Notes
Notes
In This Video
About Your Instructor and Train Signal Whats Covered in this Course The Globomantics Scenario What You Will Need to Follow Along with the Course
Lets go!!!
In This Video
Look at the different versions of Windows Server 2008. Install Windows Server 2008 from scratch. Install the Active Directory Domain Services role. Upgrade from Windows Server 2003.
Globomantics Network
Globomantics Forest
Review
After watching this video you should know how to: o Describe the different versions of Windows Server 2008 and know how to select the right version to meet your needs. o Install Windows Server 2008. o Install the AD DS role. o Upgrade from Windows Server 2003. In the next video I will show you how to automate server deployment.
In This Video
Getting ready for WDS. Installing the WDS role. Deploying servers using WDS. Automating installations with Answer Files. o Creating an Answer File using WAIK. o Adding the Answer File to WDS.
Review
After watching this video you should know how to: o Describe WDS and its requirements. o Install and configure the WDS role. o Create answer files using WAIK. In the next video I will show you how to do a server core installation.
10
In This Video
What is Server Core? Installing Server Core Configuring Server Core Remote Management o Remote Server Administration Tools (RSAT) o Remote Desktop
11
Remote Management
There are 2 general choices when it comes to remote management: o Remote Server Administration Tools (RSAT) o Remote Desktop
12
Remote Desktop
Puts you on the actual desktop of the remote server. Should be used when you are unable to manage using RSAT.
Review
After watching this video you should know how to: o Explain what Server Core is and when to use it. o Install the Server Core version of Windows Server 2008. o Remotely access servers using RSAT or Remote Desktop.
13
In This Video
What are the benefits of using an RODC? Installing an RODC in a branch office. Configuring a Password Replication Policy. Using Administrative Role Separation.
RODC Benefits
RODCs provide 3 main security benefits which satisfy needs of many branch offices. o By default RODCs do not maintain password properties for any users. o No changes can be made to the AD database on the RODC. o RODCs have local a Administrator group which allows users in the branch office to administrate the computer without having privileges to the domain.
14
Globomantics Network
Review
After watching this video you should know how to: o Deploy an RODC. o Configure a Password Replication Policy. o Configure Administrative Role Separation.
15
Video 6 Virtualization
In This Video
What is Virtualization? Benefits of Using Virtualization Virtualization Products Virtualization Examples Potential Issues
What is Virtualization?
Virtualization is the concept of having one physical computer act as though it is multiple computers. Virtualization allows multiple instances of either the same or different operating systems to run on a single computer. Virtualization provides a range of benefits which can serve just about anyone ranging from home users to average business users to high end server solutions.
16
Virtualization Products
Microsoft Hyper-V o Hyper-V is a role which is built in to the 64-bit versions of Windows Server 2008. Microsoft Virtual Server Microsoft Virtual PC VMWare Server VMWare Workstation
Virtualization Examples
You have a temporary need for an additional server and cant justify the cost of purchasing another computer. You have an application which will only run on an older operating system and you dont want to use another computer just for that one application. You need to test a new product, but dont have the budget to purchase a test computer.
17
Potential Issues
Make sure you do not overuse the physical resources available. If you have a server which will require a large quantity of a certain resource consider dedicating a single computer for that server. Make sure you always have plenty of free space on your Hard Drives. Hyper-V has additional hardware requirements which may not be met by older computers. For more information go to:
http://technet.microsoft.com/en-us/library/cc731898.aspx
Review
After watching this video you should know: o What virtualization is. o The benefits of using virtualization. o Some of the virtualization products currently available. o When you should and should not use virtualization. Coachs Hyper-V Installation Bonus Video is also included with this Course
18
In This Video
Active Directory Review o Logical Components o Physical Components o Objects o Trusts What is a GPO? The Globomantics Scenario Using the Group Policy Management tool o Creating GPOs o Linking GPOs o Editing & Viewing GPO Settings o Using Starter GPOs How do GPOs get applied? Exceptions to the Rules o Block Inheritance o Enforced o Security Filtering Group Policy Modeling and Results Using Password Setting Objects (PSO)
19
20
21
What is a GPO?
A Group Policy Object (GPO) is an Active Directory object which contains configuration settings for computers and/or users. GPOs are used to simplify network administration by allowing administrators to establish settings once and have them applied to many users/computers. GPOs settings will be applied to user/computer objects held in any container object which the GPO is linked to.
Globomantics Scenario
In this lesson we are going to work in the Chicago office of the na.globomantics.com domain. The Chicago office has 80 users broken down as follows: o 10 Upper management o 10 Sales staff o 50 Call center workers o 5 Call center managers o 5 IT administrators
22
Globomantics Scenario
The na.globomantics.com AD OU structure is as follows: o 2 top level OUs for the Chicago and Dallas locations o The Chicago OU contains child OUs for Sales, Operations, Call Center, and Management o The Call Center OU contains 5 child OUs for the users who report to each of the call center managers. There is a Global Security group called IT Admins of which the 5 administrators are a member of.
Globomantics Scenario
Goals: o No one in the domain should be able to add removable devices to their computers except members of the IT Admins group. o All of the sales staff in Chicago need to have a shortcut to an important document on their desktop. o No one in the domain should be able to use the Add/Remove Programs Control Panel applet except operations staff in Chicago. o The IT administrators need to have different password requirements.
23
L S D OU
Local Site Domain Organizational Unit
L S D OU OU OU
24
Globomantics Scenario
Goals: o No one in the domain should be able to add removable devices to their computers except members of the IT Admins group. o All of the sales staff in Chicago need to have a shortcut to an important document on their desktop. o No one in the domain should be able to use the Add/Remove Programs Control Panel applet except operations staff in Chicago. o The IT administrators need to have different password requirements.
Globomantics Scenario
Globomantics Scenario
25
Globomantics Scenario
Goals: o No one in the domain should be able to add removable devices to their computers except members of the IT Admins group. o All of the sales staff in Chicago need to have a shortcut to an important document on their desktop. o No one in the domain should be able to use the Add/Remove Programs Control Panel applet except operations staff in Chicago. o The IT administrators need to have different password requirements.
Globomantics Scenario
Globomantics Scenario
26
Globomantics Scenario
Goals: o No one in the domain should be able to add removable devices to their computers except members of the IT Admins group. o All of the sales staff in Chicago need to have a shortcut to an important document on their desktop. o No one in the domain should be able to use the Add/Remove Programs Control Panel applet except operations staff in Chicago. o The IT administrators need to have different password requirements.
Globomantics Scenario
Globomantics Scenario
27
Globomantics Scenario
Goals: o No one in the domain should be able to add removable devices to their computers except members of the IT Admins group. o All of the sales staff in Chicago need to have a shortcut to an important document on their desktop. o No one in the domain should be able to use the Add/Remove Programs Control Panel applet except operations staff in Chicago. o The IT administrators need to have different password requirements.
Globomantics Scenario
28
Review
After watching this video you should know how to: o o o o o o o Describe the Active Directory structure. Create and link GPOs Modify and view GPO settings. Create a Starter GPO to use as a template. Describe how GPOs get applied. Run reports to see how GPOs have or will be applied. Use PSOs to apply different password and account lockout policies within a domain.
In This Video
Different Types of Permissions o NTFS o Shared Folder o Printer o Active Directory Configuring Permissions Globomantics Scenario Using the Delegation of Control Wizard Creating a Custom MMC
29
Configuring Permissions
Permissions can be set as an allow or deny permission. The effective permissions for a user who belongs to multiple groups with different permissions will be cumulative. The deny permission always overrides the allow permission.
Globomantics Scenario
In this lesson we are going to work in the Chicago office of the na.globomantics.com domain. The Chicago office has 80 users broken down as follows: o 10 Upper management o 10 Sales staff o 50 Call center workers o 5 Call center managers o 5 IT administrators
30
Globomantics Scenario
The na.globomantics.com AD OU structure is as follows: o 2 top level OUs for the Chicago and Dallas locations o The Chicago OU contains child OUs for Sales, Operations, Call Center, and Management o The Call Center OU contains 5 child OUs for the users who report to each of the call center managers. There is a Global Security group called IT Admins of which the 5 administrators are a member of.
Globomantics Scenario
Goals: o The company help desk has determined that it can become more efficient and secure by having call center personal contact their immediate supervisor if they forget their password and need it reset. o Call center managers need to be given the Active Directory privileges to reset passwords for the users on their team. o A custom tool needs to be designed for the managers to use when resetting passwords. This tool must be very simple to use since the call center managers are not IT trained.
31
Review
After watching this video you should know how to: o Assign AD permissions to users and groups manually. o Use the Delegation of Control Wizard to assign AD permissions for common tasks. o Create a custom MMC.
In This Video
The Globomantics Scenario Installing the File Services Role Maintaining control using NTFS Permissions Setting up Disk Quotas using the File System Resource Manager (FSRM) Installing the Print Services Role Installing a Printer Sharing a Printer on a Network Managing Printer Permissions Troubleshooting Printer Problems
32
Globomantics Scenario
Globomantics is looking to set up a file and print server in their New York office. All of the users Documents folders will be redirected to a shared location on the file server. Users must be limited to 1 GB of data which they can store on the file server. A printer will be installed and shared so that users can quickly access and install the printer on their client computers.
Troubleshooting
KISS Method o Out of paper o Out of toner o Paper jam o Not turned on (Offline) o Not plugged in Networking Problem Restart Spooler Service
33
34
Review
After watching this video you should know how to: o Install the File and/or Print Services role. o Implement NTFS permissions. (AGDLP) o Setup Disk Quotas using the File System Resource Manager (FSRM). o Install and share a printer. o Troubleshoot printing problems.
35
In This Video
The Globomantics Scenario Creating a Share Managing Permissions to a Shared Folder Accessing a Shared Folder Offline Creating a DFS Namespace Configuring DFS Replication
Globomantics Scenario
Globomantics has some important business data that it needs to make highly available its users. The data must be available to travelling users when they are away from the office. The data is vital to the daily operations of the company and therefore must be located in more than one location to provide fault tolerance in the event of a file server failure.
36
Review
After watching this video you should know how to: o o o o o Share a folder. Set permissions for the share. Make the share available to offline users. Create a DFS namespace. Configure DFS replication.
In This Video
What is a VPN? Supported Authentication Protocols Choosing a VPN Protocol The Globomantics Scenario Installing the Remote Access Service Configuring the Remote Access Service
37
What is a VPN?
VPN stands for Virtual Private Network. VPNs allow users to securely connect to the local network from a remote computer. The remote computer virtually becomes part of the local network.
38
Globomantics Scenario
Globomantics would like to allow sales users to be able to connect to the New York office while away on business trips.
Review
After watching this video you should know how to: o Install the Remote Access Service. o Configure the Remote Access Service to support VPN connections. o Set up a VPN connection on a Vista client.
39
In This Video
What is RADIUS? Globomantics Scenario Installing NPS Using NPS as a RADUIS Server o Policies o Accounting
What is a RADIUS?
RADIUS stands for Remote Authentication Dial-In User Service. RADIUS is an industry standard protocol used to provide authentication, authorization and accounting services for remote connectivity to a local network. Microsoft uses NPS for its implementation of RADIUS.
40
What is a RADIUS?
What is a RADIUS?
Globomantics Scenario
Globomantics now has multiple remote access servers throughout its network. They would like to centralize the management of all the remote access servers.
41
Review
After watching this video you should know how to: o Install the Network Policy Server Role. o Configure NPS as a RADIUS Server. o Configure a Remote Access Server as a RADIUS client. o Create a Network Policy to control access to the network.
42
In This Video
What is WSUS? WSUS Scenarios o Single Server o Independent o Autonomous Mode o Replica Mode o Disconnected Globomantics Scenario Downloading and Installing WSUS How to Configure Computer Groups o Server-side Targeting o Client-side Targeting Configuring Clients Using Group Policy
What is WSUS?
What is WSUS?
43
44
45
Globomantics Scenario
Globomantics needs to streamline the process of getting updates out to its clients world wide. Only one server in the Globomantics organization should communicate with Microsofts update server. Administrators in New York, Chicago, and Tokyo will be responsible for testing and approving updates for their own respective office. The Chicago Administrators will also be responsible for approving updates for the Dallas office.
46
Globomantics Scenario
Globomantics Scenario
Review
After watching this video you should know how to: o Download and Install WSUS. o Configure a WSUS server. o Install downstream WSUS servers in either Autonomous or Replica mode. o Create Computer Groups. o Use Group Policy to enable Client-side Targeting and other Windows Update related options . o Approve Updates
47
In This Video
What is a Certificate? What is a Certificate Authority (CA)? What are the different types of CAs? How do I get a Certificate? o Auto Enrollment o Web Enrollment What is Credential Roaming? What is a Certificate Revocation List (CRL)? What is an Online Responder? Installing Active Directory Certificate Services.
What is a Certificate?
Certificates are a form of digital identification. Certificates are used to identify an entity such as a user or computer. Certificates are issued by a Certificate Authority. Certificates contain information about the entity and about its issuer. Certificates have an expiration date. Certificates can be revoked prior to expiration.
48
Creating a CA Hierarchy
49
50
Review
After watching this video you should know how to: o Describe the different components which make up a Public Key Infrastructure (PKI). Certificate CA CRL Online Responder o Install and configure the Active Directory Certificate Services Role.
51
In This Video
How to Configure the Shadow Copy Service o Setting up the Schedule o Picking a Storage Location o Previous Versions Installing the Windows Server Backup Feature How to Create a Backup of a Volume How to Recover Lost Data o Recovering Individual Files o Recovering a Complete Volume o Recovering the Operating System Additional Backup Tips
52
Review
After watching this video you should know how to: o Setup the Shadow Copy Service to automatically create backups of individual files. o Install and the Windows Server Backup feature. o Backup your volumes. o Recover lost data.
In This Video
What is Terminal Services? Additional Role Services o Terminal Services Gateway o Terminal Services Web Access o Terminal Services Session Broker Globomantics Scenario How to Install the Terminal Services Role How to Configure Sessions on a Terminal Server Using Remote App vs. Remote Desktop
53
Globomantics Scenario
Globomantics needs to roll out a new line-ofbusiness application for all of its sales users. The new application has hardware requirements which exceed the current client configurations. They do not want to upgrade any of the client computers hardware or software. Users must be able to use the application while connecting from anywhere in the world. The solution must provide for complete SPF protection.
54
Globomantics Scenario
Globomantics will deploy 2 Terminal Servers. Access to these servers will be managed with the Terminal Services Session Broker. The Terminal Services Gateway and Terminal Services Web Access will be installed in order to provide access from outside the local network. The Remote Desktop Client 6.1 will be installed on any Windows XP clients to allow full featured connectivity from those clients.
Review
After watching this video you should know how to: o Install and configure the Terminal Services role. o Install and configure the TS Gateway, TS Web Access, and TS Session Broker role services. o Configure multiple Terminal Servers to participate in a farm. o Configure RemoteApp to simplify the process of accessing a Terminal Server when a specific application is needed.
55
In This Video
What does High Availability mean? DNS Round Robin Network Load Balancing (NLB) Failover Clustering o Using RAID o Working with SANs o Quorum Models
56
IP: 192.168.10.27 Host Name: Server1 IP: 192.168.10.26 Host Name: Server1
57
Failover Clustering
DNS Round Robin and Network Load Balancing are used for services and applications which maintain an internal data store. Failover Clustering is used for applications which use an external and/or shared data store. Servers in a Failover Cluster use shared data. Servers using NLB each maintain a copy of the data. Failover Clusters typically use a shared disk technology such as RAID or a SAN.
Using RAID
RAID 0 Striping RAID 1 Mirroring RAID 5 Striping with Parity RAID 10 Striped Mirrors
58
59
Quorum Models
Node Majority
o Typically used when there is an odd number of cluster nodes. Will remain available as long as more than half the nodes are available.
Review
After watching this video you should know how to: o Describe what High Availability is and know when to implement: DNS Round Robin Network Load Balancing Failover Clustering o Describe the different types of RAID and the different components of a SAN.
Video 18 Certification
60
In this video:
The New Generation of Certifications for Server 2008 The Upgrade Paths for MCSAs/MCSEs How to Sign Up for a Microsoft Exam Exam Prep Tips
The Three New Server Certification Blocks for Network Admins o MCTS o MCITP: Server Administrator o MCITP: Enterprise Administrator There is no MCSE 2008 There is no MCSA 2008
What you need to take for each Credential MCTS - Take any one exam from a large selection
When you get mulitple TS certs, you can build a nifty logo using MSs Logo Builder!
MCITP: Server Administrator Exams (From Scratch - Three Exams) o 70-640: TS Active Directory o 70-642: TS Network Infrastructure o 70-646 Pro: Server Administrator MCITP: Enterprise Administrator (From Scratch - Five Exams) o 70-620 or 70-624: TS Vista o 70-640: TS Active Directory o 70-642: TS Network Infrastructure o 70-643: TS Application Infrastructure o 70-647 Pro: Enterprise Administrator
61
Take Two Exams o 70-648: Provides 2 Additional MCTS Certs o 70-646: Provides MCITP
Take 4 Tests: o 70-648: Provides 2 MCTS o 70-620 or 70-624: TS Vista o 70-643: TS Applications Infrastructure o 70-647: MCITP Enterprise
Take Two Tests: o 70-649: Provides 3 MCTS o 70-646: MCITP Server Administrator
62
Take 3 Exams: o 70-649: Provides 3 MCTS o 70-620 or 70-624: TS Vista o 70-647: MCITP Enterprise Administrator
Go to Prometric.com its easy! Prometric is the exclusive provider of Microsoft exams. Microsoft periodically offers free Second Shots check the Microsoft site first!
Prep
I recommend:
MCTS Self-Paced Training Kit (Exam 70-646): Windows Server Administration from Microsoft Press
Take the Transcender Practice Exam Several TimesLook up the stuff that you miss in this Video Course or in the Microsoft Press Book. Review this course at least twice Get some Virtual Machines and push buttons! Go to the Microsoft Learning website and make sure you know the objectives. o http://www.microsoft.com/learning
63
Do not stay up all night studying get good sleep! When you go in to the test center, leave your cell phone and anything else in your car. Bring in only 2 forms of ID and your car keys. You must have 2 forms of ID!!! Before taking the test, stop and breathe. Relax. During the test, do not forget to breathe. Mark Questions for Review the first time through if you have to think too long about any one of them. You can go back at the end of the test and answer them later.
What We Covered
Train Signal, Inc. Ed Liberman
Describe the Requirements for MCTS and the MCITP Tracks Describe the Upgrade Paths for MCSAs\MCSEs to MCITP Sign up for an Exam on the Prometric Web Site
64