In-Depth
Your MCSA/MCSE Lab
Your company is not keen on you honing your IT skills on its WAN for good reason. Building a lab is the next best thing. Here's how.
- By Andy Barkl
- December 01, 2003
Obtaining an MCSA or MCSE certification can be an expensive investment
in time and materials, so some people choose the self-study route to save
money on training costs. For the lucky few who work in IT and have access
to hardware and software or are able to use a portion of the network for
honing their skills, the savings there can also be tremendous. If you're
not so lucky, hands-on experience is still within reach—it requires
you to make a small outlay for a two-machine lab set-up and evaluation
software to simulate a complex Windows network.
In this article, I help you plan, design and install your own MCSA/MCSE
lab by suggesting hardware and software, setup, guides and scenarios.
First, the Hardware and Software
For most scenarios that you'll encounter in the exams, your lab set-up
should have—at minimum—two or more computers with network interface
cards and a crossover network cable. If you have one, you can replace
the crossover cable with a small network hub. On the software side, for
most of the newer exams you'll need a copy of Windows XP Professional
and a copy of Windows Server 2003. This also means that your computers
should have at least the minimum required RAM that Microsoft specifies.
I recommend that you also get a copy of VMWare, the virtual machine software
that you can use to simulate a network of machines; with this in mind,
you should load your machines with at least 512MB of RAM. This setup will
give you enough to simulate and troubleshoot multiple client and server
configurations. (If you prefer, in place of VMWare you can use Microsoft's
Virtual Server. Obtain the beta version by joining BetaPlace, which allows
you to download an evaluation kit: http://www.microsoft.com/windowsserver2003/evaluation/trial/
virtualserver.mspx.)
The
$1,000 Lab |
To start your lab off right, I suggest two or more
Dell PowerEdge 400SC servers from www.Dell.com.
As of this writing, these servers are on sale for $299
each with 128MB of RAM. I recommend you order the minimum
configuration and add memory as I outline in the article.
Some of the best service and prices I've found on memory
are from www.Crucial.com.
You'll also want to pick up at least one monitor and
then practice your Remote Desktop for Administration
or invest in a KVM (Keyboard Video Mouse) switch. You
can find these at Dell or Crucial for about $35. Finding
an inexpensive network switch shouldn't be a difficult
task. Back to www.Dell.com
again—they sell a LinkSys 5-port switch right now
for $34.
As I also outline in this article, you can find all
the 180-day evaluation copies you want of Windows Server
2003. You could always reinstall, for more practice
of course, every six months. You can also usually find
OEM copies of both Windows 2003 and Windows XP Professional
online at many discount resellers. Using www.Froogle.com
I found copies of Windows 2003 with five client access
licenses for around $699 and Windows XP for $199. Stay
away from Windows Server 2003 Web Edition, as it doesn't
support Active Directory unless you plan to build your
own web hosting business.
|
|
|
If you prefer to install the software in a multi-boot configuration,
be sure to install Windows XP Professional before you install Windows
Server. This will require that you restart each computer to switch between
client and server operating systems and can be time consuming and cumbersome.
Rather than go through that hassle, get VMWare. It will allow you to create
and run simultaneous virtual machines. The latest version 4, also allows
for multiple virtual drives to support your lab's clustering scenarios.
You should eventually buy copies of the software, but if your budget
doesn't allow it right now, you can get by with the 180-day evaluation
version of Windows Server 2003; it's available at http://www.microsoft.com/windowsserver2003/evaluation/trial/
default.mspx.
VMWare Workstation 4 is also available for free via a 45-day evaluation
version at http://www.vmware.com/landing/ws4_home.html.
I don't know of any ways to obtain a free evaluation copy of Windows
XP Professional (none of the Microsoft Press exam guides offer an evaluation
version), so here's where you'll have to dip into your piggy bank. Be
sure you get the Professional version—the Home Edition doesn't support
joining a Windows domain and you'll need that capability.
Test Your Skills Beyond Two Computers
The canned labs that you'll find in most self-study guides, such as the
ones from Microsoft Press, typically involve two computers. They are laid
out with step-by-step instructions for successful completion and can be
a good primer. To explore more complex scenarios, I recommend you create
your own lab scenarios. One way to do this is use the "How To"
articles on Microsoft TechNet:
Another great resource for creating lab scenarios can be found in the
"Top 10 Things to Study" list that I've provided in each of
the reviews I've written for the new MCSA/MCSE on Windows 2003 exams.
From the 70-290 Exam (click
here to read review):
- Configure and troubleshoot shared folders permissions—again,
and again and again. Create different scenarios for your family and
friends group accounts. Be the network administrator!
- Configure Volume Shadow Copy Service on your server and don't turn
it off. (This has got to be one of the coolest new features of Windows
Server 2003!) Load the client component and restore previously deleted
files.
- Run Automated System Recovery, even if you don't want to simulate
a dead server. Be sure to follow the steps I outline in the main article
and in the help files.
- Download and install Software Update Services on your server. Download
the latest Windows updates and configure the client to use your SUS
server.
- Run server backups if only to a file as the destination. Just as
important, restore the backups and verify EFS, compression and NTFS
permissions remain the same.
- Create and assign permissions to printer users and change them for
fun! Find out what happens when you stop the printer spooler service.
- Create a few group policies and explore the different computer and
user settings available. Link a GPO to a parent OU and view the results
of computer and user accounts changes within child OUs with and without
Block Policy Inheritance and No Override.
- Create user accounts in Active Directory for your family and friends.
Add them to groups and log on with their accounts from a client or a
second server. Change group scope and membership, practice using the
AGUDLP.
- Configure inheritance and inheritance blocking with AD objects. Set
permissions and view their effects when accessed by different family
members and friends.
- Configure and recover RAID arrays. Get at least three small hard
drives and create a stripe, mirror and stripe set with parity configuration.
Disconnect one of the RAID 1 or 5 drives and reconnect for a recovery
scenario. Watch how Windows 2003 behaves and the warning and error messages
it displays.
Lab extras you'll need to perform these scenarios:
These scenarios from the 70-291 exam (click
here to read review) include working with RRAS, Certificate
Services, IAS, ISA, DHCP and Event Viewer:
- Enable RRAS on your server. Practice configuring and managing dialup
and VPN connections. Using a null-modem cable and a crossover network
cable, you can easily simulate remote-dialup and VPN connections.
- Deploy and distributing Certificate Services computer and user certificates.
Install a CA, issue certificates to computers and users and publish
them to AD while you're there.
- Install, configure and manage all DNS zone types. You need to practice
creating, managing and maintaining AD anyhow—create the DNS zones
manually and understand how each is used. Practice troubleshooting problems!
- Understand and configure DNS conditional forwarding. Practice this
one in conjunction with #3 and configure one of your servers using conditional
forwarding.
- Practice subnetting and understand IP addressing. You'll need to know
subnetting for this exam and how to recognize addressing misconfigurations.
Haven't you put it off long enough?
- Install and configure IAS with RRAS. This is not a difficult task
and you'll be happy you mastered it for this exam.
- Install and configure ISA Server. You can download an evaluation copy
for free. Even if you don't need Microsoft's proxy and firewall server
on your network, understanding the basics of ISA Server is a must for
this exam.
- Create and manage DHCP scopes and options. Creating a scope is an
easy task, but do you really understand DHCP servers and how to maintain
them? Configure one of your servers as a router and place a server and
client on opposite segments to learn about relay agents and DHCP server
management.
- Use and understand the capabilities of Network Monitor. This can be
boring for some, but after the initial pain, analyzing network packets
can be fun! Learn how to use this tool if nothing else.
- Use and understand Event Viewer and System Monitor. Easy enough—but
do you really understand how to use these tools to their fullest? Hands-on
and help files will get you through.
For these scenarios, make sure to download ISA server: http://www.microsoft.com/isaserver/evaluation/trial/
default.asp.
The next set of 10 comes from the 70-293 exam (click
here to read review) will test your expertise on PKI, IPSec,
NLB, clustering, Security Templates and TCP/IP Troubleshooting:
- Deploy a Certificate Authority hierarchy and work with PKI. You can
use VMware if you don't have multiple servers for this. Issue, publish
and distribute certificates for EFS and IPSec. Learn how auto-enrollment
works.
- Configure and deploy IPSec policies using the logging and planning
modes of RSoP.
- You're going to need to know network load balancing inside and out.
Read everything you can get your hands on and practice with the product.
- Work with Cluster Server. You can download an evaluation copy of
Windows Server 2003 Enterprise edition at http://www.microsoft.com/windowsserver2003/evaluation/
trial/evalkit.mspx and you'll also need VMware ESX here. What are
you waiting for? Clustering technology is cool!
- Deploy and view the results of the sample security templates included
with the Windows Server 2003 Security Guide. Practice makes perfect!
- Use all the TCP/IP troubleshooting tools. Ping, tracert, IPconfig,
netsh and Network Monitor are the tools of the trade. Use them on a
daily basis and become a more effective troubleshooter.
- Configure, break and fix DNS. Have you made it this far without feeling
100 percent comfortable with DNS? Don't sell yourself short—every
good network person knows DNS.
- Run Automated System Recovery and restore a server even if it's not
broken.
- Choose a favorite method for remembering the six possible steps for
both NetBIOS and host name resolution.
- Make sure you know how to subnet in your head so this small detail
doesn't get in the way of the bigger picture.
Except for the downloads in step 4, you don't need anything extra to
perform these tasks. But be sure to use the security templates as suggested
from the Windows Server 2003 Security Guide.
The final set of 10 lab scenarios comes from the 70-294 MCSE exam review
(click
here to read it); GPMC, RSoP, Forest Trust Relationships,
Site Links and Bridgehead servers, UG caching and Replmon.
- Plan, deploy and manage Group Policies with GPMC and RSoP. You'll
need to download the GPMC add-on for Windows Server 2003 and practice,
practice, practice.
- Plan, deploy and manage forests, domains and OUs. Even with only one
server, you can still perform all the necessary planning, deployment
and management you'll need to master in this topic.
- Create and manage inter and intra-forest trust relationships. With
at least two servers or VMWare, you can create multiple forests and
trust relationships.
- Troubleshoot AD. There's no easy way to master troubleshooting so
try anything you can think of in your lab to get experience. the TechNet
article, "Active Directory in Windows 2003" (click
here to read it) and understand the possible errors diagramed
in the flowcharts.
- Create and configure Group Policies. This is easy enough if you spend
the time and understand what's required. There are over 200 new GPO
settings available in Windows Server 2003. With the new Group Policy
Management Console, this is easier to understand than it was with Windows
2000.
- Configure sites, links, bridgehead servers and cost. With at least
two servers or VMware, you can configure sites, links, bridgehead servers
and replication cost values even if you don't have separate network
segments. With the ADSS snap-in, this becomes easier the more you practice.
- Raise the functional level of a forest and domain. This is something
you'll really want to dig into, as it can be complicated. Using either
the ADUC or ADDT snap-in, right-click the domain and select Raise Domain
Functionality.
- Enable universal group caching on a DC. This is an easy task but
a new feature, so be sure to try it at least once. Using the ADSS snap-in,
right-click the server's NTDS settings and select Enable Universal Group
Membership Caching.
- Explore all the reporting features found in Replmon. Load the support
tools from the CD and explore this invaluable tool even if you don't
have a complex AD lab. Check the Server Properties option while you're
there.
- Understand the modes of RSoP and when they're most useful. This exam
topic is present in the 70-293 exam so it's time to get a handle on
all that RSoP offers if you don't already have one. Use the planning
and logging modes against your newly created GPOs from # 1 above.
For these tasks, download the Group Policy Management Console add-on
for Windows Server 2003: http://www.microsoft.com/downloads/details.aspx?
FamilyId=F39E9D60-7E41-4947-82F5-3330F37ADFEB&displaylang=en and
the Domain Rename tools here; http://www.microsoft.com/windowsserver2003/downloads/
domainrename.mspx.
Formula for Success
When you run into a snag during your scenarios, practice your troubleshooting
research skills by referring to http://support.microsoft.com
and http://www.microsoft.com/technet.
In your MCSA/MCSE lab, you've learned many things about Windows Server
2003. You'll feel more confident on the exams, and you'll be better prepared
to deploy, support, administer, maintain and troubleshoot Windows.