
Active Directory is backed up as part of system state, a collection of system components that depend on each other. You must backup and restore system state components together.
Components that comprise the system state on a domain controller include:

• System Start-up Files (boot files). These are the files required for Windows 2000 Server to start.
• System registry.
• Class registration database of Component Services. The Component Object Model (COM) is a binary standard for writing component software in a distributed systems environment.
• SYSVOL. The system volume provides a default Active Directory location for files that must be shared for common access throughout a domain. The SYSVOL folder on a domain controller contains:
  • NETLOGON shared folders. These usually host user logon scripts and Group Policy objects (GPOs) for non-Windows 2000based network clients.
  • User logon scripts for Windows 2000 Professionalbased clients and clients that are running Windows 95, Windows 98, or Windows NT 4.0.
  • Windows 2000 GPOs.
  • File system junctions.
  • File Replication service (FRS) staging directories and files that are required to be available and synchronized between domain controllers.
• Active Directory. Active Directory includes:
  • Ntds.dit: The Active Directory database.
  • Edb.chk: The checkpoint file.
  • Edb*.log: The transaction logs, each 10 megabytes (MB) in size.
  • Res1.log and Res2.log: Reserved transaction logs.

Check my previous articles regarding system administrator questionnaire