10 IT Strategies From Randy Mott


We have adopted some of these strategies for our own use at my organization. Its a great read that every IT leader should take a look at.


MCTS Self-Paced Training Kit (Exam 70-640): Configuring Windows Server® 2008 Active Directory® comments and corrections

>See here for all of the corrections

Chapter 3 for Exam 70-640


I swear I’m really not doing this to bash the book! Chapter 3 has additional errors. Anwhere that it has a capital D followed by the command, such as:

dsadd user “cn=Mike Fitzmaurice,ou=Peope,dc=contoso,dc=com” -samid mike.fitz Dpwd * -mustchpwd yes Dhmdir \\server01\users\%username%\documents -hmdrv U:

Those D’s are supposed to be – the above command from exercise 2 in chapter 3 should be:

dsadd user “cn=Mike Fitzmaurice,ou=Peope,dc=contoso,dc=com” -samid mike.fitz
pwd * -mustchpwd yes –hmdir \\server01\users\%username%\documents -hmdrv U:

Hopefully this will prove useful to anyone else out there up late studying for this certification exam!

Chapter 2 MCTS Self-Paced Training Kit for exam 70-640


Ok this one is so bizarre and  took me so long to figure it out, I decided to write a post about it.

Here’s the situation. as part of the training for the exam it has you create a people OU and place several users in that OU. Then you will place one of your users in the helpdesk users group. This is then followed by using the delegate permissions wizard to allow helpdesk user to only reset passwords in the OU. with me so far……?

The problem is that it later instructs you to add domain users to the print operators user group so that all user accounts can log on locally to the server and you may perform testing. Well guess what? Print operators is a “protected group” in active directory. This means that any member of the print operators group does not inherit permissions from its parent container. This can be verified in ADUC by turning on advanced settings and viewing the security tab for the user.


Therefore your delegation of rights will not work on these accounts. AHHHHHHH!

Ok so you remove domain users from print operators to correct the problem right?


By removing domain users from print operators you remove the users from the protected group but you must manually set the user accounts to include inheritable permissions. Then you delegation will work properly….whew!

Oh wait….there’s more. Now your test users can’t log on locally to the server anymore. To resolve this issue, edit the group policy object default domain controllers policy and allow the helpdesk users to log on locally (DON’T EVER DO THIS IN PRODUCTION) but this is a lab and by now you should understand the implications.

Ok so I figured all of this out in chapter two. If I can figure this out, do I really need to keep reading the book or am I good to go on the exam….Yikes!

I just passed the Certified Virtualization Expert Exam


After 1 week of 8:00AM to 6:00PM of training I passed the CVE Exam! I always get excited about new certifications.