While PREPARING a custom image, Install a 3rd party driver to an image?
Dism and specify the /add-driver parameter
Company VPN does not let you access internet websites, unless you disconnect VPN. What should you do?
From TCP/IPv4 properties of VPN, disable the Use default gateway on remote network settings.
Identify which applications installed on a computer can run on Win 7?
Microsoft Application Compatibility Toolkit (ACT)
To temporarily prevent computers from retrieving branch cached content from computer?
At cmd promt, run Netsh branchcache flush.
Standalone computer runs Win 7 w/multiple users. Ensure you can read the content of all encrypted files (Encrypting File System -EFS). How?
Run Cipher.exe /r and add data recovery agent from local security policy.

Note:
/K creates a new cert. and key for EFS.

/R generates an EFS cert and key then writes them to a .PFX file and .CER file.

Have computer that runs Win 7. Network contains DHCP server that runs 2008 R2. Server configured as Network Access Protection (NAP) enforcement point. How to configure computer as NAP client? (2 answers)
1. From services, set Network Access Protection Agent service Startup Type to Automatic.

2. From NAP Client Configuration console, enable the DHCP Quarantine Enforcement Client.

NOTE: NAP collects and manages health info for client computers on a network.

Have 2 Win 7 computers on AD domain. Windows Remote Management (WinRM) enabled on both. How to create additional disk volume on Comp 1 from Comp 2?
On Comp 2, run Winrs and than Diskpart.

NOTE
You can use WinRS to execute command-line utilities or scripts on a remote computer. To use WinRS, open a command prompt and prefix the command that you want to run on the remote computer with the WinRS -r:RemoteComputerName command. For example, to execute the Ipconfig command on a computer named Aberdeen, issue the command: WinRS -r:Aberdeen ipconfig

The Windows Remote Management service allows you to execute commands on a remote computer, either from the command prompt using WinRS or from Windows PowerShell. Before you can use WinRS or Windows PowerShell for remote management tasks, it is necessary to configure the target computer using the WinRM command. To configure the target computer, you must run the command WinRM quickconfig from an elevated command prompt.

Diskpart: used to create and format volumes on target computer.

Simple Disk
Dynamic Disk
What does sysprep do?
prepares the image for capture by cleaning up various user-specific and computer-specific settings and log files. After Sysprep computer can be imaged.
/generalize
Remove unique system information. SID is reset. System restore points cleared and logs deleted. Windows activation clock resets unless clock has already been reset 3 times.
Computer runs Win7. You need to copy files to a virtual hard disk (VHD) file. How?
Diskpart.exe and run the select and attach commands.
You create a shim for a 3rd party app using ACT (Application Compatibility Toolkit). How do you ensure shim is applied next time your run app?
Run sdbinst.exe either locally or on network.
Minimum requirements for Win 7 premium, prof, ultimate and enterprise?
1GHz 32-bit (x86) or 64-bit (x64) Proc.
1 GB RAM
40-GB HD with 15GB of space
DirectX 9, Windows Display Driver Model (WDDM) driver, pixel shader 2.0 hardware and 32 bits per pixel and min 128MB graphics memory.
Mount Point
You can use Disk Management to assign a mount-point folder path (rather than a drive letter) to the drive. Mount-point folder paths are available only on empty folders on basic or dynamic NTFS volumes.
Backup Operator or Administrator is the minimum membership required.

Additional considerations
If you are administering a local or remote computer, you can browse NTFS folders on that computer.

When assigning a mount-point folder path to a drive, use Event Viewer to check the system log for any Cluster service errors or warnings indicating mount point failures. These errors would be listed as ClusSvc in the Source column and Physical Disk Resource in the Category column.

You can also create a mounted drive using the mountvol command.

Have customized image on Win 7 pro. You mount and modify image…you need to restore the image to original state. What tool do you use?
Dism.exe
Backup and Restore console is located where?
Control Panel > System and Security
What do you need to do to backup to a system image to an external harddrive?
Convert the drive to NTFS
To backup on a network location, which versions of Win 7 do you need?
Pro, Ultimate, Enterprise.
How do you deploy and image using WDS (Windows Deployment Services)?
From the WDS snap-in, add a new install image.

NOTE: WDS provides PXE-booted version of Win PE. WDS image is contained in a WIM file and booted over the network into a RAMDisk. Install then proceeds under Win PE.

Capturing a WIM into WDS server is like ImageX and Sysprep, however last step involves booting into the WDS capture image. This Win PE image helps you capture a client system into the WDS server.

Oscdimg
Oscdimg is a cmd line tool for creating an image (.iso) file of a customized version of Win PE. Burn ISO to CD or DVD. (-boot: need install image not boot)
ImageX
ImageX is a command-line tool that enables original equipment manufacturers (OEMs) and corporations to
capture, to modify, and to apply file-based disk images for rapid deployment. ImageX works with Windows
image (.wim) files for copying to a network, or it can work with other technologies that use .wim images, such
as Windows Setup, Windows Deployment Services (Windows DS), and the System Management Server (SMS) Operating System Feature Deployment Pack.

/append
Appends a volume image to an existing Windows image (.wim) file. Creates a single instance of the file,
comparing it against the resources that already exist in the .wim file, so you do not capture the same file twice.

/mountrw
Mounts a .wim file from Windows XP with Service Pack 2 (SP2), Windows Server 2003 with Service Pack 1
(SP1), or Windows Vista with read/write permission to a specified directory.
Once the file is mounted, you can view and modify all the information contained in the directory.

Senario: To deploy Win 7 using a VHD. Computer needs to start from VHD and run OOBE portion of setup. How?
Use ImageX to apply install.wim from the Win 7 installation media to VHD.
WIM files
Images are file-based and can be installed on a VHD or placed on a network share for distribution. Several images can be in same WIM.
Capture and image with ImageX
On reference computer use Win PE and the ImageX tool. Store image on a network share. If on Enterprise or Ultimate you can store image on a VHD and make that VHD bootable.
What is a network bridge?
A network bridge is a network device that connects multiple network segments. In the OSI model bridging acts in the first two layers, below the network layer. There are four types of network-bridging technologies: simple bridging; multiport bridging; learning, or transparent bridging; and source route bridging.
What would this cmd doPing Server1 -6
Forcing ping to server1 using IPv6
How to dual boot XP and Win 7 in same environment. AND if it cannot boot after install.
Install XP first, than Win 7. If done opposite order, it will not boot. You can then Start computer from Win 7 installation media and run Startup Repair.
How to prevent local group from starting a specific application?
Application control policy (AppLocker).

From Computer ConfigurationWindows SettingsSecurity SettingsApplication Control Policies.

NOTE: Application Identity Service must be active.

To install XP mode on Win 7 what would the hardware requirements be?
Windows XP Mode requires an additional 1 GB of RAM and an additional 15 GB of available hard disk space.
Maximum Memory (RAM)
Recognized by Windows 7
32-Bit Windows
Professional
Enterprise
Ultimate
4 GB
Maximum Memory (RAM)
Recognized by Windows 7
64-Bit Windows
Professional
Enterprise
Ultimate
192 GB
Installing Windows 7 by Using an Image
Install Windows 7 to a reference computer and prepare the reference computer for duplication. You capture the volume image to a Windows Imaging (WIM) file by using the ImageX tool and then use the deployment tools, such as ImageX, Windows Deployment Services (WDS), or Microsoft Deployment Toolkit (MDT) to deploy the captured image.
Requirements to run Upgrade Advisor
NET 2.0 Framework or higher
and
MSXML 6.0
You have two computers named Computer1 and Computer2.
Computer1 runs Windows Vista. Computer2 runs Windows 7.
You plan to use User State Migration Tool (USMT) 4.0 to migrate user profiles and data from Computer1 to
Computer2.
You need to prevent some system settings from being migrated.
You must achieve this goal by using the minimum amount of administrative effort.
Which file should you modify?
config.xml

NOTE: This file is different from the other migration files as it is used to exclude features from the migration. You can
create and modify the Config.xml file using ScanState.exe with the /genconfig option.

What is MigUser.xml
MigUser.xml This file contains rules about user profiles and user data. The default settings for this file migrate
all data in My Documents, My Video, My Music, My Pictures, desktop files, Start Menu, Quick Launch settings,
favorites, Shared Documents, Shared Video, Shared Music, Shared desktop files, Shared Pictures, Shared
Start menu, and Shared Favorites. This file also contains rules that ensure that all the following file types are
migrated from fixed
volumes: .qdf, .qsd, .qel, .qph, .doc, .dot, .rtf, .mcw, .wps, .scd, .wri, .wpd, .xl*, .csv, .iqy, .dqy, .oqy, .rqy, .wk*, .
wq1, .slk, .dif, .ppt*, .pps*, .pot*, .sh3, .ch3, .pre, .ppa, .txt, .pst, .one*, .mpp, .vsd, .vl*, .or6, .accdb, .mdb, .pub,
.xla, .xlb and .xls. The asterisk (*) represents zero or more characters.
What is MigApp.xml
This file contains rules about migrating application settings. These include Accessibility settings, dial-up
connections, favorites, folder options, fonts, group membership, Open Database Connectivity (ODBC) settings,
Microsoft Office Outlook Express mailbox files, mouse and keyboard settings, phone and modem options,
Remote Access Service (RAS) connection phone book files, regional options, remote access, screen-saver settings, taskbar settings, and wallpaper settings.
What is User State Migration Tool (USMT)?
User State Migration Tool
USMT 4.0 is a command-line utility that allows you to automate the process of user profile migration. The
USMT is part of the Windows Automated Installation Kit (WAIK) and is a better tool for performing a large
number of profile migrations than Windows Easy Transfer. The USMT can write data to a removable USB
storage device or a network share but cannot perform a direct side-by-side migration over the network from the
source to the destination computer. The USMT does not support user profile migration using the Windows
Easy Transfer cable. USMT migration occurs in two phases, exporting profile data from the source computer
using ScanState and importing profile data on the destination computer using LoadState.

The User State Migration Tool (USMT) is a Microsoft command line utility program intended to allow advanced users, comfortable with Scripting language, to transfer files and settings between PCs. This task is also performed by Windows Easy Transfer, recommended for general users. USMT supports the high-volume, automated deployment of files and settings from Microsoft Windows versions 2000, XP, Vista and Windows 7 and is useful in migrating user settings and files during OS upgrades.

USMT consists of two separate programs. Scanstate.exe scans the source PC for the data and settings and stores it in a .MIG file. Loadstate migrates the data and settings from the .MIG file onto the target PC.

What to transfer is specified as commandline switches in the configuration XML files migapp.xml, migsys.xml, miguser.xml and other optional Config.xml files. Which Users (and their data) to transfer is controlled by other switches.

ScanState
You run ScanState on the source computer during the migration. You must run ScanState.exe on computers
running Windows Vista and Windows 7 from an administrative command prompt. When running ScanState on
a source computer that has Windows XP installed, you need to run it as a user that is a member of the local
administrators group.
The following command creates an encrypted store named Mystore on the file share named Migration on the
file server named Fileserver that uses the encryption key Mykey:
scanstate fileservermigrationmystore /i:migapp.xml /i:miguser.xml /o /config:config.xml /encrypt /key:”mykey”
/genmigxml: path to a file
This option specifies that the ScanState command should use the document finder to create and export an
.xml file that defines how to migrate all of the files on the computer on which the ScanState command is
running.

LoadState info:
LoadState
LoadState is run on the destination computer. You should install all applications that were on the source
computer on the destination before you run LoadState. You must run Loadstate. exe on computers running
Windows Vista and Windows 7 from an administrative command prompt.
To load profile data from an encrypted store named Mystore that is stored on a share named Migration on a
file server named Fileserver and which is encrypted with the encryption
key Mykey, use this command:
loadstate fileservermigrationmystore /i:migapp.xml /i:miguser.xml /decrypt
/key:”mykey”
Restoring from a System Image Backup
Restoring from a System Image Backup
A System Image restore rewrites the entire contents of a system volume. Therefore, you restore from a
System Image backup by booting from the Windows 7 Installation DVD-ROM and loading System Recovery
tools or by pressing F8 during the boot process. RestorRun the DiskPart commanding from a System Image
backup enables you to quickly get a computer running after you replace a failed hard disk, or if the operating
system installation has been corrupted (for example, by malRecycle BinRecycle BinRecycle Binattach the
VHDattach the VHDware that cannot be removed except 0 by wiping the disk). It is sometimes known as
complete recovery or complete PC Restore.
This procedure assumes that the System Recovery Options (otherwise known as the Windows Recovery
Environment, or Windows RE) files are present on the DVD-ROM. If not, you can boot from the installation
DVD-ROM and press F8 during the boot to access the Advanced Boot Options.
Windows System Image Restore reads the data from the backup and overwrites existing files. You can restore
to a different-sized hard disk, provided that the hard disk is large enough to store the backup.
After the restore is complete, the computer restarts using the restored system volume.
You have an offline virtual hard disk (VHD) that contains a generalized installation of Windows 7 Ultimate.
You need to disable the built-in games in the VHD.
You must achieve this goal by using the minimum amount of administrative effort.
What should you doA. Start a computer from the VHD. Run Ocsetup.exe and specify the /uninstall parameter. Recapture the
VHD.

B. Start a computer from the VHD. From Programs and Features, turn off the Games feature and then
recapture the VHD.

C. Create an answer file that has InboxGames disabled. On a computer that runs Windows 7, attach the VHD.
Run Pkgmgr.exe and specify the /uu parameter.

D. Create an answer file that has InboxGames disabled. On a computer that runs Windows 7, attach the VHD.
Run Dism.exe and specify the /apply-unattend parameter.

D.

Dism
Deployment Image Servicing and Management (DISM) is a command-line tool used to service Windows
images offline before deployment. You can use it to install, uninstall, configure, and update Windows features,
packages, drivers, and international settings. Subsets of the DISM servicing commands are also available for
servicing a running operating system.
/Apply-Unattend
Applies an unattend.xml file to an image.
If you are updating device drivers using an unattended answer file, you must apply the answer file to an offline
image and specify the settings in the offlineServicing configuration pass.
If you are updating packages or other settings using an unattended answer file, you can apply the answer file
to an offline or online image. Specify the settings in the offlineServicing configuration pass.

VPNs
PPTP vs. L2TP vs. OpenVPN vs. SSTP
PPTP

Point-to-Point Tunneling Protocol was developed by a consortium founded by Microsoft for creating VPN over dialup networks, and as such has long been the standard protocol for internal business VPN. It is a VPN protocol only, and relies on various authentication methods to provide security (with MS-CHAP v2 being the most common). Available as standard on just about every VPN capable platform and device, and thus being easy to set up without the need to install additional software, it remains a popular choice both for businesses and VPN providers. It also has the advantage of requiring a low computational overhead to implement (i.e. it’s quick).

However, although now usually only found using 128-bit encryption keys, in the years since it was first bundled with Windows 95 OSR2 back in 1999, a number of security vulnerabilities have come to light, the most serious of which is the possibility of unencapsulated MS-CHAP v2 Authentication. Using this exploit, PPTP has been cracked within 2 days, and although Microsoft has patched the flaw (through the use of PEAP authentication), it has itself issued a recommendation that VPN users should use L2TP/IPsec or SSTP instead.

Knowing that PPTP was insecure anyway, it came as no surprise to anybody that the NSA almost certainly decrypts PPTP encrypted communications as standard. Perhaps more worrying is that the NSA has (or is in the process of) almost certainly decrypted the vast amounts of older data it has stored, which was encrypted back when even security experts considered PPTP to be secure.

Pros

Client built-in to just about all platforms
Very easy to set up
Fast
Cons

Not at all secure (the vulnerable MS CHAPv2 authentication is still the most common in use)
Definitely compromised by the NSA
L2TP and L2TP/IPsec

Layer 2 Tunnel Protocol is a VPN protocol that on its own does not provide any encryption or confidentiality to traffic that passes through it. For this reason it is usually implemented with the IPsec encryption suite (similar to a cipher, as discussed below) to provide security and privacy.

L2TP/IPsec is built-in to all modern operating systems and VPN capable devices, and is just as easy and quick to set up as PPTP (in fact it usually uses the same client). Problems can arise however, because the L2TP protocol uses UDP port 500, which is more easily blocked by NAT firewalls, and may therefore require advanced configuration (port forwarding) when used behind a firewall (this is unlike SSL which can use TCP port 443 to make it indistinguishable from normal HTTPS traffic).

IPsec encryption has no major known vulnerabilities, and if properly implemented may still be secure. However, Edward Snowden’s revelations have strongly hinted at the standard being compromised by the NSA, and as John Gilmore (security specialist and founding member of the Electronic Frontier Foundation) explains in this post, it is likely that it has been been deliberately weakened during its design phase.

Relatively minor compared to the last point, but probably worth mentioning, is that because L2TP/IPsec encapsulates data twice it is not as efficient as SSL based solutions (such as OpenVPN and SSTP, and is therefore slightly slower.

Pros

Usually considered very secure but see cons
Easy to set up
Available on all modern platforms Cons
Cons

May be compromised by the NSA
Likely deliberately weakened by the NSA
Slower than OpenVPN
Can struggle with restrictive firewalls
OpenVPN

OpenVPN is a fairly new open source technology that uses the OpenSSL library and SSLv3/TLSv1 protocols, along with an amalgam of other technologies, to provide a strong and reliable VPN solution. One of its major strengths is that it is highly configurable, and although it runs best on a UDP port, it can be set to run on any port, including TCP port 443. This makes traffic on it impossible to tell apart from traffic using standard HTTPS over SSL (as used by for example Gmail), and it is therefore extremely difficult to block.

Another advantage of OpenVPN is that the OpenSSL library used to provide encryption supports a number of cryptographic algorithms (e.g. AES, Blowfish, 3DES, CAST-128, Camellia and more), although VPN providers almost exclusively use either AES or Blowfish. 128-bit Blowfish is the default cypher built in to OpenVPN, and although it is generally considered secure, it does have known weaknesses, and even its creator was quoted in 2007 as saying ‘at this point, though, I’m amazed it’s still being used. If people ask, I recommend Twofish instead’.

AES is the newer technology, has no known weaknesses, and thanks to its adoption by the US government for use in protecting ‘secure’ data, is generally considered the ‘gold standard’ when it comes to encryption. The fact that it has a 128-bit block size rather than Blowfish’s 64-bit block size also means that it can handle larger (over 1 GB) files better than Blowfish. However, both ciphers are NIST certified, which while not widely recognized as problem, we have issues with. See below for a discussion about this.

How fast OpenVPN performs depends on the level of encryption employed, but it is generally faster than IPsec.

OpenVPN has become the default VPN connection type, and while natively supported by no platform, is widely supported on most through third party software (including both iOS and Android).

Compared to PPTP and L2TP/IPsec, OpenVPN can be a bit fiddly to set up. When using generic OpenVPN software in particular (such as the standard open source OpenVPN client for Windows), it is necessary to not only download and install the client, but also to download and setup additional configuration files. Many VPN providers get around this configuration problem by supplying customized VPN clients.

Perhaps most importantly in light of the information obtained from Edward Snowden, it seems OpenVPN has not been compromised or weakened by the NSA, and is also (thanks to its use of ephemeral key exchanges, as we will discuss later) immune to NSA attacks on RSA key encryption. Although no-one knows the full capabilities of the NSA for sure, both the evidence and the mathematics strongly point to OpenVPN, if used in conjunction with a strong cipher, being the only VPN protocol that can be considered truly secure.

Pros

Highly configurable
Very secure (probably even against the NSA)
Can bypass firewalls
Can use a wide range of encryption algorithms
Open source (and can therefore be readily vetted for back doors and other NSA style tampering)
Cons

Needs third party software
Can be fiddly to set up
Support on mobile devices is improving, but is not as good as on the desktop
SSTP

Secure Socket Tunneling Protocol was introduced by Microsoft in Windows Vista SP1, and although it is now available for Linux, RouterOS and SEIL, it is still largely a Windows-only platform (and there is a snowball’s chance in hell of it ever appearing on an Apple device!). SSTP uses SSL v3, and therefore offers similar advantages to OpenVPN (such as the ability to use to TCP port 443 to avoid NAT firewall issues), and because it is integrated into Windows may be easier to use and more stable.

However unlike OpenVPN, SSTP is a proprietary standard owned by Microsoft. This means that the code is not open to public scrutiny, and Microsoft’s history of co-operating with the NSA, and on-going speculation about possible backdoors built-in to the Windows operating system, do not inspire us with confidence in the standard.

Pros

Very secure (depends on cypher, but usually very strong AES)
Completely integrated into Windows (Windows Vista SP1, Windows 7, Windows 8)
Microsoft support
Can bypass most firewalls
Cons

Only really works in a Windows only environment
Proprietary standard owned by Microsoft so cannot be independently audited for back doors and suchlike

Certificate Manager
Certificate Manager
A certificate manager can approve certificate enrollment and revocation requests, issue certificates, and
manage certificates. This role can be configured by assigning a user or group the Issue and Manage
Certificatespermission.
When you assign this permission to a user or group, you can further refine their ability to manage certificates
by group and by certificate template. For example, you might want to implement a restriction that they can only
approve requests or revoke smart card logon certificates for users in a certain office or organizational unit that
is the basis for a security group.
Bcdedit
BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes, including
creating new stores, modifying existing stores, adding boot menu options, and so on. BCDEdit serves
essentially the same purpose as Bootcfg.exe on earlier versions of Windows, but with two major
improvements: BCDEdit exposes a wider range of boot options than Bootcfg.exe, and BCDEdit has improved
scripting support.
NTFS: Advanced Security Settings Properties Page – Permission Tab
You can add additional resources, groups or users to have explicit NTFS permissions to access this object, or
you can edit or remove the NTFS permissions granted to a resource, group, or user on the object.
Inherited permissions are those that are propagated to an object from a parent object. Inherited permissions
ease the task of managing permissions and ensure consistency of permissions among all objects within a
given container.
Minimum requirements for Windows 7 Home Premium, Professional, Ultimate, and Enterprise editions…
hardware requirements:
1 GHz 32-bit (x86) or 64-bit (x64) processor

1 GB of system memory

a 40-GB hard disk drive (traditional or SSD) with at least 15 GB of available space

a graphics adapter that supports DirectX 9 graphics, has a Windows Display Driver Model (WDDM) driver, Pixel Shader 2.0 hardware, and 32 bits per pixel and a minimum of 128 MB graphics memory

You deploy a custom image to a computer and discover that the Telnet Client feature is disabled.
You need to ensure that the Telnet Client feature is enabled when you deploy the image.
You must achieve this goal in the minimum amount of time.
What should you do
A. Enable the Telnet Client feature on the computer. Generalize the computer and capture the image.

B. Create an unattended file that enables Telnet Client. Generalize the computer and specify the unattended file. Capture the image.

C. Mount the image. Run Ocsetup.exe TelnetClient. Commit the changes and unmount the image.

D. Mount the image. Run Dism.exe and specify /image and /enable-feature:TelnetClient switches. Commit the
changes and unmount the image.

D

Dism
Deployment Image Servicing and Management (DISM) is a command-line tool used to service Windows
images offline before deployment. You can use it to install, uninstall, configure, and update Windows features,
packages, drivers, and international settings. Subsets of the DISM servicing commands are also available for
servicing a running operating system.
Windows 7 introduces the DISM command-line tool. You can use DISM to service a Windows image or to
prepare a Windows PE image. DISM replaces Package Manager (Pkgmgr.exe), PEimg, and Intlcfg in
Windows Vista, and includes new features to improve the experience for offline servicing.
You can use DISM to perform the following actions:
Prepare a Windows PE image.
Enable or disable Windows features within an image.
Upgrade a Windows image to a different edition.
Add, remove, and enumerate packages.
Add, remove, and enumerate drivers.
Apply changes based on the offline servicing section of an unattended answer file.
Configure international settings.
Implement powerful logging features.
Service operating systems such as Windows Vista with SP1 and Windows Server 2008.
Service a 32-bit image from a 64-bit host and service a 64-bit image from a 32-bit host.
Service all platforms (32-bit, 64-bit, and Itanium).
Use existing Package Manager scripts.

You have a computer that runs Windows 7. The computer has a single volume. You install 15 applications and customize the environment. You complete the following actions:

Create an export by using Windows Easy Transfer.

Create a system image by using Backup and Restore.

Install the User State Migration Tool (USMT) and run Scanstate

The disk on the computer fails.

You replace the disk.

You need to restore the environment to the previous state.

What should you do
A. Install Windows 7, install USMT, and then run Loadstate.

B. Install Windows 7 and then import the Windows Easy Transfer package.

C. Start the computer from a Windows Recovery Environment (Windows RE) disk and then run Bcdboot.exe.

D. Start the computer from a Windows Recovery Environment (Windows RE) disk and then restore the system image.

D

Restoring from a System Image Backup
A System Image restore rewrites the entire contents of a system volume. Therefore, you restore from a
System Image backup by booting from the Windows 7 Installation DVD-ROM and loading System Recovery
tools or by pressing F8 during the boot process. RestorRun the DiskPart commanding from a System Image
backup enables you to quickly get a computer running after you replace a failed hard disk, or if the operating
system installation has been corrupted (for example, by malRecycle BinRecycle BinRecycle Binattach the
VHDattach the VHDware that cannot be removed except 0 by wiping the disk). It is sometimes known as
complete recovery or complete PC Restore.
This procedure assumes that the System Recovery Options (otherwise known as the Windows Recovery
Environment, or Windows RE) files are present on the DVD-ROM. If not, you can boot from the installation
DVD-ROM and press F8 during the boot to access the Advanced Boot Options.
Windows System Image Restore reads the data from the backup and overwrites existing files. You can restore
to a different-sized hard disk, provided that the hard disk is large enough to store the backup.
After the restore is complete, the computer restarts using the restored system volume.

You have a custom image of Windows 7.
You discover that the boot configuration data store in the custom image is corrupted.
You need to create a new configuration data store within the custom image.
What should you do
A. Run Imagex.exe and specify the /append parameter. Run Bcdedit.exe.

B. Run Imagex.exe and specify the /mountrw parameter. Run Bcdedit.exe.

C. From Windows System Image Manager (Windows SIM), select the image and then create a configuration set.

D. From Windows System Image Manager (Windows SIM), select the image and then create a catalog.

B

Imagex
ImageX is a command-line tool that enables original equipment manufacturers (OEMs) and corporations to
capture, to modify, and to apply file-based disk images for rapid deployment. ImageX works with Windows
image (.wim) files for copying to a network, or it can work with other technologies that use .wim images, such
as Windows Setup, Windows Deployment Services (Windows DS), and the System Management Server
(SMS) Operating System Feature Deployment Pack.
/append
Appends a volume image to an existing Windows image (.wim) file. Creates a single instance of the file,
comparing it against the resources that already exist in the .wim file, so you do not capture the same file twice.
/mountrw
Mounts a .wim file from Windows XP with Service Pack 2 (SP2), Windows Server 2003 with Service Pack 1
(SP1), or Windows Vista with read/write permission to a specified directory.
Once the file is mounted, you can view and modify all the information contained in the directory.
Bcdedit
BCDEdit is a command-line tool for managing BCD stores. It can be used for a variety of purposes, including
creating new stores, modifying existing stores, adding boot menu options, and so on. BCDEdit serves
essentially the same purpose as Bootcfg.exe on earlier versions of Windows, but with two major
improvements: BCDEdit exposes a wider range of boot options than Bootcfg.exe, and BCDEdit has improved
scripting support.
NOT Windows SIM
Opens Windows images, creates answer files, and manages distribution shares and configuration sets.

You have a computer that runs Windows XP.
The computer has one basic disk that contains a single partition. The partition has 30 GB of free space. The
hard disk has 5 GB of unallocated space.
You need to install Windows 7 in a dual-boot configuration.
Windows 7 must not be installed in a virtual hard disk (VHD).
What should you do first
A. Create a second partition.

B. Shrink the primary partition.

C. Convert the hard disk to a GPT disk.

D. Convert the hard disk to a dynamic disk.

B

Given the system requirements more space is required.
There is not enough unallocated space so the XP partition will need to be shrunk first, in order for a sufficient
sized partition to be created.
Requirements
Windows 7 Home Premium, Professional, Ultimate, and Enterprise editions have the following minimum
hardware requirements:
1 GHz 32-bit (x86) or 64-bit (x64) processor
1 GB of system memory
a 40-GB hard disk drive (traditional or SSD) with at least 15 GB of available space
a graphics adapter that supports DirectX 9 graphics, has a Windows Display Driver Model (WDDM) driver,
Pixel Shader 2.0 hardware, and 32 bits per pixel and a minimum of 128 MB graphics memory

Your company uses Windows Deployment Services (WDS) to deploy Windows 7.
You create a new image of Windows 7.
You need to ensure that you can deploy the image by using WDS.
What should you do
A. From the Windows Deployment Services snap-in, add a new install image.

B. From the Windows Deployment Services snap-in, add a new boot image.
C. Run Oscdimg.exe and specify the -boot parameter. Copy the image to C:
emoteinstalloot.

D. Run Imagex.exe and specify the /append parameter. Copy the image to C:
emoteinstallimages.

A

Windows Deployment Services
WDS provides a PXE-booted version of Windows PE. A WDS image is contained in a WIM file and is booted
over the network into a RAMDisk. The installation then proceeds under Windows PE.
The process of capturing a WIM image into a WDS server is similar to the use of ImageX and Sysprep except
that the last step involves booting into the WDS capture image. This is a Windows PE image that helps you
capture a client system to the WDS server.
WDS is relatively lightweight compared to other image deployment methods such as MDT and provides a
method that can be faster than an optical media-based installation of Windows. You use WDS images to
deploy system files to client computers. A number of image files exist; for example, you use a capture image to
create an install image.
Install Image
An install image is an operating system image that you deploy to the client computer.
Typically, this is a WIM file.
Boot Image
A boot image is a Windows PE image into which you boot a client before you install the WIM image file. To
install Windows 7, you first boot the computer into the boot image, and then you select the install image to
install. Unless you are using a reference computer and adding applications to the image, you should use the
standard boot image that is included on the Windows 7 installation media (Install.wim). Capture and discover
images are types of boot images.
(need install image not boot)
NOT Oscdimg
Oscdimg is a command-line tool for creating an image file (.iso) of a customized 32-bit or 64-bit version of
Windows PE. You can then burn that .iso file to a CD-ROM or DVD-ROM. Oscdimg supports ISO 9660, Joliet,
and Universal Disk Format (UDF) file systems. (-boot: need install image not boot)
NOT ImageX
ImageX is a command-line tool that enables original equipment manufacturers (OEMs) and corporations to
capture, to modify, and to apply file-based disk images for rapid deployment. ImageX works with Windows
image (.wim) files for copying to a network, or it can work with other technologies that use .wim images, such
as Windows Setup, Windows Deployment Services (Windows DS), and the System Management Server
(SMS) Operating System Feature Deployment Pack.
/append
Appends a volume image to an existing Windows image (.wim) file. Creates a single instance of the file,
comparing it against the resources that already exist in the .wim file, so you do not capture the same file twice.

You have a portable computer that runs Windows 7.
The computer is joined to a domain.
Multiple users log on to the computer.
You need to prevent the computer from displaying the username of the last user who logged on.
What should you do
A. From Control Panel, modify the User Profiles settings.

B. From Control Panel, modify the Personalization settings.

C. From the local computer policy, add a policy template.

D. From the local computer policy, modify the local security policy

D
You perform a clean installation of Windows 7 on a computer.
You need to ensure that you can run Windows XP Mode in Windows 7.
What should you do
A. Enable hardware-assisted virtualization.

B. Create a Data Execution Prevention (DEP) exception.

C. Install Windows XP in the same partition as Windows 7.

D. Install Windows XP in a different partition than Windows 7.

A

Windows XP Mode requires a processor that supports hardware virtualization using either the AMD-V or Intel
VT options. Most processors have this option disabled by default; to enable it, you must do so from the
computer’s BIOS. After the setting has been configured, it is necessary to turn the computer off completely.
The setting is not enabled if you perform a warm reboot after configuring BIOS. As 256 MB of RAM must be
allocated to the Windows XP Mode client, the computer running Windows 7 on which you deploy Windows XP
Mode requires a minimum of 2 GB of RAM, which is more than the 1 GB of RAM Windows 7 hardware requirement.

You have a computer that runs Windows 7.
You install Internet Information Services (IIS) to test a web based application.
You create a local group named Group1.
You need to ensure that only the members of Group1 can access the default Web site.
Which two configuration changes should you perform? (Each correct answer presents a part of the solution, Choose two.)

A. Modify the properties of Group1.

B. Assign an SSL certificate to the default Web site.

C. Modify the authentication methods of the default Web site.

D. Modify the NTFS permissions of the %systemroot%inetpubwwwroot folder.

CD

Modifying the Default Authentication Method
You can use the Directory Security tab of the Web Site Properties dialog box to change the authentication
method. The authentication method determines whether users are identified, and how users must be identified
to access your site. The authentication method you select varies, depending on the kind of site you are
creating and the purpose of the site.
Modify the NTFS permissions of the %systemroot%inetpubwwwroot folder
See article:
How to set required NTFS permissions and user rights for an IIS 5.0, IIS 5.1, or IIS 6.0 Web server

ScanState
MigApp.xml
Migrate applications settings.
-Folder options, fonts, wallpaper settings, etc.
ScanState
MigUser.xml
Migrate user folders, files and file types.
ScanState
MigDocs.xml
Location of user documents
ScanState
Config.xml
Exclude migration features

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>