2640 12299 Itu Notes Windows Server 2012 Installation and Configuration

Course Outline
Planning, Installing, and Configuring Windows Server 2012

Installing and Configuring an Active Directory Domain Controller
Administering Active Directory Objects
Automating Administrative Tasks
Configuring IPv4
Configuring IPv6
Installing and Configuring DHCP
Installing and Configuring DNS
Configuring Storage Spaces and File and Print Services
Configuring Group Policy
Securing Windows Servers
Installing and Configuring Virtual Servers and Clients
Copyright 2013 IT University Online All rights reserved.
www.ituniversityonline.com
Planning, Installing, and Configuring

Windows Server 2012
Introduction to Windows Server 2012

Describe Windows Server 2012 Management
Plan and Install Windows Server 2012
Configure Windows Server 2012
OV 1 - 1
Networking Environments
Local clients and servers
Cloud services (public, private, or both)
OV 1 - 2
Windows Server 2012 Server Roles
Active Directory Certificate Services (AD CS)

Active Directory Domain Services (AD DS)
Active Directory Federation Services (AD FS)
Active Directory Lightweight Directory Services (AD LDS)
Active Directory Rights Management Services (AD RMS)
Application Server
DHCP Server
DNS Server
Fax Server
File and Storage Services
OV 1 - 3
Windows Server 2012 Server Roles (Cont.)
Hyper-V
Network Policy and Access Services
Print and Document Services
Remote Access
Remote Desktop Services
Volume Activation Services
Web Server (IIS)
Windows Deployment Services (WDS)
Windows Server Update Services (WSUS)
OV 1 - 4
Windows Server 2012 Features
Windows BitLocker Drive Encryption

Failover Clustering
Group Policy Management
Ink and Handwriting Services
Internet Printing Client
Network Load Balancing (NLB)
Remote Assistance
Remote Server Administration Tools
Simple Mail Transfer Protocol (SMTP) Server
Telnet Client, Telnet Server
Windows PowerShell
Windows Server Backup
Windows System Resource Manager (WSRM)
Wireless Local Area Network (LAN) Service
Windows on Windows (WoW) 64 Support
OV 1 - 5
New Features in Windows Server 2012
Command auto-completion
Enhanced storage
Features on Demand
IP Address Management (IPAM) Server
New cmdlets
Resilient File System (ReFS)
Revised Task Manager
User interface
Windows BranchCache
OV 1 - 6
Comparing Server Roles and Features

Server Roles
Programs that configure a server to perform a specific function for users and/or
computers on the network. Users typically access servers that are hosting server
roles.
Examples: The DHCP Server role leases IP addresses to clients and devices; the DNS
Server role configures the server to find the IP address for a given FQDN.
Features
Applications that increase the functions the server can perform. In general, users do
not access features.
Examples: You use Windows Server Backup to back up the server, not clients. The
Wireless LAN Service enables you to connect the server to the network wirelessly.
OV 1 - 7
Windows Server 2012 Editions

Windows Server 2012 Datacenter
Designed for large organizations that need highly virtualized private and hybrid cloud network
environments.
Designed for use by large organizations.
Includes all features of Windows Server 2012 and unlimited virtual machine instances.
Windows Server 2012 Standard

Designed for network environments with minimal virtualization needs.
Includes all features of Windows Server 2012 and two virtual machine instances.
Windows Server 2012 Essentials

Designed for use by small businesses with a maximum of 25 users and 50 network devices.
Tailored to the needs of a small organization with no more than 25 users.
Includes a streamlined interface, configuration for connecting to cloud services, and no support for
virtualization.
Windows Server 2012 Foundation

Designed for very small organizations with up to 15 users.
Includes general-purpose server functionality and no support for virtualization.
OV 1 - 8
Windows Server 2012 Licensing

Processor license for each CPU in the server.
Client access license (CAL) for each user or device that connects to the server.

Processor license.
CAL per user or device.
Windows Server 2012 Essentials

Server license that supports a maximum of two server CPUs.
Maximum of 25 users.
Windows Server 2012 Foundation

Server license that supports only one CPU in the server.
Maximum of 15 users.
OV 1 - 9
Administrative Tools and Tasks

Server Manager
Add and configure server roles.

Examine and configure services.
Monitor events.
Configure server and network settings such as name, domain, and IP addresses.
Evaluate servers and the network (Best Practices Analyzer).
Windows PowerShell
Perform nearly all tasks that can be managed in the GUI.
Bulk administer objects.
Active Directory Users and Computers; Active Directory Administration

Center
Create and manage Active Directory objects.
Group Policy Management

Create and configure group policies.
Performance Monitor
Monitor server and network performance.
OV 1 - 10
Administrative Tools and Tasks (Cont.)

Task Manager
Monitor server and network functionality, and performance.
Resource Monitor
Monitor server resources.
Task Scheduler
Create and schedule administrative tasks to run automatically.
Various MMCs, such as the DNS console

Perform server-role specific tasks.
Remote Desktop
Perform remote management.
WinRM
Perform remote management from a command-line interface.
OV 1 - 11
Introduction to Server Manager
Manage configuration of multiple servers.

Review server event logs.
Install and configure additional roles.
Manage Windows services on each server.
Launch PowerShell for command-line administration.
OV 1 - 12
The Server Manager Interface
OV 1 - 13
Multi-Server Management
Shows all servers running a particular service in the domain

Gives quick statistics about each server and service
Can open the management console for each service on each server
Can open other management tools:
RDP
PowerShell
Add Roles and Features
Computer Management
NIC Teaming
Performance Counters
Shut Down
OV 1 - 14
The Dashboard Pane

Top section displays a list of steps for configuring a server.
Bottom section displays birds eye view thumbnails of servers.
OV 1 - 15
All Servers Pane

View a series of sections:
Servers
Events
Services
Best Practices Analyzer
Performance
Roles and Features
OV 1 - 16
The File and Storage Services Pane

When selected, displays a second level of options:
Servers
Volumes
Disks
Storage Pools
Shares
iSCSI
OV 1 - 17
The File and Storage Services Pane (Cont.)
OV 1 - 18
Windows Server 2012 System

Requirements
Hardware Component
Minimum Requirement
Recommended Hardware
Processor
1.4 GHz 64-bit processor
3.1 GHz or faster
RAM
512 MB
16 GB or more
Disk space
32 GB
128 GB or larger
Additional hardware needed:
DVD drive
Super VGA (800x600) or higher resolution monitor
Keyboard and mouse
Internet access
OV 1 - 19
Windows Server 2012 Installation

Methods
Optical media such as a DVD

USB drive
Network share
Mounted ISO image
Windows Deployment Services (WDS)
System Center Configuration Manager (SCCM)
Virtual Machine Manager templates
OV 1 - 20
Installation Types
Fresh install
Upgrade
Migration
OV 1 - 21
Installation Modes
Server Core
Server with the graphical user interface (GUI)
Server with the Minimal Server Interface
OV 1 - 22
Upgrade Paths for Windows Server 2012

Current Version of Windows Server
Can Upgrade To
Windows Server 2008 Standard with SP2 or Windows

Server 2008 Enterprise with SP2
Windows Server 2012 Standard, Windows Server 2012

Datacenter
Windows Server 2008 Datacenter with SP2 or

Windows Server 2008 R2 Datacenter with SP1
Windows Web Server 2008 or Windows Web Server

2008 R2
Windows Server 2008 R2 Standard with SP1 or

Windows Server 2008 R2 Enterprise with SP1
Windows Server 2012 Standard, Windows Server 2012

Datacenter
OV 1 - 23
Migrating to Windows Server 2012

You must migrate the following services from an older server to a Windows
Server 2012 server:
Active Directory Federation Services
Health Registration Authority
Hyper-V
IP Configuration
Network Policy Server
Print and Document Services
Remote Access
Windows Server Update Services
OV 1 - 24
Installation Planning Worksheet
OV 1 - 25
Offline Images
Create and deploy server image using DISM

Create image file
Create answer file
Modify image file
OV 1 - 26
Server Core Configuration
Assign a static IP address to the server.

Change the computer name and domain membership.
Implement network adapter teaming.
Enable Remote Desktop.
Activate the server.
OV 1 - 27
The Windows Server GUI Interface

Advantages of the full server with the graphical interface:
Contains all graphical administrative utilities.
Supports local and remote installation, configuration, and removal of server roles.
Provides use of MMC to create additional graphical consoles.

Disadvantages of the full server with the graphical interface:
Is less secure.
Uses more disk space.
Consumes more RAM.

OV 1 - 28
Full Server with GUI Configuration

Perform the same tasks as with configuring Server Core:
1. Assign a static IP address to the server.
2. Change the computer name and domain membership.
3. Implement network card teaming.
4. Enable Remote Desktop.
5. Activate the server.
OV 1 - 29
Configure Server with a Static IP Address
Assign a static
IP address,
subnet mask,
and default
gateway
Assign at least
one DNS server
address
OV 1 - 30
The Computer Name/Domain

Changes Dialog Box
OV 1 - 31
Network Card Teaming
OV 1 - 32
Enable Remote Desktop
OV 1 - 33
Reflective Questions
1. In what scenario do you think its best to install Windows Server 2012
Server Core?
2. After configuring a server, why should you consider switching it from the
GUI version of Windows Server 2012 to the Server Core version?
OV 1 - 34
Installing and Configuring an Active

Directory Domain Controller
Overview of Active Directory
Install an Active Directory Domain Controller
OV 2- 1
The Active Directory Physical Hierarchy

Each domain contains

domain controllers,
users, computers,
printers, and so on
Fuller.loca
l domain
Rochester
.fuller.loc
al domain
Boston.
fuller.loca
l domain
OV 2- 2
The Active Directory Logical Hierarchy

Site = Rochester
Site = Boston
Fuller.loca
l domain
OU = Headquarters
Rochester
.fuller.loc
al domain
Boston.
fuller.loca
l domain
OU = Boston
OU = Rochester
OU = Admin
OU =
Sales
OU =
Accounting
OU = Bookstore
OV 2- 3
Active Directory Components
Domain controllers
Data store
Global catalog servers
Read-only domain controllers (RODCs)
Domain
Domain tree
Forest
Site
OU
Partition
Schema
OV 2- 4
Active Directory Containers
Forest
Tree or domain tree
Domain
Site
Organizational unit
OV 2- 5
Domain Controllers
Domain controllers perform these tasks:
Store a copy of the AD DS database in the NTDS.dit file.
Host a copy of the SYSVOL folder.
Authenticate users for log on purposes and also for access to resources.
Synchronize the SYSVOL folder using either File Replication Service (FRS)
or Distributed File Service (DFS) replication.
OV 2- 6
Global Catalog Server

Global catalog servers perform these functions in the forest:
Contain a copy of the global catalog, which has references to every object
in the forest.
Enable users and administrators to search for objects such as computers
and printers distributed throughout the forest.
Support cross-domain searches.
OV 2- 7
Operations Master Roles

Domain controllers can also host forest-wide or domain-level operations
master roles:
Schema master: Is responsible for updates to the schema.
Domain naming master:
Processes domain name changes.

Adds or removes domains or application directory partitions to or from the forest.
Adds replicas of application directory partitions to other domain controllers.
Adds or removes cross-reference objects to or from external directories.
RID master: Allocates blocks of relative identifiers (RIDs) to every domain

controller in the domain.
Infrastructure master: Updates references to objects in its own domain
that point to objects in other domains, and also updates references to its
local objects.
PDC emulator:
Supplies the correct time to the domain.
Stores the most-recent password changes.
Administers Group Policy and Distributed File System (DFS).

OV 2- 8
1. What are the advantages of using Active Directory Domain Services?
2. Which types of installations do you expect to perform most often in your
working environment?
OV 2- 9
Administering Active Directory Objects
Design and Create an Active Directory Hierarchy

Manage Users
Manage Computers
Manage Groups
Delegate Administrative Tasks
OV 3 - 1
Types of Active Directory Design
Geographical location
Organizational chart
Functional structure
Hybrid structure
OV 3 - 2
Active Directory Structure:

Geographical Design
Create domains and organizational units based on geographic locations for
your organization.
Root Level
Domain
fuller.local
us.fuller.local
Country Domains
eu.fuller.local
City Domains
rochester.us.fuller.loc
al
atlanta.us.fuller.local
london.eu.fuller.loca
l
paris.eu.fuller.loca
l
OV 3 - 3
Active Directory Structure: Organizational

Chart Design
Create domains and organizational units based on the organizations
organizational chart.
Root Level
Domain
fuller.local
marketing.fuller.loc
al
Departmental
Domains
production.fuller.loc
al
City Domains
rochester.marketing.
fuller.local
atlanta.marketing.
fuller.local
rochester.productio
n
.fuller.local
paris.production
.fuller.local
OV 3 - 4
Active Directory Structure: Functional

Design
Create domains and organizational units based on the organizational
chart structure.
Root Level
Domain
fuller.local

Functional Domains
sales.fuller.local
accounting.fuller.local
administrative.fuller.loc
al
publishing.fuller.loc
al
OV 3 - 5
Active Directory Structure: Hybrid Design

Create domains and organizational units based on the organizational
chart structure.
Root Level
Domain
fuller.local

Functional Domains
sales.fuller.local
Rochester
Boston
accounting.fuller.local
Rochester
Atlanta
admin.fuller.local
Rochester
Atlanta
publishing.fuller.loc
al
Rochester
Boston
Location Domains
or Organizational
Units
OV 3 - 6
The Fuller & Ackerman Wide Area

Network

OV 3 - 7
The Active Directory Administrative Tools

Graphical Administrative Tools
Active Directory Users and Computers

Active Directory Sites and Services
Active Directory Domains and Trusts
Active Directory Schema
Remote Server Administration Tools (RSAT)
Active Directory Administrative Center
Windows PowerShell Commands
Add-ADGroupMember
Disable-ADAccount
Get-ADDomain
Move-ADObject
New-ADGroup, New-ADOrganizationalUnit, New-ADUser
Remove-ADGroup, Remove-ADGroupMember, Remove-ADUser
Command-Line Utilities
Dsadd, Dsget, Dsmod
Dsmove, Dsquery, Dsrm
OV 3 - 8
Tools for Creating User Accounts

Active Directory Administrative Center
PowerShell command New-ADUser
Command-line utility Dsadd.exe
OV 3 - 9
User Profiles
User profiles contain the information necessary to establish the users
desktop environment:

The Profile Path
Location where desktop settings are stored.
Also referred to as a roaming profile.
Logon Scripts
Batch files that map drive letters to network resources.
Home Folder Location

A folder you create to store the users folders and files.
OV 3 - 10
Default Active Directory Objects
Builtin
Computers
Domain Controllers
ForeignSecurityPrincipals
Managed Service Accounts
Users
OV 3 - 11
User Account Templates

Reduces workload of creating users.
Has all non-user specific configurations including group memberships.
Best practices:
Create the user account with an underscore at the beginning of the name.
Leave the account disabled.
Never let anyone use the template to log on.
Dont configure template with information that is user-specific.
OV 3 - 12
The Computers Container
Default system container in Active Directory.

New computer accounts are created here by default.
Cannot have group policy directly applied to it.
Has a relative distinguished name of CN=Computers.
Redircmp.exe can be used to change the default computer container.
Best practices:
Specify another container as you create the computer account.
Move computer accounts out of this default container into real OUs.
OV 3 - 13
Location Configuration
A best practice is to create OUs specifically to hold computer accounts.

It is common to create parent OUs by geography or department.
Child OUs can be for desktops or laptops.
Other child OUs can be for users, administrators, and resources.
Separate computers into OUs to delegate control and apply policy.
OV 3 - 14
Permissions Management
By default, the following have permissions to create computer objects:
Enterprise Admins
Domain Admins
Administrators
Account Operators
You should restrict membership to administrator groups.

Delegate control over an OU by using the Delegate Control wizard.
OV 3 - 15
Secure Channels
Like users, computers log on to the domain.
Ordinarily there is no need to manually reset a computer account.
If for some reason the computer cannot access its own account, you may
have to perform a secure channel reset.
You can reset a computer account using the following tools:

DSmod
netdom
NLTest
PowerShell
OV 3 - 16
Types of Groups
Security
Distribution
OV 3 - 17
Group Scopes
Local
Domain Local
Global
Universal
OV 3 - 18
Default Management Groups
Schema Admins
Enterprise Admins
Domain Admins
Administrators
Server Operators
Account Operators
Backup Operators
Print Operators
OV 3 - 19
Active Directory Domain Services

Permissions
You can assign permissions to Active Directory objects:
Users
Computers
Groups
It is a best practice to delegate control to an entire OU.

Effective permissions are cumulative from individual permissions and
group membership.
OV 3 - 20
1. Do you foresee using user account templates in your organization?
Why or why not?
2. Do you think you will delegate control to OUs in your organization?
Why or why not?
OV 3 - 21
Automating Administrative Tasks
Introduction to Windows PowerShell

Use Windows PowerShell to Manage Active Directory Objects
Use Command-Line Tools to Administer Active Directory
Use Bulk Operations
OV 4 - 1
Common PowerShell Uses for

Administrators
Add and remove Windows Server roles and features.

Manage services.
List processes.
Create, list, and manage file systems.
View event logs.
Manage the Windows registry.
Manage monitoring tools.
Add, delete, and manage AD DS objects.
OV 4 - 2
Windows PowerShell Features
Simplified syntax
Updated help
Enhanced module discovery
Session recovery
The show command
Web access
Delegated administration
Safety
OV 4 - 3
PowerShell Get-Help Command
OV 4 - 4
Update Help
Download the latest help file.
If Update Help cannot contact the Microsoft site, you can cancel and
continue.

OV 4 - 5
Get-Help Service
OV 4 - 6
Common Cmdlet Verbs
Add
Backup
Clear
Close
Disable
Enable
Install
Get
New
Set
Show
Stop
Suspend
Uninstall
Rename
Note: some words such as backup or new are treated as single

verbs in PowerShell.
OV 4 - 7
Common Event Viewer Cmdlets
Get-EventLog
Show-EventLog
Clear-EventLog
Limit-EventLog
OV 4 - 8
The Get-EventLog Command

Get-EventLog retrieves log entries.
Must include the name of the event log file.
-Newest <number> gives most recent entries only.
OV 4 - 9
Service Cmdlets
Start-Service
Get-Service
Stop-Service
Suspend-Service
Resume-Service
Set-Service
Restart-Service
OV 4 - 10
Process Cmdlets
Start-Process
Get-Process
Stop-Process
Wait-Process
Debug-Process
OV 4 - 11
An Advanced PowerShell Cmdlet

Get-Counter Counter \Processor(_Total)\% Processor Time
SampleInterval 10 MaxSamples 100
OV 4 - 12
The -Whatif Parameter

-WhatIf shows what would happen without actually doing it.
OV 4 - 13
The -Confirm Parameter

The -Confirm parameter executes a command with confirmation.
Note: PowerShell will still ask you to confirm if the action will be taken
on more than one object.
OV 4 - 14
PowerShell ISE
OV 4 - 15
PowerShell ISE Scripting Pane

The Scripting pane is available on the toolbar.
OV 4 - 16
Execution Policies
Restricted Scripts will not execute.
RemoteSigned Locally created scripts will run; downloaded scripts
must be digitally signed.
AllSigned Scripts signed by a trusted publisher will run.
Unrestricted Any script, signed or unsigned, will run.

Set-ExecutionPolicy Unrestricted
OV 4 - 17
User Management PowerShell Cmdlets
Get-AdUser
New-ADUser
Set-ADUser
Enable-ADAccount
DisableADAccount
Remove-ADUser
Unlock-ADAccount
Set-ADAccountPassword
Set-ADAccountExpiration
OV 4 - 18
Parameters for User Account

Management
AccountExpirationDate<DateTime>
AccountPassword<securestring>
CannotChangePassword<Boolean>
ChangePasswordatlogon<Boolean>
Department<String>
DisplayName<String>
HomeDirectory<String>
ProfilePath
EmailAddress
OV 4 - 19
Display All User Accounts

Get-ADUser filter *
OV 4 - 20
View User Properties

Get-ADUser Tracy White Properties *
OV 4 - 21
Users Home Folder Set Up in PowerShell

Set-ADUser Tracy White HomeDirectory \\Users\tracywhitehomedir
OV 4 - 22
Inactive and Disabled Accounts

Right-click an account in Active Directory Users and Computers to enable
or disable it.
PowerShell examples:
Get-ADUser filter department eq Training | Enable-ADAccount

$90Days = (get-date).adddays(-90)
Get-ADUser -filter {(lastlogondate -le $90Days) -and (enabled -eq $true)} | DisableADAccount
OV 4 - 23
Group Management Cmdlets

Perform individual operations.
Create scripts to perform bulk operations.

Windows PowerShell Cmdlet
Description
Get-ADGroup
Displays property values for groups
New-ADGroup
Creates new groups
Set-ADGroup
Modifies group properties
Remove-ADGroup
Deletes groups
OV 4 - 24
Parameters for Group Management

Groups have over 40 properties.
Get-ADGroup identity Users Property * Returns all properties

Parameter
Description
Name
Defines the group name.
GroupScope
Defines the group scope as domain local, global, or universal. You must
include this parameter.
DisplayName
Defines the Lightweight Directory Access Protocol (LDAP) display name.
ManagedBy
Defines a user or group that can manage the group.
Path
Defines the organizational unit (OU) in which the group is created.
SamAccountName
Defines a name that is backward compatible with older operating

systems.
OV 4 - 25
Viewing Group Properties in PowerShell

Get-ADGroup identity Users Returns most common properties

OV 4 - 26
Verifying Group Creation
New-ADGroup -Name "BusinessAnalysts" -Path

"ou=marketing,dc=Fuller,dc-local" -GroupScope Global GroupCategory Security
OV 4 - 27
Group Member and Membership Cmdlets
Add-ADGroupMember
Get-ADGroupMember
Remove-ADGroupMember
Add-ADPrincipalGroupMembership
Get-ADPrincipalGroupMembership
Remove-ADPrincipalGroupMembership
Examples:
Get-Adgroupmember -Identity administrators
Get-Adgroupmember -Identity Enterprise Admins recursive
Add-ADGroupMember BusinessAnalysts -Members "TracyWhite"
OV 4 - 28
Computer Account Management

Cmdlets
Get-ADComputer
New-ADComputer
Set-ADComputer
Test-ComputerSecureChannel
Reset-ComputerMachinePassword
Remove-ADComputer
Parameters
Name
Path
Enabled
OV 4 - 29
OU Management
Cmdlets
Get-ADOrganizationalUnit
New-ADOrganizationalUnit
Set-ADOrganizationalUnit
Remove-ADOrganizationalUnit
Parameters
Name
Path
ProtectedFromAccidentalDeletion
OV 4 - 30
Viewing OU Information
Get-ADOrganizationalUnit

OV 4 - 31
Creating an OU
New-ADOrganizationalUnit -Name Philanthropy -Path
"ou=Marketing,dc=Fuller,dc=Local"

OV 4 - 32
Modifying OU Properties
Set-ADorganizationalunit -Identity "OU=Marketing,
DC=Fuller,DC=Local" -Country "US" StreetAddress
"2111 Main Street" -City Seattle -State WA -PostalCode 30022
OV 4 - 33
CSVDE
Export basic syntax:
Csvde f <filename>
Import basic syntax:

Csvde i f <filename>
OV 4 - 34
CSV File
Can be .csv or .txt
First line contains attribute names
OV 4 - 35
LDIFDE
Syntax like CSVDE
Can be used to modify objects in place:
Use Changetype line
OV 4 - 36
DS Commands
DSadd
DSget
DSquery
DSmod
DSrm
DSMove

Examples:
DSadd user CN=Sally Green,OU=Sales,DC=fuller,DC=local
DSmod user CN=Sally Green,OU=Sales,DC=fuller,DC=local dept Marketing
OV 4 - 37
Bulk Operations
Three primary ways to perform bulk operations:
Graphical tools
Command-line tools
Scripts
OV 4 - 38
Querying Objects
SearchBase Search path in AD hierarchy

SearchScope Depth or at what level search should be performed
ResultSetSize Maximum number of objects returned in a query
ResultPageSize Maximum number of objects for each page returned
Properties Which properties to display
OV 4 - 39
Global Search
OV 4 - 40
Object Configuration
Pipe output of Get command to input of Set command
Get-ADUser | Set-ADUser
Example:
Get-ADUser Filter lastlogondate lt September 1, 2012 | Disable-ADAccount
OV 4 - 41
1. In what ways do you think PowerShell can help you to perform daily
administrative tasks in your environment?
2. Do you foresee a need to use bulk operations to manage user accounts in
your environment? Why or why not?
OV 4 - 42
Configuring IPv4
Overview of the TCP/IP Protocol Suite

Describe IPv4 Addressing
Implement Subnetting and Supernetting
Configure and Troubleshoot IPv4
OV 5 - 1
The TCP/IP Protocol Suite
OV 5 - 2
The OSI Model and the TCP/IP Suite

Comparing the OSI and TCP/IP models
OV 5 - 3
IPv4 Packet
OV 5 - 4
TCP/IP Applications
Protocol
Description
HTTP
HyperText Transfer Protocol. Used for communication between web browsers

and web servers.
HTTPS
HTTP Secure. Uses encryption for communication between web browsers and
web servers.
POP3
Post Office Protocol 3. Retrieves email messages from an email server.
SMTP
Simple Mail Transfer Protocol. Transfers mail over the Internet.
FTP
File Transfer Protocol. Transfers files between FTP servers and clients.
SMB
Server Message Block. Used for file and print sharing between servers and
clients.
DNS
Domain Name Service. Converts domain names to IP addresses.
RDP
Remote Desktop Protocol. Allows remote control of a Windows operating

system over a network.
DHCP
Dynamic Host Configuration Protocol. Dynamically assigns IP addresses to

network clients.
OV 5 - 5
TCP/IP Sockets
A Windows TCP/IP socket consists of three components:
The transport protocol used by the application, either TCP or UDP
The TCP or UDP port number used by the application
The IP address (IPv4 or IPv6) of the source and destination host connection
Well-known port numbers:

Port
80
443
110
25
20, 21
445
53
53
Transport
TCP

TCP

TCP

TCP

TCP

TCP

UDP

TCP

Protocol Application Service

HTTP
HTTPS
POP3
SMTP
FTP
SMB
DNS name lookups
DNS zone transfers
OV 5 - 6
IPv4 Addresses
Allow for network layer data routing of IP datagrams from one IP device
connection (source) to another (destination).
Each networked device must be configured with a unique IP address.
To make IPv4 addresses easier for humans to manage, IPv4
addressformatting expresses binary bit values as dotted decimal
notation.
Each octet converts to a decimal number between 0 and 255.

OV 5 - 7
Subnet Masks
Identifies which part of the IPv4 address is the network ID and which part is
the host ID.
In its simplest implementation, the default subnet mask is either 255 or 0.
Octets with a value of 255 identify the network ID part of the address, and a
value of 0 identifies the host part of the address.
For the IP address 192.168.1.100 and the subnet mask 255.255.255.0, the
network ID is 192.168.1.0 and the host connection ID is 0.0.0.100.
OV 5 - 8
Default Gateway
Usually a router, provides a default route used by TCP/IP hosts to
forward packets to hosts on remote networks.
On a local subnet, you configure the local hosts with the IP address of the
router, which is the default gateway, to enable local hosts to
communicate with hosts on another network.
Configure the default gateway:
In the GUI in the properties of the network adapter
Command line
netsh interface ipv4 set address
PowerShell
For new IP address: new-netipaddress
Changing an IP address: set-netipaddress
OV 5 - 9
Public and Private IP Addresses

Public IP address:
Public IPv4 addresses, managed by IANA, must be unique

Distributed by IANA
ISP distributes to businesses and individuals
Used to traverse the Internet
Private IP address:
Reserved by IANA
Can be used internally by businesses and individuals
Does not route to the Internet
Must be NATed to allow businesses or users to connect to the Internet
Private IPv4 address ranges established by IANA:

10.0.0.0/8
10.0.0.0 - 10.255.255.255
172.16.0.0/12 172.16.0.0 - 172.31.255.255
192.168.0.0/16
192.168.0.0 - 192.168.255.255

OV 5 - 10
Binary Values and Dotted Decimal

Notation

OV 5 - 11
Subnetting
Provides a means to divide your network into smaller, discrete networks
that better serve theneeds of your organization.
Enables you to divide the 32 bits of an IPv4 address to createthe number
of subnets you need as well as the number of host addresses you need
for that subnet.
OV 5 - 12
Benefits of Subnetting
Segment a large network to increase administrative efficiency.
Reduce network congestion by limiting host broadcasts to smaller
network segments.
Increase security by isolating some hosts to a specific segment or
limiting internetwork communication using firewall access controls.
Enable proactive capacity planning based on projected growth of an
organization.
OV 5 - 13
Subnet Address Determination

Determine how many subnets you need.
Use that to determine how many bits to move the subnet mask.
Number of
Bits (n)
Number of Subnets
(2n)
16
32
64
128
OV 5 - 14
Subnet Address Determination (Cont.)
Binary Bits for Network

Number
Decimal Value of Network

Number
172.16.00000000.00000000
172.16.0.0
172.16.00100000.00000000

172.16.01000000.00000000

172.16.01100000.00000000

172.16.10000000.00000000

172.16.32.0
172.16.10100000.00000000
172.16.160.0
172.16.11000000.00000000
172.16.192.0
172.16.11100000.00000000
172.16.224.0
172.16.64.0
172.16.96.0
172.16.128.0
OV 5 - 15
Host Address Determination

To determine the host bits in a subnet mask, you need to know the
number of hosts you will support on a subnet.
You use the standard formula of 2n-2, in which n represents the number
of bits when calculating host bits.
In classful addressing two host IDs are reserved, which is why you
subtract two from the initial calculation.
Number of
Bits (n)
Number of Hosts
(2n-2)
14
30
62
126
254
OV 5 - 16
Host Address Range Determination

Network
Host Address Range
172.16.0.0/19
172.16.0.1-172.16.31.254
172.16.32.0/19
172.16.31.1-172.16.63.254
172.16.64.0/19
172.16.64.1 - 172.16.64.254
172.16.96.0/19
172.16.96.1 - 172.16.96.254
172.16.128.0/19
172.16.128.1 - 172.16.128.254
172.16.160.0/19
172.16.160.1 - 172.16.160.254
172.16.192.0/19
172.16.192.1 - 172.16.223.254
172.16.224.0/19
172.16.224.1 -172.16.255.254
OV 5 - 17
Supernetting
Supernetting performs the opposite operation of subnetting.
Combine multiple small contiguous networks into a single large network.
Supernetting, also known as classless interdomain routing (CIDR), allows
you to create a logical network for the number of hosts you require.
OV 5 - 18
Supernetting (Cont.)
Combine the following networks:
Network
Network Range
192.168.14.0
192.168.14.1 - 192.168.14.255
192.168.15.0
192.168.15.0 - 192.168.15.255
192.168.16.0
192.168.16.0 - 192.168.16.255
192.168.17.0
192.168.17.0 - 192.168.17.254

Here is the resulting supernet:
Network
Supernet Mask Network Range
192.168.14.0/21
255.255.252.0 192.168.14.1 - 192.168.17.254
OV 5 - 19
IPv4 Manual Configuration

Servers need static IPv4 configurations to enable clients to connect to
them consistently.
You can maintain current and accurate documentation of the IPv4
addresses used for various services on your network.
Configure them using TCP/IP properties, netsh, or PowerShell.
OV 5 - 20
IPv4 Automatic Configuration

Dynamic Host Configuration Protocol (DHCP) server enables you to
configure TCP/IP addresses and other configuration options dynamically
for large numbers of hosts on a network.
DHCP servers are configured with a scope or range of IPv4 addresses.
Clients send out a broadcast request to a DHCP server to obtain an IPv4
address automatically.
DHCP servers also may be configured with additional configuration
settings a client may require.
Windows Server 2012 and Windows clients use automatic private IP
addressing (APIPA), which is a reserved address range of 169.254.0.0 to
169.254.255.255.
OV 5 - 21
IPv4 Troubleshooting Tools
IPconfig
Ping
Tracert
Pathping
Route
Telnet
Netstat
Resource Monitor
Network Diagnostics
Event Viewer
OV 5 - 22
TCP/IP Troubleshooting Process

Identify the communication problem
Does it affect only one or all hosts?

If one host, it is likely a configuration problem on the host.
If all hosts, it is likely a server configuration problem.
Remote connectivity could be server configuration, network configuration, or
network device failure.
For a local problem

Verify that the local host s TCP/IP information is configured properly.
Ping the loopback address: 127.0.0.1.
Ping the local host s router.
Ping a remote host check firewall policies, router configuration.
OV 5 - 23
Best Practices for Implementing IPv4

Plan the subnet schema carefully and factor in future growth.
Configure servers with static IPv4 configuration settings, and document
services running on specificservers as well as IPv4 settings.
Deploy DHCP servers for dynamic addressing for clients.
If designing the IPv4 address space for a new network, map out the
address ranges and subnets based on specific purposes and locations.
OV 5 - 24
1. What benefits do you see in using private IP addresses for your
corporate network?
2. Do you expect to use subnetting or supernetting at your workplace?
OV 5 - 25
Configuring IPv6
Overview of IPv6
Implement IPv6 Addressing
Implement IPv6 and IPv4
Transition from IPv4 to IPv6
OV 6 - 1
IPv6 Overview
Solves the problem of shrinking IP address pools
Solves many administrative inefficiencies cause by manual configuration

OV 6 - 2
IPv6 Benefits
Extended address space

Hierarchical addressing and router efficiency
Stateless and stateful address auto-configuration
Eliminates broadcasts
Integrated security (IPSec)
Integrated QoS
Eliminates need for NAT
OV 6 - 3
Comparing IPv4 and IPv6

Characteristic IPv4
IPv6
Addresses
32 bit
128 bit
IPSec support
Optional
Required
QoS
Header does not include packet flow info for

QoS
Header includes flow label field for QoS
Checksum
Included
Not included
Packet
fragmentation
Both sending and receiving host fragment
Sending host determines packet size
IGMP
IGMP used to manage multicast membership
Multicast Listener Discovery (MLD)

determines multicast group membership
Router discovery
Optional
ICMPv6 Router Solicitation and Router

Advertisement messages
Broadcasting
Broadcast addresses used to send traffic to all

hosts on a subnet
Broadcasting replaced by multicasting
ARP
Resolves IP address to MAC address
Multicast neighbor solicitation
Configuration
Manual or DHCP
Auto-configuration
Resource records
Host (A)
IPv6 Host (AAAA)
OV 6 - 4
IPv6 Address Space

IPv4 address bit order, expressed as decimal and binary:
IPv6 uses 128-bit addresses 4 times the length of IPv4.

Separated into eight 16-bit blocks:
OV 6 - 5
IPv6 Address Space (Cont.)
Converting from binary to hexadecimal for IPv6:

1. Take the first 16-bit block and break it into four groups of four bits as
shown:

0010 0000 0000 0001

2. Convert each bit in a group from right to left, with 0 converting to 0, and
1 converting to its position value:

2001

3. Separate each converted block with a colon:

2001:0DB8:0000:2F3B:02AA:00FF:FE28:9C5A
OV 6 - 6
The Hexadecimal Numbering System

Base 16 numbering system
0 through 9, A through F
Binary
Decimal
Hexadecimal
0001
0010
0011
0100
0101
0110
0111
1000
1001
1010
10
1011
11
1100
12
1101
13
1110
14
1111
15
OV 6 - 7
Zero Compression
Allows reduction of notation
Adjacent zeros are compressed
One or more blocks of zeros can be written as ::
Only one set of :: in an address
Single block of zeros can also be written as 0

Example:
2001:0DB8:0000:0000:02AA:00FF:FE28:9C5A

After dropping lead 0s and using zero compression:
2001:DB8::2AA:FF:FE28:9C5A

OV 6 - 8
IPv6 Prefixes
Network part of address
Can be aggregated for route summarization

Category
Prefix Hex Value
Prefix Binary Value
Reserved
0000 0000
Global unicast address
2 or 3
001
Link-local unicast addresses
FE8
1111 1110 1000
Unique local unicast

addresses
FD
1111 1100
Multicast addresses
FF
1111 1111
OV 6 - 9
Unicast Addresses
Global unicast address
Public, routable, from an ISP
Link-local unicast addresses

Automatically generated
Non-routable
Similar in function to IPv4 APIPA addresses
Unique local unicast addresses

Routable within an organization
Not routable on the Internet
Similar in function to IPv4 private addresses

OV 6 - 10
Zone ID
Relative to sending host
Identifies the interface that is transmitting
Syntax is address%zone_ID
OV 6 - 11
IPv6 Address Auto-configuration

Automatic for IPv6-enabled hosts
Stateless
Host auto-assigns link-local address

Checks to see if link-local address is a duplicate
Collects all valid prefixes advertised by adjacent routers
Creates a global IPv6 address within each advertised /64 IPv6 prefix
Uses either EUI-64 format or pseudo-random host ID as specified by RFC
Stateful
Obtained from DHCPv6
Combination of stateless and stateful

OV 6 - 12
Node Types
IPv4 only
IPv6 only
IPv6/IPv4 Uses both IPv4 and IPv6
IPv4 Uses IPv4; can be configured for IPv6
IPv6 Uses IPv6; can be configured for IPv4
OV 6 - 13
IPv6 over IPv4
Used in Windows 2008 and Windows 2012

Also called 6over4
A transition mechanism
Does translations from IPv4 to IPv6
Uses multicast; both nodes and routers
OV 6 - 14
Dual-Layer Architecture
Microsoft has dual IP layer

Not dual IP stack
Both IPv4 and IPv6 share same information in same TCP/IP stack
Single shared implementation of TCP and UDP
OV 6 - 15
DNS Requirements
Required for both IPv4 and IPv6

IPv4 Host record (A)
IPv6 Host record (AAAA)
PTR
OV 6 - 16
Tunneling
ISATAP
The 6to4 protocol
Teredo

OV 6 - 17
ISATAP
Transmits packets on top of IPv4

Treats IPv4 infrastructure as a non-broadcast multi-access network
IPv6 address auto-configuration
Queries DNS for address of ISATAP router
ISATAP router encapsulates IPv6 into IPv4 packets
Not NAT friendly
OV 6 - 18
The 6to4 Protocol
Unicast connectivity between IPv6 across IPv4

IPv6 encapsulated in IPv4
Address format2002:WWXX:YYZZ:Subnet_ID:Interface_ID
Not NAT friendly
OV 6 - 19
Teredo
A NAT traversal technology

Full IPv6 connectivity to IPv6 hosts that are on an IPv4 network
Encapsulates IPv6 in IPv4 UDP messages
Clients are assigned an IPv6 address that starts with (2001:0::/32)
Teredo server initially configures Teredo tunnel
Teredo relay remote end de-encapsulates Teredo tunnel
OV 6 - 20
PortProxy
Transition mechanism
Application gateway
Proxies TCP traffic between IPv4 and IPv6 nodes
Connection can be forwarded using the same or another protocol to the
specified port number
Allows you to run IPv4 only services (like terminal services) over IPv6
The following nodes can access each other:
An
An
An
An
IPv4-only node can access an IPv4 node.

IPv4 node can access an IPv6 node.
OV 6 - 21
Migration Considerations
Application support
Current routing infrastructure
DNS infrastructure needs
Supporting nodes
Preparation and baselines
Monitoring steps
OV 6 - 22
1. Which benefits of IPv6 would be most important to your network? Which
ones are not important to your network?
2. Would you run IPv4 and IPv6 concurrently? If so, which technology seems
like a good choice for your network?
OV 6 - 23
Installing and Configuring DHCP
Install the DHCP Server Role

Configure DHCP Scopes
Manage a DHCP Database
Secure and Monitor a DHCP Server
OV 7 - 1
Benefits of Automatic TCP/IP

Configuration
Automatic IP addressing and other TCP/IP configuration settings

The assurance of client configurations
Flexible leasing durations
Multiple configuration options
Optional integration with other technologies such as DNS and Network
Policy Server
Active Directory Domain Services (AD DS) authorization on AD DS
domains
Automatic database backup
Auditing and event monitoring
OV 7 - 2
PXE Boot Clients

Client boots from the network.
Some clients do not yet have an operating system.
DHCP starts the process of obtaining an operating system by providing
an IP address lease.
Computers could be thin clients with no hard drive, or bare-metal boxes.
OV 7 - 3
DHCP Lease Process

The DHCP client broadcasts a DHCP discover packet.
A DHCP server responds with a DHCP offer packet or a DHCP relay agent
forwards the packet to a DHCP server.
The client receives the DHCP offer packet from the DHCP server(s).
The client accepts the DHCP offer packet from the first DHCP server.
The DHCP server assigns the client address, stores the client IP
information in its database, and issues the client a DHCP ACK
(acknowledgement) message.
If the client does not get a response from a DHCP server:
The client >= Windows 2000, it configures automatic private IP addressing (APIPA) in
the 169.254.0.0./16 range.
The client is not a Windows client or <= Windows 2000, it will continue to broadcast
the DHCP discover packet until it receives a DHCP offer packet from a DHCP server.
OV 7 - 4
DHCP Relay Agents

Allows DHCP services to extend across multi-segmented IP networks.
Routers block broadcasts, but RFC 1542compliant routers can be
configured as BOOTP/DHCP relay agents to listen for DHCP requests and
relay them to DHCP servers on different subnets.
You can configure a DHCP relay agent in Windows Server 2012 in Routing
and Remote Access. Add the Remote Access role to any server that is not
a DHCP server.
You cannot use the relay agent on a server that is running Network
Address Translation (NAT) with automatic addressing enabled, or with
Internet Connection Sharing (ICS).

OV 7 - 5
DHCP Server Authorization

For security, the DHCP Server service is integrated with Active Directory
to require authorization for DHCP servers.
A DHCP server configured on a domain controller or that is a member of
an AD DS domain queries Active Directory for a list of authorized servers
identified by IP address.
If the server's IP address is not on the list, the DHCP server stops its startup
sequence and shuts down.
A server that is configured with Windows Server 2012 and hosts a DHCP
server, but that is not joined to the Active Directory domain can still be
authorized.
The DHCP server on the standalone machine queries the Active Directory root
domain for the list of authorized servers, and if it is authorized, it starts the DHCP
service.
OV 7 - 6
DHCP Scopes
IPv4 scope properties:
The scope name

The IP addresses available for lease
The subnet mask
The lease duration
Exclusions, which are addresses not offered for lease
Reservations, which predefine the relationship between an IP address and a
machine's media access control (MAC) address
Ensures that a DHCP client always receives the same address for which it is reserved
Options, which may be configured to provide information to specific clients

IPv6 scope properties:
The scope name and description

The IPv6 prefix
Exclusions, which are addresses not offered for lease
Preferred lifetime, which is the lease duration
Options, which may be configured to provide information to specific clients

OV 7 - 7
DHCP Reservations
Predefines relationship between an IP address lease and the device s MAC
address
Ensures the device will always receive the same IP address from DHCP

OV 7 - 8
DHCP Options
Server level options apply to all scopes defined on a DHCP server.
Scope level options apply to all clients that receive a lease from a specific
scope.
Class level options apply only to those clients identified as a specific user
or vendor class.
Reservation level options apply to one reserved DHCP client.
Option Code

1
Name

Subnet Mask
Router
DNS Server
15
DNS Name
31
Router Discovery
33
Static Route
44
WINS Server
46
WINS/NetBIOS Node Type
47
NetBIOS Scope ID
OV 7 - 9
Policy Address Assignment

Windows Server 2012 includes a new policy-based IP address assignment
feature for DHCP server.
This feature, which is integrated with Network Policy Server, enables you
to group DHCP clients and define them based on a set of attribute criteria
to customize IP address leasing and configuration settings to that group.
You can use the address assignment policies to differentiate between
client types.
Address assignment policies are set at the server level and scope level.
OV 7 - 10
The DHCP Database

OV 7 - 11
DHCP Database Backup

Two methods:
Automatic backup runs at 60-minutes intervals (synchronous)
Manually performed by a network administrator (asynchronous)
Both methods back up the entire database:

All scopes
Leases
Reservations
Options at all levels: server, scope, reservation, and class

Registry keys and other pertinent configuration settings such as audit log
settings and folder locations that have been set in DHCP server
properties:
Settings are stored in the following registry subkey: HKEY_LOCAL_MACHINE\System
\CurrentControlSet\Services\DHCPServer\Parameters
OV 7 - 12
DHCP Database Restoration

Restore a DHCP backup using the DHCP management console.
If no backup exists, you ll have to rebuild the scope, delete any client
leases, and force all clients to reboot.
OV 7 - 13
DHCP Database Reconciliation

Reconciling the database can fix scope inconsistencies such as an
incorrect configuration for a DHCP client IP address that is stored in
scope information.
The DHCP Server service stores summary and detailed IP address
information in the DHCP database.
When the server reconciles scopes it compares the summary and detailed
entries to find inconsistencies.
After reconciliation of any scope inconsistencies, the DHCP server either
restores the IP addresses to the original lease owners, or creates a
temporary reservation for those addresses.
Reconcile DHCP on a per-scope basis by right-clicking the scope and
selecting Reconcile.
OV 7 - 14
Move a DHCP Database

Back up the DHCP database and restore it on the other server.
Use the netsh dhcp command to export and import the settings:
netsh dhcp server export <file_name>.txt all
netsh dhcp server import <file_name>.txt all
OV 7 - 15
DHCP Security Concerns

An unauthorized (rogue) DHCP server could give clients improper leases.
Unauthorized clients could obtain a DHCP lease from a server and access
the network.
A DHCP server could run out of available addresses, effectively halting
service availability.
OV 7 - 16
DHCP Activity and Audit Logs

Enable DHCP logging for suspicious activities.
Analyze logs regularly.
Server logging requires Administrator permissions or membership in the
DHCP Administrators group.
View logs in %systemroot%\System32\dhcp.
Logs have the name DhcpSrvLog-<day-of-week>.log.
OV 7 - 17
Audit Log Fields

Audit Log

Field
Description
ID
DHCP server event ID
Date
Date of log entry on the DHCP server
Time
Time of log entry on the DHCP server
Description
Description of the DHCP server event
IP Address
IP address of the DHCP client
Host Name
Host name of the DHCP client
MAC Address
MAC address of client's network adapter
OV 7 - 18
Common Event Codes
Event ID
Description
00
The log started.
01
The log stopped.
02
The log was temporarily stopped due to low disk space.
10
A new IP address was leased to a client.
11
A lease was renewed by a client.
12
A lease was released by a client.
13
An IP address was found in use on the network.
14
A lease request could not be satisfied because the address pool of

the scope was exhausted.
15
A lease was denied.
20
A Bootstrap Protocol (BOOTP) address was leased to a client.
DHCP server audit logs are located by default in the %systemroot

\System32\dhcp folder.
OV 7 - 19
Network Access Protection and DHCP

Network Access Protection (NAP) is an infrastructure that requires clients
to prove system health before they are permitted to connect to the
network.
DHCP can be configured to be a NAP enforcement point on a per-scope
basis, refusing to grant an IP lease to a non-compliant client.
Configure DHCP for NAP enforcement in the scope properties.
OV 7 - 20
Client Configuration Settings for NAP

Setting
What s Important
NAP Agent Service
This service must be running in order for a client to be NAPcapable.
IP Address Configuration
The client must be configured to obtain an IPv4 address

automatically.
DHCP Enforcement Client
This is enabled through policy settings, either group policy or the

local policy settings. If both settings are configured, group policy
settings take precedence.
System Health Agents
No configuration is necessary to use Windows System Health

Validators (SHVs).
OV 7 - 21
Unauthorized Servers
An unauthorized server is considered to be a rogue server that must be
located on the network and either be disconnected from the network or
have the DHCP service disabled.
Ensure the DHCP server is authorized and check its IP address against the
list of valid IP addresses.
If the IP address used by server is not on the list, decommission the
server on the network.
OV 7 - 22
DHCP Administration Delegation

Restrict membership of the DHCP Administrators group as much as
possible.
Any DHCP administrator can manage the DHCP Server service.
Those who require only read access should be assigned membership in
the DHCP Users group.
OV 7 - 23
1.
In your environment, do you envision needing more than one DHCP
scope?
2. In your environment, do you envision yourself using DHCP as a NAP
enforcement point? Why or why not?
OV 7 - 24
Installing and Configuring DNS

Overview of DNS
Install and Configure the DNS Server Role
OV 8 - 1
Introduction to Name Resolution

Converts alphanumeric computer names to IP addresses.
Clients rely on the Domain Name System (DNS) to locate computers and
services on the network.
DNS forms a logical tree structure hosted by and distributed across
physical servers.
On an internal network, DNS integrates with Active Directory.
Active Directory mirrors the hierarchical DNS logical structure called the
DNS namespace.
OV 8 - 2
Computer Names
The term "computer names" is a catchall used to talk about the name you
assign to a computer.
A NetBIOS name is a 16-character (byte) name that identifies NetBIOS
resources on the network:
The first 15 characters of the name identify the computer name, such as
wkstnsales1.
The sixteenth character identifies the resourcesuch as an applicationthat is
written to work with NetBIOS.
NetBIOS names form a flat namespace in which every name must be different.
The host name is the first label of a fully qualified domain name (FQDN),
which is a DNS name that uniquely identifies a computer in the DNS
namespace
A valid FQDN must adhere to specific rules:
Use
Use
Use
Use
Use
up to 255 characters.
any combination of letters A-Z, a-z.
any numbers from 0 to 9.
hyphens (-) and periods.
dots (.) to identify domain levels in an FQDN.
OV 8 - 3
What Is DNS?
DNS is a hierarchical distributed naming system for computers, services,
or any resources connected to the Internet or a private network. DNS
forms a logical tree structure hosted by and distributed across physical
servers.
DNS translates domain names to IP addresses.
OV 8 - 4
Domain Name Levels

Logical structure:

Name
Description
Root level
The top of the namespace hierarchy, represented on the Internet by a dot (.).
Top level
Represents a type of domain name. The Internet uses .com, .gov, .edu, .org, .biz, as
well as extensions for other organizational entities and countries.
Second level
Represents domain names for organizations (for example, microsoft.com,

logicaloperations.com).
Subdomain
Represents additional names appended to the second-level domain name to identify

an organization's departments or geographic locations.
Host
Represents a leaf in the DNS name tree and refers to a specific computer on an
organization's network.
OV 8 - 5
DNS Zones
A DNS zone is a specific, contiguous portion of the DNS namespace. A
DNS database can be partitioned into multiple zones.
The zone on a DNS server contains resource records, which contain
information about all of the network host names that end with the zone's
root domain name.
A DNS zone is responsible for responding to queries for resource records
in a specific domain.

OV 8 - 6
Forward Lookup Zones
OV 8 - 7
New Zone Wizard
OV 8 - 8
Reverse Lookup Zones
OV 8 - 9
Creating a Reverse Lookup Zone
OV 8 - 10
DNS Resource Records
Resource Record
Type
Description
Start of Authority
(SOA)
Indicates the DNS server that either created the record or that currently is the
authoritative server for the zone.
Host (A)
Contains the name of the host and its IP address. Used to resolve a host name
to an IP address. The most common resource record found in a forward lookup
zone.
Name Server (NS)
Identifies the name servers listed in the DNS database for a specific zone.
Service (SRV)
Specifies which resources perform a service.
Mail Exchanger (MX)
Specifies the resources available for Simple Mail Transport Protocol (SMTP).
Allows for mail exchange.
Pointer (PTR)
Used in reverse lookup operations to map an IP address to a host name.
Canonical (CNAME)
Specifies an alias name. These records allow you to use more than one name
to point to a single host.
AAAA
Maps an IPv4 IP address into a 128-bit address.
OV 8 - 11
DNS Name Resolution Process

1. A network client sends a query to its local DNS server for the IP address
of a web server.
2. The local DNS server checks its zone records and then its local cache to
see if it has the record.
3. If the local DNS server does not have the record, it checks to see if it is
configured to use a forwarder (another DNS server).
4. If it is configured to use a forwarder, it forwards the client query to the
forwarder.
5. If it is not configured to use a forwarder, it checks to see if it has root
hints (a list of root DNS servers).
6. If it has root hints, it begins an iterative search of the DNS tree, starting
at the root, working its way down the tree, until if finds the desired
record.
7. Upon finding the record, the DNS server returns the record to the client,
caching a copy for future use.
OV 8 - 12
DNS Components
DNS server
A server service that resolves names to IP addresses.
It responds to resolver queries, providing the record if it has it, or fetching the record
from other DNS servers if it does not.
DNS resolver
A DNS client that needs to resolve a name to an IP address, and so queries a DNS
server for the information.
A DNS server can also be a resolver, querying other DNS servers on behalf of the
client.
OV 8 - 13
DNS Zone Types
Primary zone
Secondary zone
Stub zone
Active Directoryintegrated zone
OV 8 - 14
Primary Zones
A primary zone on a DNS server contains a writeable (master) copy of
all zone data.
OV 8 - 15
Secondary Zone
A secondary zone is a read-only copy of the DNS zone.
It replicates on a regular interval with either the primary or another
secondary DNS server.
OV 8 - 16
Stub Zone
A stub zone is a tiny, non-authoritative representation of a zone.
It contains records of authoritative nameservers, and refers clients to
those nameservers.
The stub zone replicates with the authoritative zone, receiving updates
the nameserver records, but no host records.
OV 8 - 17
Active DirectoryIntegrated Zone

A zone hosted on Active Directory domain controllers.
Each copy of an Active Directory-Integrated zone is writeable (multimaster).
Active DirectoryIntegrated zones can be configured for Secure Dynamic
Updates, requiring hosts to authenticate before they can register their
records in DNS.
The zone replicates as part of Active Directory replication.
The zone is stored in the Active Directory database, protecting it from
unauthorized access or tampering.
OV 8 - 18
Dynamic Updates
DNS clients can register and update their resource records with a DNS
server whenever changes occur.
The Dynamic Host Configuration Protocol (DHCP) client service performs
registration updates for clients with a leased IP address from a DHCP
server and for clients with static IP configurations.
Clients register when certain events occur:
When a client's IP address is added, configured, or changed.
When the client starts and the DHCP client service starts.
OV 8 - 19
DNS Queries
DNS queries are lookup requests for specified DNS resource records
An authoritative response means that the DNS server returns an answer it
knows to be correct because the DNS server has a copy of the zone
A non-authoritative response means that the DNS server must query
other DNS servers and cache the response
DNS servers use forwarders, conditional forwarders and root hints to find
records that they do not already have
Recursive queries usually are performed by resolvers that need a name
resolved fully in the response.
Iterative queries require the DNS server either to return the best answer
available based on its zone and cache information or to respond with a
referral, which is a pointer to a DNS server that may have the correct data.
OV 8 - 20
Root Hints
Root hints is a file that contains the names and IP addresses of the DNS
root servers.
If you choose to simulate the Internet in a lab, you should designate one
DNS server to be the root, and then on all the other DNS servers remove
all the root hints and add your own.
On the designated root, create only a single standard primary zone with
the name "."
Any DNS server configured to be a root will automatically have its Root
Hints tab disabled.
The safest way to modify the original root hints file, cache.dns, is in the
DNS server Properties on the Root Hints tab.
OV 8 - 21
DNS Forwarding
If a resolver sends a query that a DNS server cannot resolve locally, the
DNS server can send the query to a DNS server configured as a forwarder.
A DNS server configured to use a conditional forwarder forwards DNS
queries according to the query's DNS domain name.
OV 8 - 22
DNS Caching
When a DNS server resolves a DNS name query successfully, it caches the
name and IP information for future use.
OV 8 - 23
The DNS Server Role

Windows Server 2012 does not install the DNS Server role as part of the
operating system's initial configuration setup.
It is a simple procedure to install the DNS service via the Server Manager
console using the Add Roles and Features Wizard.
You can add the DNS Server role when you install AD DS and promote the
server to a domain controller, or you can install the DNS Server role using
the following PowerShell command:
Install-WindowsFeature DNS
OV 8 - 24
1. In your environment, do you foresee the need to use stub zones? Why or
why not?
2. In your environment, will you configure your DNS server to use a
forwarder? Why or why not?
OV 8 - 25
Configuring Storage Spaces and File and

Print Services
Design and Implement Storage Spaces

Secure Files and Folders
Configure Offline Files and Shadow Copies
Implement Network Printing
OV 9 - 1
Disk Types
IDE
EIDE
SATA
SCSI
SAS
SSD
OV 9 - 2
Network Storage Devices

Direct attached storage (DAS)
Network attached storage (NAS)
Storage area networks (SANs)
OV 9 - 3
RAID Types
RAID
RAID
RAID
RAID
RAID
RAID
RAID
0: Striping
1: Mirroring
3 and 4: Striping with dedicated parity
5: Striping with distributed parity
6: Striping with dual parity
0+1: Striping and mirroring disk sets
1+0 (or RAID 10): Mirroring and striping
OV 9 - 4
Partition Table Formats

Master Boot Record (MBR) partition tables
GUID partition table (GPT)
OV 9 - 5
Basic and Dynamic Disks

Basic disks support traditional partitions:
Up to four primary partitions
One extended partition with logical drives
Dynamic disks can host volumes that span or are striped across multiple
disks:
Simple volume
Spanned volume
Striped volume (RAID 0)
Mirrored volume (RAID 1)
Striped volume with parity (RAID 5)
OV 9 - 6
Required Volumes for Server 2012

System volume contains the Windows operating system
Boot volume stores files necessary to begin the boot process
OV 9 - 7
Partition Types
Primary
Extended
Active
Logical
OV 9 - 8
File Systems
FAT
FAT32
NTFS
ReFS
OV 9 - 9
What Is ReFS?
Resilient File System
New for Windows Server 2012
Advantages include:
Metadata integrity with checksums

Integrity streams with user data integrity
Allocation on write transactional model
Large volume, file, and directory sizes (278 bytes with 16-KB cluster size)
Storage pooling and virtualization

Data striping for performance and redundancy
Disk scrubbing for protection against latent disk errors
Resiliency to corruptions with recovery
Shared storage pools across machines
OV 9 - 10
Mount Points
A physical location in the directory structure on which you graftor
mountthe root directory of another volume.
A mount point is an empty folder that is used as a link to another volume.
It has its own file system, permissions, and quotas.
Mount points are useful when:
You re running out of disk space and you would like to add space without modifying
the folder structure or the disk structure, so you configure a folder to point to
another hard disk.
You are running out of available letters to assign partitions or volumes, so instead
you use a directory name.
You need to separate disk I/O within a folder structure. Perhaps you have an
application that needs to be within a particular directory structure but requires an
intensive amount of disk I/O.
OV 9 - 11
Links
Another name for a file or directory

Similar to, but not exactly the same as, a shortcut
Can be understood by applications that do not understand shortcuts
Can be created using the mklink command
OV 9 - 12
Volume Size Management

Extend or shrink NTFS volumes
Extend, but not shrink, ReFS volumes
Can modify the volume using these tools:
Disk Manager
Diskpart.exe
Resize-Partition cmdlet
OV 9 - 13
Storage Management and Advanced

Options
Virtualize storage using Storage Spaces.
Select any type of available physical disks and add them to a storage
pool.
Create virtual disks from storage pools.
Storage can be allocated dynamically.
OV 9 - 14
Storage Spaces
OV 9 - 15
NTFS Permissions
For files:
Read
Write
Read & execute
Modify
Full control
Special permissions
For folders:
Read
Write
Read & execute
Modify
Full control
List folder content
Special permissions
OV 9 - 16
Permissions Inheritance
NTFS permissions flow down from parent to child.

To block inheritance, select This folder only on the parent.
Top level permissions are set at the volume level.
If Allow or Deny check boxes are shaded, the permissions have been
inherited.
OV 9 - 17
Effective Permissions
Permissions are cumulative:
Adds all permissions from all of a
user s group memberships
Deny overrides all.
OV 9 - 18
Shared Folders
Allows users and groups to have access to a folder and its contents, or to
an entire drive.
SMB or NFS.
Share a folder or an entire drive.
Has an access control list.
Share permissions are generally broader and more permissive.
NTFS permissions refine and narrow the share permissions.
OV 9 - 19
Access-Based Enumeration
First available as a downloadable package for Windows Server 2003

Now included with Windows Server 2012
Displays only the files and folders that a user has permissions to access
Only active when viewing files in a shared folder, not on the local file
system
OV 9 - 20
Configuring Access-Based Enumeration
OV 9 - 21
Offline Files
Enables users to access network files even when a network connection is
not available, or is slow or inconsistent
Creates a local copy of the network file
Offline Mode is activated when:
Always Offline Mode is enabled.

The server is unavailable.
The network connection is slower than a configurable threshold.
The user selects the Work Offline button in Windows Explorer.
OV 9 - 22
Shadow Copies
Provides a copy of a shared folder or file at a specific point in time
Can have multiple shadow copies of the same folder or file
Enables users to:
Recover accidentally deleted files.
Recover accidentally overwritten files.
Compare versions of a file to view the changes that have been made.
OV 9 - 23
Easy Print
Proxy for every print job

Redirects all printing-related jobs back to the user s local machine
No need to install any print drivers on the RDP server
Converts legacy GDI print jobs to XPS
Can be configured in client printer properties
Can also be configured using Group Policy
OV 9 - 24
Network Printing
Local print device physically attached to a computer
Network print device set up for remote access over the network
OV 9 - 25
Printer Pooling
Combines multiple physical printers into a single logical unit

Increases availability and scalability
Requires that all printers use the same driver
Requires that all printers are in the same location
Works best when all printers are like models and have like configurations
OV 9 - 26
Branch Office Direct Printing

Enables clients to print directly to network printers shared on a
centralized print server
Print job is sent directly to branch office printer
Requires Windows Server 2012 and Windows 8
OV 9 - 27
1. Do you expect to use shadow copies in your work environment?
Why or why not?
2. How will Windows Server 2012 printing options help your network?
What is more useful to you: Branch Office Direct Printing or printer
pooling?

OV 9 - 28
Configuring Group Policy

Create Group Policy Objects
Group Policy Processing
Implement a Central Store
OV 10 - 1
What Is Group Policy?

Configuration settings that enable you to modify registry settings on
computers in an Active Directory domain.
Settings are combined into Group Policy Objects (GPOs).
Applied to users, groups, and computers by linking the GPO to an OU.
OV 10 - 2
Group Policy Management Console
OV 10 - 3
Group Policy Management Editor
OV 10 - 4
Group Policy Management from

Active Directory Management
OV 10 - 5
Group Policy Storage

Group Policy templates
Group Policy containers
OV 10 - 6
Creating a New GPO
OV 10 - 7
GPO Scope
OV 10 - 8
Configure GPO Settings
OV 10 - 9
Windows Registry Key Permissions
OV 10 - 10
GPO Context Menu
OV 10 - 11
GPO Linking
A GPO must be linked to an Active Directory container to take effect.
You can use the GPMC or PowerShell to link GPOs.
Child containers and objects inherit Group Policy settings from the parent
container.
OV 10 - 12
Detecting GPO Status
OV 10 - 13
Group Policy Preferences

Extensions that expand configurable settings
Are not enforced
Can be used to create and manage items on the targeted computer
OV 10 - 14
Default Domain Controllers Policy
OV 10 - 15
Starter GPOs
OV 10 - 16
GPO Delegation
OV 10 - 17
GPO Processing
GPO settings are applied to a computer at startup.
GPO settings are applied to a user at logon.
Most GPO settings are refreshed in the background:
Every 90 minutes on clients
Every 5 minutes on domain controllers
Policies are applied in order:
Local Policy
Site
Domain
OU
Child OU
Conflicting settings are overwritten as policies are processed.
OV 10 - 18
Group Policy Filtering

GPO requires two permissions to apply:
Allow Read
Allow Apply Group Policy
You can set permission to Deny Apply to exempt a user, group, or

computer from receiving the permissions.
OV 10 - 19
Group Policy Modeling Wizard
OV 10 - 20
Group Policy Modeling Wizard Report
OV 10 - 21
The Central Store

A single location to keep GPO templates
Simplifies GPO management for administrators who edit from their own
workstations
OV 10 - 22
Central Store Creation

Physically copy the PolicyDefinitions folder and all its contents from C:
\Windows\PolicyDefinitions on a client.
Copy the templates to C:\Windows\SYSVOL\sysvol\<domain_name>
\Policies on the domain controller.
The central store will be automatically detected and used by clients.
OV 10 - 23
Administrative Templates
Composed of ADMX and ADML files.
Contain the registry settings to be modified by Group Policy.
Each new version of a Microsoft operating system introduced its own
administrative templates.
OV 10 - 24
Managed and Unmanaged Policy Settings

Managed policy settings:
Controlled by Group Policy service

Removed if out of scope
Have a locked UI
Shown by default in the GPME
Unmanaged policy settings:
Not controlled by Group Policy service

Not removed if out of scope
Do not have a locked UI
Hidden by default in the GPME
OV 10 - 25
1. How do you think using GPOs for firewall settings would
improve security in your network?
2. Will creating and filtering GPOs to refine who they are applied
to help you as a network administrator? Why?
OV 10 - 26
Securing Windows Servers
Analyze Security
Configure Windows Server User Security
Configure Windows Server Software Security
Configure Windows Firewall
OV 11 - 1
Security Risks
Confidentiality an unauthorized person might access data.
Integrity unauthorized changes might be made to the data.
Availability data might not be available when needed.
OV 11 - 2
Security Measures
Individual firewalls
Access control lists
Backup and restore procedures in place
Physical security
Training
OV 11 - 3
Best Practices
Apply patches in a timely manner.

Use the principle of least privileges.
Restrict console logon.
Restrict physical access.
OV 11 - 4
User Rights
Determine the actions a user can perform within the operating system.
Use secpol.msc to set user rights locally.
Use Group Policy to set user rights in a domain.
Common user rights:
Add workstation to domain

Allow log on locally
Allow log on through Remote Desktop Services
Back up files and directories
Change the system time
Force shutdown from a remote system
Shut down the system
OV 11 - 5
Security Tools
secpol.msc
secedit.exe
GPMC
Security Templates
Security Configuration and Analysis
Security Configuration Wizard (SCW)
Security Compliance Manager (SCM)
OV 11 - 6
UAC
UAC prompts the user for administrator credentials.
By default, both standard users and administrators run applications as a
standard user.
There is no UAC prompt if you are logged in as the built-in administrator.
OV 11 - 7
User Account Control Settings
OV 11 - 8
Account Policies
Password policy
Account lockout policy
Kerberos policy
OV 11 - 9
Local Security Policy
OV 11 - 10
Restricted Groups
Manages group membership automatically.
You define who should and should not be a member of the group.
If someone else changes the membership, it gets changed back on policy
refresh.
OV 11 - 11
Security Templates
Three default security templates in Windows Server 2012:
Defltbase.inf
Defltsvc.inf
Defltdc.inf
You can create a blank template and configure:

Account policies
Local policies
Event Log
Restricted Groups
System Services
Registry
File System
OV 11 - 12
Security Template Distribution
secedit.exe
Security Template snap-in
Security Configuration Wizard
Group Policy
Security Compliance Manager
OV 11 - 13
Auditing
Log security-related events.
View events in the Security log of Event Viewer.
OV 11 - 14
Dynamic Access Control
Automatically or manually classify files.

Tag data in file servers across the organization.
Control access to files by deploying Central Access Policies.
Apply Rights Management Services (RMS) to automatically encrypt
sensitive Microsoft Office documents.
OV 11 - 15
Software Restriction Policies
OV 11 - 16
Software Restriction Policy Configuration
OV 11 - 17
AppLocker
Applies Application Control Policies
New capabilities to control how users can access and use executables
AppLocker rules are defined based on:
Publisher name
Product name
File name
File version
OV 11 - 18
Defining AppLocker Settings
OV 11 - 19
AppLocker Enforcement
OV 11 - 20
Windows Firewall with Advanced Security

Stateful, host-based firewall that allows or blocks network traffic
Provides enhancements to the original Windows Firewall:
Separate inbound and outbound rules that the administrator can configure
Integrated firewall filtering and IPSec protection settings
Network locationaware profiles
The ability to import and export policies
Can be configured using a number of tools:
Windows Firewall with Advanced Security console in Server Manager Tools

Windows Firewall with Advanced Security MMC snap-in
secpol.msc
Group Policy
netsh advfirewall command
PowerShell *-NetFirewall* cmdlets
OV 11 - 21
Windows Firewall with Advanced

Security Console
OV 11 - 22
Inbound and Outbound Rules
OV 11 - 23
New Connection Security Rule Wizard
OV 11 - 24
Firewall Profiles
Domain
Public
Private
OV 11 - 25
1. In what ways do you think User Account Control enhances security?
2. Will AppLocker benefit your network's security, and if so, how?
OV 11 - 26
Installing and Configuring Virtual

Servers and Clients
Identify Virtualization Solutions

Implement Hyper-V
Configure Hyper-V
Manage Virtual Networking
OV 12 - 1
Hyper-V Benefits
Invisible to users
Different operating systems for guest machines
More efficient use of hardware
Simplified server deployment
Virtual machine templates
OV 12 - 2
MED-V and Compatibility Mode
OV 12 - 3
VDI
Runs desktop in a server-based virtual machine
Makes it easy to deploy new desktops, complete with software
Offers the following benefits:
Includes a scenario deployment tool that you can use to automate the configuration
and deployment of virtual machines and sessions
Standardizes and helps you automate common VDI maintenance tasks such as
updates and patching
Provides simplified single sign-on that reduces the number of password prompts
for each user
Creates a historic view of resources assigned to users, along with the ability to
change or edit properties of published resources
Includes Windows PowerShell scripts that you can use to automate deployment and
configuration tasks
OV 12 - 4
VDI and Remote Desktop
OV 12 - 5
Presentation Virtualization
Allows you to keep data in a central location, not on the PCs
Many technologies available:
Remote Desktop Services

Full Desktop with RDC
Application using RemoteApp
Remote Access through Remote Desktop Gateway
Terminal Services
OV 12 - 6
Application Virtualization
Very similar to desktop virtualization.
Only a single application is virtualized.
Offers the following benefits:
Application isolation
Application portability
Application versions on one computer
OV 12 - 7
Hyper-V Overview
Hardware virtualization role in Windows Server 2012.

Can run on full GUI or Server Core.
Guest virtual machines run as child partitions on the host.
Requires x64 platform that supports virtualization.
Provides the following virtual hardware:
BIOS
RAM
Processor
IDE Controller 0
IDE Controller 1
SCSI Controller
Network Adapter
COM 1
COM 2
Diskette drive
OV 12 - 8
Dynamic Memory
Hyper-V allows memory needed by VMs to be allocated and de-allocated
dynamically.
Smart Paging uses disk space when there isn t enough physical RAM for a
guest VM restart.
OV 12 - 9
Start and Stop Actions

You can configure the following Hyper-V start actions:
Do nothing.
Automatically start if it was running when the VM service stopped.
Always start the VM.
You can configure the following Hyper-V stop actions:

Save the state of the VM.
Turn off the VM.
Shut down the virtual operating system.
OV 12 - 10
Integration of VMs and Hosts

Install integration services in the guest OS.
Installed already in Windows Server 2012 and Windows 8.
The following can be integrated:
Operating system shutdown

Time synchronization
Date exchange
Heartbeat
Backup (volume snapshot)
OV 12 - 11
Hyper-V Memory Management
OV 12 - 12
Virtual Hard Disks

New VHDX format
Can still use VHDs
Can convert VHDs to VHDX
OV 12 - 13
Differencing Disks
Stores changes only from original disk.

Saves space.
Base disk (aka master or parent) provides a read-only, sysprepped OS.
Have a differencing disk for every different VM on top of the base.
Changes to the parent will change all the children.
OV 12 - 14
VM Snapshots
Point-in-time copy of a virtual machine
Used to roll a VM back to a previous state
Can be exported from one VM and imported to another VM
OV 12 - 15
Pass-Through Disks
Physical disk the guest VM can directly access

Can be directly attached or a SAN LUN
Must be placed in an offline state from the host server s perspective
Cannot be dynamically expanded
Cannot have snapshots
Cannot use differencing disks
OV 12 - 16
Resource Metering
Monitor Hyper-V resources.
Create cost-effective, usage-based billing solutions.
You can monitor:
Average GPU use

Memory use (average, minimum, and maximum)
Maximum disk space allocation
Incoming network traffic for a network adapter
Outgoing network traffic for a network adapter
OV 12 - 17
Network Virtualization
Isolate VMs that share the same host.
Each VM has two addresses:
Customer IP address assigned to the VM by customer
Provider IP address assigned to VM by provider for management
Virtualization can be configured as:

Virtual switches, connecting different VM adapters to the switches
VLANs to extend segmentation to hardware switches that support VLANs
OV 12 - 18
Types of Virtual Switches

External shares a physical network adapter
Internal communicate between the VMs and the host
Private communicate between the VMs, but not with the host
OV 12 - 19
MAC Addresses
Uniquely identify the network card

Must not be duplicated
Are automatically generated
Can easily be changed manually on a VM interface
OV 12 - 20
Virtual Network Adapters

Network adapter:
Formerly known as a synthetic network adapter
Specifically designed for VMs to significantly reduce CPU overhead during network
I/O
Uses shared memory on the VM bus for more efficient data transfer
Has significantly better performance than the legacy adapter
Legacy adapter:
Formerly known as an emulated network adapter
Simulates a hardware network interface card
May be required to boot VM from network
OV 12 - 21
1. Consider how MED-V would improve your network s security
and administrative efficiency. Would your end users benefit
from virtual desktops they could access from anywhere within
the network?

2. Consider your network needs.Is a cloud solution like Azure
best for your network? If so, how would you implement the
cloud? What things would you want to virtualize in the cloud?
OV 12 - 22

2640 12299 Itu Notes Windows Server 2012 Installation and Configuration

Cargado por

Información del documento

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

2640 12299 Itu Notes Windows Server 2012 Installation and Configuration

Cargado por

Copyright:

Formatos disponibles

Course Outline

Planning, Installing, and Configuring Windows Server 2012

Copyright 2013 IT University Online All rights reserved.

Planning, Installing, and Configuring

Introduction to Windows Server 2012

Copyright 2013 IT University Online All rights reserved.

Copyright 2013 IT University Online All rights reserved.

Windows Server 2012 Server Roles

Active Directory Certificate Services (AD CS)

Copyright 2013 IT University Online All rights reserved.

Windows Server 2012 Server Roles (Cont.)

Copyright 2013 IT University Online All rights reserved.

Windows Server 2012 Features

Windows BitLocker Drive Encryption

Copyright 2013 IT University Online All rights reserved.

New Features in Windows Server 2012

Copyright 2013 IT University Online All rights reserved.

Comparing Server Roles and Features

Copyright 2013 IT University Online All rights reserved.

Windows Server 2012 Editions

Windows Server 2012 Standard

Windows Server 2012 Essentials

Windows Server 2012 Foundation

Copyright 2013 IT University Online All rights reserved.

Windows Server 2012 Licensing

Windows Server 2012 Standard

Windows Server 2012 Essentials

Windows Server 2012 Foundation

Copyright 2013 IT University Online All rights reserved.

Administrative Tools and Tasks

Add and configure server roles.

Active Directory Users and Computers; Active Directory Administration

Group Policy Management

Copyright 2013 IT University Online All rights reserved.

Administrative Tools and Tasks (Cont.)

Various MMCs, such as the DNS console

Perform remote management from a command-line interface.

Copyright 2013 IT University Online All rights reserved.

Introduction to Server Manager

Manage configuration of multiple servers.

Copyright 2013 IT University Online All rights reserved.

The Server Manager Interface

Copyright 2013 IT University Online All rights reserved.

Shows all servers running a particular service in the domain

Copyright 2013 IT University Online All rights reserved.

The Dashboard Pane

Copyright 2013 IT University Online All rights reserved.

All Servers Pane

Copyright 2013 IT University Online All rights reserved.

The File and Storage Services Pane

Copyright 2013 IT University Online All rights reserved.

The File and Storage Services Pane (Cont.)

Copyright 2013 IT University Online All rights reserved.

Windows Server 2012 System

1.4 GHz 64-bit processor

3.1 GHz or faster

Additional hardware needed:

Copyright 2013 IT University Online All rights reserved.

Windows Server 2012 Installation

Optical media such as a DVD

Copyright 2013 IT University Online All rights reserved.

Copyright 2013 IT University Online All rights reserved.

Copyright 2013 IT University Online All rights reserved.

Upgrade Paths for Windows Server 2012