Documentos de Académico
Documentos de Profesional
Documentos de Cultura
www.ituniversityonline.com
www.ituniversityonline.com
OV 1 - 1
Networking Environments
Local clients and servers
Cloud services (public, private, or both)
www.ituniversityonline.com
OV 1 - 2
www.ituniversityonline.com
OV 1 - 3
Hyper-V
Network Policy and Access Services
Print and Document Services
Remote Access
Remote Desktop Services
Volume Activation Services
Web Server (IIS)
Windows Deployment Services (WDS)
Windows Server Update Services (WSUS)
www.ituniversityonline.com
OV 1 - 4
www.ituniversityonline.com
OV 1 - 5
Command auto-completion
Enhanced storage
Features on Demand
IP Address Management (IPAM) Server
New cmdlets
Resilient File System (ReFS)
Revised Task Manager
User interface
Windows BranchCache
www.ituniversityonline.com
OV 1 - 6
Features
Applications that increase the functions the server can perform. In general, users do
not access features.
Examples: You use Windows Server Backup to back up the server, not clients. The
Wireless LAN Service enables you to connect the server to the network wirelessly.
www.ituniversityonline.com
OV 1 - 7
www.ituniversityonline.com
OV 1 - 8
www.ituniversityonline.com
OV 1 - 9
Windows PowerShell
Perform nearly all tasks that can be managed in the GUI.
Bulk administer objects.
Performance Monitor
Monitor server and network performance.
www.ituniversityonline.com
OV 1 - 10
Resource Monitor
Monitor server resources.
Task Scheduler
Create and schedule administrative tasks to run automatically.
Remote Desktop
Perform remote management.
WinRM
www.ituniversityonline.com
OV 1 - 11
www.ituniversityonline.com
OV 1 - 12
www.ituniversityonline.com
OV 1 - 13
Multi-Server Management
RDP
PowerShell
Add Roles and Features
Computer Management
NIC Teaming
Performance Counters
Shut Down
www.ituniversityonline.com
OV 1 - 14
www.ituniversityonline.com
OV 1 - 15
Servers
Events
Services
Best Practices Analyzer
Performance
Roles and Features
www.ituniversityonline.com
OV 1 - 16
Servers
Volumes
Disks
Storage Pools
Shares
iSCSI
www.ituniversityonline.com
OV 1 - 17
www.ituniversityonline.com
OV 1 - 18
Minimum Requirement
Recommended Hardware
Processor
RAM
512 MB
16 GB or more
Disk space
32 GB
128 GB or larger
DVD drive
Super VGA (800x600) or higher resolution monitor
Keyboard and mouse
Internet access
www.ituniversityonline.com
OV 1 - 19
www.ituniversityonline.com
OV 1 - 20
Installation Types
Fresh install
Upgrade
Migration
www.ituniversityonline.com
OV 1 - 21
Installation Modes
Server Core
Server with the graphical user interface (GUI)
Server with the Minimal Server Interface
www.ituniversityonline.com
OV 1 - 22
Can Upgrade To
www.ituniversityonline.com
OV 1 - 23
www.ituniversityonline.com
OV 1 - 24
www.ituniversityonline.com
OV 1 - 25
Offline Images
www.ituniversityonline.com
OV 1 - 26
www.ituniversityonline.com
OV 1 - 27
Disadvantages of the full server with the graphical interface:
Is less secure.
Uses more disk space.
Consumes more RAM.
www.ituniversityonline.com
OV 1 - 28
www.ituniversityonline.com
OV 1 - 29
Assign a static
IP address,
subnet mask,
and default
gateway
Assign at least
one DNS server
address
www.ituniversityonline.com
OV 1 - 30
www.ituniversityonline.com
OV 1 - 31
www.ituniversityonline.com
OV 1 - 32
www.ituniversityonline.com
OV 1 - 33
Reflective Questions
1. In what scenario do you think its best to install Windows Server 2012
Server Core?
2. After configuring a server, why should you consider switching it from the
GUI version of Windows Server 2012 to the Server Core version?
www.ituniversityonline.com
OV 1 - 34
www.ituniversityonline.com
OV 2- 1
Fuller.loca
l domain
Rochester
.fuller.loc
al domain
Boston.
fuller.loca
l domain
www.ituniversityonline.com
OV 2- 2
Site = Rochester
Site = Boston
Fuller.loca
l domain
OU = Headquarters
Rochester
.fuller.loc
al domain
Boston.
fuller.loca
l domain
OU = Boston
OU = Rochester
OU = Admin
OU =
Sales
OU =
Accounting
OU = Bookstore
www.ituniversityonline.com
OV 2- 3
Domain controllers
Data store
Global catalog servers
Read-only domain controllers (RODCs)
Domain
Domain tree
Forest
Site
OU
Partition
Schema
www.ituniversityonline.com
OV 2- 4
Forest
Tree or domain tree
Domain
Site
Organizational unit
www.ituniversityonline.com
OV 2- 5
Domain Controllers
Domain controllers perform these tasks:
Store a copy of the AD DS database in the NTDS.dit file.
Host a copy of the SYSVOL folder.
Authenticate users for log on purposes and also for access to resources.
Synchronize the SYSVOL folder using either File Replication Service (FRS)
or Distributed File Service (DFS) replication.
www.ituniversityonline.com
OV 2- 6
www.ituniversityonline.com
OV 2- 7
Copyright 2013 IT University Online All rights reserved.
www.ituniversityonline.com
OV 2- 8
Reflective Questions
1. What are the advantages of using Active Directory Domain Services?
2. Which types of installations do you expect to perform most often in your
working environment?
www.ituniversityonline.com
OV 2- 9
www.ituniversityonline.com
OV 3 - 1
Geographical location
Organizational chart
Functional structure
Hybrid structure
www.ituniversityonline.com
OV 3 - 2
us.fuller.local
Country Domains
eu.fuller.local
City Domains
rochester.us.fuller.loc
al
atlanta.us.fuller.local
london.eu.fuller.loca
l
paris.eu.fuller.loca
l
www.ituniversityonline.com
OV 3 - 3
marketing.fuller.loc
al
Departmental
Domains
production.fuller.loc
al
City Domains
rochester.marketing.
fuller.local
atlanta.marketing.
fuller.local
rochester.productio
n
.fuller.local
paris.production
.fuller.local
www.ituniversityonline.com
OV 3 - 4
Root Level
Domain
fuller.local
Functional Domains
sales.fuller.local
accounting.fuller.local
administrative.fuller.loc
al
publishing.fuller.loc
al
www.ituniversityonline.com
OV 3 - 5
Root Level
Domain
fuller.local
Functional Domains
sales.fuller.local
Rochester
Boston
accounting.fuller.local
Rochester
Atlanta
admin.fuller.local
Rochester
Atlanta
publishing.fuller.loc
al
Rochester
Boston
Location Domains
or Organizational
Units
www.ituniversityonline.com
OV 3 - 6
www.ituniversityonline.com
OV 3 - 7
Add-ADGroupMember
Disable-ADAccount
Get-ADDomain
Move-ADObject
New-ADGroup, New-ADOrganizationalUnit, New-ADUser
Remove-ADGroup, Remove-ADGroupMember, Remove-ADUser
Command-Line Utilities
Dsadd, Dsget, Dsmod
Dsmove, Dsquery, Dsrm
www.ituniversityonline.com
OV 3 - 8
www.ituniversityonline.com
OV 3 - 9
User Profiles
User profiles contain the information necessary to establish the users
desktop environment:
The Profile Path
Location where desktop settings are stored.
Also referred to as a roaming profile.
Logon Scripts
Batch files that map drive letters to network resources.
www.ituniversityonline.com
OV 3 - 10
Builtin
Computers
Domain Controllers
ForeignSecurityPrincipals
Managed Service Accounts
Users
www.ituniversityonline.com
OV 3 - 11
Create the user account with an underscore at the beginning of the name.
Leave the account disabled.
Never let anyone use the template to log on.
Dont configure template with information that is user-specific.
www.ituniversityonline.com
OV 3 - 12
www.ituniversityonline.com
OV 3 - 13
Location Configuration
www.ituniversityonline.com
OV 3 - 14
Permissions Management
By default, the following have permissions to create computer objects:
Enterprise Admins
Domain Admins
Administrators
Account Operators
www.ituniversityonline.com
OV 3 - 15
Secure Channels
Like users, computers log on to the domain.
Ordinarily there is no need to manually reset a computer account.
If for some reason the computer cannot access its own account, you may
have to perform a secure channel reset.
You can reset a computer account using the following tools:
www.ituniversityonline.com
OV 3 - 16
Types of Groups
Security
Distribution
www.ituniversityonline.com
OV 3 - 17
Group Scopes
Local
Domain Local
Global
Universal
www.ituniversityonline.com
OV 3 - 18
Schema Admins
Enterprise Admins
Domain Admins
Administrators
Server Operators
Account Operators
Backup Operators
Print Operators
www.ituniversityonline.com
OV 3 - 19
www.ituniversityonline.com
OV 3 - 20
Reflective Questions
1. Do you foresee using user account templates in your organization?
Why or why not?
2. Do you think you will delegate control to OUs in your organization?
Why or why not?
www.ituniversityonline.com
OV 3 - 21
www.ituniversityonline.com
OV 4 - 1
www.ituniversityonline.com
OV 4 - 2
Simplified syntax
Updated help
Enhanced module discovery
Session recovery
The show command
Web access
Delegated administration
Safety
www.ituniversityonline.com
OV 4 - 3
www.ituniversityonline.com
OV 4 - 4
Update Help
Download the latest help file.
If Update Help cannot contact the Microsoft site, you can cancel and
continue.
www.ituniversityonline.com
OV 4 - 5
Get-Help Service
www.ituniversityonline.com
OV 4 - 6
Add
Backup
Clear
Close
Disable
Enable
Install
Get
New
Set
Show
Stop
Suspend
Uninstall
Rename
www.ituniversityonline.com
OV 4 - 7
Get-EventLog
Show-EventLog
Clear-EventLog
Limit-EventLog
www.ituniversityonline.com
OV 4 - 8
www.ituniversityonline.com
OV 4 - 9
Service Cmdlets
Start-Service
Get-Service
Stop-Service
Suspend-Service
Resume-Service
Set-Service
Restart-Service
www.ituniversityonline.com
OV 4 - 10
Process Cmdlets
Start-Process
Get-Process
Stop-Process
Wait-Process
Debug-Process
www.ituniversityonline.com
OV 4 - 11
www.ituniversityonline.com
OV 4 - 12
www.ituniversityonline.com
OV 4 - 13
www.ituniversityonline.com
OV 4 - 14
PowerShell ISE
www.ituniversityonline.com
OV 4 - 15
www.ituniversityonline.com
OV 4 - 16
Execution Policies
Restricted Scripts will not execute.
RemoteSigned Locally created scripts will run; downloaded scripts
must be digitally signed.
AllSigned Scripts signed by a trusted publisher will run.
Unrestricted Any script, signed or unsigned, will run.
Set-ExecutionPolicy Unrestricted
www.ituniversityonline.com
OV 4 - 17
Get-AdUser
New-ADUser
Set-ADUser
Enable-ADAccount
DisableADAccount
Remove-ADUser
Unlock-ADAccount
Set-ADAccountPassword
Set-ADAccountExpiration
www.ituniversityonline.com
OV 4 - 18
AccountExpirationDate<DateTime>
AccountPassword<securestring>
CannotChangePassword<Boolean>
ChangePasswordatlogon<Boolean>
Department<String>
DisplayName<String>
HomeDirectory<String>
ProfilePath
EmailAddress
www.ituniversityonline.com
OV 4 - 19
www.ituniversityonline.com
OV 4 - 20
www.ituniversityonline.com
OV 4 - 21
www.ituniversityonline.com
OV 4 - 22
www.ituniversityonline.com
OV 4 - 23
Description
Get-ADGroup
New-ADGroup
Set-ADGroup
Remove-ADGroup
Deletes groups
www.ituniversityonline.com
OV 4 - 24
Parameter
Description
Name
GroupScope
Defines the group scope as domain local, global, or universal. You must
include this parameter.
DisplayName
ManagedBy
Path
SamAccountName
www.ituniversityonline.com
OV 4 - 25
www.ituniversityonline.com
OV 4 - 26
www.ituniversityonline.com
OV 4 - 27
Add-ADGroupMember
Get-ADGroupMember
Remove-ADGroupMember
Add-ADPrincipalGroupMembership
Get-ADPrincipalGroupMembership
Remove-ADPrincipalGroupMembership
Examples:
Get-Adgroupmember -Identity administrators
Get-Adgroupmember -Identity Enterprise Admins recursive
Add-ADGroupMember BusinessAnalysts -Members "TracyWhite"
www.ituniversityonline.com
OV 4 - 28
Get-ADComputer
New-ADComputer
Set-ADComputer
Test-ComputerSecureChannel
Reset-ComputerMachinePassword
Remove-ADComputer
Parameters
Name
Path
Enabled
www.ituniversityonline.com
OV 4 - 29
OU Management
Cmdlets
Get-ADOrganizationalUnit
New-ADOrganizationalUnit
Set-ADOrganizationalUnit
Remove-ADOrganizationalUnit
Parameters
Name
Path
ProtectedFromAccidentalDeletion
www.ituniversityonline.com
OV 4 - 30
Viewing OU Information
Get-ADOrganizationalUnit
www.ituniversityonline.com
OV 4 - 31
Creating an OU
New-ADOrganizationalUnit -Name Philanthropy -Path
"ou=Marketing,dc=Fuller,dc=Local"
www.ituniversityonline.com
OV 4 - 32
Modifying OU Properties
Set-ADorganizationalunit -Identity "OU=Marketing,
DC=Fuller,DC=Local" -Country "US" StreetAddress
"2111 Main Street" -City Seattle -State WA -PostalCode 30022
www.ituniversityonline.com
OV 4 - 33
CSVDE
Export basic syntax:
Csvde f <filename>
www.ituniversityonline.com
OV 4 - 34
CSV File
Can be .csv or .txt
First line contains attribute names
www.ituniversityonline.com
OV 4 - 35
LDIFDE
Syntax like CSVDE
Can be used to modify objects in place:
Use Changetype line
www.ituniversityonline.com
OV 4 - 36
DS Commands
DSadd
DSget
DSquery
DSmod
DSrm
DSMove
Examples:
DSadd user CN=Sally Green,OU=Sales,DC=fuller,DC=local
DSmod user CN=Sally Green,OU=Sales,DC=fuller,DC=local dept Marketing
www.ituniversityonline.com
OV 4 - 37
Bulk Operations
Three primary ways to perform bulk operations:
Graphical tools
Command-line tools
Scripts
www.ituniversityonline.com
OV 4 - 38
Querying Objects
www.ituniversityonline.com
OV 4 - 39
Global Search
www.ituniversityonline.com
OV 4 - 40
Object Configuration
Pipe output of Get command to input of Set command
Get-ADUser | Set-ADUser
Example:
Get-ADUser Filter lastlogondate lt September 1, 2012 | Disable-ADAccount
www.ituniversityonline.com
OV 4 - 41
Reflective Questions
1. In what ways do you think PowerShell can help you to perform daily
administrative tasks in your environment?
2. Do you foresee a need to use bulk operations to manage user accounts in
your environment? Why or why not?
www.ituniversityonline.com
OV 4 - 42
Configuring IPv4
www.ituniversityonline.com
OV 5 - 1
www.ituniversityonline.com
OV 5 - 2
www.ituniversityonline.com
OV 5 - 3
IPv4 Packet
www.ituniversityonline.com
OV 5 - 4
TCP/IP Applications
Protocol
Description
HTTP
HTTPS
HTTP Secure. Uses encryption for communication between web browsers and
web servers.
POP3
SMTP
FTP
File Transfer Protocol. Transfers files between FTP servers and clients.
SMB
Server Message Block. Used for file and print sharing between servers and
clients.
DNS
RDP
DHCP
www.ituniversityonline.com
OV 5 - 5
TCP/IP Sockets
A Windows TCP/IP socket consists of three components:
The transport protocol used by the application, either TCP or UDP
The TCP or UDP port number used by the application
The IP address (IPv4 or IPv6) of the source and destination host connection
Transport
TCP
TCP
TCP
TCP
TCP
TCP
UDP
TCP
www.ituniversityonline.com
OV 5 - 6
IPv4 Addresses
Allow for network layer data routing of IP datagrams from one IP device
connection (source) to another (destination).
Each networked device must be configured with a unique IP address.
To make IPv4 addresses easier for humans to manage, IPv4
addressformatting expresses binary bit values as dotted decimal
notation.
Each octet converts to a decimal number between 0 and 255.
www.ituniversityonline.com
OV 5 - 7
Subnet Masks
Identifies which part of the IPv4 address is the network ID and which part is
the host ID.
In its simplest implementation, the default subnet mask is either 255 or 0.
Octets with a value of 255 identify the network ID part of the address, and a
value of 0 identifies the host part of the address.
For the IP address 192.168.1.100 and the subnet mask 255.255.255.0, the
network ID is 192.168.1.0 and the host connection ID is 0.0.0.100.
www.ituniversityonline.com
OV 5 - 8
Default Gateway
Usually a router, provides a default route used by TCP/IP hosts to
forward packets to hosts on remote networks.
On a local subnet, you configure the local hosts with the IP address of the
router, which is the default gateway, to enable local hosts to
communicate with hosts on another network.
Configure the default gateway:
In the GUI in the properties of the network adapter
Command line
netsh interface ipv4 set address
PowerShell
For new IP address: new-netipaddress
Changing an IP address: set-netipaddress
www.ituniversityonline.com
OV 5 - 9
Private IP address:
Reserved by IANA
Can be used internally by businesses and individuals
Does not route to the Internet
Must be NATed to allow businesses or users to connect to the Internet
Copyright 2013 IT University Online All rights reserved.
www.ituniversityonline.com
OV 5 - 10
www.ituniversityonline.com
OV 5 - 11
Subnetting
Provides a means to divide your network into smaller, discrete networks
that better serve theneeds of your organization.
Enables you to divide the 32 bits of an IPv4 address to createthe number
of subnets you need as well as the number of host addresses you need
for that subnet.
www.ituniversityonline.com
OV 5 - 12
Benefits of Subnetting
Segment a large network to increase administrative efficiency.
Reduce network congestion by limiting host broadcasts to smaller
network segments.
Increase security by isolating some hosts to a specific segment or
limiting internetwork communication using firewall access controls.
Enable proactive capacity planning based on projected growth of an
organization.
www.ituniversityonline.com
OV 5 - 13
Number of
Bits (n)
Number of Subnets
(2n)
16
32
64
128
www.ituniversityonline.com
OV 5 - 14
172.16.00000000.00000000
172.16.0.0
172.16.00100000.00000000
172.16.01000000.00000000
172.16.01100000.00000000
172.16.10000000.00000000
172.16.32.0
172.16.10100000.00000000
172.16.160.0
172.16.11000000.00000000
172.16.192.0
172.16.11100000.00000000
172.16.224.0
172.16.64.0
172.16.96.0
172.16.128.0
www.ituniversityonline.com
OV 5 - 15
Number of Hosts
(2n-2)
14
30
62
126
254
www.ituniversityonline.com
OV 5 - 16
Network
172.16.0.0/19
172.16.0.1-172.16.31.254
172.16.32.0/19
172.16.31.1-172.16.63.254
172.16.64.0/19
172.16.64.1 - 172.16.64.254
172.16.96.0/19
172.16.96.1 - 172.16.96.254
172.16.128.0/19
172.16.128.1 - 172.16.128.254
172.16.160.0/19
172.16.160.1 - 172.16.160.254
172.16.192.0/19
172.16.192.1 - 172.16.223.254
172.16.224.0/19
172.16.224.1 -172.16.255.254
www.ituniversityonline.com
OV 5 - 17
Supernetting
Supernetting performs the opposite operation of subnetting.
Combine multiple small contiguous networks into a single large network.
Supernetting, also known as classless interdomain routing (CIDR), allows
you to create a logical network for the number of hosts you require.
www.ituniversityonline.com
OV 5 - 18
Supernetting (Cont.)
Combine the following networks:
Network
Network Range
192.168.14.0
192.168.14.1 - 192.168.14.255
192.168.15.0
192.168.15.0 - 192.168.15.255
192.168.16.0
192.168.16.0 - 192.168.16.255
192.168.17.0
192.168.17.0 - 192.168.17.254
Here is the resulting supernet:
Network
Supernet Mask
Network Range
192.168.14.0/21
255.255.252.0
192.168.14.1 - 192.168.17.254
www.ituniversityonline.com
OV 5 - 19
www.ituniversityonline.com
OV 5 - 20
www.ituniversityonline.com
OV 5 - 21
IPconfig
Ping
Tracert
Pathping
Route
Telnet
Netstat
Resource Monitor
Network Diagnostics
Event Viewer
www.ituniversityonline.com
OV 5 - 22
www.ituniversityonline.com
OV 5 - 23
www.ituniversityonline.com
OV 5 - 24
Reflective Questions
1. What benefits do you see in using private IP addresses for your
corporate network?
2. Do you expect to use subnetting or supernetting at your workplace?
www.ituniversityonline.com
OV 5 - 25
Configuring IPv6
Overview of IPv6
Implement IPv6 Addressing
Implement IPv6 and IPv4
Transition from IPv4 to IPv6
www.ituniversityonline.com
OV 6 - 1
IPv6 Overview
Solves the problem of shrinking IP address pools
Solves many administrative inefficiencies cause by manual configuration
www.ituniversityonline.com
OV 6 - 2
IPv6 Benefits
www.ituniversityonline.com
OV 6 - 3
IPv6
Addresses
32 bit
128 bit
IPSec support
Optional
Required
QoS
Checksum
Included
Not included
Packet
fragmentation
IGMP
Router discovery
Optional
Broadcasting
ARP
Configuration
Manual or DHCP
Auto-configuration
Resource records
Host (A)
www.ituniversityonline.com
OV 6 - 4
www.ituniversityonline.com
OV 6 - 5
www.ituniversityonline.com
OV 6 - 6
Decimal
Hexadecimal
0001
0010
0011
0100
0101
0110
0111
1000
1001
1010
10
1011
11
1100
12
1101
13
1110
14
1111
15
www.ituniversityonline.com
OV 6 - 7
Zero Compression
Allows reduction of notation
Adjacent zeros are compressed
One or more blocks of zeros can be written as ::
Only one set of :: in an address
Single block of zeros can also be written as 0
Example:
2001:0DB8:0000:0000:02AA:00FF:FE28:9C5A
After dropping lead 0s and using zero compression:
2001:DB8::2AA:FF:FE28:9C5A
www.ituniversityonline.com
OV 6 - 8
IPv6 Prefixes
Network part of address
Can be aggregated for route summarization
Category
Reserved
0000 0000
2 or 3
001
FE8
FD
1111 1100
Multicast addresses
FF
1111 1111
www.ituniversityonline.com
OV 6 - 9
Unicast Addresses
Global unicast address
Public, routable, from an ISP
www.ituniversityonline.com
OV 6 - 10
Zone ID
Relative to sending host
Identifies the interface that is transmitting
Syntax is address%zone_ID
www.ituniversityonline.com
OV 6 - 11
Stateful
Obtained from DHCPv6
www.ituniversityonline.com
OV 6 - 12
Node Types
IPv4 only
IPv6 only
IPv6/IPv4 Uses both IPv4 and IPv6
IPv4 Uses IPv4; can be configured for IPv6
IPv6 Uses IPv6; can be configured for IPv4
www.ituniversityonline.com
OV 6 - 13
www.ituniversityonline.com
OV 6 - 14
Dual-Layer Architecture
www.ituniversityonline.com
OV 6 - 15
DNS Requirements
www.ituniversityonline.com
OV 6 - 16
Tunneling
ISATAP
The 6to4 protocol
Teredo
www.ituniversityonline.com
OV 6 - 17
ISATAP
www.ituniversityonline.com
OV 6 - 18
www.ituniversityonline.com
OV 6 - 19
Teredo
www.ituniversityonline.com
OV 6 - 20
PortProxy
Transition mechanism
Application gateway
Proxies TCP traffic between IPv4 and IPv6 nodes
Connection can be forwarded using the same or another protocol to the
specified port number
Allows you to run IPv4 only services (like terminal services) over IPv6
The following nodes can access each other:
An
An
An
An
www.ituniversityonline.com
OV 6 - 21
Migration Considerations
Application support
Current routing infrastructure
DNS infrastructure needs
Supporting nodes
Preparation and baselines
Monitoring steps
www.ituniversityonline.com
OV 6 - 22
Reflective Questions
1. Which benefits of IPv6 would be most important to your network? Which
ones are not important to your network?
2. Would you run IPv4 and IPv6 concurrently? If so, which technology seems
like a good choice for your network?
www.ituniversityonline.com
OV 6 - 23
OV 7 - 1
OV 7 - 2
OV 7 - 3
OV 7 - 4
OV 7 - 5
A server that is configured with Windows Server 2012 and hosts a DHCP
server, but that is not joined to the Active Directory domain can still be
authorized.
The DHCP server on the standalone machine queries the Active Directory root
domain for the list of authorized servers, and if it is authorized, it starts the DHCP
service.
OV 7 - 6
DHCP Scopes
IPv4 scope properties:
IPv6 scope properties:
OV 7 - 7
DHCP Reservations
Predefines relationship between an IP address lease and the device s MAC
address
Ensures the device will always receive the same IP address from DHCP
OV 7 - 8
DHCP Options
Server level options apply to all scopes defined on a DHCP server.
Scope level options apply to all clients that receive a lease from a specific
scope.
Class level options apply only to those clients identified as a specific user
or vendor class.
Reservation level options apply to one reserved DHCP client.
Option Code
1
Name
Subnet Mask
Router
DNS Server
15
DNS Name
31
Router Discovery
33
Static Route
44
WINS Server
46
47
NetBIOS Scope ID
OV 7 - 9
OV 7 - 10
OV 7 - 11
OV 7 - 12
OV 7 - 13
OV 7 - 14
OV 7 - 15
OV 7 - 16
OV 7 - 17
Description
ID
Date
Time
Description
IP Address
Host Name
MAC Address
OV 7 - 18
Event ID
Description
00
01
02
10
11
12
13
14
15
20
OV 7 - 19
OV 7 - 20
What s Important
IP Address Configuration
OV 7 - 21
Unauthorized Servers
An unauthorized server is considered to be a rogue server that must be
located on the network and either be disconnected from the network or
have the DHCP service disabled.
Ensure the DHCP server is authorized and check its IP address against the
list of valid IP addresses.
If the IP address used by server is not on the list, decommission the
server on the network.
OV 7 - 22
OV 7 - 23
Reflective Questions
1.
In your environment, do you envision needing more than one DHCP
scope?
2. In your environment, do you envision yourself using DHCP as a NAP
enforcement point? Why or why not?
OV 7 - 24
www.ituniversityonline.com
OV 8 - 1
www.ituniversityonline.com
OV 8 - 2
Computer Names
The term "computer names" is a catchall used to talk about the name you
assign to a computer.
A NetBIOS name is a 16-character (byte) name that identifies NetBIOS
resources on the network:
The first 15 characters of the name identify the computer name, such as
wkstnsales1.
The sixteenth character identifies the resourcesuch as an applicationthat is
written to work with NetBIOS.
NetBIOS names form a flat namespace in which every name must be different.
The host name is the first label of a fully qualified domain name (FQDN),
which is a DNS name that uniquely identifies a computer in the DNS
namespace
A valid FQDN must adhere to specific rules:
Use
Use
Use
Use
Use
up to 255 characters.
any combination of letters A-Z, a-z.
any numbers from 0 to 9.
hyphens (-) and periods.
dots (.) to identify domain levels in an FQDN.
www.ituniversityonline.com
OV 8 - 3
What Is DNS?
DNS is a hierarchical distributed naming system for computers, services,
or any resources connected to the Internet or a private network. DNS
forms a logical tree structure hosted by and distributed across physical
servers.
DNS translates domain names to IP addresses.
www.ituniversityonline.com
OV 8 - 4
Name
Description
Root level
The top of the namespace hierarchy, represented on the Internet by a dot (.).
Top level
Represents a type of domain name. The Internet uses .com, .gov, .edu, .org, .biz, as
well as extensions for other organizational entities and countries.
Second level
Subdomain
Host
Represents a leaf in the DNS name tree and refers to a specific computer on an
organization's network.
www.ituniversityonline.com
OV 8 - 5
DNS Zones
A DNS zone is a specific, contiguous portion of the DNS namespace. A
DNS database can be partitioned into multiple zones.
The zone on a DNS server contains resource records, which contain
information about all of the network host names that end with the zone's
root domain name.
A DNS zone is responsible for responding to queries for resource records
in a specific domain.
www.ituniversityonline.com
OV 8 - 6
www.ituniversityonline.com
OV 8 - 7
www.ituniversityonline.com
OV 8 - 8
www.ituniversityonline.com
OV 8 - 9
www.ituniversityonline.com
OV 8 - 10
Resource Record
Type
Description
Start of Authority
(SOA)
Indicates the DNS server that either created the record or that currently is the
authoritative server for the zone.
Host (A)
Contains the name of the host and its IP address. Used to resolve a host name
to an IP address. The most common resource record found in a forward lookup
zone.
Identifies the name servers listed in the DNS database for a specific zone.
Service (SRV)
Specifies the resources available for Simple Mail Transport Protocol (SMTP).
Allows for mail exchange.
Pointer (PTR)
Canonical (CNAME)
Specifies an alias name. These records allow you to use more than one name
to point to a single host.
AAAA
www.ituniversityonline.com
OV 8 - 11
www.ituniversityonline.com
OV 8 - 12
DNS Components
DNS server
A server service that resolves names to IP addresses.
It responds to resolver queries, providing the record if it has it, or fetching the record
from other DNS servers if it does not.
DNS resolver
A DNS client that needs to resolve a name to an IP address, and so queries a DNS
server for the information.
A DNS server can also be a resolver, querying other DNS servers on behalf of the
client.
www.ituniversityonline.com
OV 8 - 13
Primary zone
Secondary zone
Stub zone
Active Directoryintegrated zone
www.ituniversityonline.com
OV 8 - 14
Primary Zones
A primary zone on a DNS server contains a writeable (master) copy of
all zone data.
www.ituniversityonline.com
OV 8 - 15
Secondary Zone
A secondary zone is a read-only copy of the DNS zone.
It replicates on a regular interval with either the primary or another
secondary DNS server.
www.ituniversityonline.com
OV 8 - 16
Stub Zone
A stub zone is a tiny, non-authoritative representation of a zone.
It contains records of authoritative nameservers, and refers clients to
those nameservers.
The stub zone replicates with the authoritative zone, receiving updates
the nameserver records, but no host records.
www.ituniversityonline.com
OV 8 - 17
www.ituniversityonline.com
OV 8 - 18
Dynamic Updates
DNS clients can register and update their resource records with a DNS
server whenever changes occur.
The Dynamic Host Configuration Protocol (DHCP) client service performs
registration updates for clients with a leased IP address from a DHCP
server and for clients with static IP configurations.
Clients register when certain events occur:
When a client's IP address is added, configured, or changed.
When the client starts and the DHCP client service starts.
www.ituniversityonline.com
OV 8 - 19
DNS Queries
DNS queries are lookup requests for specified DNS resource records
An authoritative response means that the DNS server returns an answer it
knows to be correct because the DNS server has a copy of the zone
A non-authoritative response means that the DNS server must query
other DNS servers and cache the response
DNS servers use forwarders, conditional forwarders and root hints to find
records that they do not already have
Recursive queries usually are performed by resolvers that need a name
resolved fully in the response.
Iterative queries require the DNS server either to return the best answer
available based on its zone and cache information or to respond with a
referral, which is a pointer to a DNS server that may have the correct data.
www.ituniversityonline.com
OV 8 - 20
Root Hints
Root hints is a file that contains the names and IP addresses of the DNS
root servers.
If you choose to simulate the Internet in a lab, you should designate one
DNS server to be the root, and then on all the other DNS servers remove
all the root hints and add your own.
On the designated root, create only a single standard primary zone with
the name "."
Any DNS server configured to be a root will automatically have its Root
Hints tab disabled.
The safest way to modify the original root hints file, cache.dns, is in the
DNS server Properties on the Root Hints tab.
www.ituniversityonline.com
OV 8 - 21
DNS Forwarding
If a resolver sends a query that a DNS server cannot resolve locally, the
DNS server can send the query to a DNS server configured as a forwarder.
A DNS server configured to use a conditional forwarder forwards DNS
queries according to the query's DNS domain name.
www.ituniversityonline.com
OV 8 - 22
DNS Caching
When a DNS server resolves a DNS name query successfully, it caches the
name and IP information for future use.
www.ituniversityonline.com
OV 8 - 23
www.ituniversityonline.com
OV 8 - 24
Reflective Questions
1. In your environment, do you foresee the need to use stub zones? Why or
why not?
2. In your environment, will you configure your DNS server to use a
forwarder? Why or why not?
www.ituniversityonline.com
OV 8 - 25
www.ituniversityonline.com
OV 9 - 1
Disk Types
IDE
EIDE
SATA
SCSI
SAS
SSD
www.ituniversityonline.com
OV 9 - 2
www.ituniversityonline.com
OV 9 - 3
RAID Types
RAID
RAID
RAID
RAID
RAID
RAID
RAID
0: Striping
1: Mirroring
3 and 4: Striping with dedicated parity
5: Striping with distributed parity
6: Striping with dual parity
0+1: Striping and mirroring disk sets
1+0 (or RAID 10): Mirroring and striping
www.ituniversityonline.com
OV 9 - 4
www.ituniversityonline.com
OV 9 - 5
Dynamic disks can host volumes that span or are striped across multiple
disks:
Simple volume
Spanned volume
Striped volume (RAID 0)
Mirrored volume (RAID 1)
Striped volume with parity (RAID 5)
www.ituniversityonline.com
OV 9 - 6
www.ituniversityonline.com
OV 9 - 7
Partition Types
Primary
Extended
Active
Logical
www.ituniversityonline.com
OV 9 - 8
File Systems
FAT
FAT32
NTFS
ReFS
www.ituniversityonline.com
OV 9 - 9
What Is ReFS?
Resilient File System
New for Windows Server 2012
Advantages include:
www.ituniversityonline.com
OV 9 - 10
Mount Points
A physical location in the directory structure on which you graftor
mountthe root directory of another volume.
A mount point is an empty folder that is used as a link to another volume.
It has its own file system, permissions, and quotas.
Mount points are useful when:
You re running out of disk space and you would like to add space without modifying
the folder structure or the disk structure, so you configure a folder to point to
another hard disk.
You are running out of available letters to assign partitions or volumes, so instead
you use a directory name.
You need to separate disk I/O within a folder structure. Perhaps you have an
application that needs to be within a particular directory structure but requires an
intensive amount of disk I/O.
www.ituniversityonline.com
OV 9 - 11
Links
www.ituniversityonline.com
OV 9 - 12
www.ituniversityonline.com
OV 9 - 13
www.ituniversityonline.com
OV 9 - 14
Storage Spaces
www.ituniversityonline.com
OV 9 - 15
NTFS Permissions
For files:
Read
Write
Read & execute
Modify
Full control
Special permissions
For folders:
Read
Write
Read & execute
Modify
Full control
List folder content
Special permissions
www.ituniversityonline.com
OV 9 - 16
Permissions Inheritance
www.ituniversityonline.com
OV 9 - 17
Effective Permissions
Permissions are cumulative:
Adds all permissions from all of a
user s group memberships
www.ituniversityonline.com
OV 9 - 18
Shared Folders
Allows users and groups to have access to a folder and its contents, or to
an entire drive.
SMB or NFS.
Share a folder or an entire drive.
Has an access control list.
Share permissions are generally broader and more permissive.
NTFS permissions refine and narrow the share permissions.
www.ituniversityonline.com
OV 9 - 19
Access-Based Enumeration
www.ituniversityonline.com
OV 9 - 20
www.ituniversityonline.com
OV 9 - 21
Offline Files
Enables users to access network files even when a network connection is
not available, or is slow or inconsistent
Creates a local copy of the network file
Offline Mode is activated when:
www.ituniversityonline.com
OV 9 - 22
Shadow Copies
Provides a copy of a shared folder or file at a specific point in time
Can have multiple shadow copies of the same folder or file
Enables users to:
Recover accidentally deleted files.
Recover accidentally overwritten files.
Compare versions of a file to view the changes that have been made.
www.ituniversityonline.com
OV 9 - 23
Easy Print
www.ituniversityonline.com
OV 9 - 24
Network Printing
Local print device physically attached to a computer
Network print device set up for remote access over the network
www.ituniversityonline.com
OV 9 - 25
Printer Pooling
www.ituniversityonline.com
OV 9 - 26
www.ituniversityonline.com
OV 9 - 27
Reflective Questions
1. Do you expect to use shadow copies in your work environment?
Why or why not?
2. How will Windows Server 2012 printing options help your network?
What is more useful to you: Branch Office Direct Printing or printer
pooling?
www.ituniversityonline.com
OV 9 - 28
www.ituniversityonline.com
OV 10 - 1
www.ituniversityonline.com
OV 10 - 2
www.ituniversityonline.com
OV 10 - 3
www.ituniversityonline.com
OV 10 - 4
www.ituniversityonline.com
OV 10 - 5
www.ituniversityonline.com
OV 10 - 6
www.ituniversityonline.com
OV 10 - 7
GPO Scope
www.ituniversityonline.com
OV 10 - 8
www.ituniversityonline.com
OV 10 - 9
www.ituniversityonline.com
OV 10 - 10
www.ituniversityonline.com
OV 10 - 11
GPO Linking
A GPO must be linked to an Active Directory container to take effect.
You can use the GPMC or PowerShell to link GPOs.
Child containers and objects inherit Group Policy settings from the parent
container.
www.ituniversityonline.com
OV 10 - 12
www.ituniversityonline.com
OV 10 - 13
www.ituniversityonline.com
OV 10 - 14
www.ituniversityonline.com
OV 10 - 15
Starter GPOs
www.ituniversityonline.com
OV 10 - 16
GPO Delegation
www.ituniversityonline.com
OV 10 - 17
GPO Processing
GPO settings are applied to a computer at startup.
GPO settings are applied to a user at logon.
Most GPO settings are refreshed in the background:
Every 90 minutes on clients
Every 5 minutes on domain controllers
Policies are applied in order:
Local Policy
Site
Domain
OU
Child OU
Conflicting settings are overwritten as policies are processed.
www.ituniversityonline.com
OV 10 - 18
www.ituniversityonline.com
OV 10 - 19
www.ituniversityonline.com
OV 10 - 20
www.ituniversityonline.com
OV 10 - 21
www.ituniversityonline.com
OV 10 - 22
www.ituniversityonline.com
OV 10 - 23
Administrative Templates
Composed of ADMX and ADML files.
Contain the registry settings to be modified by Group Policy.
Each new version of a Microsoft operating system introduced its own
administrative templates.
www.ituniversityonline.com
OV 10 - 24
www.ituniversityonline.com
OV 10 - 25
Reflective Questions
1.
How do you think using GPOs for firewall settings would
improve security in your network?
2.
Will creating and filtering GPOs to refine who they are applied
to help you as a network administrator? Why?
www.ituniversityonline.com
OV 10 - 26
Analyze Security
Configure Windows Server User Security
Configure Windows Server Software Security
Configure Windows Firewall
www.ituniversityonline.com
OV 11 - 1
Security Risks
Confidentiality an unauthorized person might access data.
Integrity unauthorized changes might be made to the data.
Availability data might not be available when needed.
www.ituniversityonline.com
OV 11 - 2
Security Measures
Individual firewalls
Access control lists
Backup and restore procedures in place
Physical security
Training
www.ituniversityonline.com
OV 11 - 3
Best Practices
www.ituniversityonline.com
OV 11 - 4
User Rights
Determine the actions a user can perform within the operating system.
Use secpol.msc to set user rights locally.
Use Group Policy to set user rights in a domain.
Common user rights:
www.ituniversityonline.com
OV 11 - 5
Security Tools
secpol.msc
secedit.exe
GPMC
Security Templates
Security Configuration and Analysis
Security Configuration Wizard (SCW)
Security Compliance Manager (SCM)
www.ituniversityonline.com
OV 11 - 6
UAC
UAC prompts the user for administrator credentials.
By default, both standard users and administrators run applications as a
standard user.
There is no UAC prompt if you are logged in as the built-in administrator.
www.ituniversityonline.com
OV 11 - 7
www.ituniversityonline.com
OV 11 - 8
Account Policies
Password policy
Account lockout policy
Kerberos policy
www.ituniversityonline.com
OV 11 - 9
www.ituniversityonline.com
OV 11 - 10
Restricted Groups
Manages group membership automatically.
You define who should and should not be a member of the group.
If someone else changes the membership, it gets changed back on policy
refresh.
www.ituniversityonline.com
OV 11 - 11
Security Templates
Three default security templates in Windows Server 2012:
Defltbase.inf
Defltsvc.inf
Defltdc.inf
Event Log
Restricted Groups
System Services
Registry
File System
www.ituniversityonline.com
OV 11 - 12
secedit.exe
Security Template snap-in
Security Configuration Wizard
Group Policy
Security Compliance Manager
www.ituniversityonline.com
OV 11 - 13
Auditing
Log security-related events.
View events in the Security log of Event Viewer.
www.ituniversityonline.com
OV 11 - 14
www.ituniversityonline.com
OV 11 - 15
www.ituniversityonline.com
OV 11 - 16
www.ituniversityonline.com
OV 11 - 17
AppLocker
Applies Application Control Policies
New capabilities to control how users can access and use executables
AppLocker rules are defined based on:
Publisher name
Product name
File name
File version
www.ituniversityonline.com
OV 11 - 18
www.ituniversityonline.com
OV 11 - 19
AppLocker Enforcement
www.ituniversityonline.com
OV 11 - 20
Separate inbound and outbound rules that the administrator can configure
Integrated firewall filtering and IPSec protection settings
Network locationaware profiles
The ability to import and export policies
www.ituniversityonline.com
OV 11 - 21
www.ituniversityonline.com
OV 11 - 22
www.ituniversityonline.com
OV 11 - 23
www.ituniversityonline.com
OV 11 - 24
Firewall Profiles
Domain
Public
Private
www.ituniversityonline.com
OV 11 - 25
Reflective Questions
1.
In what ways do you think User Account Control enhances security?
2.
Will AppLocker benefit your network's security, and if so, how?
www.ituniversityonline.com
OV 11 - 26
www.ituniversityonline.com
OV 12 - 1
Hyper-V Benefits
Invisible to users
Different operating systems for guest machines
More efficient use of hardware
Simplified server deployment
Virtual machine templates
www.ituniversityonline.com
OV 12 - 2
www.ituniversityonline.com
OV 12 - 3
VDI
Runs desktop in a server-based virtual machine
Makes it easy to deploy new desktops, complete with software
Offers the following benefits:
Includes a scenario deployment tool that you can use to automate the configuration
and deployment of virtual machines and sessions
Standardizes and helps you automate common VDI maintenance tasks such as
updates and patching
Provides simplified single sign-on that reduces the number of password prompts
for each user
Creates a historic view of resources assigned to users, along with the ability to
change or edit properties of published resources
Includes Windows PowerShell scripts that you can use to automate deployment and
configuration tasks
www.ituniversityonline.com
OV 12 - 4
www.ituniversityonline.com
OV 12 - 5
Presentation Virtualization
Allows you to keep data in a central location, not on the PCs
Many technologies available:
www.ituniversityonline.com
OV 12 - 6
Application Virtualization
Very similar to desktop virtualization.
Only a single application is virtualized.
Offers the following benefits:
Application isolation
Application portability
Application versions on one computer
www.ituniversityonline.com
OV 12 - 7
Hyper-V Overview
BIOS
RAM
Processor
IDE Controller 0
IDE Controller 1
SCSI Controller
Network Adapter
COM 1
COM 2
Diskette drive
www.ituniversityonline.com
OV 12 - 8
Dynamic Memory
Hyper-V allows memory needed by VMs to be allocated and de-allocated
dynamically.
Smart Paging uses disk space when there isn t enough physical RAM for a
guest VM restart.
www.ituniversityonline.com
OV 12 - 9
www.ituniversityonline.com
OV 12 - 10
www.ituniversityonline.com
OV 12 - 11
www.ituniversityonline.com
OV 12 - 12
www.ituniversityonline.com
OV 12 - 13
Differencing Disks
www.ituniversityonline.com
OV 12 - 14
VM Snapshots
Point-in-time copy of a virtual machine
Used to roll a VM back to a previous state
Can be exported from one VM and imported to another VM
www.ituniversityonline.com
OV 12 - 15
Pass-Through Disks
www.ituniversityonline.com
OV 12 - 16
Resource Metering
Monitor Hyper-V resources.
Create cost-effective, usage-based billing solutions.
You can monitor:
www.ituniversityonline.com
OV 12 - 17
Network Virtualization
Isolate VMs that share the same host.
Each VM has two addresses:
Customer IP address assigned to the VM by customer
Provider IP address assigned to VM by provider for management
www.ituniversityonline.com
OV 12 - 18
www.ituniversityonline.com
OV 12 - 19
MAC Addresses
www.ituniversityonline.com
OV 12 - 20
Legacy adapter:
Formerly known as an emulated network adapter
Simulates a hardware network interface card
May be required to boot VM from network
www.ituniversityonline.com
OV 12 - 21
Reflective Questions
1. Consider how MED-V would improve your network s security
and administrative efficiency. Would your end users benefit
from virtual desktops they could access from anywhere within
the network?
2. Consider your network needs.Is a cloud solution like Azure
best for your network? If so, how would you implement the
cloud? What things would you want to virtualize in the cloud?
www.ituniversityonline.com
OV 12 - 22