In-Depth

Your MCSA/MCSE Lab

Your company is not keen on you honing your IT skills on its WAN for good reason. Building a lab is the next best thing. Here's how.

Obtaining an MCSA or MCSE certification can be an expensive investment in time and materials, so some people choose the self-study route to save money on training costs. For the lucky few who work in IT and have access to hardware and software or are able to use a portion of the network for honing their skills, the savings there can also be tremendous. If you're not so lucky, hands-on experience is still within reach—it requires you to make a small outlay for a two-machine lab set-up and evaluation software to simulate a complex Windows network.

In this article, I help you plan, design and install your own MCSA/MCSE lab by suggesting hardware and software, setup, guides and scenarios.

First, the Hardware and Software
For most scenarios that you'll encounter in the exams, your lab set-up should have—at minimum—two or more computers with network interface cards and a crossover network cable. If you have one, you can replace the crossover cable with a small network hub. On the software side, for most of the newer exams you'll need a copy of Windows XP Professional and a copy of Windows Server 2003. This also means that your computers should have at least the minimum required RAM that Microsoft specifies.

I recommend that you also get a copy of VMWare, the virtual machine software that you can use to simulate a network of machines; with this in mind, you should load your machines with at least 512MB of RAM. This setup will give you enough to simulate and troubleshoot multiple client and server configurations. (If you prefer, in place of VMWare you can use Microsoft's Virtual Server. Obtain the beta version by joining BetaPlace, which allows you to download an evaluation kit: http://www.microsoft.com/windowsserver2003/evaluation/trial/
virtualserver.mspx
.)

The $1,000 Lab

To start your lab off right, I suggest two or more Dell PowerEdge 400SC servers from www.Dell.com. As of this writing, these servers are on sale for $299 each with 128MB of RAM. I recommend you order the minimum configuration and add memory as I outline in the article. Some of the best service and prices I've found on memory are from www.Crucial.com.
You'll also want to pick up at least one monitor and then practice your Remote Desktop for Administration or invest in a KVM (Keyboard Video Mouse) switch. You can find these at Dell or Crucial for about $35. Finding an inexpensive network switch shouldn't be a difficult task. Back to www.Dell.com again—they sell a LinkSys 5-port switch right now for $34.

As I also outline in this article, you can find all the 180-day evaluation copies you want of Windows Server 2003. You could always reinstall, for more practice of course, every six months. You can also usually find OEM copies of both Windows 2003 and Windows XP Professional online at many discount resellers. Using www.Froogle.com I found copies of Windows 2003 with five client access licenses for around $699 and Windows XP for $199. Stay away from Windows Server 2003 Web Edition, as it doesn't support Active Directory unless you plan to build your own web hosting business.

If you prefer to install the software in a multi-boot configuration, be sure to install Windows XP Professional before you install Windows Server. This will require that you restart each computer to switch between client and server operating systems and can be time consuming and cumbersome. Rather than go through that hassle, get VMWare. It will allow you to create and run simultaneous virtual machines. The latest version 4, also allows for multiple virtual drives to support your lab's clustering scenarios.

You should eventually buy copies of the software, but if your budget doesn't allow it right now, you can get by with the 180-day evaluation version of Windows Server 2003; it's available at http://www.microsoft.com/windowsserver2003/evaluation/trial/
default.mspx
.

VMWare Workstation 4 is also available for free via a 45-day evaluation version at http://www.vmware.com/landing/ws4_home.html.

Also read:

70-292: An Administrator's View of Windows Server 2003

70-296: The Systems Engineer Challenge

I don't know of any ways to obtain a free evaluation copy of Windows XP Professional (none of the Microsoft Press exam guides offer an evaluation version), so here's where you'll have to dip into your piggy bank. Be sure you get the Professional version—the Home Edition doesn't support joining a Windows domain and you'll need that capability.

Test Your Skills Beyond Two Computers
The canned labs that you'll find in most self-study guides, such as the ones from Microsoft Press, typically involve two computers. They are laid out with step-by-step instructions for successful completion and can be a good primer. To explore more complex scenarios, I recommend you create your own lab scenarios. One way to do this is use the "How To" articles on Microsoft TechNet:

Another great resource for creating lab scenarios can be found in the "Top 10 Things to Study" list that I've provided in each of the reviews I've written for the new MCSA/MCSE on Windows 2003 exams.

From the 70-290 Exam (click here to read review):

  1. Configure and troubleshoot shared folders permissions—again, and again and again. Create different scenarios for your family and friends group accounts. Be the network administrator!
  2. Configure Volume Shadow Copy Service on your server and don't turn it off. (This has got to be one of the coolest new features of Windows Server 2003!) Load the client component and restore previously deleted files.
  3. Run Automated System Recovery, even if you don't want to simulate a dead server. Be sure to follow the steps I outline in the main article and in the help files.
  4. Download and install Software Update Services on your server. Download the latest Windows updates and configure the client to use your SUS server.
  5. Run server backups if only to a file as the destination. Just as important, restore the backups and verify EFS, compression and NTFS permissions remain the same.
  6. Create and assign permissions to printer users and change them for fun! Find out what happens when you stop the printer spooler service.
  7. Create a few group policies and explore the different computer and user settings available. Link a GPO to a parent OU and view the results of computer and user accounts changes within child OUs with and without Block Policy Inheritance and No Override.
  8. Create user accounts in Active Directory for your family and friends. Add them to groups and log on with their accounts from a client or a second server. Change group scope and membership, practice using the AGUDLP.
  9. Configure inheritance and inheritance blocking with AD objects. Set permissions and view their effects when accessed by different family members and friends.
  10. Configure and recover RAID arrays. Get at least three small hard drives and create a stripe, mirror and stripe set with parity configuration. Disconnect one of the RAID 1 or 5 drives and reconnect for a recovery scenario. Watch how Windows 2003 behaves and the warning and error messages it displays.

Lab extras you'll need to perform these scenarios:

These scenarios from the 70-291 exam (click here to read review) include working with RRAS, Certificate Services, IAS, ISA, DHCP and Event Viewer:

  1. Enable RRAS on your server. Practice configuring and managing dialup and VPN connections. Using a null-modem cable and a crossover network cable, you can easily simulate remote-dialup and VPN connections.
  2. Deploy and distributing Certificate Services computer and user certificates. Install a CA, issue certificates to computers and users and publish them to AD while you're there.
  3. Install, configure and manage all DNS zone types. You need to practice creating, managing and maintaining AD anyhow—create the DNS zones manually and understand how each is used. Practice troubleshooting problems!
  4. Understand and configure DNS conditional forwarding. Practice this one in conjunction with #3 and configure one of your servers using conditional forwarding.
  5. Practice subnetting and understand IP addressing. You'll need to know subnetting for this exam and how to recognize addressing misconfigurations. Haven't you put it off long enough?
  6. Install and configure IAS with RRAS. This is not a difficult task and you'll be happy you mastered it for this exam.
  7. Install and configure ISA Server. You can download an evaluation copy for free. Even if you don't need Microsoft's proxy and firewall server on your network, understanding the basics of ISA Server is a must for this exam.
  8. Create and manage DHCP scopes and options. Creating a scope is an easy task, but do you really understand DHCP servers and how to maintain them? Configure one of your servers as a router and place a server and client on opposite segments to learn about relay agents and DHCP server management.
  9. Use and understand the capabilities of Network Monitor. This can be boring for some, but after the initial pain, analyzing network packets can be fun! Learn how to use this tool if nothing else.
  10. Use and understand Event Viewer and System Monitor. Easy enough—but do you really understand how to use these tools to their fullest? Hands-on and help files will get you through.

For these scenarios, make sure to download ISA server: http://www.microsoft.com/isaserver/evaluation/trial/
default.asp
.

The next set of 10 comes from the 70-293 exam (click here to read review) will test your expertise on PKI, IPSec, NLB, clustering, Security Templates and TCP/IP Troubleshooting:

  1. Deploy a Certificate Authority hierarchy and work with PKI. You can use VMware if you don't have multiple servers for this. Issue, publish and distribute certificates for EFS and IPSec. Learn how auto-enrollment works.
  2. Configure and deploy IPSec policies using the logging and planning modes of RSoP.
  3. You're going to need to know network load balancing inside and out. Read everything you can get your hands on and practice with the product.
  4. Work with Cluster Server. You can download an evaluation copy of Windows Server 2003 Enterprise edition at http://www.microsoft.com/windowsserver2003/evaluation/
    trial/evalkit.mspx
    and you'll also need VMware ESX here. What are you waiting for? Clustering technology is cool!
  5. Deploy and view the results of the sample security templates included with the Windows Server 2003 Security Guide. Practice makes perfect!
  6. Use all the TCP/IP troubleshooting tools. Ping, tracert, IPconfig, netsh and Network Monitor are the tools of the trade. Use them on a daily basis and become a more effective troubleshooter.
  7. Configure, break and fix DNS. Have you made it this far without feeling 100 percent comfortable with DNS? Don't sell yourself short—every good network person knows DNS.
  8. Run Automated System Recovery and restore a server even if it's not broken.
  9. Choose a favorite method for remembering the six possible steps for both NetBIOS and host name resolution.
  10. Make sure you know how to subnet in your head so this small detail doesn't get in the way of the bigger picture.

Except for the downloads in step 4, you don't need anything extra to perform these tasks. But be sure to use the security templates as suggested from the Windows Server 2003 Security Guide.

The final set of 10 lab scenarios comes from the 70-294 MCSE exam review (click here to read it); GPMC, RSoP, Forest Trust Relationships, Site Links and Bridgehead servers, UG caching and Replmon.

  1. Plan, deploy and manage Group Policies with GPMC and RSoP. You'll need to download the GPMC add-on for Windows Server 2003 and practice, practice, practice.
  2. Plan, deploy and manage forests, domains and OUs. Even with only one server, you can still perform all the necessary planning, deployment and management you'll need to master in this topic.
  3. Create and manage inter and intra-forest trust relationships. With at least two servers or VMWare, you can create multiple forests and trust relationships.
  4. Troubleshoot AD. There's no easy way to master troubleshooting so try anything you can think of in your lab to get experience. the TechNet article, "Active Directory in Windows 2003" (click here to read it) and understand the possible errors diagramed in the flowcharts.
  5. Create and configure Group Policies. This is easy enough if you spend the time and understand what's required. There are over 200 new GPO settings available in Windows Server 2003. With the new Group Policy Management Console, this is easier to understand than it was with Windows 2000.
  6. Configure sites, links, bridgehead servers and cost. With at least two servers or VMware, you can configure sites, links, bridgehead servers and replication cost values even if you don't have separate network segments. With the ADSS snap-in, this becomes easier the more you practice.
  7. Raise the functional level of a forest and domain. This is something you'll really want to dig into, as it can be complicated. Using either the ADUC or ADDT snap-in, right-click the domain and select Raise Domain Functionality.
  8. Enable universal group caching on a DC. This is an easy task but a new feature, so be sure to try it at least once. Using the ADSS snap-in, right-click the server's NTDS settings and select Enable Universal Group Membership Caching.
  9. Explore all the reporting features found in Replmon. Load the support tools from the CD and explore this invaluable tool even if you don't have a complex AD lab. Check the Server Properties option while you're there.
  10. Understand the modes of RSoP and when they're most useful. This exam topic is present in the 70-293 exam so it's time to get a handle on all that RSoP offers if you don't already have one. Use the planning and logging modes against your newly created GPOs from # 1 above.

For these tasks, download the Group Policy Management Console add-on for Windows Server 2003: http://www.microsoft.com/downloads/details.aspx?
FamilyId=F39E9D60-7E41-4947-82F5-3330F37ADFEB&displaylang=en
and the Domain Rename tools here; http://www.microsoft.com/windowsserver2003/downloads/
domainrename.mspx
.

Formula for Success
When you run into a snag during your scenarios, practice your troubleshooting research skills by referring to http://support.microsoft.com and http://www.microsoft.com/technet.

In your MCSA/MCSE lab, you've learned many things about Windows Server 2003. You'll feel more confident on the exams, and you'll be better prepared to deploy, support, administer, maintain and troubleshoot Windows.

Featured