6419A:

Configuring,Managing
and Maintaining
Windows Server 2008
Servers
 At Course Completion
• Describe the different administrative tools and tasks in Windows Server
2008.
• Configure AD DS user and computer accounts.
• Create Groups and Organizational Units.
• Manage access to shared resources in an AD DS environment.
• Configure Active Directory Objects and Trusts.
• Create and configure Group Policy Objects.
• Configure user and computer environments by using Group Policy.
• Implement security by using Group Policy.
• Configure and analyze server security and security update compliance.
• Configure and manage storage technologies included with Windows
Server 2008.
• Configure and manage Distributed File System.
• Configure Network Access Protection.
• Configure availability of network resources.
• Monitor and Maintain servers running Windows Server 2008.
• Manage a Windows Server 2008 Backup and Restore.
 Prerequisites
• At least one year experience operating Windows Servers in
the area of account management,
• server maintenance, server monitoring, or server security.
• A+, Server+, hardware portion of Net+, and familiarity with
Windows (client side).
• Working knowledge of networking technologies.
• Intermediate understanding of network operating systems.
• Working experience with Windows Server 2003 and
Windows Server 2008.
• Basic knowledge of Active Directory.
• An understanding of security concepts and methodologies
(for example, corporate policies).
• Basic knowledge of TCP/IP.
• Basic knowledge of scripting tools such as Powershell and
WMI.
 Module 1: Introduction to Administrative Tasks in Windows
Server 2008 Environment

• Lessons
• Server Roles
• Overview of Active Directory
• Using Windows Server 2008 Administrative Tools
• Using Remote Desktop for Administration
• Lab: Administering Windows Server 2008
• Configuring Remote Desktop for Administration
• After completing this module, students will be able to:
• • Describe server roles and how they are categorized.
• • Describe the characteristics of Active Directory components.
• • Describe common Windows Server 2008 Administrative Tools.
• • Describe how to use Remote Desktop for Administration
 Server Roles
• Role:-Windows Server 2008 is designed
around certain roles and features. A role is a
primary duty that a server performs.

• Feature:- A feature is something that helps a

server perform its primary duty (Windows
Backup, network load balancing). Certain roles
are comprised of sub-elements called Role
Services,
•
List of Server
Active Directory Certificate Services.
Roles
• Active Directory Domain Services.
• Active Directory Federation Services (ADFS).
• Active Directory Lightweight Directory Services.
• Active Directory Rights Management Services.
• Application Server.
• Dynamic Host Configuration Protocol (DHCP) Server.
• DNS Server.
• Fax Server.
• File Services.
• Hyper-V.
• Network Policy and Access Services
• Print Services.
• Terminal Services.
• Universal Description, Discovery, and Integration (UDDI) Services.
• Web Server (IIS).
• Windows Deployment Services (WDS).
 Roles
Description
Active Directory Certificate Services.
Provides the services for creating and managing public key certificates used in
most aspects of security today, including HTTP Security (HTTPS), which is vital
to many Windows Roles; Wireless network security; VPNs; IPsec; Encrypting
File System (EFS); and other software security systems that require
encryption or digital signatures.
Active Directory Domain Services.
Previously known as just Active Directory, AD Domain Services stores
information about users, computers, and other devices on the network in a
security boundary known as a domain. With resources and users being 
members of a domain or trusted hierarchy of domains known as a forest,
access to company wide information is secure and no burden on the user.
Active Directory Federation Services (ADFS).
Provides Web single-sign-on (SSO) capabilities across separate organizations,
allowing authentication across multiple Web applications in various
companies using a single user account. ADFS accomplishes this by securely
federating, or sharing, user identities and access rights, in the form of digital
claims, between partner organizations once a federation trust has been
established.
Active Directory Lightweight Directory Services.
Previously known as Active Directory Application Mode (ADAM), Active Directory
Lightweight Directory Services provides a directory service that organizations can
use to store information specific to an application that is separate from the
organization's main AD. Active Directory Lightweight Directory Services runs as a
non-OS service and doesn't require deployment on a DC, with multiple Active
Directory Lightweight Directory Services instances supported on a single server.
Active Directory Rights Management Services.
Provides very granular protection on supported documents via AD RMS-enabled
applications to not only protect documents and other digital information but also to
control the actions that authorized consumers of the information can do.
Application Server.
Comprises a number of components that are responsible for the deployment and
managing of .NET Framework 3.0 applications. These components include the .NET
Framework, Web Server (IIS) Support, Message Queuing, COM+ Network Access,
TCP Port Sharing, Distributed Transactions and Windows Process Activation Service
Support
Dynamic Host Configuration Protocol (DHCP) Server.
Allows servers to assign or lease IP addresses to computers and other devices that
are enabled as DHCP clients on the network.
DNS Server.
DNS is used to resolve host names to IP addresses, both IPv4 and IPv6.
Fax Server. Sends and receives faxes, and allows you to manage fax resources such
as jobs, settings, reports, and fax devices on this computer or on the network.
File Services.
Provides technologies for storage management, which includes control of the types
of files stored on a server via file screens and powerful quotas, file replication,
distributed namespace management, NFS, and support for UNIX clients.
Network Policy and Access Services.
Delivers a variety of methods to provide users with local and remote network
connectivity, to connect network segments, and to allow network administrators to
centrally manage network access and client health policies. With Network Access
Services, you can deploy VPN servers, dial-up servers, routers, and 802.11 protected
wireless access. You can also deploy RADIUS servers and proxies, and use
Connection Manager Administration Kit to create remote access profiles that allow
client computers to connect to your network.
Print Services.
Enables the management of print servers and printers. A print server reduces
administrative and management workload by centralizing printer management
tasks. Also part of Print Services is the Print Management Console, which
streamlines the management of all aspects of printer server management including
the ability to remotely scan a subnet for printers and automatically create the
necessary print queues and shares.
Terminal Services.
Enables users to access Windows-based programs that are installed on a terminal
server or to access the Windows desktop from almost any computing device that
supports the RDP protocol. Users can connect to a terminal server to run programs
and to use network resources on that server.
Web Server (IIS).
Enables sharing of information on the Internet, intranets, or
extranets. It's a unified Web platform that integrates IIS 7.0,
ASP.NET, and Windows Communication Foundation. IIS 7.0 also
features enhanced security, simplified diagnostics, and delegated
administration.

Windows Deployment Services (WDS).

Used to install and configure Windows OSs that are stored in the
Windows Imagine format remotely on computers via Pre-boot
Execution Environment (PXE) boot ROMs.
Active Directory
Active Directory provides the means to manage the
identities and relationships that make up your
organization's network. Integrated with Windows Server
2008, Active Directory gives you out-of-the-box
functionality needed to centrally configure and
administer system, user, and application settings. Active
Directory Domain Services (AD DS) stores directory data
and manages communication between users and
domains, including user logon processes, authentication,
and directory searches.
Windows Server 2008 Administration
Tools for roles
• Active Directory Certificate Services Tools
• Active Directory Domain Services (AD DS) Tools
• Active Directory Lightweight Directory Services
(AD LDS) Tools
• DHCP Server Tools
• DNS Server Tools
• File Services Tools
• Network Policy and Access Services Tools
• Terminal Services Tools
Windows Server 2008 Administration
Tools for features
• BitLocker Drive Encryption Tools
• Failover Clustering Tools
• Group Policy Management Tools
• Network Load Balancing Tools
• SMTP Server Tools
• Storage Manager for SANs Tools
• Windows System Resource Manager Tools
 Enabling Remote Desktop
Administration on the Remote Server
 Remote Desktop Client
• Start -> All Programs -> Accessories -> Remote
Desktop Connection or enter the following in
the Run dialog or at a command prompt:
• Type mstsc
 Module 2: Creating Active Directory Domain
Services User and Computer Objects
• Managing User Accounts
• Creating Computer Accounts
• Automating AD DS Object Management
• Using Queries to Locate Objects in AD DS
Lab: Creating AD DS User and Computer Accounts
• Creating and Configuring User Accounts
• Creating and Configuring Computer Accounts
• Automating the Management of AD DS Objects
After completing this module, students will be
• Configure AD DS user accounts.
• Configure AD DS computer accounts.
• Automate AD DS Object Management.
• Use queries to search AD DS.
 Types of AD DS Objects
• User accounts
Enables a single sign-on for a user
Provides access to resources
• InetOrgPerson
Similar to a user account
Used for compatibility with other directory services
• Computer accounts
Enables authentication and auditing of computer access to resources
• Organizational Unit
Used to group similar objects for administration
• Group accounts
Helps simplify administration
• Printers
Used to simplify the process of locating and connecting to printers
• Shared folders
Used to simplify the process of locating and connecting to shared folders
Configuring AD DS User Accounts
 Common tasks with Active
Directory Users and Computers
• Create a new user
• Create a new group
• Create a new container object
• Make a user a member of a group
• Change a password
• Unlock an account
• Disable an account.
• Move a user
• Restrict logon times
• Delete a group
• Delegate authority
• Allow users to use VPN
• Make a change to a specific attribute for an object
 AD DS Group Types
Distribution groups
• Used only with e-mail applications
• Not security-enabled
Security groups
• Used to assign rights and permissions to
groups of users and computers
• Used most effectively when nested
 Group scope
Machine local groups
Are basically groups that are built in to the operating system and can be
applied only to objects local to the machine in which they exist. In other
words, they are the default local groups such as Power Users,
Administrators, and the like created on a stand-alone system.
Domain local groups
A term that may seem conflicting at first, are domain-level groups that can
be used to set up permissions on resources in the domain in which they exist.
Basically, domain local groups are the evolution of the old Windows NT local
groups.
Domain local groups can include members from anywhere in an AD DS forest
or any trusted domain outside the forest. A domain local group can include
members from any of the following:

1) Global groups
2) User accounts
3) Universal groups (in AD Native mode only)
4) Other domain local groups (nested, in Native mode only)
Global Groups

Are the rebirth of the legacy Windows NT global group, but with
somewhat different features. These groups can include the following
types of objects:

1)User accounts
2)Global groups from their own domain (Native mode only).

Universal Groups

The concept of universal groups was new with the release of

Windows 2000 and is still useful in Windows 2008. Universal groups are
just that—universal. They can include objects from any trusted domain
and can be utilized to apply permissions to any resource in the domain.
 Managing Access Control
• This topic describes concepts that are related to
administering Web Sphere Portal access control.
• To administer access control, use the Resource
Permissions, User and Group Permissions, and
Manage Users and Groups portlets. See the portlet
help documents for detailed information about
administrative tasks that are related to access
control.
Overview
• Overview of Managing Access to
• Resources
Managing Access to Shared Folders
Managing Access to Files and Folders

• Using
• NTFS Permissions
Determining Effective Permissions
Managing Access to Shared Files Using

• Offline Caching
 What Are Permissions?
• Permissions define the type of access granted to a user, group, or
computer for an object .
• You apply permissions to objects such
• as files, folders, and printers