This new exam is similar in many respects as far as content, but includes additional topics such as the new DNS zone types offered in Windows Server 2003 and IAS and RRAS, which weren't as heavily tested in the Windows 2000 exam. This new exam concentrates on using Windows Server 2003 and network management. You'll need to demonstrate expertise in the areas of permissions, profiles, system backup, disk management and a familiarity with new product features such as Automated System Recovery (ASR) and Volume Shadow Copy. You'll also need to dive into security from a Microsoft perspective to prepare for this exam, since it's become more of a focus for the product.

What you probably won't be impressed with on this new exam is its engine. The text is lengthy, scroll bars are touchy and the screen is often split into three sections with lots of white space that you must scroll around in to move to the next question!

I tackled 70-290 in its beta form and won't know how I did until shortly after you've read this article. My intent in this review is to help you prepare for the test by covering some of the objectives listed in the exam preparation guide.

The table below spells out other core requirements for each credential. I suggest you start with the client exam then move in this order: 70-290, 70-291, 70-293, 70-294, 70-297 and 70-298, the same order recommended by Microsoft.

Working with Devices
You'll need to demonstrate expertise with managing and maintaining physical and logical devices. As an administrator or engineer you should be expected to understand Basic and Dynamic disks, RAID configuration and troubleshooting, driver signing and the use of tools such as Device Manager and Hardware Troubleshooting Wizard.

As a reminder, basic disks can be converted to dynamic with no data loss but require backup and restore to revert back to basic. Dynamic disks are required for Disk Striping, mirroring and striping with parity.

Tip: When repair is necessary for a RAID 1 member, the mirror is first removed, failed member disk replaced, and the mirror recreated.

When updating drivers with Device Manager, the system driver signing includes the options for Ignore, Warn (the default) and Block. Familiarize yourself with Device Manager and the warning and disabled icons found when problems are present on installed devices.

Users, Computers and Groups
The next objective, 'Managing Users, Computers and Groups,' includes many topics, so you should be prepared to face many questions that fall into this category.

Taking the 70-210 or 70-270 client OS exam before 70-290 will help. That ensures you'll have a healthy introduction to profile management, user and group accounts, permissions and troubleshooting.

The difference for this exam is you'll need to think more on a server and network level rather than from the lone client desktop perspective.

Tip: These new exams include topics not necessarily on the list of official exam objectives as posted from Microsoft. Better get used to it! For example, although there's no mention of printers in the official exam objectives, you should be prepared! After all, printers are bound to be part of a production Windows 2003 network.

ADUC, Active Directory Users and Computers, is the MMC snap-in used to create user and group accounts, manage user profiles and group membership. It includes the Delegation of Control Wizard, which is used to assign administrative permission at the Organizational Unit (OU) level.

Windows 2000 and 2003 both include two types of groups, Security and Distribution. Security groups are used in the traditional sense to group users for permissions to network resources. Distribution groups are used for e-mail only.

Tip: Remember AGUDLP If you're not familiar with the way Windows is designed for managing folder and file permissions, you need to study! Accounts are placed into Global Groups, which are placed into Universal Groups, which are placed into Domain Local Groups where Permissions are assigned. Accounts can also be placed directly into DL groups.

Active Directory objects such as user, group and computer accounts all have permissions assigned that can be inherited from higher levels or removed by using Block Inheritance.

If you've worked with Windows 2000, then you know that Group Policies enable centralized management of user and computer settings throughout the network. GP Objects or GPOs can be used to perform a variety of administrative tasks, including configuration of desktop settings, control of security settings, assignment of scripts, redirection of folders and software distribution. Group Policies are inherited by child domains from sites or child OUs within domains unless you enable Block Policy Inheritance, which can be reversed with No Override at a higher level. You can also filter inheritance with Read and Apply Group Policy permissions at the user or group level.

Resources
The objective Managing and Maintaining Access to Resources encompasses shared folder permissions and Terminal Services, among other topics.

Administrators and Server operators have the default rights to create and manage shared folders. Read, Change and Full Control are still present and cumulative. NTFS permissions are also cumulative but the most restrictive prevails when combined with shared folder permissions. Deny overrides all other permissions!

Files and folders can be encrypted with EFS, which requires NTFS. Don't forget to brush up on how folder and file permissions can change or stay the same when copying or moving within a drive or between drives.

The names have changed slightly. Windows 2000 Terminal Services remote administration mode is called Remote Desktop for Administration in Windows Server 2003. There have been many improvements made to Terminal Services, but it still operates the same, and daily administration hasn't changed much. However, expect coverage on the exam around such areas as licensing and remote connection management.

The Server Environment
In the objective Managing and Maintaining a Server Environment you'll find coverage of topics such as Event Viewer, System Monitor, software updates (including the functionality of Microsoft's Software Update Service or SUS), Remote Assistance, disk quotas, print queues, performance objects and IIS 6.0.

Event Viewer is the first resource most administrators refer to when checking, monitoring and troubleshooting application, security and system events. It allows you to filter displayed logged events by date, time, user and many other options.

System Monitor is the tool of choice when monitoring system activity in real time. Make sure you understand the most popular object counters such as % Processor Time, % Disk Time, Pages/Second and Page/Faults for memory objects.

New to the Windows Server 2003 exams is SUS. Although it's an add-on component in a Windows network, it's required these days for deploying and managing client and server critical updates. Through the Automatic Updates option built in since Windows 2000, client computers can be redirected to internal SUS servers instead of windowsupdate.microsoft.com. This allows administrators to better plan, test and track changes.

Tip: SUS requires IIS!

Speaking of IIS, another new version has arrived: 6.0. It's more secure by design and out of the box. In the course of your studies and experimentation, remember: This exam is about server and network administration. Spend time understanding IIS topics around Web sites, Virtual and physical directories, files and host and cname records in DNS.

Tip: Multiple Web sites can be hosted on a single IIS server with unique IP addresses, port numbers or host headers.

Disaster Recovery
Included in the final objective on the list, Managing and Implementing Disaster Recovery, you'll find coverage of ASR, VSS, backing up files and system state data, configuring security for backup operators, verifying backup jobs, managing media, restoring and scheduling backups and recovering from server hardware failures.

Automated System Recovery (ASR) allows you quickly and automatically to bring a non-bootable machine to a state where you can run a restore program to recover data. ASR will configure the new storage devices and restore the operating system, all applications and settings. The process for recovering a system using ASR is as follows:

1. Boot from a Windows Server CD and choose Automated System Recovery.
2. Provide access to the backup media and a pre-prepared ASR floppy.
3. Take a break. You'll come back to a working server with the operating system.

To use ASR, you have to prepare an ASR backup first. An ASR backup is a regular system backup plus the ASR floppy disk. This disk contains important configuration information about the server's storage system as well as information on how to restore the backup.

When you boot from the product CD and press the F8 key, you'll enter the ASR bootstrap program. The ASR code in Windows setup knows how to read the ASR floppy disk to reconfigure the server's storage system. ASR will automatically invoke the restore program to restore the rest of the data from the ASR backup.

Volume Shadow Copy Service (VSS) is another new feature, which allows administrators to create a point-in-time copy of user files that the user can access and restore when previous versions are needed. These snapshots can save both IT staff and users a whole lot of time usually spent waiting for manual restore operations of accidentally deleted files from tape. As the server administrator you can schedule the copy time-for instance twice a day at 0700 and 1200 hours, five days a week. If the amount of user data is great and changes often, you can even store this data on alternate server volumes!

If you have hosts other than Windows Server 2003 such as XP, Windows 2000 with SP3 or Windows 98, you'll need to install the shadow copy volume component available on the XP product CD (%Windir%\System32\Clients\Twclient\X86 or download it from http://www.microsoft.com) to enable the use of previous file access and restore. Once configured per volume, users will find the Previous Versions tab in the properties selection for files and folders on a network shares. Users can then select View, Copy or Restore; they'll be presented with a list of read-only file and folder copies they can access. For more information see the white paper, "Introduction to Shadow Copies of Shared Folders," at www.microsoft.com/windowsserver2003/docs/SCR.doc.

Data and system backups are still a must with Windows 2003 even with all the new file management services. Make sure you understand the nuances of backup, such as which is the fastest backup type (full, incremental or differential) and which is the fastest to restore or uses the fewest number of tapes? The answers to these questions are the same as they've always been! Incremental is the fastest but starts with a full backup. Differential offers the fastest restore, but full backup use the least amount of tape per backup cycle.

Tip: Backup of the System State includes the system files, the registry, Component Services and the Active Directory database Certificate Services.

Running the backup program still requires either Administrator or Backup operator permission. To run the backup program using Task Scheduler, you'll need to be a member of the administrator, backup operator or server operator group.

Server hardware failures happen! Windows 2003 offers ASR, but that doesn't address all troubleshooting and repair needs an administrator may have. Other resources include Performance console, Task Manager and Recovery Console. Make sure you understand which tool to use when the fatal time comes as well as how each serves a different purpose. Be sure to study each one and get the hands-on necessary to show your expertise!

Good luck!

Have you taken this exam? Rate it below!

More articles by Andy Barkl:

70-623: A Vista Exam for Consumer Support Techs

Securing Networks with PIX and ASA (SNPA 642-522)

Cisco’s IPS Exam (#642-532): Get Your Network Secure

Securing Virtual Private Networks (642-511)