0% found this document useful (0 votes)
263 views115 pages

Information Sheet 1.1: Network Operating System (Nos) Features

The document discusses the features and functions of network operating systems and computer servers. Network operating systems provide basic operating, security, networking and administrative features to support computer networks. Computer servers store, retrieve and send files and data to other computers on a network, and common server types include application, catalog, communications, computing, database, fax, file, game, mail, media, print and sound servers.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
263 views115 pages

Information Sheet 1.1: Network Operating System (Nos) Features

The document discusses the features and functions of network operating systems and computer servers. Network operating systems provide basic operating, security, networking and administrative features to support computer networks. Computer servers store, retrieve and send files and data to other computers on a network, and common server types include application, catalog, communications, computing, database, fax, file, game, mail, media, print and sound servers.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 115

INFORMATION SHEET 1.

1
NETWORK OPERATING SYSTEM (NOS) FEATURES

A network operating system is a software application that provides a platform for both the functionality of an
individual computer and for multiple computers within an interconnected network. Basically, a network operating
system controls other software and computer hardware to run applications, share resources, protects data and
establishes communication. Individual computers run client operating systems, while network systems create the
software infrastructure for wireless, local and wide area networks to function.

Basic Operating Features


Network operating systems support the basic underlying operating features of networks. These include support for
processors and the various protocols that allow computers to share data. Many network operating systems can detect
hardware within the system to allow for asset discovery within the network. Also, network operating systems support
the processing of other software applications that run on both individual computers and within the network.

Security Features

Network operating systems support a number of security features that control access to the network. These include
authorization and permission for access to the network, with specific control of features such as user management,
log-on controls and passwords. Systems also provide access control for features such as remote access and network
monitoring

Networking

A network operating system is the platform on which computer networking takes place. Basic features allow for file,
print and Internet connections. Data backup and replication functions are controlled through the network operating
system. The management of connective systems for local and wide area networks (LANs and WANs), such as
routing, switches and other ports are configured and managed through network operating system features.

Administrative Interface

One of the features of a network operating system is that it has an administrative interface that allows a network
administrator to monitor and maintain the system. This interface will have a menu that allows the administrator to
perform functions such as formatting hard drives and setting up security protocols for both the system and individual
users. He can also and configures security and data backup requirements for individual computers or the network as a
whole.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 1 of 115


Archie May L. Degamon
INFORMATION SHEET 1.2
COMPUTER SERVERS AND FUNCTIONS

Computer Server
A server is a computer that provides data to other computers. It may serve data to systems on a local area network
(LAN) or a wide area network (WAN) over the Internet.

The Function of a Computer Server


The function of a computer server is to store, retrieve and send computer files and data to other computers on a
network. Many businesses use a local network to connect a number of computers. On a larger scale, the worldwide
computer network known as the Internet depends on a large number of servers located around the world. The files,
data and functionality of a given website is based on servers.

Some of the different types of Computer Server

Server type Purpose Clients

Hosts web apps (computer programs that run inside


a web browser) allowing users in the network to run
Application and use them, without having to install a copy on their
Computers with a web browser
server own computers. Unlike what the name might imply,
these servers need not be part of the world wide web;
any local network would do.

Maintains an index or table of contents of information Any computer program that needs to find
that can be found across a large distributed network, something on the network, such
Catalog server such as computers, users, files shared on file servers, a Domain member attempting to log in,
and web apps. Directory servers and name an email client looking for an email
servers are examples of catalog servers. address, or a user looking for a file

Communications Maintains an environment needed for one Communication endpoints (users or


server communication endpoint (user or devices) to find other devices)
endpoints and communicate with them. It may or may
Date Developed: Document No.
CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 2 of 115


Archie May L. Degamon
not include a directory of communication endpoints
and a presence detection service, depending on the
openness and security parameters of the network

Any computer program that needs more


CPU power and RAM than a personal
Shares vast amounts of computing resources,
Computing computer can probably afford. The client
especially CPU and random-access memory, over a
server must be a networked computer;
network.
otherwise, there would be no client–
server model.

Spreadsheets, accounting
Maintains and shares any form
software, asset management software or
of database (organized collections of data with
Database server virtually any computer program that
predefined properties that may be displayed in a table)
consumes well-organized data, especially
over a network.
in large volumes

Shares one or more fax machines over a network,


Fax server Any fax sender or recipient
thus eliminating the hassle of physical access

Networked computers are the intended


Shares files and folder, storage space to hold files and
File server clients, even though local programs can
folders, or both, over a network
be clients

Enables several computers or gaming devices to


Game server Personal computers or gaming consoles
play multiplayer games

Makes email communication possible in the same way


Mail server that a post office makes snail mail communication Senders and recipients of email
possible

Shares digital video or digital audio over a network


through media streaming (transmitting content in a
User-attended personal computers
Media server way that portions received can be watched or listened
equipped with a monitor and a speaker
as they arrive, as opposed downloading a whole huge
file and then using it)

Print server Shares one of more printers over a network, thus Computers in need of printing something

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 3 of 115


Archie May L. Degamon
eliminating the hassle of physical access

Enables computer programs of a computer to play Computer programs of the same


Sound server
sound and record sound, individually or cooperatively computer

Acts as an intermediary between a client and a server,


accepting incoming traffic from the client and sending
it to the server. Reasons for doing so includes content
Proxy server Any networked computer
control and filtering, improving traffic performance,
preventing unauthorized network access or simply
routing the traffic over a large and complex network.

Hosts web pages. A web server is what makes world


wide web possible.
Web server Computers with a web browser

Each website has one or more web servers.

Computer Server versions

Release
Release
Name version Editions
date
number

Windows Server 2016 2016 NT 10.0

 Windows Server 2012 R2 Foundation

Windows Server 2012  Windows Server 2012 R2 Essentials


2013 NT 6.3
R2  Windows Server 2012 R2 Standard
 Windows Server 2012 R2 Datacenter
 Windows Server 2012 Foundation
 Windows Server 2012 Essentials
Windows Server 2012 2012 NT 6.2  Windows Server 2012 Standard
 Windows Server 2012 Datacenter
 Windows MultiPoint Server 2012
Windows Server 2008 2009 NT 6.1  Windows Server 2008 R2 Foundation
R2  Windows Server 2008 R2 Standard
 Windows Server 2008 R2 Enterprise

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 4 of 115


Archie May L. Degamon
Release
Release
Name version Editions
date
number

 Windows Server 2008 R2 Datacenter


 Windows Server 2008 R2 for Itanium-based
Systems
 Windows Web Server 2008 R2
 Windows Storage Server 2008 R2
 Windows HPC Server 2008 R2
 Windows Small Business Server 2011
 Windows MultiPoint Server 2011
 Windows Home Server 2011
 Windows MultiPoint Server 2010
 Windows Server 2008 Standard
 Windows Server 2008 Enterprise
 Windows Server 2008 Datacenter
 Windows Server 2008 for Itanium-based Systems
 Windows Server Foundation 2008
Windows Server 2008 2008 NT 6.0
 Windows Essential Business Server 2008
 Windows HPC Server 2008
 Windows Small Business Server 2008
 Windows Storage Server 2008
 Windows Web Server 2008
 Windows Small Business Server 2003 R2
 Windows Server 2003 R2 Web Edition
 Windows Server 2003 R2 Standard Edition

Windows Server 2003  Windows Server 2003 R2 Enterprise Edition


2006 NT 5.2
R2  Windows Server 2003 R2 Datacenter Edition
 Windows Compute Cluster Server 2003 (CCS)
 Windows Storage Server
 Windows Home Server
Windows Server 2003 2003 NT 5.2  Windows Small Business Server 2003
 Windows Server 2003 Web Edition
 Windows Server 2003 Standard Edition
 Windows Server 2003 Enterprise Edition
 Windows Server 2003 Datacenter Edition

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 5 of 115


Archie May L. Degamon
Release
Release
Name version Editions
date
number

 Windows Storage Server


 Windows 2000 Server
Windows 2000 17 February 2000 NT 5.0  Windows 2000 Advanced Server
 Windows 2000 Datacenter Server
 Windows NT 4.0 Server
Windows NT 4.0 29 July 1996 NT 4.0  Windows NT 4.0 Server Enterprise
 Windows NT 4.0 Terminal Server Edition

Windows NT 3.51 June 1995 NT 3.51 Windows NT 3.51 Server

Windows NT 3.5 September 1994 NT 3.50 Windows NT 3.5 Server

Windows NT 3.1 August 1993 NT 3.10 Windows NT 3.1 Advanced Server

Hardware requirement

A rack-mountable server with the top cover removed to reveal internal components

Hardware requirement for servers vary widely, depending on the server's


purpose and its software.

Since servers are usually accessed over a network, many run unattended
without a computer monitor or input device, audio hardware
and USB interfaces. Many servers do not have a graphical user
interface (GUI). They are configured and managed remotely. Remote
management include MMC, SSH or a web browser.

Large servers

Large traditional single servers would need to be run for long periods without interruption. Availability would have to be
very high, making hardware reliability and durability extremely important. Mission-critical enterprise servers would be
very fault tolerant and use specialized hardware with low failure rates in order to maximize uptime. Uninterruptible
power supplies might be incorporated to insure against power failure. Servers typically include
[8]
hardware redundancy such as dual power supplies, RAID disk systems, and ECC memory,  along with extensive pre-
boot memory testing and verification. Critical components might be hot swappable, allowing technicians to replace
them on the running server without shutting it down, and to guard against overheating, servers might have more
powerful fans or use water cooling. They will often be able to be configured, powered up and down or rebooted
remotely, using out-of-band management, typically based on IPMI. Server casings are usually flat and wide, and
designed to be rack-mounted.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 6 of 115


Archie May L. Degamon
These types of servers are often housed in dedicated data centers. These will normally have very stable power and
Internet and increased security. Noise is also less of a concern, but power consumption and heat output can be a
serious issue. Server rooms are equipped with air conditioning devices.

What is the difference between a domain and a workgroup?

Computers on a network can be part of a workgroup or a domain. The main difference between workgroups and
domains is how resources on the network are managed. Computers on home networks are usually part of a
workgroup, and computers on workplace networks are usually part of a domain.

In a workgroup:

 All computers are peers; no computer has control over another computer.
 Each computer has a set of user accounts. To use any computer in the workgroup, you must have an account
on that computer.
 There are typically no more than ten to twenty computers.
 All computers must be on the same local network or subnet.

In a domain:

 One or more computers are servers. Network administrators use servers to control the security and
permissions for all computers on the domain. This makes it easy to make changes because the changes are
automatically made to all computers.
 If you have a user account on the domain, you can log on to any computer on the domain without needing an
account on that computer.
 There can be hundreds or thousands of computers.
 The computers can be on different local networks.

Server Manager

Server Manager is a new roles-based management tool for Windows Server 2008. It is a combination of Manage Your
Server and Security Configuration Wizard SCW from Windows Server 2003. Server Manager is an improvement of
the Configure my server dialog that launches by default on Windows Server 2003 machines. However, rather than
serve only as a starting point to configuring new roles, Server Manager gathers together all of the operations users
would want to conduct on the server, such as, getting a remote deployment method set up, adding more server roles
etc., and provides a consolidated, portal-like view about the status of each role.

What are server roles, role services, and features?

This section defines the terms role, role service, and feature as they apply to Windows Server 2008.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 7 of 115


Archie May L. Degamon
Roles
A server role is a set of software programs that, when installed and properly configured, allows a computer to perform
a specific function for multiple users or other computers within a network. Generally speaking, roles share the
following characteristics:

 They describe the primary function, purpose, or use of a computer. A specific computer can be dedicated to
perform a single role that is heavily used in the enterprise, or may perform multiple roles if each role is only
lightly used in the enterprise.

 They provide users throughout an organization access to resources managed by other computers, such as
Web sites, printers, or files stored on different computers. 

 They typically include their own databases, which can queue user or computer requests, or record information
about network users and computers that relates to the role. For example, Active Directory Domain Services
includes a database for storing the names and hierarchical relationships of all computers in a network. 

 Once properly installed and configured, roles are designed to function automatically, allowing the computers
on which they are installed to perform prescribed tasks with limited user commands or supervision.

Role services

Role services are software programs that provide the functionality of a role. When you install a role, you can choose
which role services the role will provide for other users and computers in your enterprise. Some roles, such as DNS
Server, have only a single function, and therefore do not have available role services. Other roles, such as Terminal
Services, have several role services that can be installed, depending on the remote computing needs of your
enterprise.
You can consider a role as a grouping of closely related, complementary role services, for which, in the majority of
cases, installing the role means installing one or more of its role services.

Features

Features are software programs that, though they are not directly parts of roles, can support or augment the
functionality of one or more roles, or enhance the functionality of the entire server, regardless of which roles are
installed. For example, the Failover Clustering feature augments the functionality of other roles, such as File Services
and DHCP Server, by enabling them to join server clusters for increased redundancy and improved performance.
Another feature, Telnet Client, allows you to communicate remotely with a telnet server over a network connection,
functionality which enhances the communication options of the server as a whole.

Dependencies in Server Manager

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 8 of 115


Archie May L. Degamon
As you install roles and prepare to deploy your server, Server Manager prompts you to install any other roles, role
services, or features that are required by a role you want to install. For example, many roles, such as UDDI Services,
require Web Server (IIS) to run.
Similarly, if you want to remove roles, role services, or features from your computer, messages from Server Manager
show you if other programs require the software you are removing. For example, if you want to remove Web Server
(IIS), Server Manager alerts you if other roles that depend on Web Server (IIS) remain on the computer. This complex
arrangement of software dependencies is managed by Server Manager and prevents the accidental removal of
software that the server requires to perform its assigned tasks. Users are not required to know on what software the
roles they want to install depend.

Roles

The following roles are available for installation by opening the Add Roles Wizard, either from the Initial
Configuration Tasks window, or from within Server Manager.

Role Name Description

Active Directory® Active Directory® Certificate Services provides customizable services for creating
Certificate Services and managing public key certificates used in software security systems employing
public key technologies. Organizations can use Active Directory Certificate Services
to enhance security by binding the identity of a person, device, or service to a
corresponding private key. Active Directory Certificate Services also includes features
that allow you to manage certificate enrollment and revocation in a variety of scalable
environments.
Applications supported by Active Directory Certificate Services include
Secure/Multipurpose Internet Mail Extensions (S/MIME), secure wireless networks,
virtual private networks (VPN), Internet Protocol security (IPsec), Encrypting File
System (EFS), smart card logon, Secure Socket Layer/Transport Layer Security
(SSL/TLS), and digital signatures.

Active Directory Active Directory Domain Services (AD DS) stores information about users,
Domain Services computers, and other devices on the network. AD DS helps administrators securely
manage this information and facilitates resource sharing and collaboration between
users. AD DS is also required to be installed on the network in order to install
directory-enabled applications such as Microsoft Exchange Server and for applying
other Windows Server technologies such as Group Policy.

Active Directory Active Directory Federation Services (AD FS) provides Web single-sign-on (SSO)
Federation Services technologies to authenticate a user to multiple Web applications using a single user
account. AD FS accomplishes this by securely federating, or sharing, user identities
and access rights, in the form of digital claims, between partner organizations.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 9 of 115


Archie May L. Degamon
Active Directory Organizations that have applications which require a directory for storing application
Lightweight Directory data can use Active Directory Lightweight Directory Services (AD LDS) as the data
Services store. AD LDS runs as a non-operating-system service, and, as such, it does not
require deployment on a domain controller. Running as a non-operating-system
service allows multiple instances of AD LDS to run concurrently on a single server,
and each instance can be configured independently for servicing multiple
applications.

Active Directory Active Directory Rights Management Services (AD RMS) (AD RMS) is information
Rights Management protection technology that works with AD RMS -enabled applications to help
Services (AD RMS) safeguard digital information from unauthorized use. Content owners can define
exactly how a recipient can use the information, such as who can open, modify, print,
forward, and/or take other actions with the information. Organizations can create
custom usage rights templates such as "Confidential - Read Only" that can be applied
directly to information such as financial reports, product specifications, customer data,
and e-mail messages.

Application Server Application Server provides a complete solution for hosting and managing high-
performance distributed business applications. Integrated services, such as the .NET
Framework, Web Server Support, Message Queuing, COM+, Windows
Communication Foundation, and Failover Clustering support boost productivity
throughout the application life cycle, from design and development through
deployment and operations.

Dynamic Host The Dynamic Host Configuration Protocol allows servers to assign, or lease, IP
Configuration addresses to computers and other devices that are enabled as DHCP clients.
Protocol (DHCP) Deploying DHCP servers on the network automatically provides computers and other
Server TCP/IP based network devices with valid IP addresses and the additional
configuration parameters these devices need, called DHCP options that allow them to
connect to other network resources, such as DNS servers, WINS servers, and
routers.

DNS Server Domain Name System (DNS) provides a standard method for associating names with
numeric Internet addresses. This makes it possible for users to refer to network
computers by using easy-to-remember names instead of a long series of numbers.
Windows DNS services can be integrated with Dynamic Host Configuration Protocol
(DHCP) services on Windows, eliminating the need to add DNS records as
computers are added to the network.

Fax Server Fax Server sends and receives faxes, and allows you to manage fax resources such
as jobs, settings, reports, and fax devices on this computer or on the network.

File Services File Services provides technologies for storage management, file replication,
distributed namespace management, fast file searching, and streamlined client

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 10 of 115


Archie May L. Degamon
access to files.

Network Policy and Network Policy and Access Services delivers a variety of methods to provide users
Access Services with local and remote network connectivity, to connect network segments, and to
allow network administrators to centrally manage network access and client health
policies. With Network Access Services, you can deploy VPN servers, dial-up
servers, routers, and 802.11 protected wireless access. You can also deploy RADIUS
servers and proxies, and use Connection Manager Administration Kit to create
remote access profiles that allow client computers to connect to your network.

Print Services Print Services enables the management of print servers and printers. A print server
reduces administrative and management workload by centralizing printer
management tasks.

Terminal Services Terminal Services provides technologies that enable users to access Windows-based
programs that are installed on a terminal server, or to access the Windows desktop
itself, from almost any computing device. Users can connect to a terminal server to
run programs and to use network resources on that server.

Universal UDDI Services provides Universal Description, Discovery, and Integration (UDDI)
Description, capabilities for sharing information about Web services within an organization's
Discovery, and intranet, between business partners on an extranet, or on the Internet. UDDI Services
Integration (UDDI) can help improve the productivity of developers and IT professionals with more
Services reliable and manageable applications. With UDDI Services you can prevent
duplication of effort by promoting reuse of existing development work.

Web Server (IIS) Web Server (IIS) enables sharing of information on the Internet, an intranet, or an
extranet. It is a unified Web platform that integrates IIS 7.0, ASP.NET, and Windows
Communication Foundation. IIS 7.0 also features enhanced security, simplified
diagnostics, and delegated administration.

Windows You can use Windows Deployment Services to install and configure Microsoft®
Deployment Services Windows operating systems remotely on computers with Pre-boot Execution
Environment (PXE) boot ROMs. Administration overhead is decreased through the
implementation of the WdsMgmt Microsoft Management Console (MMC) snap-in,
which manages all aspects of Windows Deployment Services. Windows Deployment
Services also provides end-users an experience consistent with Windows Setup.

Hyper-V™ Hyper-V provides the services that you can use to create and manage virtual
machines and their resources. Each virtual machine is a virtualized computer system
that operates in an isolated execution environment. This allows you to run multiple
operating systems simultaneously.

The Add Roles Wizard

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 11 of 115


Archie May L. Degamon
The Add Roles Wizard simplifies the process of installing roles on your server, and allows you to install multiple roles
at one time. Earlier versions of the Windows operating system required administrators to run Add or Remove Windows
Components multiple times to install all the roles, role services, and features needed on a server. Server Manager
replaces Add or Remove Windows Components, and a single session in the Add Roles Wizard can complete the
configuration of your server.
The Add Roles Wizard verifies that all of the software components required by a role install with any role you select in
the wizard. If necessary, the wizard prompts you to approve the installation of other roles, role services, or software
components that are required by roles you select.
Most roles and role services that are available for installation require you to make decisions during the installation
process that determine how the role operates in your enterprise. Examples include Active Directory Federation
Services (ADFS), which requires the installation of a certificate; or Domain Name System (DNS), which requires you
to provide a fully qualified domain name (FQDN)

Features

Feature Description

.NET Framework 3.0 combines the power of the .NET Framework 2.0 APIs with
.NET
new technologies for building applications that offer appealing user interfaces,
Framework
protect your customers’ personal identity information, enable seamless and secure
3.0
communication, and provide the ability to model a range of business processes.

BitLocker Drive Encryption helps to protect data on lost, stolen or inappropriately


BitLocker decommissioned computers by encrypting the entire volume and checking the
Drive integrity of early boot components. Data is only decrypted if those components are
Encryption successfully verified and the encrypted drive is located in the original computer.
Integrity checking requires a compatible trusted platform module (TPM).

Background Intelligent Transfer Service (BITS) Server Extensions allow a server to


receive files uploaded by clients using BITS. BITS allows client computers to
BITS Server
transfer files in the foreground or background asynchronously, preserve the
Extensions
responsiveness of other network applications, and resume file transfers after
network failures and computer restarts.

Connection Connection Manager Administration Kit (CMAK) generates Connection Manager


Manager profiles.
Administration
Kit

Desktop Desktop Experience includes features of Windows Vista®, such as Windows Media


Experience Player, desktop themes, and photo management. Desktop Experience does not

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 12 of 115


Archie May L. Degamon
enable any of the Windows Vista features by default; you must manually enable
them.

Group Policy Management makes it easier to understand, deploy, manage, and


troubleshoot Group Policy implementations. The standard tool is Group Policy
Group Policy
Management Console (GPMC), a scriptable Microsoft Management Console
Management
(MMC) snap-in that provides a single administrative tool for managing Group Policy
across the enterprise.

Internet Printing Client allows you to use HTTP to connect to and use printers that
are on Web print servers. Internet printing enables connections between users and
Internet
printers that are not on the same domain or network. Examples of uses include a
Printing Client
traveling employee at a remote office site, or in a coffee shop equipped with Wi-Fi
access.

Internet Internet Storage Name Server (iSNS) provides discovery services for Internet Small
Storage Name Computer System Interface (iSCSI) storage area networks. iSNS processes
Server (iSNS) registration requests, deregistration requests, and queries from iSNS clients.

LPR Port Line Printer Remote (LPR) Port Monitor allows users who have access to UNIX-
Monitor based computers to print on devices attached to them.

Message Queuing provides guaranteed message delivery, efficient routing,


security, and priority-based messaging between applications. Message Queuing
Message
also accommodates message delivery between applications that run on different
Queuing
operating systems, use dissimilar network infrastructures, are temporarily offline, or
that are running at different times.

Multipath I/O (MPIO), along with the Microsoft Device Specific Module (DSM) or a
Multipath I/O third-party DSM, provides support for using multiple data paths to a storage device
on Microsoft Windows.

Peer Name Peer Name Resolution Protocol (PNRP) allows applications to register on and
Resolution resolve names from your computer, so other computers can communicate with
Protocol these applications.

Quality Windows Audio Video Experience (qWave) is a networking platform for


Quality audio and video (AV) streaming applications on Internet protocol home networks.
Windows qWave enhances AV streaming performance and reliability by ensuring network
Audio Video quality-of-service for AV applications. It provides admission control, run time
Experience monitoring and enforcement, application feedback, and traffic prioritization. On
(qWave) Windows Server platforms, qWave provides only rate-of-flow and prioritization
services.

Remote Remote Assistance enables you (or a support person) to offer assistance to users

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 13 of 115


Archie May L. Degamon
with computer issues or questions. Remote Assistance allows you to view and
Assistance share control of the user’s desktop in order to troubleshoot and fix the issues. Users
can also ask for help from friends or co-workers.

The Remote Differential Compression (RDC) feature is a set of application


Remote
programming interfaces (APIs) that applications can use to determine if a set of
Differential
files have changed, and if so, to detect which portions of the files contain the
Compression
changes.

Remote Remote Server Administration Tools enables remote management of Windows


Server Server 2003 and Windows Server 2008 from a computer running Windows
Administration Server 2008 by allowing you to run some of the management tools for roles, role
Tools services, and features on a remote computer.

Removable Removable Storage Manager (RSM) manages and catalogs removable media and
Storage operates automated removable media devices.
Manager

RPC Over HTTP Proxy is a proxy that is used by objects that receive remote
RPC Over procedure calls (RPC) over Hypertext Transfer Protocol (HTTP). This proxy allows
HTTP Proxy clients to discover these objects even if the objects are moved between servers or if
they exist in discrete areas of the network, usually for security reasons.

Services for Network File System (NFS) is a protocol that acts as a distributed file
system, allowing a computer to access files over a network as easily as if they were
Services for
on its local disks. This feature is available for installation in Windows Server 2008
NFS
for Itanium-based Systems only; in other versions of Windows Server 2008,
Services for NFS is available as a role service of the File Services role.

SMTP Server SMTP Server supports the transfer of e-mail messages between e-mail systems.

Storage Storage Manager for Storage Area Networks (SANs) helps you create and manage
Manager for logical unit numbers (LUNs) on Fibre Channel and iSCSI disk drive subsystems
SANs that support Virtual Disk Service (VDS) in your SAN.

Simple TCP/IP Services supports the following TCP/IP services: Character


Simple
Generator, Daytime, Discard, Echo and Quote of the Day. Simple TCP/IP Services
TCP/IP
is provided for backward compatibility and should not be installed unless it is
Services
required.

Simple Network Management Protocol (SNMP) is the Internet standard protocol for
SNMP exchanging management information between management console applications—
Services such as HP Openview, Novell NMS, IBM NetView, or Sun Net Manager—and
managed entities. Managed entities can include hosts, routers, bridges, and hubs.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 14 of 115


Archie May L. Degamon
Subsystem for UNIX-based Applications (SUA), along with a package of support
Subsystem for
utilities available for download from the Microsoft Web site, enables you to run
UNIX-based
UNIX-based programs, and compile and run custom UNIX-based applications in
Applications
the Windows environment.

Telnet Client uses the Telnet protocol to connect to a remote telnet server and run
Telnet Client
applications on that server.

Telnet Server allows remote users, including those running UNIX-based operating
Telnet Server systems, to perform command-line administration tasks and run programs by using
a telnet client.

Trivial File Trivial File Transfer Protocol (TFTP) Client is used to read files from, or write files
Transfer to, a remote TFTP server. TFTP is primarily used by embedded devices or systems
Protocol that retrieve firmware, configuration information, or a system image during the boot
(TFTP) Client process from a TFTP server.

Failover Clustering allows multiple servers to work together to provide high


Failover
availability of services and applications. Failover Clustering is often used for file and
Clustering
print services, database and mail applications.

Network Load Balancing (NLB) distributes traffic across several servers, using the
Network Load TCP/IP networking protocol. NLB is particularly useful for ensuring that stateless
Balancing applications, such as a Web server running Internet Information Services (IIS), are
scalable by adding additional servers as the load increases.

Windows Windows Server Backup allows you to back up and recover your operating system,
Server applications, and data. You can schedule backups to run once a day or more often,
Backup and can protect the entire server or specific volumes.

Windows System Resource Manager (WSRM) is a Windows Server operating


Windows
system administrative tool that can control how CPU and memory resources are
System
allocated. Managing resource allocation improves system performance and
Resource
reduces the risk that applications, services, or processes will interfere with each
Manager
other to reduce server efficiency and system response.

Windows Windows Internet Name Service (WINS) Server provides a distributed database for
Internet Name registering and querying dynamic mappings of NetBIOS names for computers and
Service groups used on your network. WINS maps NetBIOS names to IP addresses and
(WINS) solves the problems arising from NetBIOS name resolution in routed environments.
Server

Wireless LAN Wireless LAN (WLAN) Service configures and starts the WLAN AutoConfig service,
Service regardless of whether the computer has any wireless adapters. WLAN AutoConfig
enumerates wireless adapters, and manages both wireless connections and the

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 15 of 115


Archie May L. Degamon
wireless profiles that contain the settings required to configure a wireless client to
connect to a wireless network.

Windows Windows Internal Database is a relational data store that can be used only by
Internal Windows roles and features, such as UDDI Services, Active Directory Rights
Database Management Services (AD RMS), Windows Server Update Services, and Windows
System Resource Manager.

Windows PowerShell is a command line shell and scripting language that helps IT
Windows professionals achieve greater productivity. It provides a new administrator-focused
PowerShell scripting language and more than 130 standard command line tools to enable
easier system administration and accelerated automation.

Windows Process Activation Service (WAS) generalizes the IIS process model,
Windows
removing the dependency on HTTP. All the features of IIS that were previously
Process
available only to HTTP applications are now available to applications hosting
Activation
Windows Communication Foundation (WCF) services, using non-HTTP protocols.
Service
IIS 7.0 also uses WERE for message-based activation over HTTP.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 16 of 115


Archie May L. Degamon
INFORMATION SHEET 1.3
TYPES OF NETWORK SERVICES
Types of Networks

There are several different types of computer networks. Computer networks can be characterized by their size as well
as their purpose.
The size of a network can be expressed by the geographic area they occupy and the number of computers that are
part of the network. Networks can cover anything from a handful of devices within a single room to millions of devices
spread across the entire globe.
Some of the different networks based on size are:

 Personal area network, or PAN


 Local area network, or LAN
 Metropolitan area network, or MAN
 Wide area network, or WAN

In terms of purpose, many networks can be considered general purpose, which means they are used for everything
from sending files to a printer to accessing the Internet. Some types of networks, however, serve a very particular
purpose. Some of the different networks based on their main purpose are:

 Storage area network, or SAN


 Enterprise private network, or EPN
 Virtual private network, or VP

Let's look at each of these in a bit more detail.

Personal Area Network

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 17 of 115


Archie May L. Degamon
A personal area network, or PAN, is a computer network organized around an individual person within a
single building. This could be inside a small office or residence. A typical PAN would include one or more computers,
telephones, peripheral devices, video game consoles and other personal entertainment devices.

Local Area Network

A local area network, or LAN, consists of a computer network at a single site, typically an individual office
building. A LAN is very useful for sharing resources, such as data storage and printers. LANs can be built with
relatively inexpensive hardware, such as hubs, network adapters and Ethernet cables.

Metropolitan Area Network

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 18 of 115


Archie May L. Degamon
A metropolitan area network, or MAN, consists of a computer network across an entire city, college campus or small
region. A MAN is larger than a LAN, which is typically limited to a single building or site. Depending on the
configuration, this type of network can cover an area from several miles to tens of miles.

Wide Area Network

A wide area network, or WAN, occupies a very large area, such as an entire country or the entire world. A
WAN can contain multiple smaller networks, such as LANs or MANs. The Internet is the best-known example of a
public WAN.

Storage Area Network

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 19 of 115


Archie May L. Degamon
A storage area network (SAN) is a secure high-speed data transfer network that provides access to
consolidated block-level storage. An SAN makes a network of storage devices accessible to multiple servers. SAN
devices appear to servers as attached drives, eliminating traditional network bottlenecks.

Enterprise Private Network

An enterprise private network is a computer network that helps enterprise companies with a number of
disparate offices connects those offices to each in a secure way over a network. An enterprise private network is
mainly set up to share computer resources.

Virtual Private Network


Date Developed: Document No.
CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 20 of 115


Archie May L. Degamon
A virtual private network (VPN) is a technology that creates a safe and encrypted connection over a less
secure network, such as the internet. VPN technology was developed as a way to allow remote users and branch
offices to securely access corporate applications and other resources. To ensure safety, data travels through secure
tunnels and VPN users must use authentication methods -- including passwords, tokens and other unique
identification methods -- to gain access to the VPN

INFORMATION SHEET 1.4


USER ACCESS LEVEL CONFIGURATION

Configuring User Rights


Although the built-in capabilities for accounts cannot be changed, user rights for accounts can be administered. These
rights authorize users to perform specific actions, such as logging on to a system interactively or backing up files and
directories. User rights are different from permissions because they apply to user accounts, whereas permissions are
attached to objects. Keep in mind that changes made to user rights can have a far-reaching effect. Because of this,
only experienced administrators should make changes to the user rights policy.

Microsoft defines user rights in two types of categories: Logon Rights and Privileges. These are defined as follows:

 Logon Right: A user right that is assigned to a user and that specifies the ways in which a user can log onto a
system. An example of a logon right is the right to log on to a system remotely.
 Privilege: A user right that is assigned to a user and that specifies allowable actions on the system. An
example of a privilege is the right to shut down a system.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 21 of 115


Archie May L. Degamon
User rights define capabilities at the local level. Although they can apply to individual user accounts, user rights are
best administered on a group account basis. This ensures that a user logging on as a member of a group
automatically inherits the rights associated with that group. By assigning rights to groups rather than individual users,
user account administration can be simplified. When users in a group all require the same user rights, they can be
assigned the set of rights once to the group, rather than repeatedly assigning the same set to each individual user
account.
User rights that are assigned to a group are applied to all members of the group while they remain members. If a user
is a member of multiple groups, the user's rights are cumulative, which means that the user has more than one set of
rights and privileges. The only time that rights assigned to one group might conflict with those assigned to another is in
the case of certain logon rights. For example a member of multiple groups who is given the "Deny Access to This
Computer from the Network" logon right would not be able to log on despite the logon rights granted to the user by
other groups. The user would be logged on locally with cached credentials, but when attempting to access the domain
resources would receive the following message:

In general, however, user rights assigned to one group do not conflict with the rights assigned to another group. To
remove rights from a user, the administrator simply removes the user from the group. In this case, the user no longer
has the rights assigned to that group.

The following lists show the logon rights and privileges that can be assigned to a user.

Logon Rights: PRIVILEGES:

 Access This Computer from Network  Act as Part of the Operating System

 Log On as a Batch Job  Add Workstations to a Domain

 Log On Locally  Back Up Files and Directories

 Log On as a Service  Bypass Traverse Checking

 Deny Access to This Computer from the  Change the System Time
Network

 Deny Local Logon  Create a Token Object

 Deny Logon as a Batch Job  Create Permanent Shared Objects

 Deny Logon as a Service  Create a Pagefile

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 22 of 115


Archie May L. Degamon
   Debug Programs

   Enable Computer and User Accounts to be Trusted for


Delegation

   Force Shutdown from a Remote System

   Generate Security Audits

   Increase Quotas

   Increase Scheduling Priority

   Load and Unload Device Drivers

   Lock Pages in Memory

   Manage Auditing and Security Log

   Modify Firmware Environment Values

   Profile a Single Process

   Profile System Performance

   Remove Computer from Docking Station

   Replace a Process-Level Token

   Restore Files and Directories

   Shut Down the System

   Synchronize Directory Service Data

   Take Ownership of Files or Other Object

   Read Unsolicited Data from a Terminal Device

Some of the privileges can override permissions set on an object. For example, a user logged on to a domain account
as a member of the Backup Operators group has the right to perform backup operations for all domain servers.
Date Developed: Document No.
CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 23 of 115


Archie May L. Degamon
However, this requires the ability to read all files on those servers, even files on which their owners have set
permissions that explicitly deny access to all other users, including members of the Backup Operators group. A user
privilege, in this case, the right to perform a backup, takes precedence over all file and directory permissions. The
privileges, which can override permissions set on an object, are listed below.
 Take Ownership of Files or Other Object
 Manage Auditing and Security Log
 Back Up Files and Directories
 Restore Files and Directories
 Debug Programs
 Bypass Traverse Checking

The Take Ownership of Files or Other Object (Take Ownership) privilege grants Write Owner access to an
object. Backup and Restore privileges grant read and write access to an object. The Debug Programs (debug)
privilege grants read or open access to an object. The Bypass Traverse Checking (Change Notify) privilege provides
the reverse access on directories. This privilege is given, by default, to all users and is not considered security
relevant. The Manage Auditing and Security Log (Security) privilege provides several abilities including access to
the security log, overriding access restrictions to the security log. The Event Logger is responsible for enforcing the
Security privilege in this context. The Take Ownership, Security, Backup, Restore, Debug privileges should only be
assigned to administrator accounts (See Appendix C, User Rights and Privileges, of the Windows 2000 Security
Configuration Guide, for the restrictions of the assignment of privileges to be in accordance with the Evaluated
Configuration).
The special user account Local System has almost all privileges and logon rights assigned to it, because all processes
that are running as part of the operating system are associated with this account, and these processes require a
complete set of user rights.
Appendix C – User Rights and Privileges, of the Windows 2000 Security Configuration Guide, contains a cross-
reference table of user rights and privileges to applicable Security Target requirements that should be used as
reference when implementing a user rights policy that must address specific ST requirements.
Assigning User Rights
User rights are assigned through the Local Policies node of Group Policy. As the name implies, local policies
pertain to a local computer. However, local policies can be configured and then imported into Active Directory. Local
policies can also be configured as part of an existing Group Policy for a site, domain, or organizational unit. When
this is done, the local policies will apply to computer accounts in the site, domain, or organizational unit.
User rights policies can be administered as follows:
1. Log on using an administrator account.
2. Open the Active Directory Users and Computers tool.
3. Right-click the container holding the domain controller and click Properties.
4. Click the Group Policy tab, and then click Edit to edit the Default Domain Policy.
5. In the Group Policy window, expand Computer Configuration, navigate to Windows Settings, to Security
Settings, and then to Local Policies.
6. Select User Rights Assignment.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 24 of 115


Archie May L. Degamon
Note: All policies are either defined or not defined. That is, they are either configured for use or not configured
for use. A policy that is not defined in the current container could be inherited from another container.
7. To configure user rights assignment, double-click a user right or right-click on it and select  Security. This
opens a Security Policy Setting dialog box.

For a site, domain, or organizational unit, individual user rights can be configured by completing the following
steps:
8. Open the Security Policy Setting dialog box for the user right to be modified.
9. Select Define these policy settings to define the policy.
10. To apply the right to a user or group, click Add.
11. In the Add user or group dialog box, click Browse. This opens the Select Users Or Groups dialog box. The
right can now be applied to users and groups.
The following selection options appear on the Select Users Or Groups box:
 Name: The Name column shows the available accounts of the currently selected domain or resource.
 Add: Add selected names to the selection list.
 Check Names: Validate the user and group names entered into the selection list. This is useful if names are
typed in manually and it is necessary ensure that they're actually available.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 25 of 115


Archie May L. Degamon
1. To access account names from other domains, click the Look In list box. A drop-down list will appear
that shows the current domain, trusted domains, and other resources that can be accessed.
Select Entire Directory to view all the account names in the directory.

Note: Only domains that have been designated as trusted are available in the Look In drop-down list.
Because of the transitive trusts in Windows 2000, this usually means that all domains in the domain tree or
forest are listed. A transitive trust is one that is not established explicitly. Rather, the trust is established
automatically based on the forest structure and permissions set in the forest.
2. After selecting the account names to add to the group, click OK. The Add user or group dialog box
should now show the selected accounts. Click OK again.
3. The Security Policy Setting dialog box is updated to reflect the selections. If a mistake is made,
select a name and remove it by clicking Remove.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 26 of 115


Archie May L. Degamon
4. When finished granting the right to users and groups, click OK.

Configuring Local User Rights


For local computers, such as Windows 2000 Professional, apply user rights by completing the following steps:
1. Log in as Administrator.
2. Open Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.
3. In the Local Security Settings window, navigate to Local Policies, and then select User Rights
Assignment.

4. To configure user rights assignment, double-click a user right or right-click on it and select  Security. This
opens a Security Policy Setting dialog box. The effective policy for the computer is displayed, but it cannot
be changed. However, the local policy settings can be adjusted. Use the fields provided to configure the local
policy. Remember that site, domain, and organizational unit policies have precedence over local policies.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 27 of 115


Archie May L. Degamon
5. The Assigned To column shows current users and groups that have been given a user right. Select or clear
the related check boxes under the Local Policy Setting column to apply or remove the user right.
6. Apply the user right to additional users and groups by clicking Add. This opens the Select Users Or
Groups dialog box. Local users and groups can now be added.

7. To access account names from the domain, click the Look In list box. There should be a list that shows the
current machine, the local domain, trusted domains, and other resources that can be accessed. Select the
local domain to view all the account names in the domain.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 28 of 115


Archie May L. Degamon
INFORMATION SHEET 1.5
SETTING-UP CLIENT/USER ACCESS AND SECURITY
How to Create a New User Account in Active Directory

1. To start let's go ahead and open up Server Manager

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 29 of 115


Archie May L. Degamon
2. Next we will open up the Roles section, next to Active Directory Users and Computers section and finally the Active
Directory Users and Computers. You should now see your domain name.

3. We are going to click on our Users section where we are going to create a new User Account. To do so, right-click on
the blank section, point to New and select User.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 30 of 115


Archie May L. Degamon
4. In this window you need to type in the user's first name, middle initial and last name. Next you will need to create a user's
logon name.

In our example we are going to create a user account for Billy Miles and his logon name will be miles. When done, click on
the Next button.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 31 of 115


Archie May L. Degamon
5. In the next window you will need to create a password for your new user and select appropriate options.

In our example we are going to have the user change his password at his next logon. You can also prevent a user from
changing his password, set the password so that it will never expire or completely disable the account.

When you are done making your selections, click the Next button.

6. And finally, click on the Finish button to complete the creation of new User Account.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 32 of 115


Archie May L. Degamon
How to Create a User Template in Active Directory

A user template in Active Directory will make your life a little easier, especially if you are creating users for a specific
department, with exactly the same properties, and membership to the same user groups. A user template is nothing more
than a disabled user account that has all these settings already in place. The only thing you are doing is copying this
account, adding a new name and a password.

You may have multiple user templates for multiple purposes with different settings and properties. There is no limit on the
number of user templates, but keep in mind that they are there to help you, not to confuse you, so keep in mind less is
better.

To create a user template, we are going to create a regular user account just like we did above. A little note here, you may
want to add an * as the first character of the name so it floats at the top in AD and is much easier to find.

1. To start out, right-click on the empty space, point to new, and select User.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 33 of 115


Archie May L. Degamon
2. Type in the user's name (with asterisks if so desired) and click Next.

3. Create the template's password and do not forget to check the box next to the Account is disabled option. When ready,
click Next.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 34 of 115


Archie May L. Degamon
4. Once the account is created, you can go ahead and add all the properties you need for that template. To do so, double-
click on that account and navigate to a specific tab. Once done click OK.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 35 of 115


Archie May L. Degamon
How To Use a User Template in Active Directory

1. Now in order to use that user template, we are going to select it, copy it and add the unique information such as user
name, password, etc.

We can do that for as many users as needed. Let's start by right-clicking on the template and selecting Copy.

2. Next we are going to enter the user's name, login and password information while making sure the checkbox next
to Account is disabled is unchecked.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 36 of 115


Archie May L. Degamon
Date Developed: Document No.
CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 37 of 115


Archie May L. Degamon
INFORMATION SHEET 2.1
WEB APPLICATIONS/TECHNOLOGIES

A web application is a computer program that utilizes web browsers and web technology to perform
tasks over the Internet.

Millions of businesses use the Internet as a cost-effective communications channel. It lets them exchange information
with their target market and make fast, secure transactions. However, effective engagement is only possible when the
business is able to capture and store all the necessary data, and have a means of processing this information and
presenting the results to the user.

Web applications use a combination of server-side scripts (PHP and ASP) to handle the storage and retrieval of the
information, and client-side scripts (JavaScript and HTML) to present information to users. This allows users to
interact with the company using online forms, content management systems, shopping carts and more. In addition, the
applications allow employees to create documents, share information, collaborate on projects, and work on common
documents regardless of location or device.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 38 of 115


Archie May L. Degamon
INFORMATION SHEET 2.2

SETTING-UP AND CONFIGURING SERVERS

Active Directory Domain Services

Windows Server 2008 introduced the most significant changes to Active Directory Domain Services (AD DS) since its
inaugural release in Windows 2000 Server. Microsoft has continued along this path with Windows Server 2008 R2,
making it the most noteworthy interim release of Windows Server.

AD DS in Windows Server 2008 R2 includes a number of important new features, including:

 Active Directory Recycle Bin


 Active Directory Module for Windows PowerShell
 Active Directory Administrative Center
 Active Directory Best Practices Analyzer
 Active Directory Web Services
 Authentication Mechanism Assurance
 Offline Domain Join
 Managed Service Accounts

Steps to install AD DS:


This will kick off another wizard, this time to configure the settings for you domain, click next to continue.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 39 of 115


Archie May L. Degamon
The message that is shown now relates to older clients that do not support the new cryptographic algorithms
supported by Server 2008 R2, these are used by default in Server 2008 R2, click next to move on.

Choose to create a new domain in a new forest.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 40 of 115


Archie May L. Degamon
Now you can name your domain, we will be using a .local domain the reason why will be explained in an upcoming
article.

Since this is the first DC in our domain we can change our forest functional level to Server 2008 R2.

We want to include DNS in our installation as this will allow us to have an AD Integrated DNS Zone, when you click
next you will be prompted with a message just click yes to continue.
Date Developed: Document No.
CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 41 of 115


Archie May L. Degamon
You will need to choose a place to store log files, it is a best practice to store the database and SYSVOL folder on one
drive and the log files on a separate drive, but since this is in a lab environment I will just leave them all on the same
drive.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 42 of 115


Archie May L. Degamon
Choose a STRONG Active Directory Restore Mode Password and click next twice to kick off the configuration.

You will be able to see what components are being installed by looking in the following box.

When it’s done you will be notified and required to reboot your PC.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 43 of 115


Archie May L. Degamon
That’s all there is to it guys, now you have a working installation of Active Directory.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 44 of 115


Archie May L. Degamon
INFORMATION SHEET 2.3
INSTALLING AND CONFIGURING MODULES/ADD-ONS

DNS Server

Installing a Domain Name System (DNS) server involves adding the DNS server role to an existing Windows
Server 2008 server. You can also install the DNS server role when you install the Active Directory Domain Services
(AD DS) role. This is the preferred method for installing the DNS Server role if you want to integrate your DNS domain
namespace with the AD DS domain namespace.

A DNS server is any computer registered to join the Domain Name System.
A DNS server runs special-purpose networking software, features a public IP address, and contains a database of
network names and addresses for other Internet hosts.

To install a DNS server


1. Open Server Manager. To open Server Manager, click Start, and then click Server Manager.
2. In the results pane, under Roles Summary, click Add roles.
3. In the Add Roles Wizard, if the Before You Begin page appears, click Next.
4. In the Roles list, click DNS Server, and then click Next.
5. Read the information on the DNS Server page, and then click Next.
6. On the Confirm Installation Options page, verify that the DNS Server role will be installed, and then
click Install.

You can use this topic to install the File Services server role and the BranchCache for Network Files role service on
the content server Content-01.
To perform this procedure, you must be a member of the Administrators group on the local computer.
1. On Content-01, click Start, point to Administrative Tools, and then click Server Manager.
2. In Roles Summary, click Add Roles.
3. In the Add Roles Wizard, on the Before You Begin page, click Next.
4. On the Select Server Roles page, select File Services, and then click Next.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 45 of 115


Archie May L. Degamon
5. On the File Services page, click Next.
6. On the Select Role Services page, in Role Services, ensure that File Server is selected. Also
select BranchCache for network files, and then click Next.

7. On the Confirm Installation Selections page, confirm your selections, and then click Install.
8. On the Installation Results page, confirm that your installation of the File Services role and required role
services completed successfully, and then click Close.
Date Developed: Document No.
CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 46 of 115


Archie May L. Degamon
Installing Windows Server 2008 DHCP Server

Installing Windows Server 2008 DCHP Server is easy. DHCP Server is now a “role” of Windows Server 2008 – not a
windows component as it was in the past.

To do this, you will need a Windows Server 2008 system already installed and configured with a static IP address.
You will need to know your network’s IP address range, the range of IP addresses you will want to hand out to your
PC clients, your DNS server IP addresses, and your default gateway. Additionally, you will want to have a plan for all
subnets involved, what scopes you will want to define, and what exclusions you will want to create.

To start the DHCP installation process, you can click Add Roles from the Initial Configuration Tasks window or from
Server Manager à Roles à Add Roles.

Figure 1: Adding a new Role in Windows Server 2008

When the Add Roles Wizard comes up, you can click Next on that screen.

Next, select that you want to add the DHCP Server Role, and click Next.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 47 of 115


Archie May L. Degamon
Figure 2: Selecting the DHCP Server Role

If you do not have a static IP address assigned on your server, you will get a warning that you should not install DHCP
with a dynamic IP address.

At this point, you will begin being prompted for IP network information, scope information, and DNS information. If you
only want to install DHCP server with no configured scopes or settings, you can just click  Next through these
questions and proceed with the installation.

On the other hand, you can optionally configure your DHCP Server during this part of the installation.

In my case, I chose to take this opportunity to configure some basic IP settings and configure my first DHCP Scope.

I was shown my network connection binding and asked to verify it, like this:

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 48 of 115


Archie May L. Degamon
Figure 3: Network connection binding

What the wizard is asking is, “what interface do you want to provide DHCP services on?” I took the default and clicked
Next.

Next, I entered my Parent Domain, Primary DNS Server, and Alternate DNS Server (as you see below) and clicked
Next.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 49 of 115


Archie May L. Degamon
Figure 4: Entering domain and DNS information

I opted NOT to use WINS on my network and I clicked Next.

Then, I was promoted to configure a DHCP scope for the new DHCP Server. I have opted to configure an IP address
range of 192.168.1.50-100 to cover the 25+ PC Clients on my local network. To do this, I clicked Add to add a new
scope. As you see below, I named the Scope WBC-Local, configured the starting and ending IP addresses of
192.168.1.50-192.168.1.100, subnet mask of 255.255.255.0, default gateway of 192.168.1.1, type of
subnet (wired), and activated the scope.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 50 of 115


Archie May L. Degamon
Figure 5: Adding a new DHCP Scope

Back in the Add Scope screen, I clicked Next to add the new scope (once the DHCP Server is installed).

I chose to Disable DHCPv6 stateless mode for this server and clicked Next.

Then, I confirmed my DHCP Installation Selections (on the screen below) and clicked Install.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 51 of 115


Archie May L. Degamon
Figure 6: Confirm Installation Selections

After only a few seconds, the DHCP Server was installed and I saw the window, below:

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 52 of 115


Archie May L. Degamon
Figure 7: Windows Server 2008 DHCP Server Installation succeeded

I clicked Close to close the installer window, then moved on to how to manage my new DHCP Server.

How to Manage your new Windows Server 2008 DHCP Server

Like the installation, managing Windows Server 2008 DHCP Server is also easy. Back in my Windows Server
2008Server Manager, under Roles, I clicked on the new DHCP Server entry.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 53 of 115


Archie May L. Degamon
Figure 8: DHCP Server management in Server Manager

While I cannot manage the DHCP Server scopes and clients from here, what I can do is to manage what events,
services, and resources are related to the DHCP Server installation. Thus, this is a good place to go to check the
status of the DHCP Server and what events have happened around it.

However, to really configure the DHCP Server and see what clients have obtained IP addresses, I need to go to the
DHCP Server MMC. To do this, I went to Start à Administrative Tools à DHCP Server, like this:

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 54 of 115


Archie May L. Degamon
Figure 9: Starting the DHCP Server MMC

When expanded out, the MMC offers a lot of features. Here is what it looks like:

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 55 of 115


Archie May L. Degamon
Figure 10: The Windows Server 2008 DHCP Server MMC

The DHCP Server MMC offers IPv4 & IPv6 DHCP Server info including all scopes, pools, leases, reservations, scope
options, and server options.

If I go into the address pool and the scope options, I can see that the configuration we made when we installed the
DHCP Server did, indeed, work. The scope IP address range is there, and so are the DNS Server & default gateway.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 56 of 115


Archie May L. Degamon
Figure 11: DHCP Server Address Pool

Figure 12: DHCP Server Scope Options

So how do we know that this really works if we do not test it? The answer is that we do not. Now, let’s test to make
sure it works.

How do we test our Windows Server 2008 DHCP Server?

To test this, I have a Windows Vista PC Client on the same network segment as the Windows Server 2008 DHCP
server. To be safe, I have no other devices on this network segment.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 57 of 115


Archie May L. Degamon
I did an IPCONFIG /RELEASE then an IPCONFIG /RENEW and verified that I received an IP address from the new
DHCP server, as you can see below:

Figure 13: Vista client received IP address from new DHCP Server

Also, I went to my Windows 2008 Server and verified that the new Vista client was listed as a client on the DHCP
server. This did indeed check out, as you can see below:

Figure 14: Win 2008 DHCP Server has the Vista client listed under Address Leases

With that, I knew that I had a working configuration and we are done!

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 58 of 115


Archie May L. Degamon
In Summary

In this article, you learned how to install and configure DHCP Server in Windows Server 2008. During that process,
you learned what DHCP Server is, how it can help you, how to install it, how to manage the server, and how to
configure DHCP server specific settings like DHCP Server scopes. In the end, we tested our configuration and it all
worked! Good luck configuring your Windows Server 2008 DHCP Server!

FOLDER REDIRECTION Services in Windows 2008 R2

Folder Redirection in Group Policy allows a systems administrator to redirect certain folders from a user’s profile to a
file server.

To get started with Folder Redirection, you’ll need to be running Active Directory (any functional level), have an
available file server, and a management station running the Group Policy Management Console. As with most Group
Policy, the latest version of the GPMC is preferred, but most of these settings are available in older versions.

FIGURE 1: In the GPMC, the Folder Redirection settings can be found in User Configuration > Policies > Windows
Settings > Folder Redirection. If you’re using the GPMC in Windows XP, you can redirect Application Data, Desktop,
My Documents, and the Start Menu. In addition, folders in Windows XP that are inside the My Documents folder like
My Music and My Pictures will follow My Documents when it is redirected.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 59 of 115


Archie May L. Degamon
FIGURE 2 & FIGURE 3: If you’re using the GPMC in either Windows 7 or Windows Server 2008 R2, you’ll see that
the list of folders that can be redirected is much longer. AppData (Roaming), Desktop, Start Menu, Documents,
Pictures, Music, Videos, Favorites, Contacts, Downloads, Links, Searches, and Saved Games can all be redirected in
Vista, 7, Server 2008, and Server 2008 R2.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 60 of 115


Archie May L. Degamon
FIGURE 4: Starting with the Sharing tab, you’ll want to share the folder by clicking the Advanced Sharing button. Click
the “Share this folder” checkbox and the share name should fill in automatically. Caching should default to “Only the
files and programs that users specify are available offline.” Click the Permissions tab. In Permissions, you can
probably check the Full Control checkbox and OK, but make sure that works for your environment. If you provision
Guest accounts or have users that don’t need access to the Folder Redirection share, consider limiting the share to
Domain Users or smaller groups of users.

FIGURE 5: The easiest method for provisioning new folders for users is to allow the logon process to create all of the
folders automatically as they are redirected to the file server. To do this, you’ll need to set the file permissions so that
users can create folders, but not access the folders of other users. This can all be done in the GUI, but I prefer using
the icacls.exe utility to set the file permissions for something like this so I can be sure I don’t miss something. Here are
the commands you’ll need:

 Give “Everyone” execute/traverse (x), read attributes (ra), and append data/add subdirectory (ad). After
running the command, your permissions should look like this:
 Administrators (Full Control) – This folder, sub-folders, and files
 SYSTEM (Full Control) – This folder, sub-folders, and files
 CREATOR OWNER (Full Control) – Sub-folders, and files
 Everyone (Special – Traverse Folder/Execute File, Read Attributes, Create Folders/Append Data) – This folder
only

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 61 of 115


Archie May L. Degamon
FIGURE 6: First off, you don’t want users to have Create files/write data permissions or they can save files into the
root of the shared folder. Since we’re redirecting folders, we only want the users to be able to create folders in the root
Users folder, but not individual files. Once the user creates a folder named %username%, the CREATOR OWNER
permission will take over (since it is a sub-folder of Users) and will give the account full control over the %username%
folder and everything inside of it.

Second, List folder/read data is also missing because we don’t want users to be able to enumerate folders in the
share. Here’s what it will look like to the end user if they try to go to \\fileserver\Users:

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 62 of 115


Archie May L. Degamon
However, if the user tries to go to \\fileserver\Users\%username%, he can see all of his folders:

To the Administrator, you’ll still be able to see everything on the server:

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 63 of 115


Archie May L. Degamon
Now that we have a server with a share configured, we’re ready to set up the Folder Redirection in Group Policy.
Folder Redirection is User configuration. Because of that, you’ll need to either create a new Group Policy Object
(GPO) or edit an existing GPO that is linked to an OU for your users. Go to User Configuration > Policies > Windows
Settings > Folder Redirection.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 64 of 115


Archie May L. Degamon
Right-click on one of the folder names and click Properties. In my example, I’ll be using Documents. The first thing
you’ll want to set in the Target tab is how you want to redirect folders: Basic or Advanced. If you’re planning on
directing every user to your new User share, then Basic will probably do for you. If you have multiple shares for Folder
Redirection (possibly for departments or geographical locations), you can choose Advanced and assign specific
folders for groups.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 65 of 115


Archie May L. Degamon
Next, you’ll need to determine where you want to redirect the user folders. In most circumstances, you’ll probably want
to use “Create a folder for each user under the root path.” However, you can also use a user’s home directory (if you
have that attribute configured in AD), a specific path (for labs or common area computers where every user should
share certain folders), and the local user profile (useful if you don’t want users reconfiguring folder locations).

Type in the name of your server and the path to your Users share. If you used the option to create a folder for each
user under the path, you’ll see that your folder structure should be in the format \\fileserver\Users\%username
%\redirectefoldername for each Folder Redirection you configure.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 66 of 115


Archie May L. Degamon
Go to the Settings tab. Uncheck the checkbox by “Grant the user exclusive rights to Documents.” If you don’t uncheck
this setting, the permissions will be configured so that even Administrators won’t be able to access the files without
changing the folder permissions.

Go to the Settings tab. Uncheck the checkbox by “Grant the user exclusive rights to Documents.” If you don’t uncheck
this setting, the permissions will be configured so that even Administrators won’t be able to access the files without
changing the folder permissions.

Choose the settings for the remaining options that work for your environment and click OK.

That’s it! All you need to do is go to your test system, refresh Group Policy, log off, and log back in.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 67 of 115


Archie May L. Degamon
Remote Desktop Services in Windows 2008 R2

Windows Terminal Services has come a long way since its infancy and has improved with every version of Windows,
and Windows 2008 R2 is no exception.  There are even noticeable differences between Windows 2008 and Windows
2008 R2 and should be highly considered as a worthy upgrade for those currently running older versions of the
Windows component.  I first began working with Terminal Server technologies back in the day of Win Frame which
was a “special” version of Windows NT 3.5.1 that was developed by Citrix.  Since then I have worked with all versions
of Terminal Server from NT4 to the most recent Windows 2008 R2 which I am excited about.
This 3 part series will consist of the following articles and will provide you with step by step instructions in getting most
of your Remote Desktop infrastructure in place;
 Part 1 – Installation of Remote Desktop Services
 Part 2 – Configuration of Remote Desktop Gateway and Remote Desktop Client
 Part 3 – Configuration of Remote Desktop Web Access
In Windows 2008 R2, Terminal Server and its underlying components is now referred to as Remote Desktop Services
(RDS).  The below table is a snippet directly from TechNet outlining the renaming of Terminal Server and it’s services;
Previous name (Windows 2008) Name in Windows Server 2008 R2

Terminal Services Remote Desktop Services

Terminal Server Remote Desktop Session Host (RD Session Host)

Terminal Services Licensing (TS Licensing) Remote Desktop Licensing (RD Licensing)

Terminal Services Gateway (TS Gateway) Remote Desktop Gateway (RD Gateway)

Terminal Services Session Broker (TS Session Remote Desktop Connection Broker (RD Connection
Broker) Broker)

Terminal Services Web Access (TS Web Access) Remote Desktop Web Access (RD Web Access)

Before delving into the step by step guide I will quickly highlight some of the enhancements and improvements that
have been incorporated in this release; this is by no means a comprehensive list, however I have provided a number
of links at the end of this post to TechNet articles outlining What’s New in RDS.
 Windows Server 2008 R2 is 64 bit only, meaning that RDS is also 64 bit.
 Forms based authentication for Remote Desktop Web Access
 Per user RemoteApp program filtering
 Enhancements to Remote Desktop Client experience such as multiple monitor support, Audio recording
redirection and Audio and Video playback
 Windows Installer compatibility
 Introduction of Remote Desktop Virtualization Host providing personal virtual desktops utilizing Hyper-V (note:
This technology will not be discussed in this series, however I will have a future post dedicated to this new inclusion)
So let’s begin the installation by Navigating to Start / Administrative Tools / Server Manager (This post is assuming
that you already have a dedicated Windows 2008 R2 server setup)

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 68 of 115


Archie May L. Degamon
Click on Roles located on the left navigation pane and then select Add Roles located on the right pane to invoke the
Add Roles Wizard.

Click Next
Select Remote Desktop Services as the role to install on this server.

Click Next.
The below introduction to Remote Desktop Services is displayed. Microsoft have done a great job in providing
administrators with thorough documentation pertaining to the role being installed.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 69 of 115


Archie May L. Degamon
Click Next
This is a single server setup so I will select all of the role services for Remote Desktop Services excluding Remote
Desktop Virtualization Host (this will be covered in a future post). I have provided Microsoft’s description of each
service in the table below;

Remote Desktop Session Host RD Session Host, formerly known as Terminal


Server, enables a server to host Windows-based
programs or the full Windows desktop. Users can
connect to an RD Session Host server to run
programs, save files and use network resources on
the that server

Remote Desktop Licensing RD Licensing, formerly known as TS Licensing


manages RDS CALs that are required to connect to
an RD Session Host.

Remote Desktop Connection Broker RD Connection Broker, formerly known as TS


Session Broker, support session load balancing
and session reconnection to the RD Session Host.

Remote Desktop Gateway RD Gateway, formerly known as TS Gateway


Date Developed: Document No.
CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 70 of 115


Archie May L. Degamon
enables authorised users to connect to RD Session
Host Servers over the Internet.

Remote Desktop Web Access RD Web Access, formerly known as TS Web


Access enables users to access RemoteApp and
Desktop connection through Start Menu on a
computer running Windows 7 or through a Web
browser.

Adding the Remote Desktop Gateway and or Remote Desktop Web Access will prompt you to install other services
that are prerequisites such as IIS.

Click Add Required Role Services


After you have the Selected Roles checked, click Next.
The below warning will appear advising that it is recommended to install the Remote Desktop Session Host prior to
installing any “client” applications.

Because this is a new install of Windows 2008 R2, I can ignore this warning and click Next.
You will now be required to specify an Authentication Method for the Remote Desktop Session Host. The two options
provided below are as follows;

Require Network Level Authentication: This is more secure as user authentication occurs before a full remote
desktop session is established, however it is only supported by Remote Desktop Client 6 and greater running on
Windows Vista or Windows XP SP3 (Windows 7 is equipped with Remote Desktop Client 7) as they are the only

current operating systems that support Credential Security Support Provider (CredSSP) protocol. Please be aware
that the CredSSP is turned off by default on Windows XP SP3 and must be turned on via the registry.

Do not require Network Level Authentication: This is less secure because authentication occurs later in the
connection process, however is supported by all Remote Desktop clients and all versions of Windows.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 71 of 115


Archie May L. Degamon
More information can be found in the following TechNet article, Configure Network Level Authentication for Remote
Desktop Services

Click Next.
Specify your Licensing Mode

Click Next
You will then be prompted to select user groups that you would like to provide access to the Remote Session Host
Server. By Default, the “Administrators” group is added and I will also be adding a security group that I have created
specifically for my Remote Desktop Users. Users or User groups added in this section will be automatically added to
the local Remote Desktop Users group.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 72 of 115


Archie May L. Degamon
Click Next
The next screen will allow you to configure the client experience providing your end users with similar functionality and
visual experience found from a Windows 7 desktop.

I will be selecting all 3 options provided, with one of the enhancements to Remote Desktop Services in R2 being the
ability to provide users with a much better Video playback experience than in previous releases. It does so by
offloading the actual video playback to the local graphics processing unit. More information on Multimedia Redirection
Improvements in Windows 7 and WS2008 R2 can be found

Click Next
The next screen provides you with the ability to configure discovery scope for RD licensing. Following Microsoft’s
recommendation, I will not configure a discovery scope for the license server and will utilize the inbuilt RDS Host
configuration tool instead.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 73 of 115


Archie May L. Degamon
Click Next
The next screen is requesting a server authentication certificate for SSL encryption. To simplify matters during the
installation I will select create a self-signed certificate for SSL encryption and will discuss this in more detail in part 2 of
this series.  Note that using a self-signed certificate will create additional administrative overhead for administrators as
the certificate will need to be exported and imported to your remote desktop client computers.  Using a 3rd party
certificate from a Trusted certificate authority will remove that administrative burden and provide end users with a
seamless experience.

Click Next

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 74 of 115


Archie May L. Degamon
The next screen introduces Authorization policies for the RD Gateway. Recall, the RD Gateway is designed to provide
users with the ability to log onto a Remote Desktop Host via the Internet and SSL. Windows 2008 first introduced the
TS Gateway which incorporated 2 types of policies TS CAP and TS RAP. These have been superseded in Windows
2008 R2 with; you guessed it, RD CAP and RD RAP.
Here is a brief primer on the two;
RD CAP (Remote Desktop Connection Authorization Policy): Here you will specify users and groups who will have the
ability to connect to a Remote Desktop Gateway Server. With an RD CAP you can also specify conditions for specific
users and groups such as, you can only connect to this RD Gateway if you are using a smart card.
RD RAP (Remote Desktop Resource Authorization Policy): After providing users and groups the ability to authenticate
with an RD Gateway, RD RAP provides you with the ability to specify which computers located in the internal network
are accessible to your user groups.  This could be restricted to a number of Remote Desktop Servers depending on
the user or group authenticating.
Add your users and groups that you would like to connect through the RD Gateway as per the below screen capture.

The next part of the wizard is all about creating your RD CAP and RD RAP. Don’t worry too much if you don’t get
everything right in the wizard as all of these options are configurable post wizard installation.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 75 of 115


Archie May L. Degamon
Notice, I have created a specific Active Directory Group called “Remote Desktop Computers” in which I have added
computers with Remote Desktop enabled.

Click Next
The next part of this wizard provides you with a primer on Network Policy and Access Services.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 76 of 115


Archie May L. Degamon
Click Next
Leave Network Policy Server selected….

Click Next
The following screen provides you with an introduction to the Web Server Role that is required to be installed for
Remote Desktop Web Access.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 77 of 115


Archie May L. Degamon
Click Next and Next again to accept the default role services options.

We are finally presented with a summary of the confirmed installation selections that we have made throughout this
wizard. It is worthwhile printing and or saving this information via the available hyperlink to form part of your
documentation.  Kudos to Microsoft who in my own opinion has done a great job with their wizard based installations
which ease the usual configuration pains associated with such an install.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 78 of 115


Archie May L. Degamon
Click Install. The installation process will now begin and you will be presented with the installation results screen
below notifying you of completion. Click Close and then restart your server to complete the process.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 79 of 115


Archie May L. Degamon
Upon shutdown, restart and logon, Windows will proceed with the installation and configuration of our roles and
services.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 80 of 115


Archie May L. Degamon
That’s it for now.  In this first article of this series on RDS, we went through the process of adding and configuring the
necessary roles and services associated with Remote Desktop Services via Windows 2008 R2 Server manager.  In
the next article, I will be discussing the Remote Desktop Gateway (RD Gateway) in some detail and will go through
some of its configuration settings both at the server and remote desktop client level.

To enable Remote Desktop, open the System Properties. My favorite method is to hold down the Windows Key, then
press the Pause / Break key.  Alternatively, you could navigate via the Control Panel, Support and Maintenance,
System and then Remote Settings.  Naturally, add your own account in the Select Users dialog box, because in this
scenario, you will be the person taking advantage of Remote Desk toping to this machine.  If in doubt, select the link
'Help me choose'
Trap: Confusing Remote Desktop with Remote Assistance.

Remote Desktop Connection

To activate the client side of the connection, i.e. on the remote machine, go to Start, All Programs, Accessories and
Remote Desktop Connection.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 81 of 115


Archie May L. Degamon
Printer Management Services in Windows 2008 R2
Install the "Print Services' role

The first step is to insure that the Print Services role is installed, which enables a number of required administrative
steps. This is not the same as the Printers applet in the Control Panel: the latter doesn't run in an administrative
context, and will not allow many of the required operations to installation and management of printers.

FIGURE 1: Launch the Server Manager, and approve the User Account Control prompt when offered. We are strong
supporters of UAC and never disabled it.

If a "Before You Begin" box is displayed, read and click through it.
Likewise, review the Introduction to Print Services page and click Next to get started.

FIGURE 2: Launch Server Manager< from the Start Menu, expand the local server's name, and then expand
the Roles item. If Print Services are already found, then stop.

Otherwise right-click on Roles and select Add Roles from the context menu.

FIGURE 3: Enable the checkbox on Print Services, and then click next.


Date Developed: Document No.
CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 82 of 115


Archie May L. Degamon
This is a good time to add other services if you think you need them, though many application servers won't.
After clicking Next, an "Introduction to Print Services" dialog is displayed. Review, then click Next on this as well.

FIGURE 4: Most users require only Print Server — this provides normal ordinary Windows printing support.

LPD is an older UNIX-style printing that's not commonly used in Windows environments. If not sure, leave unchecked.
The Internet Printing Protocol is likewise not commonly used. It not sure, leave unchecked.
FIGURE 5: This final dialog confirms what's about to be performed, and though it warns that a system reboot may be
necessary. It didn't require one when we added print services to our server.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 83 of 115


Archie May L. Degamon
But removing the Print Services role did require a restart before any additional role-related changes could be made.

At this point, the machine is configured with full Print Services.

Administrating Printers

With Print Services fully installed, there are several places that can perform printer administration.

Server Manager » Roles » Print Services » Print Management

This is the main Print Management application for administration of printing resources. This is an MMC snap-in, so it
fits right in with all the other administrative

Start » Run » print management.msc

This launches the same Print Management MMC application directly, without going through the Server
Manager. This can be made into a shortcut onto the desktop if print management will be done often.

Control Panel » Printers

Unlike the previous two items, which run with Administrative privileges because of the UAC elevation, the
Control Panel runs in the user's Windows Explorer context without administrative rights.

Only the machine's local Administrator — not merely a member of the local Administrators group — has
these rights automatically, so it forbids changes to most settings. This stumped a number of experienced
admins for days.

It turns out that right-clicking a printer and selecting Run as administrator, then Open will allow full
administration after the UAC confirmation.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 84 of 115


Archie May L. Degamon
INFORMATION SHEET 2.4

CONFIGURATION OF NETWORK SERVICES

Installing networking services (TCP/IP)


If you're installing TCP/IP after installing Windows Server 2008, log on to the computer using an account with
administrator privileges and then follow these steps:

1. Click Start and then click Network. In Network Explorer, click Network and Sharing Center on the toolbar.
2. In Network and Sharing Center, click Manage Network Connections.
3. In Network Connections, right-click the connection you want to work with and then select Properties.
4. This displays the Local Area Connection Properties dialog box, shown in figure 21-1.

Figure 1 Install and configure TCP/IP in the Local Area Connection Properties dialog box.

5. If Internet Protocol Version 6 (TCP/IPv6), internet protocol version 4 (TCP/IPv4), or both aren't shown in the
list of installed components, you'll need to install them. Click Install. Select Protocol, and then click Add. In the
Select Network Protocol dialog box, select the protocol to install and then click OK. If you are installing both
TCP/IPv6 and TCP/IPv4, repeat this procedure for each protocol.
6. In the Local Area Connection Properties dialog box, make sure that the following are selected as appropriate:
Internet Protocol Version 6 (TCP/IPv6), internet protocol version 4 (TCP/IPv4), or both. Then click OK.
7. As necessary, follow the instructions in the next section for configuring local area connections for the
computer.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 85 of 115


Archie May L. Degamon
Configuring TCP/IP networking

A local area connection is created automatically if a computer has a network adapter and is connected to a network. If
a computer has multiple network adapters and is connected to a network, you'll have one local area connection for
each adapter. If no network connection is available, you should connect the computer to the network or create a
different type of connection, as explained in "Managing Network Connections" on page 671.
Computers use IP addresses to communicate over TCP/IP. Windows Server 2008 provides the following ways to
configure IP addressing:

 Manually IP addresses that are assigned manually are called static IP addresses. Static IP addresses are
fixed and don't change unless you change them. You'll usually assign static IP addresses to Windows
Servers, and when you do this, you'll need to configure additional information to help the server navigate the
network.
 Dynamically A DHCP server (if one is installed on the network) assigns dynamic IP addresses at startup, and
the addresses might change over time. Dynamic IP addressing is the default configuration.
 Alternatively (IPv4 only) When a computer is configured to use DHCPv4 and no DHCPv4 server is available,
Windows Server 2008 assigns an alternate private IP address automatically. By default, the alternate IPv4
address is in the range from 169.254.0.1 to 169.254.255.254 with a subnet mask of 255.255.0.0. You can also
specify a user-configured alternate IPv4 address, which is particularly useful for laptop users.

Note Unless an IP address is specifically reserved, DHCP servers assign IP addresses for a specific period of time,
known as an IP address lease. If this lease expires and cannot be renewed, then the client assigns itself an automatic
private IP address.

Note To perform most TCP/IP configuration tasks, you must be a member of the Administrators group.

Configuring static IP addresses

 When you assign a static IP address, you need to tell the computer the IP address you want to use, the
subnet mask for this IP address, and, if necessary, the default gateway to use for internetwork
communications. An IP address is a numeric identifier for a computer. Ip addressing schemes vary according
to how your network is configured, but they're normally assigned based on a particular network segment.
 IPv6 addresses and IPv4 addresses are very different. With IPv6, the first 64 bits represent the network id and
the remaining 64 bits represent the network interface. With IPv4, a variable number of the initial bits represent
the network id and the rest of the bits represent the host id. For example, if you're working with IPv4 and a
computer on the network segment 192.168.10.0 with a subnet mask of 255.255.255.0, the first 24 bits
represent the network id and the address range you have available for computer hosts is from 192.168.10.1 to
192.168.10.254. In this range, the address 192.168.10.255 is reserved for network broadcasts.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 86 of 115


Archie May L. Degamon
 If you're on a private network that is indirectly connected to the internet, you should use private IPv6
addresses. Link-local unicast addresses are private IPv6 addresses. All link-local unicast addresses begin
with FE80.
 If you're on a private network that is indirectly connected to the internet, you should use private IPv4
addresses. Table 21-1 summarizes private network IPv4 addresses.

Table 1 Private IPv4 network addressing

All other IPv4 network addresses are public and must be leased or purchased. If the network is connected directly to
the internet and you've obtained a range of IPv4 addresses from your internet service provider, you can use the IPv4
addresses you've been assigned.

Configuring multiple IP addresses and gateways

Using advanced TCP/IP settings, you can configure a single network interface on a computer to use multiple IP
addresses and multiple gateways. This allows a computer to appear to be several computers and to access multiple
logical subnets to route information or to provide internetworking services.
To provide fault tolerance in case of a router outage, you can choose to configure Windows Server 2008 computers so
that they use multiple default gateways. When you assign multiple gateways, Windows Server 2008 uses the gateway
metric to determine which gateway is used and at what time. The gateway metric indicates the routing cost of using a
gateway. The gateway with the lowest routing cost, or metric, is used first. If the computer can't communicate with this
gateway, Windows Server 2008 tries to use the gateway with the next lowest metric.
The best way to configure multiple gateways depends on the configuration of your network. If your organization's
computers use DHCP, you'll probably want to configure the additional gateways through settings on the DHCP server.
If computers use static IP addresses or you want to set gateways specifically, assign them by following these steps:

1. Click Start and then click Network. In Network Explorer, click Network and Sharing Center on the toolbar.
2. In Network and Sharing Center, click Manage Network Connections. In Network Connections, right-click the
connection you want to work with and then select Properties.
3. Double-click Internet Protocol Version 6 (TCP/IPv6) or internet protocol version 4 (TCP/IPv4) as appropriate
for the type of IP address you are configuring.
4. Click Advanced to open the Advanced TCP/IP Settings dialog box. Figure 21-2 shows advanced settings for
IPv4. The dialog box for IPv6 is similar.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 87 of 115


Archie May L. Degamon
Figure 2 configures multiple IP addresses and gateways in the Advanced TCP/IP Settings dialog box.

5. To add an IP address, click Add below IP Addresses to display the TCP/IP Address dialog box. After you type
the IP address in the IP Address field, enter the subnet mask in the Subnet Mask field for IPv4 addresses or
the subnet prefix length in the Subnet Prefix Length field for IPv6 addresses. Click Add to return to the
Advanced TCP/IP Settings dialog box. Repeat this step for each IP address you want to add.
6. The Default Gateways panel shows the current gateways that have been manually configured (if any). To add
a default gateway, clicks add below Default Gateways to display the TCP/IP Gateway Address dialog box.
Type the gateway address in the Gateway field. By default, Windows Server 2008 automatically assigns a
metric to the gateway, which determines in which order the gateway is used. To assign the metric manually,
clear the automatic metric check box, and then enter a metric in the field provided. Click Add, and then repeat
this step for each gateway you want to add.
7. Click OK three times to close the open dialog boxes.

Configuring DNS resolution


DNS is a host name resolution service that you can use to determine the IP address of a computer from its host name.
This lets users work with host names, such as http://www.msn.com or http://www.microsoft.com, rather than an IP
address, such as 192.168.5.102 or 192.168.12.68. Dns is the primary name service for Windows Server 2008 and the
internet.
As with gateways, the best way to configure DNS depends on the configuration of your network. If computers use
DHCP, you'll probably want to configure DNS through settings on the DHCP server. If computers use static IP
addresses or you want to configure DNS specifically for an individual user or system, you'll want to configure DNS
manually.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 88 of 115


Archie May L. Degamon
Basic DNS settings
You can configure basic DNS settings by following these steps:

1. Click Start and then click Network. In Network Explorer, click Network and Sharing Center on the toolbar.
2. In Network and Sharing Center, click Manage Network Connections. In Network Connections, right-click the
connection you want to work with and then select Properties.
3. Double-click Internet Protocol Version 6 (TCP/IPv6) or internet protocol version 4 (TCP/IPv4) as appropriate
for the type of IP address you are configuring.
4. If the computer is using DHCP and you want DHCP to specify the DNS server address, select Obtain DNS
Server Address Automatically. Otherwise, select Use The Following DNS Server Addresses and then type
primary and alternate DNS server addresses in the text boxes provided.
5. Click OK three times to save your changes.

Advanced DNS settings

You configure advanced DNS settings on the DNS tab of the Advanced TCP/IP Settings dialog box, shown in Figure
21-3. You use the fields of the DNS tab as follows:

 DNS server addresses, in order of use Use this area to specify the IP address of each DNS server that is
used for domain name resolution. Click Add if you want to add a server IP address to the list. Click Remove to
remove a selected server address from the list. Click Edit to edit the selected entry. You can specify multiple
servers for DNS resolution. Their priority is determined by the order. If the first server isn't available to respond
to a host name resolution request, the next DNS server in the list is accessed, and so on. To change the
position of a server in the list box, select it and then click the up or down arrow button.
 Append primary and connection specific DNS suffixes Normally, this option is selected by default. Select
this option to resolve unqualified computer names in the primary domain. For example, if the computer name
gandolf is used and the parent domain is microsoft.com, the computer name would resolve to
gandolf.microsoft.com. If the fully qualified computer name doesn't exist in the parent domain, the query fails.
The parent domain used is the one set in the System Properties dialog box, on the Computer Name tab. (Click
System and Maintenance\System in Control Panel, then click Change Settings and view the Computer Name
tab to check the settings.)
 Append parent suffixes of the primary DNS suffix This option is selected by default. Select this check box
to resolve unqualified computer names using the parent/child domain hierarchy. If a query fails in the
immediate parent domain, the suffix for the parent of the parent domain is used to try to resolve the query.
This process continues until the top of the DNS domain hierarchy is reached. For example, if the computer
name gandolf is used in the dev.microsoft.com domain, DNS would attempt to resolve the computer name to
gandolf.dev.microsoft.com. If this didn't work, DNS would attempt to resolve the computer name to
gandolf.microsoft.com.
 Append these DNS suffixes (in order) Select this option to set specific DNS suffixes to use rather than
resolving through the parent domain. Click Add if you want to add a domain suffix to the list. Click Remove to
remove a selected domain suffix from the list. Click Edit to edit the selected entry. You can specify multiple
domain suffixes, which are used in order. If the first suffix doesn't resolve properly, DNS attempts to use the
Date Developed: Document No.
CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 89 of 115


Archie May L. Degamon
next suffix in the list. If this fails, the next suffix is used, and so on. To change the order of the domain suffixes,
select the suffix and then click the up or down arrow button to change its position.
 DNS suffix for this connection This option sets a specific DNS suffix for the connection that overrides DNS
names already configured for use on this connection. You'll usually set the DNS domain name through the
System Properties dialog box, on the Computer Name tab.
 Register this connection's addresses in DNS Select this check box if you want all IP addresses for this
connection to be registered in DNS under the computer's fully qualified domain name. This option is selected
by default.

Note Dynamic DNS updates are used in conjunction with DHCP to enable a client to update its a (host
address) record if its IP address changes, and to enable the DHCP server to update the ptr (pointer) record for
the client on the DNS server. You can also configure DHCP servers to update both the and ptr records on the
client's behalf. Dynamic DNS updates are supported only by bind 5.1 or higher DNS servers as well as server
editions of Microsoft windows.

 Use this connection's DNS suffix in DNS registration select this check box if you want all IP addresses for
this connection to be registered in DNS under the parent domain.

Figure 3 Configure advanced DNS settings on the DNS tab of the Advanced TCP/IP Settings dialog box.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 90 of 115


Archie May L. Degamon
Configuring WINS resolution
 You use WINS to resolve network basic input/output system (NetBIOS) computer names to IPv4 addresses.
You can use WINS to help computers on a network determine the address of other computers on the network.
If a WINS server is installed on the network, you can use the server to resolve computer names. Although
WINS is supported on all versions of windows, Windows Server 2008 primarily uses WINS for backward
compatibility.
 You can also configure Windows Server 2008 computers to use the local file LMHOSTS to resolve NetBIOS
computer names. However, LMHOSTS is consulted only if normal name resolution methods fail. In a properly
configured network, these files are rarely used. Thus, the preferred method of NetBIOS computer name
resolution is WINS in conjunction with a WINS server.
 As with gateways and DNS, the best way to configure WINS depends on the configuration of your network. If
computers use DHCP, you'll probably want to configure WINS through settings on the DHCP server. If
computers use static IPv4 addresses or you want to configure WINS specifically for an individual user or
system, you'll want to configure WINS manually.
 You can manually configure WINS by following these steps:
 Access the Advanced TCP/IP Settings dialog box for IPv4 and click the WINS tab as shown in Figure 4. In the
WINS addresses, In Order Of Use panel, you can specify the IPv4 addresses of each WINS server that is
used for NetBIOS name resolution. Click Add if you want to add a server IPv4 address to the list. Click
Remove to remove a selected server from the list. Click Edit to edit the selected entry.

Figure 4 configures WINS resolution for NetBIOS computer names on the WINS tab of the Advanced TCP/IP
Settings dialog box.

1. You can specify multiple servers, which are used in order, for WINS resolution. If the first server isn't available
to respond to a NetBIOS name resolution request, the next WINS server on the list is accessed, and so on. To
change the position of a server in the list box, select it and then click the up or down arrow button.
Date Developed: Document No.
CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 91 of 115


Archie May L. Degamon
2. To enable LMHOSTS lookups, select the Enable LMHOSTS Lookup check box. If you want the computer to
use an existing LMHOSTS file defined somewhere on the network, retrieve this file by clicking import
LMHOSTS. You generally will use LMHOSTS only when other name resolution methods fail.
3. WINS name resolution requires NetBIOS over TCP/IP services. Select one of the following options to
configure WINS name resolution using NetBIOS:
o If you use DHCP and dynamic addressing, you can get the NetBIOS setting from the DHCP server.
Select Default: use NetBIOS setting from the DHCP server.
o If you use a static IP address or the DHCP server does not provide NetBIOS settings, select Enable
NetBIOS Over TCP/IP.
o If WINS and NetBIOS are not used on the network, select Disable NetBIOS Over TCP/IP. This
eliminates the NetBIOS broadcasts that would otherwise be sent by the computer.
4. Click OK three times. As necessary, repeat this process for other network adapters.

Managing Network Connections

Local area connections make it possible for computers to access resources on the network and the internet. One local
area connection is created automatically for each network adapter installed on a computer. This section examines
techniques you can use to manage these connections.

Checking the status, speed, and activity for local area connections
To check the status of a local area connection, follow these steps:

1. Click Start and then click Network. In Network Explorer, click Network and Sharing Center on the toolbar.
2. In Network and Sharing Center, click Manage Network Connections. In Network Connections, right-click the
connection you want to work with and then click Status.
3. This displays the Local Area Connection Status dialog box. If the connection is disabled or the media is
unplugged, you won't be able to access this dialog box. Enable the connection or connect the network cable
to resolve the problem and then try to display the Status dialog box again.

The General tab of this dialog box, shown in Figure 21-5, provides useful information regarding the following:

 IPv4 connectivity the current IPv4 connection state and type. You'll typically see the status as local when
connected to an internal network or not connected when not connected to a network.
 IPv6 connectivity the current IPv6 connection state and type. You'll typically see the status as local when
connected to an internal network or not connected when not connected to a network.
 Media state the state of the media. Because the Status dialog box is available only when the connection is
enabled, you'll typically see this as enabled.
 Duration the amount of time the connection has been established. If the duration is fairly short, the user either
recently connected to the network or the connection was recently reset.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 92 of 115


Archie May L. Degamon
 Speed the speed of the connection. This should read 10.0 megabits per second (mbps) for 10-mbps
connections, 100.0 mbps for 100-mbps connections, and 1?gigabit per second (gbps) for 1-gigabit
connections. An incorrect setting can affect the computer's performance.
 Bytes the number of bytes sent and the number received by the connection. As the computer sends or
receives packets, you'll see the computer icons light up to indicate the flow of traffic.

Figure 5 the General tab of the Local Area Connection Status dialog box provides access to summary information
regarding connections, properties, and support.

Viewing network configuration information


In Windows Server 2008, you can view the current configuration for network adapters in several ways. To view
configuration settings using the Local Area Connection Status dialog box, follow these steps:

1. Click Start and then click Network. In Network Explorer, click Network and Sharing Center on the toolbar.
2. In Network and Sharing Center, click Manage Network Connections. In Network Connections, right-click the
connection you want to work with and then click Status. This displays the Local Area Connection Status dialog
box. If the connection is disabled or the media is unplugged, you won't be able to access this dialog box.
Enable the connection or connect the network cable to resolve the problem and then try to display the Status
dialog box again.
3. Click Details to view detailed information about the IP address configuration, including:

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 93 of 115


Archie May L. Degamon
o Physical address the machine or media access control (mac) address of the network adapter. This
address is unique for each network adapter.
o IPv4 IP address the IPv4 address assigned for IPv4 networking.
o IPv4 subnet mask the subnet mask used for IPv4 networking.
o IPv4 default gateways the IPv4 address of the default gateways used for IPv4 networking.
o IPv4 DNS servers IP addresses for DNS servers used with IPv4 networking.
o IPv4 WINS servers IP addresses for WINS servers used with IPv4 networking.
o IPv4 DHCP server the IP address of the DHCPv4 server from which the current lease was obtained
(DHCPv4 only).
o Lease obtained a date and time stamp for when the DHCPv4 lease was obtained (DHCPv4 only).
o Lease expires a date and time stamp for when the DHCPv4 lease expires (DHCPv4 only).

You can also use the IPCONFIG command to view advanced configuration settings. To do so, follow these steps:

1. Click Start and type cmd in the Search field.


2. Press Enter.
3. At the command line, type ipconfig /all to see detailed configuration information for all network adapters
configured on the computer.

Note The command prompt is started in standard user mode. This is not an elevated command prompt.

Enabling and disabling local area connections


Local area connections are created and connected automatically. If you want to disable a connection so that it cannot
be used, follow these steps:

1. Click Start and then click Network. In Network Explorer, click Network and Sharing Center on the toolbar.
2. In Network and Sharing Center, click Manage Network Connections. In Network Connections, right-click the
connection and select Disable to deactivate the connection and disable it.
3. If you want to enable the connection later, right-click the connection in Network Connections and select
Enable.

If you want to disconnect from a network or start another connection, follow these steps:

1. Click Start and then click Network. In Network Explorer, click Network and Sharing Center on the toolbar.
2. In Network and Sharing Center, click Manage Network Connections. In Network Connections, right-click the
connection and select Disconnect. Typically, only remote access connections have a Disconnect option.
3. If you want to activate the connection later, right-click the connection in Network Connections and select
Connect.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 94 of 115


Archie May L. Degamon
INFORMATION SHEET 2.5

PROCEDURES/ TECHNIQUES ON ISOLATION AND TESTING OF PC


SERVER

When people talk about computer security, there's almost always a discussion of isolating a computer. A machine that
has sensitive data or that should only be accessed by certain people might be behind closed doors and without
network access, just for the sake of safety. As someone else once put it, the only truly secure computer is one that's in
a locked room and not connected to a network (and probably not plugged in or turned on, either).

Isolating a server isn't an all-or-nothing proposition, however. There are degrees of isolation that can be performed on
a system, from simple firewalling to total physical isolation. If you're nervous about the possible effects of having a
system exposed to the outside world (or even to parts of your own organization), a partial lockdown may be every bit
as effective as a total lockdown depending on your needs.

Firewalling

Firewalls are the simplest and most basic way to give a computer a degree of isolation, mostly as protection against
direct attacks on the server. All versions of Windows ship with Microsoft's own basic but reasonably useful firewall
product, which can be used to lock in everything that doesn't need to be accessed. It works both by port and by
application, so it has that much more flexibility for incoming as well as outgoing traffic. However, it doesn't do anything
to protect the traffic itself -- if someone sends plaintext to the server and it responds as plaintext, anyone who can
capture those packets will know what's going on.

Virtual network segmentation/subnetting

Network segmentation or sub netting is another way to isolate a given computer: Give the computer in question and
any clients that need access to it their own network segment. This makes it a little more difficult to get access to the
computer in question, but it's still not impossible since it may still be connected to the same physical network segment.
Someone running Snort, for instance, on the same physical network may be able to sniff traffic.

It's also possible to isolate the computer and any needed clients on their own wires, but this is often not very practical
unless you already have space set aside for it. In one of my previous jobs, before wireless networking was feasible,
we created a separate physical network for testing by running CAT5 cables up into the ceiling spaces and back and
forth between offices. It worked, but it was inconvenient at best -- and once someone else found out what was up, we
had to dismantle the whole thing.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 95 of 115


Archie May L. Degamon
IPsec

One very elegant way to secure Windows Server machines is by using IPsec, a strongly integrated network security
mechanism that works at the packet level. Packets are encrypted and only exchanged between the server and trusted
clients according to policies created on the server. IPsec's other big benefit, aside from encryption, is verification: Are
the packets from the correct server?

Another particularly handy thing about IPsec is that it can use Windows' own built-in authentication scheme, Kerberos,
so there's less fuss when you use it than you might think. Also, since it's integrated into Windows' own IP stack and
not an adjunct to it (like a firewall), you can have a good deal of confidence in it. This allows you to exchange
protected traffic with, for example, another domain controller in another subnet. For many people, IPSec may be one
of the easiest ways to selectively isolate a server without actually removing it from the network entirely.

"Clean room" isolation

A "clean room" computer is a machine with no network connectivity at all -- it's an isolated PC, most likely hidden
behind locked doors as well. The types of circumstances that require this degree of isolation are vanishingly few, but
they do exist. For instance, a certification authority for internal use (such as code signing) could be hosted on such a
system; certificate requests would have to be brought in and out by hand. Such a machine should have strict control
over hardware and software -- it should not allow software to be installed, nor any new hardware devices, without
administrative access. This will prevent someone from, for instance, installing a wireless USB networking device or
plugging in a flash drive.

Even if you have no need in your organization for a totally isolated machine, you should at least set up policies and
physical space so that you can physically isolate a machine if you have to. Having such methods and space available
is always good if, for instance, you need to work with a PC that's been hit with a  virus or some other calamity, or you
need to check a PC for that occurrence.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 96 of 115


Archie May L. Degamon
INFORMATION SHEET 3.1

TESTING PROCEDURES
Testing Connectivity and Shutdown
After the OS is installed and network parameters configured, it is time to test both activities; an important test is to
verify the server can communicate with another machine, such as a Windows 7 client, and the client can communicate
with the server; you can do this using the Command Prompt, and after testing is complete, you can shutdown the
server.

 Verify Connectivity.
Display Start.
Click the down arrow to display several Apps.
Scroll right.
Click the Command Prompt.
Ping the second machine.
From the second machine, ping the server.
Shutdown server.
Date Developed: Document No.
CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 97 of 115


Archie May L. Degamon
o Display Start.
o Click Settings to display its contents.
o Click Power.
o Click Shutdown.
o Follow the displayed instructions to complete the shutdown.
Installation:
Since it is unlikely you are dual booting a virtual machine, the following bullets apply only if you are installing the
server on a physical machine.
o If an OS is already installed on the machine, you may see Press any key to boot from CD/DVD; this is
your opportunity to boot from the CD/DVD drive.

o If an OS is already installed on the machine, and you do not see Press any key to boot from CD/DVD,
you will have to reconfigure the boot process to boot form the CD/DVD drive.

o If an OS it not on the machine, the boot process goes directly to the CD/DVD drive and begins
booting.

o If you are installing from a DVD that came with a textbook, you may not need a product key.

o Depending on the DVD you are using, such as one that came with a textbook, or one from Microsoft,
you may see a slightly different selection menu; be sure not to select Server Core but GUI instead.

 If you have an existing operating system that you want to upgrade, when prompted, you would select
Upgrade, but in this case select Custom so you can customize the disk for installation.

 The configuration shown will depend on the partition and unallocated space on your disk(s). Notice that you
are given a number of disk options, but they are not always enabled; it depends on whether a partition or unallocated
space is highlighted; if a partition is highlighted all except New are enabled, and if an unallocated space is highlighted,
all are grayed, except New.

 When installation completes the system reboots; during the reboot you will see Press any key to boot from
CD/DVD, ignore this message since it will take you back to the beginning of the installation process. After the reboot
completes, you are prompted to create a password for user Administrator.

 Test connectivity: To verify a two-way connectivity of the server and at least one other machine, such as
Windows 7, you must configure IP settings on both the server and the second machine. If the server is on a network
with existing test machines, configure it with the same addressing scheme as the others.
o If the server is on a network with one other newly created machine, such as Windows 7, you can use
these Private addresses and subnet mask: server 172.16.0.10, 255.255.255.0; client 172.16.0.2, 255.255.255.0.

 Server Manager Dashboard: Server Manager, Configure this local server, has tools that administrators can
use to manage operating features, such as domain name services (DNS) and domain creation.
Warnings
 When partitioning the disks, Next does not depend on a selection; this means whichever space is highlighted,
partition or unallocated, and you click Next, setup formats the space, copy the necessary operating system files, and
install the operating system. Everything on that partition will be lost.

 When partitioning the disks, if you select Delete, setup will delete the highlighted partition and label it
unallocated; you will then have to use New to create a partition for the install, or click Next to install. Also, note that if
Date Developed: Document No.
CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 98 of 115


Archie May L. Degamon
you click Next, setup uses the entire highlighted space for the install, but if you do not want to use the entire space, to
install the operating system, use New to create the partition size from the unallocated space.

INFORMATION SHEET 3.2

PRE-DEPLOYMENT PROCEDURES AND PRACTICES

Windows Pre-Deployment Configurations And Best Practices

 Windows & Windows Server

Pre-deployment
Continuously adhere to all System Requirements for Windows-Based Backup Solutions to ensure sustained stability
of your Datto implementation.

Hardware Health
Run chkdsk to be sure that all RAIDs and individual disks report back as healthy. Perform necessary disk repairs prior
to deploying any backup agent. Failure to do so may result in backing up corrupted systems and restoration failures.

Disk Defragmentation
While Datto can perform backups that are running disk defragmentation, be aware that this rearranges data at a block
level, and larger backups will consequently result.  Run a disk defragmentation before deployment of the agent. VSS-
aware disk defragmentation programs may allow for smaller backups, but this would be left to your own discretion.

Windows updates
Download Windows updates, service packs, and any other Microsoft provided updates. After installing these updates,
reboot the server. When scheduling your deployment, remember that the 2nd Tuesday of every month is Microsoft's
"patch Tuesday."

Virus scan
Run a virus scan before you deploy the Datto backup solution to your production machine.

Event Viewer
Check the target's system and application logs to see if there are any VSS or hardware errors. Resolve any errors
before attempting to install the agent.

Exchange
Since Exchange Servers are essentially database servers with mail stores in EDB (Exchange Database Format),
Datto recommends the same procedures for maintenance jobs as SQL (see above SQL recommendation).  Make sure

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 99 of 115


Archie May L. Degamon
that the Exchange writers are enabled on your operating system. Also, check for additional enabled archiving tools
(such as auto-archiving) that may cause larger incremental changes.

Hypervisors
Datto recommends that hypervisors have their datastores isolated on a separate partition, and that the non-datastore
volumes be backed up by the Datto backup solution. Servers that reside on the datastore should be backed up
individually to allow for more granular recovery and restore efforts. Best practices for backing up hypervisors can be
found here.

Clustering
Due to an incompatibility between the Datto backup software and Cluster Shared Volumes (CSVs), Datto backup
software does not support backing up Hyper-V hosts that are members of a failover cluster. Datto backup solutions do
not support backing up any other OS that has access to a CSV. However, we can support backing up  a guest
VM running on a Hyper-V failover cluster, as long as the guest OS itself does not access a CSV.

Proxies
ShadowSnap and ShadowProtect do not support the use of proxy servers on the network. Agents must check in to
StorageCraft to verify their license monthly.

Laptops
Due to their mobile nature, Datto does not endorse or support backing up laptops. Laptops must be inside the LAN,
and not on a wireless network, to perform backups in a timely manner.  Attempts to back up laptops are at your own
discretion.

Because of this, and due to the wide range of touchpad drivers, custom drivers, and hardware configurations available
for both laptops and all-in-one workstations, restoration support for these platforms is 'best-effort' only.

Firewall rules

 The protected machine must have Internet access, and be able to


reach https://device.dattobackup.com/certApi.php, for the initial installation of the Datto Windows Agent.
 From protected machine to Datto appliance: Port 3260 (for iSCSI), 3262 (for Mercury), UDP 139, and TCP
25568 must be open in both directions.
 The Datto Windows Agent uses Mercury as its primary transport method; however, if this fails, backups are
intended to fall back to iSCSI.
 From Datto appliance to internet: ports 22, 80, 123, 443 must be open outbound to, at minimum, the
addresses specified in this article: Datto IP Ranges.
 You may need additional addresses for the off-site syncing continuity. See Datto Networking
Requirements for local and offsite networking requirements and best practices.

Antivirus exceptions

 Set service-level exceptions for the Datto Backup Agent and Datto Provider services. 


 Set an application-level exception for the Datto Windows Agent (DattoBackupAgent.exe).
 Whitelist the following installation path: 
%SYSTEMROOT%\Program Files\Datto\Datto Windows Agent.
Date Developed: Document No.
CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 100 of 115


Archie May L. Degamon
 Verify that no other backup software is installed on the machine.

Setting backup schedules and initial configuration

 Before setting a backup schedule, discuss with your client how far back you would ever need to go to retrieve
data. Set the expectations with them and provide a schedule accordingly. Set the local data retention policies based
on these conversations and expectations. Remember that long-running retention policies will require more disk space,
and should be considered when sizing an appliance.
 Consider the server’s role when establishing a backup schedule. A file server may need multiple backups
during business hours, as files are in constant change. A terminal server simply housing configurations, however, may
not require as many backups per day, as there is little to no change provided. Like any other service on a server,
backups consume resources and take disk input / output.
 The size of your server's backups can grow if you use Distributed File System (DFS) in your environment.
See How Distributed File System (DFS) Interacts with the Datto Solution for more information.
 Prior to the initial backup, ensure that all undesired volumes are excluded. Remember that backups may be
attempted on any additional drives attached to the machine (USB drives, additional storage drives, etc.).

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 101 of 115


Archie May L. Degamon
INFORMATION SHEET 3.3

END USER REQUIREMENTS

The Microsoft® Web Platform is a powerful set of tools, servers, and technologies optimized for building and hosting
next-generation Web applications and solutions. At the base of the Microsoft Web Platform is Windows Server® 2008,
Windows Server® 2008 R2, or another Windows Server® operating system version. Windows Server 2008 R2 comes
with Internet Information Services 7.5 (IIS 7.5), a Web server and security-enhanced platform for developing and
reliably hosting Web applications and services. Windows Server 2008 comes with IIS 7.0. IIS 7.0 and 7.5 (together
known as IIS 7) include a componentized architecture for greater flexibility and control. IIS 7 and above also provides
simplified management and powerful diagnostic and troubleshooting capabilities. IIS Manager extensions make it easy
to administer local and remote Web servers.

IIS 7 and above, together with the Microsoft® .NET Framework 3.0, provides a comprehensive platform for building
applications. Additionally, IIS plays a central role in unifying the Microsoft Web platform technologies—Microsoft®
ASP.NET, Windows® Communication Foundation (WCF) Web services, and Windows® SharePoint® Services.

This article describes general procedures for installing Windows Server 2008 or Windows Server 2008 R2; links for
more detailed information can be found throughout the article. After installing Windows Server 2008 or Windows
Server 2008 R2, you will need to install IIS.
Operating System Editions

Windows Server 2008 and Windows Server 2008 R2 are available in multiple editions to support the varying server
and workload needs of organizations. The four main editions include Windows Server® 2008 R2 Standard, Windows
Server® 2008 R2 Enterprise, Windows Server® 2008 R2 Datacenter, and Windows® Web Server 2008 R2 (or
Windows Server® 2008 Standard, Windows Server® 2008 Enterprise, Windows Server® 2008 Datacenter, and

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 102 of 115


Archie May L. Degamon
Windows® Web Server 2008). See Overview of Editions for more detailed information about the various editions of
Windows Server 2008 R2 and Windows Server 2008.
Hardware Requirements

Processor — Processor performance depends not only on the clock frequency of the processor, but also on the
number of processor cores and the size of the processor cache. The following are the processor requirements:

 Minimum: 1 GHz (for x86 processors) or 1.4 GHz (for x64 processors)
 Recommended: 2 GHz or faster

RAM — The following are the RAM requirements:

 Minimum: 512 MB
 Recommended: 2 GB or more
 Maximum (32-bit systems): 4 GB (for Windows Server 2008 Standard) or 64 GB (for Windows Server 2008
Enterprise or Windows Server 2008 Datacenter)
 Maximum (64-bit systems): 32 GB (for Windows Server 2008 Standard) or 2 terabyte (for Windows Server
2008 Enterprise, Windows Server 2008 Datacenter, or Windows Server® 2008 for Itanium-Based Systems)

Disk space requirements —The following are the approximate disk space requirements for the system partition.
Itanium-based and x64-based operating systems will vary from these estimates. Additional disk space may be
required if you install the system over a network:

 Minimum: 10 GB

 Recommended: 40 GB or more
Note

Computers with more than 16 GB of RAM require more disk space for paging, hibernation, and dump files.

 DVD-ROM drive
 Super VGA (800 x 600) or higher-resolution monitor
 Keyboard and mouse (or other compatible pointing device)

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 103 of 115


Archie May L. Degamon
INFORMATION SHEET 3.4

DOCUMENTATION AND MAKING REPORTS

One of the biggest oversights in any data center is the lack of clear and informative server documentation.

IT professionals know how to install and configure the most complex equipment, but often don't have strong
communication skills. As a result, organizations rely on administrators' memory or informally passed-along knowledge,
causing avoidable integration, upgrade and troubleshooting problems because administrators forget what they've
done or leave behind a knowledge vacuum.

Here are some strategies for improving your server documentation.

Strong server documentation

There is no single established standard for system or server documentation. The emphasis is not on the path, but
rather on establishing a "map" of how each system is equipped, configured and integrated into the data center so that
other IT professionals can understand, test, upgrade and troubleshoot it and the production environment with minimal
time wasted.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 104 of 115


Archie May L. Degamon
Organizations document their servers and systems differently, using vastly different criteria and levels of detail. But
there are ways to shore up haphazard documentation.

Lists. Start with a hardware inventory that includes a list of all major components. Follow that up with a software
inventory that details the operating systems, hypervisors, virtual machines (and all their operating systems), drivers,
applications (workloads), and all the associated licensing information.

Any system inventory tool can detail hardware and software components and update over time, but a printed
component list offers a complete at-a-glance picture, which can easily be compared to systems' purchase
specifications. Organize inventory reports along with original installation or recovery media and any original vendor
documentation, such as manuals or setup guides.

Instructions. Next, document anything related to each individual system's setup and configuration, starting with its
firmware options (BIOS settings). Also, document startup scripts. Command-line scripts notoriously lack comments, so
add them for easier changes or troubleshooting in the future. Then, implement a version control system to help
administrators track the version of each one and understand when a system might be using old or erroneous scripts.

Document the system's integration into the larger data center, including its LAN address, the media access control, or
MAC, address for each network interface card's port, and external notes that show how the system is interconnected
with network switches. Taken together, this information forms a map of the network for IT professionals to follow to
survey current architectures and make suggestions for infrastructure improvements.

Systems management tools automate at least some of these information-gathering tasks. Tools frequently replace
more formalized documentation because reporting changes dynamically and won't become obsolete. No matter the
method, implement a process to update systems and their associated documentation as changes occur. Wrong
documentation can be worse than no documentation

Where is that document?

As is the case with system and server documentation content, there is no clear choice for where to keep it.

System documentation should ideally be located close to the physical system, speeding access to important details
when uptime is on the line. Keep documentation on something other than the system it represents. Documentation is
meant to help with troubleshooting, but saving notes on the system's local hard drive won't do much good if that
system fails or becomes inaccessible.

Consolidating documents in a single location is also common. If you choose this route, set aside a shelf for manuals,
configuration files and other details in the data center. Avoid redundant copies of documentation -- changes to one
copy often don't get migrated to subsequent copies, resulting in errors and confusion.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 105 of 115


Archie May L. Degamon
The document medium itself makes little practical difference. Paper printouts, files on optical discs, records on flash
drives -- even a library of electronic manuals and documentation files on the primary storage area network: These are
all acceptable media depending on the size and complexity of your environment. Systems management tools might
generate very few hard-copy documents. Ensure consistency and consolidation so that each set of details is readily
available.

Handle server documentation with care

Generally, the vendor documentation that accompanies a new server has limited value once the system is actually
configured and deployed, but it is good practice to retain vendor documentation with new documentation you develop.

Vendor documentation bulk and clutter is becoming less of an issue as more vendors shift to Web-based
documentation and guides. For example, vendors can update their online documentation alongside an evolving
knowledge base to help deal with errors, oversights, troubleshooting and workarounds.

Still, the original documentation and current configuration details add value when an aging system is repurposed (sold
to another user or reassigned to another business unit).

For your documentation convenience

Documentation must be clear and precise -- down to the specific keystrokes or mouse clicks of a complex setup and
configuration procedure. It is possible to document detailed activities manually, but the potential to skip over certain
steps is high.

Tools record processes and give documentation users a step-by-step insight into key procedures.

One tool is Microsoft's Problem Steps Recorder (PSR.exe), originally introduced with Windows 7 and Windows Server
2008 R2 to help support staff see what's happening on remote users' desktops. IT administrators recognized that the
ability to record and comment on each mouse click and then save that activity into a zipped MHTML report could be
used for more than remote user activities.

The tool, continued in Windows Server 2012, can record and document important activities for client- and server-side
systems. It creates a library of recordings that staff can refer to when they tackle important setup and configuration
activities. To launch PSR.exe, click Start, type psr into the search line, then click on the PSR applet that appears in
the search results list.

There are no established standards for documenting any part of a data center, so documentation quantity and quality
vary from one organization to another. Peer-review improves documentation, allowing other IT staff to read material
and provide feedback on its clarity and completeness. And data center managers should make time for periodic
training, allowing IT staff to familiarize themselves with the available documentation before they need it.

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 106 of 115


Archie May L. Degamon
REFERENCES
https://www.wikihow.com/Install,-Configure,-and-Test-Windows-Server-2012-R2

https://world.episerver.com/Search/?searchQuery=PRE DEPLOYMENT%20PROCEDURES%20AND
%20PRACTICES

https://docs.oracle.com/cd/E11857_01/em.111/e16599/customizing_dps.htm

https://kb.datto.com/hc/en-us/articles/115005985646-Windows-Pre-Deployment-Configurations-and-Best-Practices-

https://docs.microsoft.com/en-us/iis/install/installing-iis-7/install-windows-server-2008-and-windows-server-2008-r2

https://www.microsoft.com/en-ph/download/details.aspx?id=5842

https://www.askvg.com/download-windows-7-service-pack-1-now/

https://www.rapid7.com/db/vulnerabilities/servicepack-windows-2008-r2-sp1-x64

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 107 of 115


Archie May L. Degamon
https://msdn.microsoft.com/en-us/library/dd184080.aspx

https://docs.microsoft.com/en-us/windows-server/administration/server-core/server-core-roles-and-services

http://www.tech-faq.com/understanding-server-roles.html

tps://www.lifewire.com/what-is-dhcp-2625848

https://whatismyipaddress.com/dhcp

https://www.cloudflare.com/learning/dns/what-is-dns/

http://www.networksolutions.com/support/what-is-a-domain-name-server-dns-and-how-does-it-work/

https://dyn.com/blog/dns-why-its-important-how-it-works/

https://msdn.microsoft.com/en-us/library/ee256001.aspx

https://www.coursera.org/lecture/system-administration-it-infrastructure-services/what-are-file-services-wStCJ

https://msdn.microsoft.com/en-us/library/dd163554.aspx

https://searchnetworking.techtarget.com/definition/network

https://www.techopedia.com/definition/5537/network

https://www.merriam-webster.com/dictionary/network

Date Developed: Document No.


CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 108 of 115


Archie May L. Degamon
Date Developed: Document No.
CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 109 of 115


Archie May L. Degamon
Date Developed: Document No.
CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 110 of 115


Archie May L. Degamon
Date Developed: Document No.
CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 111 of 115


Archie May L. Degamon
Date Developed: Document No.
CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 112 of 115


Archie May L. Degamon
Date Developed: Document No.
CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 113 of 115


Archie May L. Degamon
Date Developed: Document No.
CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 114 of 115


Archie May L. Degamon
Date Developed: Document No.
CBLM on CSS NC II August 2018 Issued By:

Set-up Computer Servers Developed by: CITCI Page 115 of 115


Archie May L. Degamon

You might also like