Articles

There are more Microsft certifications than ever, which means that choosing one isn't as easy as it used to be.

If you're considering pursuing a Microsoft certification, you may already have discovered that the number of Microsoft certifications is legion. This has come about because Microsoft has redesigned the structure of its certification program several times as it worked to come up with a sustainable, straight forward structure. However, each certification in the latest crop comes in a wide array of variations, and on top of that, the old certifications never went away, and some of them are in fact still relevant to IT professionals today. All of this makes the menu of choices a little overwhelming.

Another reason for this article is that, as of this writing, Microsoft forces you to install their new Silverlight plug in before you can view certification information, and many of us would rather not do that...

The Hottest Options

If you are working with the latest Microsoft technologies, you will want to earn a certification from the newest generation, we'll start with those.

The most recent generation certifications are as follows:

• Microsoft Certified Technology Specialist (MCTS) -individual products and technologies.
• Microsoft Certified IT Professional (MCITP) - job role focus added on top of MCTS.
• Microsoft Certified Professional Developer (MCPD) - developers using Microsoft Visual Studio and the Microsoft .NET Framework.
• Microsoft Certified Architect (MCA) - highly experienced experts with strong managerial and technical skills.

There are also two instructor certifications:

• Microsoft Certified Trainer (MCT) - required qualification to teach official Microsoft courses.
  
• Microsoft Certified Learning Consultant (MCLC) - MCTs who are also consultants.

Microsoft Certified Technology Specialist (MCTS) is the building block for higher level Microsoft certifications. It is roughly equivalent to the original Microsoft Certified Professional (MCP) designation. It is product focused, for individuals who want to demonstrate expertise with individual Microsoft products or technologies. MCTS certification options range from Windows Server 2008 all the way back to Microsoft SQL Server 2005 and cover just about everything between. They typically require passing one to three exams in your chosen area of focus. When mainstream support for the particular product expires, the certification will be retired.

Microsoft Certified IT Professional (MCITP) takes product specific expertise and adds a job role on top of it, such as administrator, developer, or support technician. Each MCITP has a related MCTS requirement, so you'll have to earn that first. With the exception of the MCITP: Enterprise Administrator which consists of five exams, each of the MCITP roles requires one to two MCTS exams plus one to two MCITP exams. For example, to earn MCITP: Server Administrator you would need to pass two MCTS exams (Windows Server 2008 Active Directory Configuration and Windows Server 2008 Network Infrastructure Configuration) and then pass the MCITP Windows Server 2008, Server Administrator exam. The retirement policy is the same as it is for MCTS designations.

Microsoft Certified Professional Developer (MCPD) is for application developers who work with Microsoft Visual Studio and Microsoft .NET Framework 3.5. This certification takes MCTS skills and adds on specific developer roles using these technologies. The current MCPD certifications focus on Visual Studio 2008, but you can still earn certifications on Visual Studio 2005. For Visual Studio .NET, the older Microsoft Certified Solution Developer (MCSD) is the certification to earn.

The three MCPD options for Visual Studio 2008 are Windows Developer, ASP.NET Developer, or Enterprise Application Developer. For a Windows or ASP.NET designation, you must first earn the MCTS certification on the same technology (2 exams) and then pass the related MCPD exam. The Enterprise Developer title is much more demanding, requiring you to earn multiple MCTS certifications before taking MCPD Enterprise exams.

Microsoft Certified Architect (MCA) is the highest level of Microsoft certification and by far the most rigorous and costly. You'll need a ton of experience just to consider it, and it will set you back at least $10,000 just in program fees, half of which is due up front. The skills assessed include soft skills such as leadership, communication, and organizational strategies as well as technology expertise, which is billed as vendor neutral. There are infrastructure and solutions tracks, as well as a separate MCA Technology program.

Microsoft Certified Architect (MCA) is the highest level of Microsoft certification and by far the most rigorous and costly.

For the infrastructure or solutions tracks, first you'll have to submit an extensive dossier documenting your work history, an architectural solution case study, and descriptions of instances in which you have demonstrated each of the required competencies. Then you'll have to undergo an extensive, two hour review by a panel of four experts including two who are current MCAs. During the review, you will present and defend your solution and make a case for why you are really, truly an architecture expert.

The MCA Technology program is open only to Microsoft partners and employees and operates a bit differently. It is even more expensive, requiring you to attend four weeks of training, pass a qualification lab, and then face the review board, as well as meet experience requirements.

Microsoft Certified Trainer (MCT) is the certification that must be earned before you can teach an official Microsoft course using the official curriculum. It has been around for many years. There are four steps to becoming an MCT. The first is of course that you hold a current Microsoft certification from a fairly broad list that includes various MCSA, MCSE, MCITP, MCTS, MCDBA, and other certifications. Second, you must prove trainer expertise by either a) holding CompTIA CTT+ certification or a trainer credential from Cisco, Citrix, Oracle, or Novell, b) attend and pass an approved presentation skills course, or c) prove that you are an instructor at an accredited academic institution. Third, you must sign up for a "Metrics that Matter" account which enforces ongoing MCT requirements such as performance standards. You will need the account number for the next step. The final requirement is that you must complete Microsoft MCT application and pay the $400 program fee (US). An MCT certification must be renewed annually.

Microsoft Certified Learning Consultant (MCLC) is for Microsoft Certified Trainers (MCTs) who are also serve as consultants who design, develop, and implement customized Microsoft learning solutions. To step up from MCT to MCLC, you will need to submit a case study of a project you completed within the last two years that proves your skills as a learning consultant and submit a letter from the customer profiled in your case study. You will have to submit a new case study and a new letter every two years.

Oldies (and Not So Oldies) but Goodies

The original crop of Microsoft certifications is arguably the best known group, but they are disappearing fast. Neverless, some are still quite applicable to today's IT professionals. If you pick one of these, be sure to pay attention to when it is being retired and complete all requirements before then. This bunch includes:

• Microsoft Certified Professional (MCP) - basic competency in any legacy Microsoft product.
• Microsoft Certified Desktop Support Technician (MCDST) - technical support for Windows XP end users.
• Microsoft Certified Systems Administrator (MCSA) - intended as a stepping stone to the MCSE.
• Microsoft Certified Systems Engineer (MCSE) - high level skills in Microsoft Windows up to Windows 2003.
• Microsoft Certified Application Developer (MCAD) - intended as a stepping stone to MCSD.
• Microsoft Certified Solution Developer (MCSD) - application development using Microsoft .NET Framework 1.0 or 1.1
• Microsoft Certified Database Administrator (MCDBA) - implementation and administration of Microsoft SQL Server databases.

Microsoft Certified Professional (MCP) used to be the entry point to the Microsoft certification program. Basically, pass any single exam on any Microsoft product and you would obtain MCP certification. This no longer applies and has been effectively replaced by the MCTS designation described earlier.

Microsoft Certified Desktop Support Technician (MCDST) s for individuals who provide support to end users of Windows XP. There are two exams required, one that focuses on the operating system itself and a second that covers troubleshooting applications that run on it.

Microsoft Certified Systems Administrator (MCSA) is essentially a stepping stone to the MCSE, created because the list of MCSE requirements can be rather daunting at seven exams. It can be earned on Windows 2000 or Windows Server 2003 and requires passing four exams which overlap the MCSE exams, thus you will earn the MCSA on the way to the MCSE. The exams include two networking system exams, one client operating system exam, and one elective. MCSA: Messaging and MCSA: Security specializations are also available for both the Windows 2000 and the Windows 2003 tracks.

Microsoft Certified Systems Engineer (MCSE) is without a doubt the best known certification worldwide; no suprise since it's been around since 1992, and it's not going away any time soon. It is intended to certify a high skill level in designing and implementing Windows operating system solutions. Currently it can only be earned following a seven exam Windows 2003 track. Exams for earlier tracks, such as Windows 2000, are no longer available. There are no current plans to retire this certification, although the newer certifications at the beginning of this article warrant a look first.

The MCSE is still a very viable certification and will be for the foreseeable future as Windows Server 2003 is likely to remain in wide use for some time.

To earn an MCSE on Windows Server 2003, you must pass seven exams including four core networking system exams, a client operating system exam, a design exam, and one elective exam from an extensive list that includes many of the latest Microsoft certification exams. The four core networking exams cover skills related to managing, implementing, and maintaining Windows Server 2003 in a networked environment. The client operating system exam can be either for Windows Vista or Windows XP professional. For the design exam, the two choices are Designing a Windows Server 2003 Active Directory and Network Infrastructure or Designing Security for a Windows Server 2003 Network. The list of possible electives includes quite a few from the new MCTS certification exam list. MCSE: Messaging and MCSE: Security specializations are also available for both the Windows 2000 and the Windows 2003 tracks.

The MCSE is still a very viable certification and will be for the foreseeable future as Windows Server 2003 is likely to remain in wide use for some time.

Microsoft Certified Application Developer (MCAD) is for developers who work with Microsoft .NET Framework 1.0 or 1.1. For later versions of the .NET Framework, look at the newer MCTS above. Also, keep in mind that t crucial core exams will retire in March 2009, so you will not be able to take them after that. MCAD was created as a more easily obtainable developer certification than the MCSD and serves as a stepping stone to that. It requires three exams rather than five. The exams overlap so you will earn the MCAD on the way to the MCSD. First you choose either Visual C# .NET or Visual Basic .NET as your track. Then you will need to pass a Windows or web application development exam and a web services and server component development exam, plus one elective that covers a specific Microsoft server product.

Microsoft Certified Solution Developer (MCSD) was Microsoft's first certification for developers and is nearly as well known as the MCSE; however, the core exams will retire in March 2009, so if you have not completed them by then, you will not be able to earn this certification. On the up side, Microsoft says the title will never expire, so if you earn it you get to keep it. An MCSD is for application developers who work with Microsoft .NET Framework 1.0 or 1.1. For later versions of the .NET framework look at MCTS and MCITP above.

The MCSD certification offers a choice of a Visual C# .NET or Visual Basic .NET. Four core exams are required, one each for web application development, windows application development, web services and server component development, and solution architecture. An additional elective is also required, which can be chosen from a list that includes Microsoft BizTalk Server 2004, Microsoft SQL Server 2005, and implementing application security, among other options.

Microsoft Certified Database Administrator (MCDBA) is for administrators of Microsoft SQL Server 2000. Most of the exams on this track have already retired or will retire in March 2009, so you will need to complete the requirements before then. To earn an MCDBA, you must pass on SQL Server administration exam and one SQL Server design exam. You must also pass either a Windows 2000 or Windows Server 2003 exam. The last requirement is your choice of an elective from a list that includes some of the newer MCTS exams. Most of the other elective options are for exams that have been retired.

That's a Wrap - For Now

As you can see, the latest generation of certifications offers many more certification tracks within each designation. They pertain to the latest Microsoft technologies as well some of the more venerable products and are certainly the first place to look if you are considering a new certification. However, many previous Microsoft products, such as Windows Server 2003, are still widely used, and earlier Microsoft certifications that remain available are quite appropriate for individuals who work with those products. Basically it comes down to what technology generation you are working with, at least until the menu of certifications gets redesigned again...

Microsoft's Learning Group closes beta testing on several new Windows Server 2008 exams, with release soon after the software launches next month.

Windows Server 2008 rounds the corner toward release at the end of next month. And the Microsoft Learning Group, for its part, has been keeping pace with new exams that are slated to be generally available at Prometric testing centers soon after the software hits shelves. According to blog posts from Trika Harms zum Spreckel, a member of the marketing team in the Microsoft Learning Group, MCPs will see a healthy mix of MCTS and MCITP exams in the weeks to come.

Specifically, Microsoft will release three Technology Specialist-level and two Professional-level exams targeting all aspects of Windows Server 2008 design and administration:

• 70-640 TS: Windows Server 2008 Active Directory, Configuring
• 70-642 TS: Windows Server 2008 Network Infrastructure, Configuring
• 70-643 TS: Windows Server 2008 Applications Infrastructure, Configuring
• 70-646 Pro: Windows Server 2008, Server Administrator
• 70-647 Pro: Windows Server 2008, Enterprise Administrator

All of these exams were put through a month-long beta test period that ended Jan. 21. Candidates who take these exams will earn an MCTS designation as follows:

• Pass 70-640 - MCTS: Windows Server 2008 Active Directory Configuration
• Pass 70-642 - MCTS: Windows Server 2008 Networking Infrastructure Configuration
• Pass 70-643 - MCTS: Windows Server 2008 Applications Infrastructure Configuration

Those exams also make up the requirements for two new Windows Server 2003-based IT Professional titles, details of which were posted on the Microsoft site and Trika's blog late last week

• MCITP: Server Administrator
• MCITP: Enterprise Administrator

According to the certification guides on the MCP site, the MCITP: Server Administrator is aimed at IT administrators who get their hands dirty mixing it up with servers and contending with daily networking issues, much like an MCSA for the new-era certifications. Obtaining that title requires passing of two TS-level exams -- 70-640 and 70-642 -- as well as 70-646 at the Professional level.

The MCITP: Enterprise Administrator title, on the other hand, requires a bit more network design-based expertise and an understanding of network infrastructure in the context of the enterprise. So, Microsoft makes the bar for obtaining this title a bit higher, with candidates having to pass at least four of the following MCTS level exams: 70-640, 70-642, 70-643 and 70-620 TS: Windows Vista, Configuring or 70-624 TS: Deploying Vista and Office Desktops (70-620 and 70-624 have been available since soon after the release of Vista last year). Over on the Professional level, candidates finally have need to pass one more exam, 70-647, to obtain MCITP nirvana.

Migrating from MCSA/MCSE on Windows 2003

As it has done in the past, the Microsoft Learning Group incorporates transition exams into both Windows 2008-based MCITP tracks for MCSA and MCSE on Windows 2003 titleholders.

For those with MCSA on Windows 2003 certificates who want to upgrade to MCITP: Server Administrator, candidates need only pass two exams: 70-646 on the Pro level and 70-648 TS: Upgrading MCSA on Windows Server 2003 to Windows Server 2008, Technology Specialist, an exam that has been available since October 2007.

For the more comprehensive MCITP: Enterprise Administrator, MCSAs have to pass either of the Vista exams (70-620 or 70-624), plus 70-643 and 70-647, as well as the transitional 70-648 exam.

For MCSEs taking on the MCITP: Server Administrator requirements means passing the same 70-646 exam, but a different transition exam: 70-649 TS: Upgrading from MCSE on Windows 2003 to Windows 2008, Technology Specialist (that one has also been available since October 2007). MCSEs migrating to the Enterprise-grade title take a similar path as MCSAs, but substitute 70-649 for 70-648.

Noteworthy: The Microsoft Learning Group is providing early adopters with a price incentive to get certified on the new Windows 2008 exams. Under its "First to Know" program, those who register to receive e-mail alerts when the Windows 2008 exams go live will receive a code that can be used to save 40 percent off the price of the news TS exams 70-640-, 70-642 and 70-643. Another code will also be issued along with alerts when the Pro-level 70-646 and 70-647 exams become generally available.

Takeaway: Although several Windows Vista exams are still in beta, others are ready and waiting at your local Pearson VUE and Prometric testing centers. Here's what you need to know regarding new Windows Vista certification options.

For the last several years, Windows XP marked the most contemporary Microsoft client OS certifications an IT professional could possess. But all that's changing with the introduction of Windows Vista.

While Vista's been available to volume license customers since November 2006, its wider release in late January seemingly made the new OS' launch official. With Vista now appearing on store shelves, in advertisements and within corporate environments, it's also registering on technology professionals' certification radar screens.

Although several Windows Vista exams are still in beta, others are ready and waiting at your local Pearson VUE and Prometric testing centers. Here's what you need to know regarding new Windows Vista certification options.

Exam 70-620: Windows Vista Configuration

Officially launched January 4, 2007, Exam 70-620: Microsoft Windows Vista, Configuring earns Microsoft Certified Technology Specialist: Windows Vista, Configuration certification.

The certification is aimed at technical staff having at least a year of experience providing phone support in organizations ranging from retail stores to enterprise-scale environments.

Microsoft recommends candidates have experience

• Repairing network issues
• Troubleshooting Windows desktops
• Configuring security and applications
• Repairing logon problems
• Resetting passwords
• Eliminating desktop program conflicts

To successfully pass the exam, candidates must demonstrate proficiency

• Installing and upgrading the new OS
• Configuring and troubleshooting Vista's post-installation system settings
• Configuring security features (including user account controls, Windows Defender and Windows Firewall).

Technology professionals must also demonstrate expertise configuring

• Network connectivity
• Applications included with Vista (including Windows Mail, Windows Meeting Space, Windows Calendar, Windows Fax and Scan and Windows Sidebar)
• Mobile computing features.

Further, candidates must also prove their ability to maintain and optimize Vista performance.

Exam 70-621: Upgrading Your MCDST Certification To MCITP Enterprise Support

Exam 70-621: Upgrading Your MCDST Certification To MCITP Enterprise Support is in beta until April 12, 2007. Successfully navigating the exam enables Microsoft Certified Desktop Support Technicians to upgrade their certification to Microsoft Certified IT Professional: Enterprise Support Technician. The test is aimed at

• IT professionals working in medium- and large-scale companies.
• IT professionals with  three to five years of experience working as lead desktop support technicians (tier 2 support techs) deploying Windows, administering security and configuring Vista.

The upgrade exam tests candidates' ability to:

• Install Windows Vista
• Configure and troubleshoot post-installation settings
• Manage security (including the new BitLocker feature)
• Configure networking
• Troubleshoot connectivity problems.

Candidates must also prove knowledge configuring and troubleshooting Windows' native tools, managing and maintaining Vista workstations and supporting mobile systems (including Tablet PC and mobile device components).

Among the changes already made to the exam in beta are an increased emphasis on supporting and troubleshooting applications installed on Windows Vista systems.

Exam 70-622: Microsoft Desktop Support - Enterprise

In beta until March 30, 2007, those passing Exam 70-622: Microsoft Desktop Support--Enterprise, earn Microsoft Certified IT Professional: Enterprise Support Technician certification.

The exam targets IT professionals who

• Work in larger organizations
• Have three to five years of experience as lead desktop support technicians
• Have familiarity with older Windows desktop operating systems as well as Windows Vista.

Earning this accreditation requires candidates to prove their knowledge

• Deploying Windows Vista (including deploying from custom images and analyzing business requirements)
• Managing security (including patch management)
• Administering and maintaining Vista boxes and configuring and troubleshooting network connectivity.

As with Exam 70-621, Exam 70-622 also experienced changes in beta. Specifically, additional focus was being placed on the same issue: supporting and troubleshooting applications installed on Vista workstations.

Exam 70-623: Microsoft Desktop Support--Consumer

Exam 70-623: Microsoft Desktop Support -- Consumer is scheduled for beta testing through April 5, 2007. Candidates passing the test earn Microsoft Certified IT Professional: Consumer Support Technician accreditation.

The exam targets IT professionals who are typically employed as consumer (residential) support technicians. Exam 70-623 tests small-office and home network administration skills, with emphasis on desktop apps, mobile device management, malware removal and hardware support, among other issues. Microsoft recommends candidates have experience deploying, managing and repairing desktop operating systems before attempting the exam.

The test measures consumer support technicians' ability to

• Install and upgrade Windows Vista
• Customize and configure post-installation settings
• Configure security
• Administer and troubleshoot network connectivity (including Vista's media center)
• Troubleshoot and repair corrupted installations.

Exam 70-624: Deploying and Maintaining Windows Vista Client And 2007 Microsoft Office System Desktops

Exam 70-624 beta tested early this year and earns Microsoft Certified Technology Specialist: Deploying And Maintaining Vista Client And Office System 2007 Desktops certification.

Microsoft recommends Exam 70-264 candidates have at least one year of hands-on experience managing day-to-day desktop issues. They should also have familiarity with

• Deploying Windows clients, applications, and upgrades
• Using mass deployment tools
• Working in the Windows pre-installation environment.

The exam tests one's ability to

• Install Microsoft Office 2007
• Configure Vista's automated installation features
• Mass deploy Vista
• Leverage the Business Desktop Deployment Workbench
• Administer the Application Compatibility Toolkit
• Migrate user-state data (including using the Microsoft Systems Management Server 2003 Operating System Deployment Pack).

Summary

These Windows Vista-centric exams form a firm foundation for upgrading certifications and keeping one's resume current. As Windows Vista gains share, and as the Longhorn server platform reaches market, additional exams testing Vista knowledge are sure to appear. Thus, while others may be moving slowly to adopt the new OS, those IT professionals looking to stay ahead of the pack should ensure they familiarize themselves with these exams.

Windows Server 2008 will be released early next year. That's right...I said it, another major server OS will be released with undoubtedly more to learn! However, with this release, Microsoft is also rolling out major changes to its certification program. All of us old MCSEs are in for some big changes.

For example, the MCSE we're all familiar with is going away. Yep, you heard it, completely going away! Instead, new certification titles, like MCTS, or Microsoft Certified Technology Specialist: Active Directory Configuration or Application Platform Configuration, will be the certification de jour.

Here's an overview of the new Windows Server 2008 certification program. Specifically, it will address:

• New changes in the Windows Server 2008 certification program
• What you need to do to transition your Windows Server 2003 MCSE skills to 2008
• What you need to do to go from Windows 2000 MCSE to 2008
• Learn practical tips on what you can do now to start planning

The world's most popular certification is going through a major remodel-are you ready?

[Note: The MCP and MCSA have been excluded from this article with the focus being only on the MCSE.]

First look: What's changed?

After years of complaints about the MCSE being far too ordinary and too generic, Microsoft is taking a new approach to its certifications. Instead of offering a more generically themed program (like the traditional MCSE), Microsoft is creating certifications that are more tightly focused on specific roles and skill sets. These changes are part of a larger effort to revamp the entire certification program (which includes more than Windows Server 2008). However, for traditional MCSEs, Windows Server 2008 is where we'll see the most changes.

These new tracks are referred to as the Technology Series and the Professional Series.

Technology Series-Microsoft wants to provide a means for cert holders to demonstrate proficiency in a specific technology area, like configuring the Active Directory or Vista. These certifications are known as Microsoft Certified Technical Specialist (MCTS) and are very technologically focused.

Professional Series-Here, there are two focus areas: IT Professional and Professional Developer. I've excluded the Developer series from this article, as most traditional MCSEs will likely not be on the Developer track. Professional certifications allow a person to demonstrate they can perform a job like Server Administrator. A person who earns a Professional certification will be known as a Microsoft Certified IT Professional, or MCITP.

They also require earning the equivalent technology certification (MCTS) in the corresponding Microsoft product. Each focus area has generally one to three exams. For most MCSEs, there are two Professional Certifications that will likely be right in your wheelhouse. I list them below, and include the necessary exams. The "TS" next to each exam number denotes an MCTS exam, while the "Pro" denotes an MCITP exam.

Server Administrator

• 70-642: TS: Windows Server 2008 Network Infrastructure Configuring
• 70-640: TS: Windows Server 2008 Active Directory, Configuring
• 70-646: Pro: Windows Server 2008 Administrator

Enterprise Administrator

• 70-620: TS: Configuring Microsoft Windows Vista Client or 70-624: TS: Deploying and Maintaining Windows Vista Client and 2007 Microsoft Office System Desktops
• 70-643: TS: Windows Server 2008 Applications Platform, Configuring
• 70-642: TS: Windows Server 2008 Network Infrastructure Configuring
• 70-640: TS: Windows Server 2008 Active Directory, Configuring
• 70-647: Pro: Windows Server 2008 Enterprise Administrator

The theory with these new programs is that they allow for more specificity by creating very tightly focused certifications and emphasizing actual real world job roles, thus making it easier for prospective employers to judge abilities and talents. I'm already having nightmares about the alphabet soup that the already lengthy signature blocks will become. We may be seeing something like this:

John Smith, Network Engineer, MCSE (NT 4.0), MCSE+I (Windows Server 2000 and Windows Server 2003), MCSA (Windows Server 2000 and Windows Server 2003), MCTS: Windows Server 2008 - Active Directory Configuration, MCTS: Windows Server 2008 - Network Infrastructure Configuration, MCTS: Windows Server 2008 - Application Platform Configuration, MCITP: Enterprise Administrator...and so on...

Good Grief!

And finally, in a move that not only keeps technologists current, but, coincidentally, also generates consistent revenue for Microsoft, the new MCTS certifications expire. In fact, they expire when the specific technology expires. The MCITP also requires re-certification-every three years! However, in most cases, MCITP re-up will be a single exam, and it will probably be the latest MCTS exam.
Transition your Windows Server 2003 MCSE to 2008

If you're a Windows Server 2003 MCSE (W2k3MCSE), the path to achieve certification depends on what your goals are. Because the MCSE doesn't exist in Windows Server 2008 you have to "transfer" your certification skills, as a Microsoft calls it, to the new MCTS track (and then if you'd like, tack on the applicable MCITP certification).

Microsoft has created a new exam entitled "70-649: TS: Upgrading your MCSE on Windows Server 2003 to MCTS on Windows Server 2008." When you pass it, you will earn three MCTS qualifications in one swoop:

• MCTS: Windows Server 2008 - Active Directory Configuration
• MCTS: Windows Server 2008 - Network Infrastructure Configuration
• MCTS: Windows Server 2008 - Application Platform Configuration

A Windows 2003 MCSE who isn't interested in such a large exam could take individual MCTS exams in each of the aforementioned technology areas. However, if you're looking for a less circuitous route and you don't mind taking the daunting single exam, the 70-649 is probably the better approach.

It's important to note that Microsoft is transitioning folks to the TS level, but there's no transition plan to move people directly to the Professional level. You can still get there, but you have to transition to the TS level first, and then take the remaining exams at whatever professional level you are seeking, just like any other MCITP seeker.

For example, if you're a Windows 2003 MCSE and you want to be a MCITP Enterprise Administrator you'd have to:

1. Take 70-649 to transition your skills to the new MCTS
2. Select a desktop MCTS (70-620 or 70-624)
3. Take the 70-647 Enterprise Administrator Professional Exam

If you only wanted to obtain the MCITP Server Administrator, you'd have to:

1. Take 70-649 to transition your skills to the new MCTS certifications
2. Take the 70-646 Server Administrator Professional Exam

As I mentioned before, I've left the MCSA out of the discussion here, but you will find a similar, if slightly less difficult, path to upgrade a Windows Server 2003 MCSA to Windows Server 2008. Check out the following link for more information on MCSAs: http://www.microsoft.com/learning/mcp/mcsa/windowsserver2008/default.mspx.

Going from Windows 2000 MCSE to 2008?

If you're a Windows 2000 MCSE or, for that matter, any non-Windows 2000/2003 MCSE (NT 4.0), you're out of luck. There's no transition path from Windows 2000 (or anything earlier) to Windows Server 2008. Instead, depending on how far along you are with your Windows Server 2003 MCSE, you have two choices:

1. Complete your upgrade to Windows Server 2003 (thus making your transition to Windows Server 2008 a bit shorter), or
2. Start fresh with Windows Server 2008

It actually may be easier to upgrade to Windows Server 2003 MCSE in order to make for an easier transition to Windows Server 2008.

[REMINDER: The two exams a Windows 2000 MCSE needs to take to upgrade to Windows Server 2003 (without taking the long route), 70-292 and 70-296 are currently scheduled for discontinuation on March 31, 2008.]

Start planning now!

The time to get your plans in order is now, what with the W2k3MCSE upgrade exams set to expire in March 2008. If you're a Windows 2000 MCSE, consider the upgrade path to W2k3MCSE first-it may make your Windows Server 2008 transition much easier.

If you're already a Windows 2003 MCSE, start looking at the new Windows Server 2008 technology. There are already some beta examinations available. Microsoft has also indicated that final versions of the exams will be released shortly after the technology's Release-To-Market date:

• TS Exam Goals Release Date: 30 days post RTM
• Pro Exam Goals Release Date: 60 days post RTM

Exam 70-623 PRO: stands alone as a Microsoft certification. The exam targets IT professionals who work within the consumer market supporting end users. Familiar with The Geek Squad? Well, that's the target audience. Exam 70-623 gives this group a way to prove their knowledge supporting users with installation, configuration and troubleshooting retail versions of Windows Vista installed on consumers' machines.

Besides this exam, Microsoft has released four other Windows Vista exams:

• 70-620 TS: Configuring Windows Vista (reviewed here)
• 70-624 TS: Deploying and Maintaining Windows Vista and 2007 Office System Desktops
• 70-621 Pro: Upgrading your MCDST Certification to MCITP Enterprise Support
• 70-622 Pro: Supporting and Troubleshooting Applications on Windows Vista for Enterprise Support Technicians (70-622 reviewed here)

The 70-621 and 70-622 exams are aimed at testing candidates' knowledge of Vista installations at business and enterprise-class environments and qualify for the Microsoft Certified Technology Specialist and Microsoft Certified IT Professional certifications.

I took the 70-623 beta, which had 77 questions and was timed at 190 minutes. The final version of the exam is limited to 90-120 minutes, but has somewhere around 50 questions.

This exam was wide in scope and tested the candidate's knowledge of all aspects of supporting users of Windows Vista in the consumer market in these key areas:

• Install, upgrade Windows Vista
• Post-Installation customization and configuration
• Configuring Vista security
• Configuring, troubleshoot, repairing networking
• Installing, configuring, troubleshooting devices
• Troubleshooting, repairing Vista

My first recommendation for study falls under the category of hands-on -- if you're new to Vista, you need some time at the controls, and it's always time well spent!

Microsoft has several online and e-learning courses available for this exam (search here and here). If you'd rather take the self-study route, the official Microsoft Press publication is MCITP Self-Paced Training Kit (Exam 70-623): Supporting and Troubleshooting Applications on a Windows Vista Client for Consumer Support Technicians by Anil Desai. For my study, I went to www.WindowsVista.com. It has links to information for consumers, developers and IT professionals like us. Click that link and you'll find yourself at the Microsoft Technet site, where you'll find all the printed study information you'll need. I highly recommend you study the following documents available there: Windows Vista Product Guide, Deploying Vista Step by Step Guide, Windows Vista Security Guide, Understanding and Configuring User Account Control in Windows Vista, Step-By-Step Guide to Controlling Device Installation and Usage with Group Policy, and finally; Windows Vista Networking.

Now I could just give you all the questions and answers to the exam, but what fun would there be in that? After all it's been five long years since Microsoft last released a new desktop operating system and I'm ready to learn all the new things, aren't you? On with the review.

The set of skills you'll need to demonstrate for this exam were noted earlier and through the remainder of this article, I will help you prepare to pass this exam by directing you to specific areas in Windows Vista. Be sure you read and study the exam objectives available from the Microsoft Web site for a general idea of what to expect on this exam.

Install and Upgrade Windows Vista
Minimum hardware requirements for Vista are a 800MHz CPU with 512 MB of RAM and a 20GB hard drive, and a DVD drive. You'll do better if you have at least a 1GHz or greater CPU, 1GB of RAM, and a 40GB hard drive (15GB of free disk space is required for upgrades). The Windows Aero feature requires a DirectX 9 video card that supports a Windows Display Driver Model driver, Pixel Shader 2.0, and is 32-bit pixel capable. The greater processor, memory, and video card allow you to experience all that Vista has to offer.

You can upgrade Windows XP Home or Professional with service pack 2 to one of the five versions of Windows Vista, or a Windows 2000 Professional PC via the clean install method using the Files and Settings Transfer wizard. If you're running any other version of Windows, you must perform a clean install. Windows Vista also supports upgrading from one version to another, such as the Home versions to Ultimate.

Installation issues can come up if the hardware is not at the minimum levels as stated previously, and it's highly recommended you download and run the Windows Vista Upgrade Advisor to determine if your computer is hardware and software compatible.

Exam Tip: You cannot perform an upgrade to Windows Vista retaining personal files, settings and programs from Windows 2000.

Another option -- rather than upgrade or a clean install -- is to configure your computer with the old version of Windows along with Windows Vista. Often referred to as a multi-boot or dual-boot configuration, this approach allows you to resort to your old version if you change your mind, if things go wrong or you simply need time to migrate your files and settings. Microsoft provides a step-by-step article here showing the way.

Post-Installation: Customize and Configure Settings
Windows Sidebar provides a method of organizing the information you want to access quickly on the desktop. Sidebar is located on the desktop and contains gadgets, which are customizable mini-programs that display continuously updated information, with some that allow you to perform common tasks without opening a window. You can find more gadgets on the Microsoft Gadgets site here. To uninstall a gadget, click the plus sign at the top of the sidebar, right-click the gadget and click uninstall.

To support and configure the newest display option in Windows Vista, Aero, your system must meet the video card requirements as stated earlier. Be certain and make sure that the color is set to 32 bit and the monitor refresh rate is set higher than 10 hertz. The theme should then be set to Windows Vista, color scheme set to Windows Aero, and window frame transparency set on.

With many versions of Windows including Vista, each account type gives a user a different level of control over the computer. The standard user account is the account to use for all users. The administrator account provides the most control over the computer, and should only be used when necessary. The guest account is primarily for people who need temporary access to the computer. Windows Vista includes a new technology and security level called User Account Control -- more on this later.

When you use a standard user account, you can use most programs that are installed on the computer, but you can't install or uninstall software or hardware, delete files that are required for the computer to work, or change settings on the computer that affect other users. If you're using a standard user account, some programs might require you to provide an administrator password before you can perform certain tasks.

The Windows Vista Upgrade Advisor from Microsoft can help determine if all your installed hardware and software is compatible with Windows Vista prior to upgrading. Another method to verify whether or not your program software is compatible with Windows Vista is to download the Microsoft Application Compatibility Toolkit. It's an advanced tool, but it can provide very valuable information regarding thousands of software programs and versions and their compatibility with Windows Vista. ACT includes real-time reporting for many applications from the user community of Windows Vista and possible workarounds or show-stoppers with program software.

There are many ways to improve your computer's performance and some of them are new to Windows Vista. The Performance Information and Tools lists found in Control Panel, has tasks that can help improve the performance of your computer, and it also shows information about your computer's performance capabilities. One way to speed up your system is to manage the startup programs that start themselves automatically when you start Windows. Too many of these programs opening at the same time can slow down your computer. This can be done with the new application from Microsoft, Windows Defender. Turning off unnecessary visual effects like Aero, disk defragmenting and adjusting disk and file indexing options (found in Control Panel) can help improve performance.

Configure Windows Vista Security
The Windows Security Center found in Control Panel is the main entry point for configuring, maintaining and troubleshooting security settings for consumer desktop users. Windows Security Center can help enhance your computer's security by checking the status of several security essentials on your computer, including firewall settings, Windows automatic updating, anti-malware software settings, Internet security settings and User Account Control settings.

If Windows detects a problem with any of these security essentials -- for example, if your antivirus software is out of date -- Security Center displays a notification and places a Security Center shield icon in the notification area. Click the notification or double-click the Security Center icon to open Security Center and get information about how to fix the problem.

Exam Tip: Windows Vista can't detect all types and versions of antivirus software and it may be necessary to configure Vista not to monitor for installed antivirus software if you've already installed and configured correctly.

A firewall can help prevent hackers or malicious software such as worms from gaining access to your computer through a network or the Internet. A firewall can also help stop your computer from sending malicious software to other computers. Windows checks if your computer is protected by a software firewall. If the firewall is off, Security Center will display a notification and put a Security Center shield icon in the notification area.

Windows can routinely check for updates for your computer and install them automatically. You can use Security Center to make sure Automatic updating is turned on. If updating is turned off, Security Center will display a notification and put a Security Center shield icon in the notification area.

It's important to run anti-spyware software whenever you're using your computer. Spyware and other potentially unwanted software can try to install itself on your computer any time you connect to the Internet. Potentially unwanted or malicious software can also be programmed to run at unexpected times, not just when it is downloaded or installed. Windows Defender protects against most spyware with its default configuration and automatic updates.

Windows Vista Parental Controls is a new feature that adds control over standard user accounts, such as children who might be using a consumer computer. It provides for control and monitoring of software programs, such as games with ratings, Internet Web sites, and can even control and monitor hours of computer usage. Age ratings for games group content into levels appropriate for different ages, from young children through mature teens and an adults-only category.

Internet Explorer 7 includes new security and privacy features that allow you to safely browse the Web:

• Phishing Filter can help protect you from phishing attacks, online fraud and spoofed Web sites.
• Protected mode can help protect your computer from Web sites that try to install malicious software or to save files on your computer without your consent.
• Higher security levels can help protect you from hackers and Web attacks.
• The Security Status bar displays the identity of secure Web sites to help you make informed decisions when using online banking or merchants.
• Internet Explorer's add-on disabled mode lets you start Internet Explorer without toolbars, ActiveX controls or other add-ons that might slow down your computer or prevent you from getting online.

Windows Vista includes User Account Control for added security and control; it wasn't originally included with previous versions of Windows. UAC gives standard users the ability to run most programs but not change most system settings. When elevated permissions are required, users are automatically prompted to provide administrator credentials: username and password. UAC can also prevent malicious software or malware and spyware from installing or making changes to your computer without permission.

Exam Tip: Know which level of permission is required for standard users or administrators to manage other user accounts and for a user to change their own password.

Windows Vista includes many data security options available in previous versions of Windows and a few new ones. Encrypting File System is used to encrypt files on a computer's hard disk. Vista also includes a new file encryption for data on the hard disk called BitLocker. It can be used to secure the entire hard disk contents, commonly used with portable computers.

Configure, Troubleshoot, and Repair Networking
It's a good idea to find out what kind of network adapters your computer has -- wired or wireless. You might decide to go with a certain technology because you already have most of the hardware, or you might decide to upgrade your hardware. Most people find that a combination works best for their environment. If both types are present and configured in Windows Vista, one or more can be disabled using their respective icon in the Network and Sharing Center found in Control Panel, or by using the Windows Device Manager. The symbol next to a device in Device Manager with the arrow pointing down signifies the device has been disabled.

Exam Tip: A computer with the IP address of 169.254.x.x may need to be assigned an address by the user for the network, or it won't receive an address from the network's router.

When configuring Windows Vista and other Windows versions to communicate for file and printer sharing on a network, each computer must have the Client for Microsoft Networks and File and Printer Sharing for Microsoft Networks enabled. This can be found in the properties of the network card, or simply from the Network and Sharing Center under the heading Sharing and Discovery.

Wireless networks use radio waves to send information between computers. There are three types; 802.11g offers a greater signal range than 802.11b and 802.11a networks. Wireless can be affected by interference from things such as walls, large metal objects and pipes. Also, many cordless phones and microwave ovens can interfere with wireless networks when they're in use.

Exam Tip: Manual configuration of a wireless network connection may be required if the wireless access point is not broadcasting a SSID.

You can share files and folders in several different ways. The most common way in Windows is to share them directly from your computer. Windows Vista provides two methods for sharing files in this way: share files from any folder on your computer or from a Public folder. Which method you use depends on where you want to store the shared folders, who you want to share them with and how much control you want to have over the files. Either method allows you to share files or folders with someone using your computer or another computer on the same network.

If your computer is in a workgroup, you have the option of toggling password protection. If password protection is turned on, the person you are sharing with must have a user account and password on your computer in order to access the shared files and folders. You can turn password protection on or off in the Network and Sharing Center. If you turn on file sharing for the Public folder, anyone with a user account and password on your computer, as well as everyone on your network, will be able to see all the files in your Public folder and subfolders. You cannot restrict people to just seeing some files in the Public folder. However, you can set permissions that either restricts people from accessing the Public folder or that restricts them from changing files or creating new ones.

Only available with Windows Vista Home Premium or Ultimate: With Windows Media Center you can play audio and data CDs, as well as video and data DVDs. To play DVDs, you must have a DVD drive and a compatible DVD decoder installed on your computer. A compatible DVD decoder is already installed on computers that include Windows Media Center. You can watch pictures in a slide show and play videos using Windows Media Center. Windows Media Center also allows you to specify a search criteria to find digital media files such as movies, videos, music, pictures, or recorded TV shows. These files are stored in libraries on your Windows Media Center PC.

You can connect a Media Center Extender device using a wired or wireless connection to connect the Extender device to your home network. When connecting to a wireless network, the Extender tries to connect silently without any action on your part. However, if the wireless network has security protocols enabled, such as a Wired Equivalent Privacy key or a Wi-Fi Protected Access password, you must provide this security information manually to the Extender. Once the network has been established, during the final configuration of Windows Media Center and Media Center Extender, you must enter the 8-digit set-up key that is displayed on the TV that's connected to the MCE.

Install, Configure, and Troubleshoot Devices
When connecting a device to a USB port on a USB hub, monitor or other device that's plugged into your computer, ensure that the USB port has enough power to support your device. Smaller devices, such as USB flash drives and mice, and devices with their own power cords, such as printers, typically work properly when connected to an unpowered USB hub. Some devices that use more power, such as USB-powered scanners and Web cameras, require a hub that has its own power cord to function properly. If a device doesn't work properly when connected to a hub, try connecting it directly to one of the computer's USB ports.

The new Microsoft Windows Mobile Device Center available in Windows Vista enables you to set up new partnerships, synchronize content and manage music, pictures and video with Windows Mobile-powered devices such as Windows Mobile 6 cell phones.

Exam Tip: Windows Mobile Device Center supports Windows Mobile 2003 and newer devices.

If the Import Pictures and Videos does not work for your camera, or if your camera uses an unusual cable, then Windows can't get pictures from your camera automatically. You need to install software provided by the camera manufacturer. Check the manufacturer Web site for the latest driver software.

To import high-quality video using Import Video, you can connect your digital video camera to your computer in one of two ways. The first method is to use an IEEE 1394 connection: connect one end of the IEEE 1394 cable to the DV port on the camera and the other end into the IEEE 1394 port on your computer. This connection method is more popular (and often faster) than the second connection type, which uses USB 2.0.

If your computer has a built-in fax modem, Windows will automatically detect it during the set-up process. If you're not sure whether your computer has a built-in fax modem, check the hardware information that came with your computer. To set up your computer to send faxes only, click "I'll choose later; I want to create a fax now" in the Fax Setup Wizard. Keep in mind that by choosing this option, you will be able to send faxes, but you won't be able to receive them. If you want to change settings for sending and receiving faxes with a fax modem so that you can receive faxes, you need to provide an administrator password or permission. Users with administrator privileges can change the setting at any time. Before you try receiving a fax, however, make sure that your computer is connected to a fax modem.

If you can't change printer properties, you might not have permission to manage the printer. Permissions are required because changing the printer properties can affect everyone who uses the printer. When a printer is installed, members of the administrators group on the computer have permission to manage the printer by default. If you have an administrator account, you can probably change the printer properties.

Permissions can be assigned to each person who uses the printer or to a group of users who have the same type of user account. Windows offers these types of printer permissions:

• Print. By default, each user can print and cancel, pause, or restart documents or files that they send to a printer.
• Manage documents. If you have this permission, you can manage all jobs for a printer that are waiting in the print queue, including documents or files that are being printed by other users.
• Manage printers. This permission allows you to rename, delete, share, and choose preferences for the printer. It also allows you to choose printer permissions for other users and to manage all jobs for the printer. Members of the administrator group for a computer have permission to manage printers by default.

Must-Know Tips Before Taking an Exam

If this is your very first IT exam or at least your first Microsoft exam, there are some things you should know:

• The price for Microsoft exams in the US is $125.
• You are allowed to take any exam as many times as needed to pass.
• You must pay the $125 for each and every attempt at the exam. (For first-time exam takers, Microsoft usually provides incentive offers; you'll find these on the Microsoft MCP Web site.)
• You will receive an onscreen pass or fail indicator at the completion of the exam.
• You will also receive a printed score report upon exiting the exam booth.
• You will receive a certificate, wallet card, congratulations letter and Microsoft Certification number after you have requested the certification package from Microsoft's Web site. (Don't forget to give a valid e-mail address when registering for your exam.)
• You can take any IT exam at any Thomson Prometric testing center.

One more tip while you're taking the exam: You will be able to move forward and backward through the exam question set. Very often, a later question can help you answer an earlier one for which you may not have been absolutely certain of your answer. You should, however, always choose an answer for each and every question before moving forward since you may run out of time, and any unanswered questions are scored as incorrect.

You can mark questions you are unsure of and return using the back button or by using the review screen at the end prior to scoring.

Troubleshoot and Repair Windows Vista
System Restore uses restore points to return your system files and settings to an earlier point in time, without affecting personal files. System Restore affects Windows system files, programs and registry settings. It also can make changes to scripts, batch files and other types of executable files on your computer. It does not affect personal files, such as e-mail, documents or photos, so it cannot help you restore a deleted file. If you have backups of your files, you can restore the files from a backup.

Startup Repair is a Windows recovery tool that can fix certain problems, such as missing or damaged system files which might prevent Windows from starting correctly. When you run Startup Repair, it scans your computer for the problem and then tries to fix it so your computer can start correctly. Startup Repair is located on the System Recovery Options menu, which is on the Windows installation disc. Startup Repair might prompt you to make choices as it tries to fix the problem, and if necessary, it might restart your computer as it makes repairs.

Using Software Explorer in Windows Defender, you can view detailed information about software that is currently running on your computer that can affect your privacy or the security of your computer. You can see which programs run automatically when you start Windows and information about how these programs interact with important Windows programs and services.

Software Explorer helps you monitor the following items:

• Startup programs, which are programs that run automatically with or without your knowledge when you start Windows.
• Currently running programs, which are programs that are currently running on the screen or in the background.
• Network-connected programs, which are programs or processes that can connect to the Internet or to your home or office network.

That wraps it up for this exam review. Remember that nothing beats hands-on experience when preparing for an exam. Divide your time preparing for this exam by practicing, reviewing and reading everything you can find. And don't forget to check out those links to the guides on the www.WindowsVista.com site. Good luck!

Exam 70-622 PRO: Installing, Maintaining, Supporting, and Troubleshooting Applications on the Windows Vista Client-Enterprise, is a mouthful and it's also a good test of your ability to roll out applications on this or any Windows-based network. Exam 70-622 is one of two exams that you'll need to pass (along with completion of a Microsoft Certified Technology Specialist exam, such as 70-620: Vista Configuration) in order to obtain a Microsoft Certified IT Professional: Enterprise Support Technician certification.

I took 70-622 while it was in beta (which this exam is based on). During the beta, I was given 180 minutes to complete 75 questions. The final version is 90 to 120 minutes for about 50 questions.

This exam was wide in scope and tests one's knowledge of all aspects of installing, maintaining, supporting and troubleshooting applications on Windows Vista on an enterprise network in these key areas:

• Deploying Vista
• Managing Vista security
• Managing, maintaining systems that run Vista
• Configuring, troubleshooting network connections

My first recommendation for study falls under the category of hands-on - if you're new to Vista, you need some time at the controls, and it's always time well spent!

Microsoft has several online and e-learning courses available for this exam (search here and here). If you'd rather take the self-study route, the official Microsoft Press publication is MCITP Self-Paced Training Kit (Exam 70-622): Supporting and Troubleshooting Applications on a Windows Vista Client for Enterprise Support Technicians by Tony Northrup and J.C. Mackin. For my study, I went to www.WindowsVista.com. It has links to information for consumers, developers and IT professionals like us. Click that link and you'll find yourself at the Microsoft Technet site, where you'll find all the printed study information you'll need. I highly recommend you study the following documents available there: Windows Vista Product Guide, Deploying Vista Step by Step Guide, Windows Vista Security Guide, Understanding and Configuring User Account Control in Windows Vista, Step-By-Step Guide to Controlling Device Installation and Usage with Group Policy, and finally; Windows Vista Networking.

Now I could just give you all the questions and answers to the exam, but what fun would there be in that? After all it's been five long years since Microsoft last released a new desktop operating system and I'm ready to learn all the new things, aren't you? On with the review.

The set of skills you'll need to demonstrate for this exam were noted earlier and through the remainder of this article, I will help you prepare to pass this exam by directing you to specific areas in the Windows Vista. Be sure you read and study the exam objectives available from the Microsoft Web site for a general idea of what to expect on this exam!

Deploying Windows Vista
Remember these hardware requirements: Vista requires a 800MHz but preferably a 1GHz or greater CPU; 512MB but preferably 1GB of RAM, 128MB graphics card for the Aero interface; 20GB but preferably a 40GB hard drive (15GB of free disk space is required for upgrades); and a DVD drive. Upgrades are supported from Windows 2000 and up. The greater requirements allow you to experience all that Vista has to offer.

Microsoft has also made many new tools and applications available for OS deployments such as; ImageX and Windows System Image Manager. ImageX is a disk imaging tool for capturing, modifying and applying images. Because of Vista's HAL-independent design, fewer images are needed to deploy hundreds of computers. It also allows for editing and maintaining them in the new WIM (Windows Image) format. ImageX is a command-line tool in Vista or available with Windows PE. Also available is Windows System Image Manger. Scripting, editing and modifying images are possible, plus the ability to create the new XML format answer files. Be sure and read the entire "Deploying Vista Step by Step Guide"!

Exam Tip: Sysprep is an image creating and deployment tool and is still available for Windows Vista.
70-622 Installing, Maintaining, Supporting, and Troubleshooting Applications on Windows Vista (Beta)

Reviewer's Rating
This exam is geared towards IT professionals who work in enterprise environments that use Windows Vista, who have experience with previous versions of Windows and who have experience with Windows Server OSes. You should have experience deploying Windows Vista, managing security and troubleshooting network-related issues with Vista. Microsoft also recommends at least 3 to 5 years of experience as a tier 2 or lead desktop support technician.

This exam counts as a core client exam for the MCSA and MCSE (Windows 2000/2003) and is one of two needed for the new Microsoft Certified IT Professional: Enterprise Support Technician.

• Exam Title -Installing, Maintaining, Supporting, and Troubleshooting Applications on the Windows Vista Client-Enterprise
• Duration -180 minutes (beta; this differs from the live version)
• Number of questions -78 (beta; this differs from the live version)
• Who Should Take It - Anyone wishing to prove their knowledge of installing, maintaining and supporting applications on Windows Vista in enterprise-size networks.
• Exam Objectives - http://www.microsoft.com/learning/exams/70-622.mspx

Managing Windows Vista Security
Once Windows Vista is installed, additional configuration will be necessary to achieve the most secure operating system available. Windows Update is now integrated in the Windows Update center found in Control Panel. It automatically checks for and applies all Vista updates and possible upgrades. You'll also find the Programs and Features center in Control Panel for managing installed updates and application software. IE 7 includes many new security features which prevent phishing, installation and execution of malicious software, and the ability to isolate add-ons per logged-on user.

Windows Defender, a free spyware detection and removal application from Microsoft for Windows XP, 2003, and Vista, can provide real-time monitoring for adware, keyloggers, and spyware. It can receive its updates through the Windows Update site or locally using WSUS.

The Windows Firewall in Windows Vista includes both inbound and outbound filtering to help protect computers by restricting access to key operating system resources. A single console known as the Windows Firewall with Advanced Security, integrates IPSec and firewall management. The firewall blocks most unsolicited inbound traffic until a change is made either by an administrator or by Group Policy settings. The Windows Vista firewall supports a Domain and a Standard profile. The Domain profile is active when the computer is connected to a network that contains the domain controllers in which its computer account resides. This allows you to create rules that are specific to the requirements of the company's internal network. The Windows Vista firewall also includes a Private and Public profile to provide a finer level of control to protect a computer when a user uses it outside of the company's protected network.

Exam Tip: From the available firewall profiles -- domain, public and private - only one can be active at a time.

One of the key areas and additional security you'll find in Windows Vista is User Account Control. It's enabled by default and limits even a logged-on administrator account's ability to change system configuration and settings without explicit permission, or by clicking Continue in the warning window; it prevents unauthorized changes. It can be turned off using the User Accounts center in Control Panel or with Group Policy.

If UAC is enabled and administrator credentials are needed to perform an action or run application software, the network administrator must provide the logged-on user with this information. The user can either provide them when prompted or right-click a configuration settings and select Run as. Group Policy settings Admin Approval for Built-in Administrator Account and Behavior of the elevation prompt for administrators in the Admin Approval Mode are settings you should become familiar with by reading the document, "Understanding and Configuring User Account Control in Windows Vista."

Exam Tip: Firewall exceptions configured with the Windows Firewall and Advanced Security console are very powerful and should be understood prior to the exam.

The ease and ability of users to plug in removable memory and storage devices creates significant administrative issues for networks, and they can pose threats to data security. Windows Vista includes Group Policy controls for user-level permission assignments of these types of devices. You'll find most everything you need to know in the document, "Step-By-Step Guide to Controlling Device Installation and Usage with Group Policy."

BitLocker drive encryption helps protect data on a computer. The entire Windows volume is encrypted to help prevent unauthorized users from breaking Windows file and system protections. BitLocker prevents someone who either starts another operating system on the computer or runs a software attack tool bypassing the Windows Vista file and system protection from performing offline viewing of the files stored on the protected drive. BitLocker drive encryption can lock the normal boot sequence until the user supplies a personal identification number or inserts a USB flash drive that contains the decryption keys. The maximum protection is obtained when the computer includes Trusted Platform Module 1.2 BIOS hardware support. For more information I recommend "Windows BitLocker Drive Encryption Step-by-Step Guide."

Managing and Maintaining Systems That Run Windows Vista
Windows Vista includes a new configuration, monitoring, and troubleshooting center in Control Panel: Network and Sharing Center. From here you can create connections, manage them and even see a list of shares and printers available from a computer while connected to a particular network.

The user profile used in Windows XP is identical to the one used in Windows 2000, making interoperability between these two operating systems transparent. A new design and layout prevents Windows Vista from using the older XP and Win2K profiles. Also, previous versions of Windows do not load Windows Vista user profiles. When using Windows Vista and roaming user profiles, a designator of "v2" will be added to the end of the profile folder. The "v2" is used to isolate Windows Vista roaming user profiles from roaming user profiles created by previous operating systems.

Data Collector Sets are the building blocks of performance monitoring and reporting found in the Windows Reliability and Performance Monitor console. It allows for organizing multiple data collection points into a single component that can be used to review or log performance. A Data Collector Set can be created and then recorded, grouped with other Data Collector Sets, incorporated into logs and viewed in Performance Monitor to generate alerts. To learn more about how to configure and automate them, be sure and read "Help on Reliability and Performance Monitor" from the Help menu of the console.

There are many new command-line administrative tools included with Windows Vista. Be sure and review the Command Reference list and options available, such as BCDEdit, which is the primary tool for editing the boot configuration of Windows Vista and later versions of Windows; and Wbadmin, which lets you back up and restore a computer and files from a command prompt.
Must-Know Tips Before Taking an Exam

If this is your very first IT exam or at least your first Microsoft exam, there are some things you should know:

• The price for Microsoft exams in the US is $125.
• You are allowed to take any exam as many times as needed to pass.
• You must pay the $125 for each and every attempt at the exam. (For first-time exam takers, Microsoft usually provides incentive offers; you'll find these on the Microsoft MCP Web site.)
• You will receive an onscreen pass or fail indicator at the completion of the exam.
• You will also receive a printed score report upon exiting the exam booth.
• You will receive a certificate, wallet card, congratulations letter and Microsoft Certification number after you have requested the certification package from Microsoft's Web site. (Don't forget to give a valid e-mail address when registering for your exam.)
• You can take any IT exam at any Thomson Prometric testing center.

One more tip while you're taking the exam: You will be able to move forward and backward through the exam question set. Very often, a later question can help you answer an earlier one for which you may not have been absolutely certain of your answer. You should, however, always choose an answer for each and every question before moving forward since you may run out of time, and any unanswered questions are scored as incorrect.

You can mark questions you are unsure of and return using the back button or by using the review screen at the end prior to scoring.

Configuring and Troubleshooting Networking
Windows Vista includes networking support with a new IP version 4 and 6 stack loaded. It's been entirely updated and includes all new support protocols and configuration methods. Integration of IPSec and the Windows Firewall into the networking stack provide for a more secure configuration.

Wireless network support, configuration, advanced protocols and troubleshooting have also been further improved in Vista. Vista includes a command-line script that provides a method to connect to a company's wireless network to join a domain: netsh wlan. I recommend the following document for more: "Joining a Windows Vista Wireless Client to a Domain."

Exam Tip: When networking between Windows Vista and Windows NT, SMB version 1.0 is the highest authentication level supported.

Windows Vista's Network Center provides a clear view of the current connection status, available wireless networks, and a network map to show surrounding network resources. It also includes many troubleshooting tools to identify connectivity problems and allow users to browse network resources by starting the new Network Explorer. Another must read: Enterprise Networking with Windows Vista.

Although not perfect in my opinion, Windows Vista is one of the most secure desktops released since Windows 95.

Now, Go Forth and Test
That wraps it up for this exam review; you now have a good basis for which to study and tackle any weaknesses you've identified so far. And remember that nothing beats hands-on experience when preparing for an exam. Divide your time preparing for this exam by practicing, reviewing and reading the materials I've recommended - and good luck!

Introduction
Microsoft has once again come up with a new suite of certifications. So, what are these all about and why is there a new generation of credentials?

One of the problems today is that there are an abundance of credentials in the IT world, making it increasingly difficult for managers to understand which certification best meets the needs of their department and organization.
For individuals, the question becomes: what added value does a specific certification provide, and, ultimately, how can I distinguish myself from other IT professionals?

Customers told Microsoft that they wanted a program that is focused and flexible, challenging and credible, and relevant and simple.

So, Microsoft went back to the drawing board and created the latest generation of certifications based on industry and customer feedback with the goal of making them more targeted, relevant to the latest technologies, and geared towards specific job roles. The new credentials highlight the primary technology skill set and job role of each individual and focus on core technical and professional skills.

The new certification framework gives IT managers another tool to distinguish candidates who must meet specific job criteria. The program also gives individuals the ability to highlight specialization ( i.e., Microsoft Certified Technology Specialist for SQL Server 2005[MCTS: SQL Server 2005]).

What's It All About?
Focused and Flexible
One of the positive changes to the new program is building certifications to reflect specific and well-understood job roles within organizations. The new model reflects a three-tiered system with the entry-level Technology Specialist (MCTS), the mid-level IT Professional (MCITP)/Professional Developer (MCPD), and the Architect Series (MCA) at the top. The three tiers coupled with specific technology choices (SQL, Visual Studio, etc.) to form an a la carte certification model.

This targeted certification model enables individuals to identify their various skill sets and provides for a more flexible certification path to meet specific job-related needs.

Challenging and Credible
What is the value of certification and why should I get certified? These are big questions for individuals as well as organizations. Easier tests lessen the value of the credential. One of the positive changes implemented by Microsoft was to make the testing process more rigorous and challenging. In 2005, Microsoft introduced performance-based testing using simulation technology with several of the Windows Server 2003 core exams. Microsoft is looking at using more and more of this simulation-style testing to make the exams more challenging, with the goal of mimicking real-world scenarios in the test booth. There does seem to be buy-in from Redmond for raising the bar in the testing process with the ultimate goal of increasing the value of certification for individuals and organizations.

Relevant and Simple
The new certification structure is designed to be more relevant, simple, and easy to understand. With this in mind, Microsoft reduced the number of exams expected to complete a certification. For the current tracks, the MCTS requires one to two exams. One level up from the MCTS, the MCITP and MCPD credentials require the relevant MCTS as a pre-requisite, and then passing an additional exam or two. The exception is the MCPD Enterprise Application Developer, which requires all three available Visual Studio MCTS credentials as a prerequisite.

The certifications path has been streamlined with the goals of making the credentials simpler and more relevant for both individuals and IT managers.

A Closer Look at the Certifications
Microsoft has been offering certification programs now for 14 years and has been due to revamp the program. Microsoft's new certification model consists of three series (technology, professional, and architect) and four credentials (MCST, MCITP, MCPD, and MCA). This newest generation of Microsoft certifications provides a more
targeted framework for IT managers to qualify and validate core technical, professional, and architectural skills. It also provides IT professionals with a more flexible, relevant, and simpler way to showcase their skill sets.

The Technology Series (MCST)
The Technology Series of certifications are the starting point in a three-tiered model. This series are technology focused and include job-role skills. These typically consist of one or two exams. IT professionals have the ability to target specific technologies and demonstrate in-depth knowledge and expertise in a broad range of specialized technologies. The Technology Series includes seven Certified Technology Specialist certifications including:

• Technology Specialist: .NET Framework 2.0 Web Applications
• Technology Specialist: .NET Framework 2.0 Windows Applications
• Technology Specialist: .NET Framework 2.0 Distributed Applications
• Technology Specialist: SQL Server 2005
• Technology Specialist: BizTalk Server 2006
• Technology Specialist: Microsoft Office Live Communications Server 2005
• Technology Specialist: Microsoft Windows Mobile 5.0 Applications

The Professional Series (MCITP/MCPD)
The Professional Series credentials are the next tier up from the Technology Series and reflect specific job roles within organizations. This series of credentials builds on the Technology Series and the relevant Technology Series certifications act as pre-requisites for this middle tier of certifications. There are typically one to three exams required to achieve this level of certifications. The credentials are focused on job roles and skill-sets, including design, project management, operations management, and planning. Microsoft currently offers two Professional series credentials, the Microsoft Certified IT Professional (MCITP) and the Microsoft Certified Professional Developer (MCPD).

Microsoft Certified IT Professional (MCITP)
The Microsoft Certified IT Professional certification highlights specific areas of expertise and job role. This credential demonstrate skill sets in planning, deploying, supporting, maintaining, and optimizing IT infrastructures,  and distinguishes you as an expert in database administration, database development, or business intelligence.

• IT Professional: Database Developer
• IT Professional: Database Administrator
• Professional: Business Intelligence Developer

Microsoft Certified Professional Developer (MCPD)
This certification was created for developers working with .NET Framework 2.0 applications using Microsoft Visual Studio 2005, and it provides a simpler, more targeted framework to showcase your technical skills for specific developer job roles.

The Microsoft Certified Professional Developer credentials differentiate you as an expert Windows Application Developer,Web Application Developer, or Enterprise Applications Developer. This certification highlights your ability to build rich applications with a variety of platforms using the .NET Framework 2.0. There are three MCPD certification paths, including:

• Professional Developer:Web Developer
• Professional Developer: Windows Developer
• Professional Developer: Enterprise Applications Developer

The Architect Series (MCA)
One of the more exciting developments late last year was the announcement by Microsoft of the creation of a senior-level IT Architect certification program. This credential sits atop the three tiers and was built around identifying and validating top industry experts in IT architecture. Qualifications and requirements for this credential include:

• Ten years minimum advanced IT industry experience
• Three+ years of experience as a practicing architect
• Possess strong technical and managerial skills
• Work closely with a mentor in the industry
• Appear before an Oral Board of industry peers

One of the unique elements of this credential is that it was built on feedback directly from the architect community. This type of certification program fills a gap in the industry by taking certification to a new level. Until recently, the majority of the certification programs have relied on computer-based exams to test mainly technical knowledge. This new architectural certification will require candidates to have a combination of broad range of skills, significant work history in the field, and ability to demonstrate a high level of architectural expertise in past projects. This certification takes a stark departure from traditional Microsoft certifications. It is broad-based and inclusive of non-proprietary technologies.

The program targets practicing solutions and infrastructure architects who have successfully designed, architected, and implemented solutions through the entire IT life cycle. This program has set the bar high and identifies top industry experts in IT architecture. These architects are experienced in using diverse platforms and technologies to solve business problems and provide business metrics and measurements. Candidates are required to interview and present to a review board of their peers on the success of past projects.

There are currently two vendor-neutral Microsoft Architectural certifications that validate broad architecture skills. These certifications are:

• Microsoft Certified Architect: Infrastructure
• Microsoft Certified Architect: Solutions

In addition, there is also one product-specific architectural certification, the Messaging Architect Program. This is the first product-specific architect program under the Microsoft Certified Architect umbrella. The goal for this certification is to provide the top-tier training and certification on Microsoft Exchange Server revolving around messaging to address the most complex customer requirements.

• Microsoft Certified Architect: Messaging

Top 10 Benefits of Certifications
Microsoft-certified IT professionals give individuals and organizations a competitive advantage. According to a Burlington study in 2003, companies with that place a priority on certified staff enjoy a 15% increase in projects deployed on-time and on-budget, a 17% decrease in spending on external consultants, an 18% decrease in downtime, and a 14% increase in end-user satisfaction.

From an organizational perspective, the top 10 reasons benefits to achieving and promoting certification include:

1. Gain a Competitive advantage: Individuals and employees who hold Microsoft certifications bring advanced skill-sets to provide greater levels of service and productivity internally and externally.
2. Realize benefits to investing in staff training: Organizations with successful bottom lines are shown to have invested more in training and certification for their internal technical staff. (1)
3. Increased employee satisfaction: Increased employee satisfaction and staff retention are higher when management facilitates employees' career goals, including training.
4. Improved, more successful project deployments: According to an independent study (2), organizations with Microsoft-certified staff reported significant improvements in delivering projects on-time and within budget.
5. Improved customer satisfaction: Well-trained and certified staff help increase customer satisfaction through improved service, higher productivity, and greater self-sufficiency.
6. Improved support costs: According to the Burlington study in 2003, organizations with certified staff experience less network downtime and lower dependency on unplanned support.
7. Qualified vendor qualifications: Certification can provide one more tool to assess an outside vendor's technical qualifications when outsourcing projects.
8. Another benchmark to measure staff skill-sets: Certification can help provide another benchmark to measure, hire, and promote staff employees.
9. Reward employee expertise: Certification can provide an avenue for retraining opportunities so existing employees can work more effectively with new technologies.
10. Measure ROI on your training investments: Certification provides an measurable ROI on training and certification investments by providing a standard method of determining training needs and measuring results.
    

Summary
In the 14 years since Microsoft launched their certification programs, the landscape has evolved so much that today there is strong demand for individuals in all types of specific IT professional roles. It's more complex, interdependent, and prevalent. Job roles are becoming both more diverse and more specialized. Microsoft has responded to these changes in the industry with a revamped certification program.

The transformation to an a la carte certification model that combines professional role-based and technology based credentials should allow for greater flexibility for individuals and organizations when looking at training and certification options. Hiring managers will have another tool to distinguish specific skill-sets. Individuals will have the ability to augment and distinguish their value via targeted certifications.

Building simulations into the testing process makes the exam process more difficult, but ultimately adds value the credentials.

The Architect series is one of the most exciting new developments in the program, and it builds in a great deal of real world experience, which is a departure from previous certification programs. Microsoft has been offering a variety of certifications from the early 90s on, and their program was due for an overhaul, and most of the changes to Microsoft's certification program appear to be positive.

Microsoft has a slew of certification exams lined up to accompany the release of its Windows Server 2003 operating system. Among the first of these to go to beta - and subsequently to be among the first to go live - is Managing and Maintaining a Microsoft Windows Server 2003 Environment (exam number 70-290). This exam is a nuts-and-bolts look at the operating system at a cursory level. The five main topic areas it focuses upon are:

• Managing and Maintaining Physical and Logical Devices
• Managing Users, Computers, and Groups
• Managing and Maintaining Access to Resources
• Managing and Maintaining a Server Environment
• Managing and Implementing Disaster Recovery

You can review the objectives for this exam on Microsoft's Web site. Rather than focus on each objective and sub-objective in this article, we will look at seven of the most important things to know so that you can successfully prepare for this exam.

1. Be ready for record-length questions

In the early days of Microsoft certification, exams asked multiple-choice questions that were fairly straightforward. At no point were they ever as simplistic as those on CompTIA exams, but they were comparable. As the exam numbers incremented, Microsoft started adding headers to the questions: "You are the network administrator for Acme...," etc.

Somewhere down the road, someone at Microsoft misread Bloom's taxonomy and became convinced that question length somehow parallels question difficulty. Since then, there has been no stopping them. In fact, it's easy to come to the mistaken conclusion that question writers contracted by Microsoft get paid by the word.

If you took any of the Windows 2000 exams (particularly 70-216 and 70-219), you know how verbose a simple question can be. You'll be surprised, however, at how much longer the same question has now become. The questions include a lot of superfluous information to determine whether you can figure out how much of it you really need. Although a couple of questions like this are useful, having an entire exam of them wears you out quickly, so you need to plan ahead.

2. Be ready for drag-and-drop (and other new question types)

Multiple-choice remains the primary question type, but the number of drag-and-drop questions are increasing on the exams. On the betas recently given, the number of questions of this type was at 25 percent or more.

Microsoft refers to this type of question as "select-and-place", and to quote: "A select-and-place exam item tests a candidate's ability to synthesize information and assemble a solution to a problem or scenario graphically. This type of exam item can reflect architectural, design, troubleshooting, and component recognition problems more accurately than traditional exam items can because the solution is presented in a form that is more familiar to the computer professional."

Although it's certainly arguable whether a select-and-place question is "more familiar to the computer professional" than a multiple-choice one, there is no arguing the fact that you need to be comfortable with this format. If you can't immediately jump in and start answering the question, time spent contemplating how to answer the question will devour precious minutes that could be spent finding the right answer on another question.

In addition, you'll see more interactive question types, such as Hot Area and Active Screen questions.

3. Be ready for questions on new technologies

No one likes to add nifty features to an operating system that go unnoticed, and one of the best ways to draw attention to them is to quiz you on them. The alphabetical list below covers some new and improved technologies to know. You can find information about these technologies through the use of the operating system, help pages accompanying Windows Server 2003, and Web sites such as those hosted by the support side of Microsoft.

• Automated System Recovery (ASR)
• Remote Assistance
• Remote Desktop
• Software Update Services (SUS)
• Emergency Management Services (EMS)
• File Replication Service (FRS)
• Group Policy Management Console (GPMC)
• Open File Backup
• Password Backup and Restore Wizard
• Shadow copying of shared folders
• Virtual disk services

4. Know the changes

There are several changes between operations in Windows 2000 and Windows Server 2003, some subtler than others. Microsoft expects you to know about these changes. Among those to be aware of:

• You must activate the operating system to use it.
• The default share permissions for Everyone are now Read versus Full Control.
• There are (or will be) four versions of the product available: Web edition, Standard edition, Enterprise edition, and Datacenter edition. Check Microsoft's site for a comparison of the versions.

Some Terminal Services terminology has changed. For an overview of Terminal Services, including the wording now employed, check out the Microsoft Web site. In addition, be sure to read the top ten improvements list posted on Microsoft's site.

5. Know the benefits of using Windows 2003

If this list is beginning to sound like a marketing tool, you're starting to understand an important concept: Vendors, and not just Microsoft, want their most trained users - certified administrators - to also serve as evangelists for their products. The best way to guarantee this is to make sure certification holders know all the features and can expound upon them at length.

For that reason, be sure to know Microsoft's top ten benefits of using Windows Server 2003 over any other operating system that might be deployed within the organization.

6. Have a rough idea of licensing pricing

The 70-290 exam doesn't include any questions asking you to specifically figure pricing. Actual numbers never come into play because they date the exam, they do not translate well, and they are a topic for accountants rather than administrators. Nevertheless, Microsoft does want you to know that you need licenses to use the products. If you don't know that, it loses money.

A number of links related to pricing and licensing are posted on Microsoft's site, and I recommend reading through that information to get a good feel for the concept without getting mired down in the numbers.

7. Know that IIS is improved

Internet Information Server (IIS) gets better with each release. The latest version is 6.0, and it includes numerous improvements over 5.0. Although this exam is not IIS specific, it does expect you to have knowledge of the service. You'll find everything you need to know in "What's New in Internet Information Services 6.0."

Last Few Words

A number of certification exams will soon become available for Microsoft Windows Server 2003. Exam 70-290 will be among the first. It will also be among the least difficult because it emphasizes the technology and the changes in the operating system, while others are likely to focus more on planning and deployment.

Exam 70-293, Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, is a requirement for MCSE certification, although it is not required for MCSA. Use these seven tips to pass the exam on your first try.

One of the most difficult exams in the Windows 2000 track was 70-216, which focused on network infrastructure. When Windows Server 2003 came along, Microsoft updated the material and divided the content into two new exams: 70-291 and 70-293. Exam 70-293, Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, is an important requirement for MCSE certification (it is not required for MCSA). The objectives for this exam are divided into the following six major categories:

• Planning and Implementing Server Roles and Server Security
• Planning, Implementing, and Maintaining a Network Infrastructure
• Planning, Implementing, and Maintaining Routing and Remote Access
• Planning, Implementing, and Maintaining Server Availability
• Planning and Maintaining Network Security
• Planning, Implementing, and Maintaining Security Infrastructure

We have seven tips for ensuring that you pass exam 70-293.

1. Take 70-293 second

Do not take this exam until you've taken exam 70-291 (or 70-292 if you were waived out of 70-291 due to already being an MCSA). I say this because there are significant overlaps in topics. If you look at the bottom three (of five) major topic areas on that exam, and compare them against counterparts on this exam, you'll find great similarity.

Exam 70-291 topic areas include:

• Implementing, Managing, and Maintaining Network Security
• Implementing, Managing, and Maintaining Routing and Remote Access
• Maintaining a Network Infrastructure

Exam 70-293 topic areas include:

• Planning and Maintaining Network Security
• Planning, Implementing, and Maintaining Routing and Remote Access
• Planning, Implementing, and Maintaining a Network Infrastructure

The similarity goes beyond just the wording of the major topics and permeates the objectives and sub objectives as well. Within these three areas, exam 70-293 can be thought of as a superset, in many ways, of the content appearing on both exams. It is so much easier to add to what you already had to learn for 70-291 than to start studying for this exam from scratch.

2. Skip 70-293 if you can

If you are certified as an MCSE, then you can take exam 70-296, Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Environment for an MCSE Certified on Windows 2000, and have it count as credit for this exam and a few others. Taking only 70-296 and 70-292, Managing and Maintaining a Microsoft Windows Server 2003 Environment for an MCSA Certified on Windows 2000, you can upgrade your MCSE from Windows 2000 to Windows Server 2003 in just two tests.

If you are not currently an MCSE, then you must take 70-293; there's no other way out of it. If you are already an MCSE, however, then you should avoid this exam unless you are a glutton for punishment.

3. Know about software updates

With Windows Server 2003, Microsoft has included the Software Update Service (SUS) for centralized distribution of hot fixes and security updates. This allows administrators to update clients that do not access the Internet, as well as evaluate and test updates before making them available to network clients. By using SUS, a client updates its software from a server within the internal network instead of needing to access Microsoft to accomplish this. Be sure to read Microsoft's point of view on SUS.

Lumped in with updates, at least from an exam perspective, is the topic of Microsoft's Baseline Security Anaylzer (MBSA). This tool allows you to scan a computer and identify what is missing (service packs, security fixes, etc.). One good study resource for this topic is the TechNet Q&A on this tool.

4. Know how to differentiate versions

There are four versions of Windows Server 2003 hitting the market: standard, Web, data center, and enterprise. Since Microsoft views those holding certifications as front line marketing evangelists, they expect you to know how to differentiate between the four different versions.

Be ready for questions that require you to compare and contrast between features. Start your study with this grid, and note that the rightmost column, listing features, is a set of links. If you don't feel comfortable explaining what Enterprise UDDI Services are, for example, then click on that link and learn more about it. Be sure to also read the Top 10 Benefits of Windows Server 2003.

5. Know server roles

It's vital that you understand server roles for this exam, so be sure to read Microsoft's information about server roles. Servers can perform Active Directory related (Domain controllers) or purely service-oriented (Web server, database server, etc.) roles. Within those that are Active Directory related, there are five Flexible Single Master Operations (FSMOs) roles:

• Primary Domain Controller (PDC) emulator - used for backward compatibility
• Relative ID (RID) Master - holds the pool of ID numbers to be used
• Infrastructure Master - handles updates and name changes
• Domain Naming Master - by default, the first domain controller in a forest
• Schema Master - oversees all schema operations

The primary domain controller performing one of these roles is known as the role master. Microsoft recommends the PDC emulator and RID master be kept on the same domain controller, and the Domain Naming Master be stored on a Global Catalog server. Global Catalog servers respond to queries, and increasing the number of these to include one in each large office can decrease response time.

6. Know security changes

By default, the Everyone group is now given Read permission when a file is shared. This differs from earlier versions of the Microsoft network operating systems in which Everyone was assigned Full Control permissions on all new shares.

Similar changes--or tweaks, really--have been made to some services, search ordering, etc. Begin your study of this information here, and then visit the Microsoft Technology Center on this topic.

7. Know ipconfig

The ipconfig utility has been around for a number of years, and a number of operating system versions. Its primary purpose is simply to interact with IP configuration values--either showing them to you or allowing modification of them. When Microsoft released Windows 2000, they enhanced this utility but did not spend much time dwelling on it.

When Windows Server 2003, the utility is unchanged from Windows 2000, but not it is indeed test worthy. Not only should you know the basic switches (/all, being the most common), but you also need to know those that allow direct interaction with DNS (/registerdns, for example). Begin your study at Microsoft TechNet and follow the related topic links, as well.

Our recommendation

The 70-293 exam is a requirement that must be taken for new MCSEs to become certified on Windows Server 2003. It is a very difficult exam and should be avoided by those who need not take it (MCSEs certified under Windows 2000 can take two upgrade exams and bypass this, and other, tests).

If you do take this exam, study for it earnestly and take it only after having already taken 70-291 or 70-292.

The main purpose of a group is to simplify administration by allowing permissions to be assigned to a collection of users instead of individual users. A group can contain user accounts, computer accounts, or contacts, as its members. In addition to the previous, a group can also contain other groups, which is referred to as group nesting. Which items a group can contain and where they can be used for, depends on the group type, the group scope and the domain functional level.

Group Types

Windows 2003 Active Directory supports the following two group types:

• Security Groups - Used for assigning permissions for directory objects and resources such as shared folders and printers. Security groups are also used for assigning right to users, for example by using Group Policies.
• Distribution Groups - Used for creating e-mail distribution lists (ie. for MS Exchange server). It allows a user to send e-mail to all the members by using a single address.

You can change the group type from security to distribution, or vice versa, if the domain functional level is set to Windows 2000 native or Windows 2003. Group types cannot be changed if the domain is running in Windows 2000 mixed mode.

Group Scopes

A group scope defines from which domain from which members can be added and in which domain, tree, of forest, rights and permissions can be assigned to a group. When you create a new group, it will be a security group with global scope by default. You can modify the group scope if the domain functional level is set to Windows 2000 native or Windows Server 2003. Changing a group scope in Windows 2000 mixed mode domains is not possible.

Windows 2003 Active Directory supports the following three group scopes:

• Domain Local - Used for assigning permissions within the local domain only. A domain local group can contain user accounts and global and universal groups with from any domain, and other domain local groups from the same domain. A domain local group can be changed to a universal group only if it does not have other domain local groups as its members.
• Global - Used for assigning permissions throughout the entire forest. A global group can only contain user accounts and global groups from the same domain the global group is in. If the domain is running in Windows 2000 Mixed mode, you can add only user accounts to a global group. A global group can be changed to a universal group if it is not a member of another global group.
• Universal - Used for assigning permissions throughout the entire forest. A universal group can contain user accounts, computer accounts, and global and universal groups from any domain in the forest. Security type universal groups can be created only when the domain functional level is set to Windows 2000 native or Windows Server 2003. Opposite to domain local and global groups, universal groups are replicated to every global catalog in the entire forest. A universal group can be changed to a domain local group at any time. A universal group can be changed to a global group only if it does not have other universal groups as its members.

The preferred method to use these group scopes is explained in the following example:

When you assign permissions to all the users in the Sales department, for a shared resource, i.e. Printer1, you should create a domain local group for the sales department, i.e. SalesPrinters, and assign it permissions for Printer1. Then you should group the users into a global group, i.e. Sales, and add the global group to the domain local group. A universal group is particularly useful when the group needs to contain members from multiple domains. Universal groups should be members of domain local groups, and have global groups as their members.

Local vs. Active Directory Groups

The group types and scopes outlined above are pertinent to Windows 2003 servers that are members or domain controllers in an Active Directory domain. They are stored in the Active Directory on domain controllers. However, groups also exist on a local machine level, even if ADS is not in use. You can create local groups on the local computer using the Local Users and Group MMC snap-in and the can be used for assigning permissions on that computer only.

Default Groups

Windows 2003 creates default groups in the Builtin container and the Users container. The following lists show the groups created in a Windows 2003 domain by default (this may vary per configuration and on the installed Windows components). The first list shows the groups in the Builtin container. These groups are all domain local groups and cannot be moved to another container or OU.

• Account Operators - Members of this group can administer domain user and group accounts, log on locally, and can shutdown domain controllers. Account Operators cannot modify the Administrators or Domain Admins groups and accounts.
• Administrators - Members of this group have full access to the domain or computer. By default, this group contains the Domain Admins and Enterprise Admins groups and the Administrator user account.
• Backup Operators - Members of this group can back up or restore files without being limited by file permissions. Back up Operators can also log on locally and shutdown domain systems.
• Guests - Members of this group have the same permissions and right as the Users group by default, The Guest user account is disabled by default. This Guests group contains the Domain Guests group as a member.
• Incoming Forest Trust Builders - Members of this group can create incoming, one-way trust relationships to this forest. This group appears only in the root domain of the forest.
• Network Configuration Operators - Members of this group can change the TCP/IP settings on domain controllers in the domain.
• Performance Monitor Users - Members of this group can monitor performance counters on domain controllers in the domain.
• Performance Log Users - Members of this group can manage performance counters, logs and alerts on domain controllers in the domain.
• Pre-Windows 2000 Compatible Access - Members of this group have read access to all users and groups in the domain. This group provides backward compatibility for computers running Windows version pre-Windows 2000, such as Windows NT 4. The Everyone group is a member of this group by default.
• Print Operators - Members of this group have the appropriate rights to administer printers connected to domain controllers and shared printer objects in the Active Directory. Print Operators can also log on locally and shutdown domain systems.
• Remote Desktop Users - Members in this group are granted the right to logon remotely using a terminal session.
• Replicator - A system group account used for file replication in a domain. This group has no members and you should not add them either.
• Server Operators - Members of this group can administer shared resources on domain servers, start and stop certain services, and format hard disks. Additionally, members of this group have the same rights Backup Operators have.
• Users - Members of this group have sufficient permissions and rights to run certified Windows applications, but cannot run most legacy applications. This prevents regular users from making system-wide changes.

The following default groups reside in the Users container in the Active Directory. The Users container contains domain local, global, and universal scope default groups. These groups can be moved to another OU if desired.

• Cert Publishers - Members of this group can publish digital certificates for users and computers.
• DnsAdmins - Members of this group have permissions to administer DNS.
• DnsUpdateProxy - Members of this group can act as a DNS proxy for clients. A DHCP server that handles dynamic updates for DCHP clients should be a member of this group.
• Domain Admins - Members of this group have full control of the domain. This group is a member of the Administrators group on all domain members including domain controller. The Administrator user account is a member of this group by default.
• Domain Computers - This group contains all the computer accounts of the client and servers joined to the domain.
• Domain Controllers - This group contains all domain controllers in the domain.
• Domain Guests - This group contains all domain guests.
• Domain Users - This group contains all domain users. When you create a new user account in the domain, it will automatically become a member of the Domain Users group.
• Enterprise Admins - Members of this group have full control of all domains in the forest. This group is a member of the Administrators group on all domain controllers in the forest. The Administrator user account is a member of this group by default.
• Group Policy Creator Owners - Members of this group can modify Group Policy settings in the domain. The Administrator user account is a member of this group by default.
• IIS_WPG - A system group account used by Internet Information Services (IIS) 6.0.
• RAS and IAS Servers - Servers in this group have access to the remote access properties of users. This group is used for IAS servers that perform authentication for a collection of RRAS servers.
• Schema Admins - Members of this group can modify the Active Directory schema. The Administrator user account is a member of this group by default.

The following special identities can also be considered groups as they allow you to assign permissions to a dynamic group of users:

• Everyone - Includes everyone with a user account.
• Anonymous Logon - Includes everyone without a user account.
• Network - Includes users that are currently logged on to a computer over the network. This is the opposite of the Interactive group.
• Interactive - Includes users that are currently logged on to the local computer. This is the opposite of the Network group.

Managing Groups

Groups are created by using the Active Directory Users and Computers MMC snap-in. To create a new group, right-click the domain or OU in which you want to create the user, select New, and then click Group. The New Object - Group dialog box, displayed below, will open. You will need to provide a name and you can choose the group scope and group type.

When you open the properties sheet of an existing group, you can associate a description and an e-mail address with the group and change the scope and type on the General tab. The Members tab of the group's properties allows you to add members to this group, and the Member Of tab allows you to join this group to other groups. On the Managed By tab, you can specify a person that is responsible for this group, and specify whether this person shoul