2640 12299 itu notes windows server 2012 installation and configuration
DESCRIPTION
windows server 2012 Install and configureTRANSCRIPT
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Course Outline
§ Planning, Installing, and Configuring Windows Server 2012 § Installing and Configuring an Active Directory Domain Controller § Administering Active Directory Objects § Automating Administrative Tasks § Configuring IPv4 § Configuring IPv6 § Installing and Configuring DHCP § Installing and Configuring DNS § Configuring Storage Spaces and File and Print Services § Configuring Group Policy § Securing Windows Servers § Installing and Configuring Virtual Servers and Clients
OV 1 - 1
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Planning, Installing, and Configuring Windows Server 2012
§ Introduction to Windows Server 2012 § Describe Windows Server 2012 Management § Plan and Install Windows Server 2012 § Configure Windows Server 2012
OV 1 - 2
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Networking Environments
§ Local clients and servers § Cloud services (public, private, or both)
OV 1 - 3
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Windows Server 2012 Server Roles
§ Active Directory Certificate Services (AD CS) § Active Directory Domain Services (AD DS) § Active Directory Federation Services (AD FS) § Active Directory Lightweight Directory Services (AD LDS) § Active Directory Rights Management Services (AD RMS) § Application Server § DHCP Server § DNS Server § Fax Server § File and Storage Services
OV 1 - 4
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Windows Server 2012 Server Roles (Cont.)
§ Hyper-V § Network Policy and Access Services § Print and Document Services § Remote Access § Remote Desktop Services § Volume Activation Services § Web Server (IIS) § Windows Deployment Services (WDS) § Windows Server Update Services (WSUS)
OV 1 - 5
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Windows Server 2012 Features
§ Windows BitLocker Drive Encryption § Failover Clustering § Group Policy Management § Ink and Handwriting Services § Internet Printing Client § Network Load Balancing (NLB) § Remote Assistance § Remote Server Administration Tools § Simple Mail Transfer Protocol (SMTP) Server § Telnet Client, Telnet Server § Windows PowerShell § Windows Server Backup § Windows System Resource Manager (WSRM) § Wireless Local Area Network (LAN) Service § Windows on Windows (WoW) 64 Support
OV 1 - 6
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
New Features in Windows Server 2012
§ Command auto-completion § Enhanced storage § Features on Demand § IP Address Management (IPAM) Server § New cmdlets § Resilient File System (ReFS) § Revised Task Manager § User interface § Windows BranchCache
OV 1 - 7
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Comparing Server Roles and Features
§ Server Roles § Programs that configure a server to perform a specific function for users and/or
computers on the network. Users typically access servers that are hosting server roles.
§ Examples: The DHCP Server role leases IP addresses to clients and devices; the DNS Server role configures the server to find the IP address for a given FQDN.
§ Features § Applications that increase the functions the server can perform. In general, users do
not access features. § Examples: You use Windows Server Backup to back up the server, not clients. The
Wireless LAN Service enables you to connect the server to the network wirelessly.
OV 1 - 8
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Windows Server 2012 Editions
§ Windows Server 2012 Datacenter § Designed for large organizations that need highly virtualized private and hybrid cloud network
environments. § Designed for use by large organizations. § Includes all features of Windows Server 2012 and unlimited virtual machine instances.
§ Windows Server 2012 Standard § Designed for network environments with minimal virtualization needs. § Includes all features of Windows Server 2012 and two virtual machine instances.
§ Windows Server 2012 Essentials § Designed for use by small businesses with a maximum of 25 users and 50 network devices. § Tailored to the needs of a small organization with no more than 25 users. § Includes a streamlined interface, configuration for connecting to cloud services, and no support for
virtualization.
§ Windows Server 2012 Foundation § Designed for very small organizations with up to 15 users. § Includes general-purpose server functionality and no support for virtualization.
OV 1 - 9
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Windows Server 2012 Licensing
§ Windows Server 2012 Datacenter § Processor license for each CPU in the server. § Client access license (CAL) for each user or device that connects to the server.
§ Windows Server 2012 Standard § Processor license. § CAL per user or device.
§ Windows Server 2012 Essentials § Server license that supports a maximum of two server CPUs. § Maximum of 25 users.
§ Windows Server 2012 Foundation § Server license that supports only one CPU in the server. § Maximum of 15 users.
OV 1 - 10
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Administrative Tools and Tasks
§ Server Manager § Add and configure server roles. § Examine and configure services. § Monitor events. § Configure server and network settings such as name, domain, and IP addresses. § Evaluate servers and the network (Best Practices Analyzer).
§ Windows PowerShell § Perform nearly all tasks that can be managed in the GUI. § Bulk administer objects.
§ Active Directory Users and Computers; Active Directory Administration Center
§ Create and manage Active Directory objects. § Group Policy Management
§ Create and configure group policies. § Performance Monitor
§ Monitor server and network performance.
OV 1 - 11
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Administrative Tools and Tasks (Cont.)
§ Task Manager § Monitor server and network functionality, and performance.
§ Resource Monitor § Monitor server resources.
§ Task Scheduler § Create and schedule administrative tasks to run automatically.
§ Various MMCs, such as the DNS console § Perform server-role specific tasks.
§ Remote Desktop § Perform remote management.
§ WinRM § Perform remote management from a command-line interface.
OV 1 - 12
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Introduction to Server Manager
§ Manage configuration of multiple servers. § Review server event logs. § Install and configure additional roles. § Manage Windows services on each server. § Launch PowerShell for command-line administration.
OV 1 - 13
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
The Server Manager Interface
OV 1 - 14
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Multi-Server Management
§ Shows all servers running a particular service in the domain § Gives quick statistics about each server and service § Can open the management console for each service on each server § Can open other management tools:
§ RDP § PowerShell § Add Roles and Features § Computer Management § NIC Teaming § Performance Counters § Shut Down
OV 1 - 15
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
The Dashboard Pane
§ Top section displays a list of steps for configuring a server. § Bottom section displays “bird’s eye view” thumbnails of servers.
OV 1 - 16
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
All Servers Pane
§ View a series of sections: § Servers § Events § Services § Best Practices Analyzer § Performance § Roles and Features
OV 1 - 17
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
The File and Storage Services Pane
§ When selected, displays a second level of options: § Servers § Volumes § Disks § Storage Pools § Shares § iSCSI
OV 1 - 18
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
The File and Storage Services Pane (Cont.)
OV 1 - 19
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Windows Server 2012 System Requirements Hardware Component Minimum Requirement Recommended Hardware
Processor 1.4 GHz 64-bit processor 3.1 GHz or faster
RAM 512 MB 16 GB or more
Disk space 32 GB 128 GB or larger
§ DVD drive § Super VGA (800x600) or higher resolution monitor § Keyboard and mouse § Internet access
Additional hardware needed:
OV 1 - 20
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Windows Server 2012 Installation Methods § Optical media such as a DVD § USB drive § Network share § Mounted ISO image § Windows Deployment Services (WDS) § System Center Configuration Manager (SCCM) § Virtual Machine Manager templates
OV 1 - 21
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Installation Types
§ Fresh install § Upgrade § Migration
OV 1 - 22
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Installation Modes
§ Server Core § Server with the graphical user interface (GUI) § Server with the Minimal Server Interface
OV 1 - 23
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Upgrade Paths for Windows Server 2012
Current Version of Windows Server Can Upgrade To
Windows Server 2008 Standard with SP2 or Windows Server 2008 Enterprise with SP2
Windows Server 2012 Standard, Windows Server 2012 Datacenter
Windows Server 2008 Datacenter with SP2 or Windows Server 2008 R2 Datacenter with SP1
Windows Server 2012 Datacenter
Windows Web Server 2008 or Windows Web Server 2008 R2
Windows Server 2012 Standard
Windows Server 2008 R2 Standard with SP1 or Windows Server 2008 R2 Enterprise with SP1
Windows Server 2012 Standard, Windows Server 2012 Datacenter
OV 1 - 24
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Migrating to Windows Server 2012
You must migrate the following services from an older server to a Windows Server 2012 server: § Active Directory Federation Services § Health Registration Authority § Hyper-V § IP Configuration § Network Policy Server § Print and Document Services § Remote Access § Windows Server Update Services
OV 1 - 25
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Installation Planning Worksheet
OV 1 - 26
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Offline Images
§ Create and deploy server image using DISM § Create image file § Create answer file § Modify image file
OV 1 - 27
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Server Core Configuration
§ Assign a static IP address to the server. § Change the computer name and domain membership. § Implement network adapter teaming. § Enable Remote Desktop. § Activate the server.
OV 1 - 28
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
The Windows Server GUI Interface
Advantages of the full server with the graphical interface: § Contains all graphical administrative utilities. § Supports local and remote installation, configuration, and removal of server roles. § Provides use of MMC to create additional graphical consoles. Disadvantages of the full server with the graphical interface: § Is less secure. § Uses more disk space. § Consumes more RAM.
OV 1 - 29
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Full Server with GUI Configuration
Perform the same tasks as with configuring Server Core: 1. Assign a static IP address to the server. 2. Change the computer name and domain membership. 3. Implement network card teaming. 4. Enable Remote Desktop. 5. Activate the server.
OV 1 - 30
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Configure Server with a Static IP Address
Assign a static IP address,
subnet mask, and default
gateway
Assign at least one DNS server
address
OV 1 - 31
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
The Computer Name/Domain Changes Dialog Box
OV 1 - 32
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Network Card Teaming
OV 1 - 33
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Enable Remote Desktop
OV 1 - 34
Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Reflective Questions
1. In what scenario do you think it’s best to install Windows Server 2012 Server Core?
2. After configuring a server, why should you consider switching it from the GUI version of Windows Server 2012 to the Server Core version?
OV 2- 1 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Installing and Configuring an Active Directory Domain Controller
§ Overview of Active Directory § Install an Active Directory Domain Controller
OV 2- 2 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
The Active Directory Physical Hierarchy
Fuller.local domain
Rochester.fuller.local domain
Boston. fuller.local domain
Each domain contains domain controllers, users, computers, printers, and so on
OV 2- 3 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
The Active Directory Logical Hierarchy
Fuller.local domain
Rochester.fuller.local domain
Boston. fuller.local domain
OU = Headquarters
OU = Rochester
OU = Boston
OU = Sales
OU = Accounting
OU = Admin
OU = Bookstore
Site = Rochester
Site = Boston
OV 2- 4 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Active Directory Components
§ Domain controllers § Data store § Global catalog servers § Read-only domain controllers (RODCs) § Domain § Domain tree § Forest § Site § OU § Partition § Schema
OV 2- 5 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Active Directory Containers
§ Forest § Tree or domain tree § Domain § Site § Organizational unit
OV 2- 6 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Domain Controllers
Domain controllers perform these tasks: § Store a copy of the AD DS database in the NTDS.dit file. § Host a copy of the SYSVOL folder. § Authenticate users for log on purposes and also for access to resources. § Synchronize the SYSVOL folder using either File Replication Service (FRS)
or Distributed File Service (DFS) replication.
OV 2- 7 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Global Catalog Server
Global catalog servers perform these functions in the forest: § Contain a copy of the global catalog, which has references to every object
in the forest. § Enable users and administrators to search for objects such as computers
and printers distributed throughout the forest. § Support cross-domain searches.
OV 2- 8 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Operations Master Roles
Domain controllers can also host forest-wide or domain-level operations master roles: § Schema master: Is responsible for updates to the schema. § Domain naming master:
§ Processes domain name changes. § Adds or removes domains or application directory partitions to or from the forest. § Adds replicas of application directory partitions to other domain controllers. § Adds or removes cross-reference objects to or from external directories.
§ RID master: Allocates blocks of relative identifiers (RIDs) to every domain controller in the domain.
§ Infrastructure master: Updates references to objects in its own domain that point to objects in other domains, and also updates references to its local objects.
§ PDC emulator: § Supplies the correct time to the domain. § Stores the most-recent password changes. § Administers Group Policy and Distributed File System (DFS).
OV 2- 9 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Reflective Questions
1. What are the advantages of using Active Directory Domain Services? 2. Which types of installations do you expect to perform most often in your
working environment?
OV 3 - 1 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Administering Active Directory Objects
§ Design and Create an Active Directory Hierarchy § Manage Users § Manage Computers § Manage Groups § Delegate Administrative Tasks
OV 3 - 2 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Types of Active Directory Design
§ Geographical location § Organizational chart § Functional structure § Hybrid structure
OV 3 - 3 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Active Directory Structure: Geographical Design Create domains and organizational units based on geographic locations for your organization.
fuller.local
us.fuller.local eu.fuller.local
paris.eu.fuller.local
london.eu.fuller.local
rochester.us.fuller.local atlanta.us.fuller.local
Root Level Domain
Country Domains
City Domains
OV 3 - 4 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Active Directory Structure: Organizational Chart Design Create domains and organizational units based on the organization’s organizational chart.
fuller.local
marketing.fuller.local
production.fuller.local
paris.production.fuller.local
rochester.production
.fuller.local rochester.marketing.
fuller.local atlanta.marketing.
fuller.local
Root Level Domain
Departmental Domains
City Domains
OV 3 - 5 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Active Directory Structure: Functional Design
fuller.local
publishing.fuller.local
administrative.fuller.local sales.fuller.local accounting.fuller.local
Root Level Domain
Functional Domains
Create domains and organizational units based on the organizational chart structure.
OV 3 - 6 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Active Directory Structure: Hybrid Design
fuller.local
publishing.fuller.local admin.fuller.local sales.fuller.local accounting.fuller.local
Root Level Domain
Functional Domains
Create domains and organizational units based on the organizational chart structure.
Atlanta
Location Domains or Organizational
Units
Rochester Rochester Rochester Rochester Boston Atlanta Boston
OV 3 - 7 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
The Fuller & Ackerman Wide Area Network
OV 3 - 8 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
The Active Directory Administrative Tools
§ Graphical Administrative Tools § Active Directory Users and Computers § Active Directory Sites and Services § Active Directory Domains and Trusts § Active Directory Schema § Remote Server Administration Tools (RSAT) § Active Directory Administrative Center
§ Windows PowerShell Commands § Add-ADGroupMember § Disable-ADAccount § Get-ADDomain § Move-ADObject § New-ADGroup, New-ADOrganizationalUnit, New-ADUser § Remove-ADGroup, Remove-ADGroupMember, Remove-ADUser
§ Command-Line Utilities § Dsadd, Dsget, Dsmod § Dsmove, Dsquery, Dsrm
OV 3 - 9 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Tools for Creating User Accounts
§ Active Directory Users and Computers § Active Directory Administrative Center § PowerShell command New-ADUser § Command-line utility Dsadd.exe
OV 3 - 10 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
User Profiles
User profiles contain the information necessary to establish the user’s desktop environment: § The Profile Path
§ Location where desktop settings are stored. § Also referred to as a roaming profile.
§ Logon Scripts § Batch files that map drive letters to network resources.
§ Home Folder Location § A folder you create to store the user’s folders and files.
OV 3 - 11 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Default Active Directory Objects
§ Builtin § Computers § Domain Controllers § ForeignSecurityPrincipals § Managed Service Accounts § Users
OV 3 - 12 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
User Account Templates
§ Reduces workload of creating users. § Has all non-user specific configurations including group memberships. § Best practices:
§ Create the user account with an underscore at the beginning of the name. § Leave the account disabled. § Never let anyone use the template to log on. § Don’t configure template with information that is user-specific.
OV 3 - 13 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
The Computers Container
§ Default system container in Active Directory. § New computer accounts are created here by default. § Cannot have group policy directly applied to it. § Has a relative distinguished name of “CN=Computers.” § Redircmp.exe can be used to change the default computer container. § Best practices:
§ Specify another container as you create the computer account. § Move computer accounts out of this default container into real OUs.
OV 3 - 14 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Location Configuration
§ A best practice is to create OUs specifically to hold computer accounts. § It is common to create parent OUs by geography or department. § Child OUs can be for desktops or laptops. § Other child OUs can be for users, administrators, and resources. § Separate computers into OUs to delegate control and apply policy.
OV 3 - 15 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Permissions Management
§ By default, the following have permissions to create computer objects: § Enterprise Admins § Domain Admins § Administrators § Account Operators
§ You should restrict membership to administrator groups. § Delegate control over an OU by using the Delegate Control wizard.
OV 3 - 16 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Secure Channels
§ Like users, computers log on to the domain. § Ordinarily there is no need to manually reset a computer account. § If for some reason the computer cannot access its own account, you may
have to perform a secure channel reset. § You can reset a computer account using the following tools:
§ Active Directory Users and Computers § DSmod § netdom § NLTest § PowerShell
OV 3 - 17 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Types of Groups
§ Security § Distribution
OV 3 - 18 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Group Scopes
§ Local § Domain Local § Global § Universal
OV 3 - 19 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Default Management Groups
§ Schema Admins § Enterprise Admins § Domain Admins § Administrators § Server Operators § Account Operators § Backup Operators § Print Operators
OV 3 - 20 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Active Directory Domain Services Permissions § You can assign permissions to Active Directory objects:
§ Users § Computers § Groups
§ It is a best practice to delegate control to an entire OU. § Effective permissions are cumulative from individual permissions and
group membership.
OV 3 - 21 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Reflective Questions
1. Do you foresee using user account templates in your organization? Why or why not?
2. Do you think you will delegate control to OUs in your organization? Why or why not?
OV 4 - 1 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Automating Administrative Tasks
§ Introduction to Windows PowerShell § Use Windows PowerShell to Manage Active Directory Objects § Use Command-Line Tools to Administer Active Directory § Use Bulk Operations
OV 4 - 2 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Common PowerShell Uses for Administrators § Add and remove Windows Server roles and features. § Manage services. § List processes. § Create, list, and manage file systems. § View event logs. § Manage the Windows registry. § Manage monitoring tools. § Add, delete, and manage AD DS objects.
OV 4 - 3 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Windows PowerShell Features
§ Simplified syntax § Updated help § Enhanced module discovery § Session recovery § The show command § Web access § Delegated administration § Safety
OV 4 - 4 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
PowerShell Get-Help Command
OV 4 - 5 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Update Help
§ Download the latest help file. § If Update Help cannot contact the Microsoft site, you can cancel and
continue.
OV 4 - 6 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Get-Help Service
OV 4 - 7 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Common Cmdlet Verbs
§ Add § Backup § Clear § Close § Disable § Enable § Install § Get
§ New § Set § Show § Stop § Suspend § Uninstall § Rename
Note: some words such as “backup” or “new” are treated as single verbs in PowerShell.
OV 4 - 8 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Common Event Viewer Cmdlets
§ Get-EventLog § Show-EventLog § Clear-EventLog § Limit-EventLog
OV 4 - 9 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
The Get-EventLog Command
§ Get-EventLog retrieves log entries. § Must include the name of the event log file. § -Newest <number> gives most recent entries only.
OV 4 - 10 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Service Cmdlets
§ Start-Service § Get-Service § Stop-Service § Suspend-Service § Resume-Service § Set-Service § Restart-Service
OV 4 - 11 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Process Cmdlets
§ Start-Process § Get-Process § Stop-Process § Wait-Process § Debug-Process
OV 4 - 12 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
An Advanced PowerShell Cmdlet
§ Get-Counter –Counter “\Processor(_Total)\% Processor Time” –SampleInterval 10 –MaxSamples 100
OV 4 - 13 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
The -Whatif Parameter
§ -WhatIf shows what would happen without actually doing it.
OV 4 - 14 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
The -Confirm Parameter
§ The -Confirm parameter executes a command with confirmation. § Note: PowerShell will still ask you to confirm if the action will be taken
on more than one object.
OV 4 - 15 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
PowerShell ISE
OV 4 - 16 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
PowerShell ISE Scripting Pane
§ The Scripting pane is available on the toolbar.
OV 4 - 17 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Execution Policies
§ Restricted – Scripts will not execute. § RemoteSigned – Locally created scripts will run; downloaded scripts
must be digitally signed. § AllSigned – Scripts signed by a trusted publisher will run. § Unrestricted – Any script, signed or unsigned, will run. Set-ExecutionPolicy Unrestricted
OV 4 - 18 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
User Management PowerShell Cmdlets
§ Get-AdUser § New-ADUser § Set-ADUser § Enable-ADAccount § DisableADAccount § Remove-ADUser § Unlock-ADAccount § Set-ADAccountPassword § Set-ADAccountExpiration
OV 4 - 19 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Parameters for User Account Management § AccountExpirationDate<DateTime> § AccountPassword<securestring> § CannotChangePassword<Boolean> § ChangePasswordatlogon<Boolean> § Department<String> § DisplayName<String> § HomeDirectory<String> § ProfilePath § EmailAddress
OV 4 - 20 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Display All User Accounts
§ Get-ADUser –filter *
OV 4 - 21 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
View User Properties
§ Get-ADUser “Tracy White” –Properties *
OV 4 - 22 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
User’s Home Folder Set Up in PowerShell
§ Set-ADUser “Tracy White” –HomeDirectory \\Users\tracywhitehomedir
OV 4 - 23 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Inactive and Disabled Accounts
§ Right-click an account in Active Directory Users and Computers to enable or disable it.
§ PowerShell examples: § Get-ADUser –filter ‘department –eq “Training”’ | Enable-ADAccount § $90Days = (get-date).adddays(-90) § Get-ADUser -filter {(lastlogondate -le $90Days) -and (enabled -eq $true)} | Disable-
ADAccount
OV 4 - 24 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Group Management Cmdlets
§ Perform individual operations. § Create scripts to perform bulk operations.
Windows PowerShell Cmdlet Description
Get-ADGroup Displays property values for groups
New-ADGroup Creates new groups
Set-ADGroup Modifies group properties
Remove-ADGroup Deletes groups
OV 4 - 25 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Parameters for Group Management
§ Groups have over 40 properties. § Get-ADGroup –identity “Users” –Property * – Returns all properties
Parameter Description
Name Defines the group name.
GroupScope Defines the group scope as domain local, global, or universal. You must include this parameter.
DisplayName Defines the Lightweight Directory Access Protocol (LDAP) display name.
ManagedBy Defines a user or group that can manage the group.
Path Defines the organizational unit (OU) in which the group is created.
SamAccountName Defines a name that is backward compatible with older operating systems.
OV 4 - 26 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Viewing Group Properties in PowerShell
§ Get-ADGroup –identity “Users” – Returns most common properties
OV 4 - 27 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Verifying Group Creation
New-ADGroup -Name "BusinessAnalysts" -Path "ou=marketing,dc=Fuller,dc-local" -GroupScope Global -GroupCategory Security
OV 4 - 28 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Group Member and Membership Cmdlets
§ Add-ADGroupMember § Get-ADGroupMember § Remove-ADGroupMember § Add-ADPrincipalGroupMembership § Get-ADPrincipalGroupMembership § Remove-ADPrincipalGroupMembership
§ Examples: § Get-Adgroupmember -Identity administrators
§ Get-Adgroupmember -Identity Enterprise Admins –recursive
§ Add-ADGroupMember BusinessAnalysts -Members "TracyWhite"
OV 4 - 29 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Computer Account Management
§ Cmdlets § Get-ADComputer § New-ADComputer § Set-ADComputer § Test-ComputerSecureChannel § Reset-ComputerMachinePassword § Remove-ADComputer
§ Parameters § Name § Path § Enabled
OV 4 - 30 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
OU Management
§ Cmdlets § Get-ADOrganizationalUnit § New-ADOrganizationalUnit § Set-ADOrganizationalUnit § Remove-ADOrganizationalUnit
§ Parameters § Name § Path § ProtectedFromAccidentalDeletion
OV 4 - 31 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Viewing OU Information
§ Get-ADOrganizationalUnit
OV 4 - 32 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Creating an OU
New-ADOrganizationalUnit -Name Philanthropy -Path "ou=Marketing,dc=Fuller,dc=Local"
OV 4 - 33 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Modifying OU Properties
Set-ADorganizationalunit -Identity "OU=Marketing, DC=Fuller,DC=Local" -Country "US" –StreetAddress "2111 Main Street" -City Seattle -State WA -PostalCode 30022
OV 4 - 34 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
CSVDE
§ Export basic syntax: § Csvde –f <filename>
§ Import basic syntax: § Csvde –i –f <filename>
OV 4 - 35 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
CSV File
§ Can be .csv or .txt § First line contains attribute names
OV 4 - 36 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
LDIFDE
§ Syntax like CSVDE § Can be used to modify objects in place:
§ Use Changetype line
OV 4 - 37 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
DS Commands
§ DSadd § DSget § DSquery § DSmod § DSrm § DSMove
§ Examples: § DSadd user “CN=Sally Green,OU=Sales,DC=fuller,DC=local” § DSmod user “CN=Sally Green,OU=Sales,DC=fuller,DC=local” –dept Marketing
OV 4 - 38 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Bulk Operations
§ Three primary ways to perform bulk operations: § Graphical tools § Command-line tools § Scripts
OV 4 - 39 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Querying Objects
§ SearchBase – Search path in AD hierarchy § SearchScope – Depth or at what level search should be performed § ResultSetSize – Maximum number of objects returned in a query § ResultPageSize – Maximum number of objects for each page returned § Properties – Which properties to display
OV 4 - 40 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Global Search
OV 4 - 41 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Object Configuration
§ Pipe output of Get command to input of Set command § Get-ADUser | Set-ADUser § Example:
§ Get-ADUser –Filter ‘lastlogondate –lt “September 1, 2012”’ | Disable-ADAccount
OV 4 - 42 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Reflective Questions
1. In what ways do you think PowerShell can help you to perform daily administrative tasks in your environment?
2. Do you foresee a need to use bulk operations to manage user accounts in your environment? Why or why not?
OV 5 - 1 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Configuring IPv4
§ Overview of the TCP/IP Protocol Suite § Describe IPv4 Addressing § Implement Subnetting and Supernetting § Configure and Troubleshoot IPv4
OV 5 - 2 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
The TCP/IP Protocol Suite
OV 5 - 3 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
The OSI Model and the TCP/IP Suite
Comparing the OSI and TCP/IP models
OV 5 - 4 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
IPv4 Packet
OV 5 - 5 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
TCP/IP Applications
Protocol Description
HTTP HyperText Transfer Protocol. Used for communication between web browsers and web servers.
HTTPS HTTP Secure. Uses encryption for communication between web browsers and web servers.
POP3 Post Office Protocol 3. Retrieves email messages from an email server.
SMTP Simple Mail Transfer Protocol. Transfers mail over the Internet.
FTP File Transfer Protocol. Transfers files between FTP servers and clients.
SMB Server Message Block. Used for file and print sharing between servers and clients.
DNS Domain Name Service. Converts domain names to IP addresses.
RDP Remote Desktop Protocol. Allows remote control of a Windows operating system over a network.
DHCP Dynamic Host Configuration Protocol. Dynamically assigns IP addresses to network clients.
OV 5 - 6 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
TCP/IP Sockets
§ A Windows TCP/IP socket consists of three components: § The transport protocol used by the application, either TCP or UDP § The TCP or UDP port number used by the application § The IP address (IPv4 or IPv6) of the source and destination host connection
§ Well-known port numbers:
Port Transport Protocol Application Service 80 TCP HTTP 443 TCP HTTPS 110 TCP POP3 25 TCP SMTP 20, 21 TCP FTP 445 TCP SMB 53 UDP DNS name lookups 53 TCP DNS zone transfers
OV 5 - 7 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
IPv4 Addresses
§ Allow for network layer data routing of IP datagrams from one IP device connection (source) to another (destination).
§ Each networked device must be configured with a unique IP address. § To make IPv4 addresses easier for humans to manage, IPv4
address formatting expresses binary bit values as dotted decimal notation.
§ Each octet converts to a decimal number between 0 and 255.
OV 5 - 8 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Subnet Masks
§ Identifies which part of the IPv4 address is the network ID and which part is the host ID.
§ In its simplest implementation, the default subnet mask is either 255 or 0. § Octets with a value of 255 identify the network ID part of the address, and a
value of 0 identifies the host part of the address. § For the IP address 192.168.1.100 and the subnet mask 255.255.255.0, the
network ID is 192.168.1.0 and the host connection ID is 0.0.0.100.
OV 5 - 9 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Default Gateway
§ Usually a router, provides a default route used by TCP/IP hosts to forward packets to hosts on remote networks.
§ On a local subnet, you configure the local hosts with the IP address of the router, which is the default gateway, to enable local hosts to communicate with hosts on another network.
§ Configure the default gateway: § In the GUI in the properties of the network adapter § Command line
§ netsh interface ipv4 set address § PowerShell
§ For new IP address: new-netipaddress § Changing an IP address: set-netipaddress
OV 5 - 10 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Public and Private IP Addresses
§ Public IP address: § Public IPv4 addresses, managed by IANA, must be unique § Distributed by IANA § ISP distributes to businesses and individuals § Used to traverse the Internet
§ Private IP address: § Reserved by IANA § Can be used internally by businesses and individuals § Does not route to the Internet § Must be NATed to allow businesses or users to connect to the Internet
§ Private IPv4 address ranges established by IANA: 10.0.0.0/8 10.0.0.0 - 10.255.255.255 172.16.0.0/12 172.16.0.0 - 172.31.255.255 192.168.0.0/16 192.168.0.0 - 192.168.255.255
OV 5 - 11 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Binary Values and Dotted Decimal Notation
OV 5 - 12 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Subnetting
§ Provides a means to divide your network into smaller, discrete networks that better serve the needs of your organization.
§ Enables you to divide the 32 bits of an IPv4 address to create the number of subnets you need as well as the number of host addresses you need for that subnet.
OV 5 - 13 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Benefits of Subnetting
§ Segment a large network to increase administrative efficiency. § Reduce network congestion by limiting host broadcasts to smaller
network segments. § Increase security by isolating some hosts to a specific segment or
limiting internetwork communication using firewall access controls. § Enable proactive capacity planning based on projected growth of an
organization.
OV 5 - 14 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Subnet Address Determination
§ Determine how many subnets you need. § Use that to determine how many bits to move the subnet mask.
Number of Bits (n)
Number of Subnets (2n)
1 2
2 4
3 8
4 16
5 32
6 64
7 128
OV 5 - 15 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Subnet Address Determination (Cont.)
Binary Bits for Network Number
Decimal Value of Network Number
172.16.00000000.00000000 172.16.0.0
172.16.00100000.00000000 172.16.32.0
172.16.01000000.00000000 172.16.64.0
172.16.01100000.00000000 172.16.96.0
172.16.10000000.00000000 172.16.128.0
172.16.10100000.00000000 172.16.160.0
172.16.11000000.00000000 172.16.192.0
172.16.11100000.00000000 172.16.224.0
OV 5 - 16 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Host Address Determination
§ To determine the host bits in a subnet mask, you need to know the number of hosts you will support on a subnet.
§ You use the standard formula of 2n-2, in which n represents the number of bits when calculating host bits.
§ In classful addressing two host IDs are reserved, which is why you subtract two from the initial calculation.
Number of Bits (n)
Number of Hosts (2n-2)
2 2
3 6
4 14
5 30
6 62
7 126
8 254
OV 5 - 17 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Host Address Range Determination
Network Host Address Range
172.16.0.0/19 172.16.0.1-172.16.31.254
172.16.32.0/19 172.16.31.1-172.16.63.254
172.16.64.0/19 172.16.64.1 - 172.16.64.254
172.16.96.0/19 172.16.96.1 - 172.16.96.254
172.16.128.0/19 172.16.128.1 - 172.16.128.254
172.16.160.0/19 172.16.160.1 - 172.16.160.254
172.16.192.0/19 172.16.192.1 - 172.16.223.254
172.16.224.0/19 172.16.224.1 -172.16.255.254
OV 5 - 18 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Supernetting
§ Supernetting performs the opposite operation of subnetting. § Combine multiple small contiguous networks into a single large network. § Supernetting, also known as classless interdomain routing (CIDR), allows
you to create a logical network for the number of hosts you require.
OV 5 - 19 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Supernetting (Cont.)
Combine the following networks: Network Network Range 192.168.14.0 192.168.14.1 - 192.168.14.255 192.168.15.0 192.168.15.0 - 192.168.15.255 192.168.16.0 192.168.16.0 - 192.168.16.255 192.168.17.0 192.168.17.0 - 192.168.17.254 Here is the resulting supernet: Network Supernet Mask Network Range 192.168.14.0/21 255.255.252.0 192.168.14.1 - 192.168.17.254
OV 5 - 20 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
IPv4 Manual Configuration
§ Servers need static IPv4 configurations to enable clients to connect to them consistently.
§ You can maintain current and accurate documentation of the IPv4 addresses used for various services on your network.
§ Configure them using TCP/IP properties, netsh, or PowerShell.
OV 5 - 21 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
IPv4 Automatic Configuration
§ Dynamic Host Configuration Protocol (DHCP) server enables you to configure TCP/IP addresses and other configuration options dynamically for large numbers of hosts on a network.
§ DHCP servers are configured with a scope or range of IPv4 addresses. § Clients send out a broadcast request to a DHCP server to obtain an IPv4
address automatically. § DHCP servers also may be configured with additional configuration
settings a client may require. § Windows Server 2012 and Windows clients use automatic private IP
addressing (APIPA), which is a reserved address range of 169.254.0.0 to 169.254.255.255.
OV 5 - 22 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
IPv4 Troubleshooting Tools
§ IPconfig § Ping § Tracert § Pathping § Route § Telnet § Netstat § Resource Monitor § Network Diagnostics § Event Viewer
OV 5 - 23 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
TCP/IP Troubleshooting Process
§ Identify the communication problem § Does it affect only one or all hosts? § If one host, it is likely a configuration problem on the host. § If all hosts, it is likely a server configuration problem. § Remote connectivity could be server configuration, network configuration, or
network device failure. § For a local problem
§ Verify that the local host’s TCP/IP information is configured properly. § Ping the loopback address: 127.0.0.1. § Ping the local host’s router. § Ping a remote host – check firewall policies, router configuration.
OV 5 - 24 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Best Practices for Implementing IPv4
§ Plan the subnet schema carefully and factor in future growth. § Configure servers with static IPv4 configuration settings, and document
services running on specific servers as well as IPv4 settings. § Deploy DHCP servers for dynamic addressing for clients. § If designing the IPv4 address space for a new network, map out the
address ranges and subnets based on specific purposes and locations.
OV 5 - 25 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Reflective Questions
1. What benefits do you see in using private IP addresses for your corporate network?
2. Do you expect to use subnetting or supernetting at your workplace?
OV 6 - 1 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Configuring IPv6
§ Overview of IPv6 § Implement IPv6 Addressing § Implement IPv6 and IPv4 § Transition from IPv4 to IPv6
OV 6 - 2 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
IPv6 Overview
§ Solves the problem of shrinking IP address pools § Solves many administrative inefficiencies cause by manual configuration
OV 6 - 3 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
IPv6 Benefits
§ Extended address space § Hierarchical addressing and router efficiency § Stateless and stateful address auto-configuration § Eliminates broadcasts § Integrated security (IPSec) § Integrated QoS § Eliminates need for NAT
OV 6 - 4 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Comparing IPv4 and IPv6
Characteristic IPv4 IPv6
Addresses 32 bit 128 bit
IPSec support Optional Required
QoS Header does not include packet flow info for QoS
Header includes flow label field for QoS
Checksum Included Not included
Packet fragmentation
Both sending and receiving host fragment Sending host determines packet size
IGMP IGMP used to manage multicast membership Multicast Listener Discovery (MLD) determines multicast group membership
Router discovery Optional ICMPv6 Router Solicitation and Router Advertisement messages
Broadcasting Broadcast addresses used to send traffic to all hosts on a subnet
Broadcasting replaced by multicasting
ARP Resolves IP address to MAC address Multicast neighbor solicitation
Configuration Manual or DHCP Auto-configuration
Resource records Host (A) IPv6 Host (AAAA)
OV 6 - 5 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
IPv6 Address Space
§ IPv4 address bit order, expressed as decimal and binary:
§ IPv6 uses 128-bit addresses – 4 times the length of IPv4. § Separated into eight 16-bit blocks:
OV 6 - 6 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
IPv6 Address Space (Cont.)
§ Converting from binary to hexadecimal for IPv6:
1. Take the first 16-bit block and break it into four groups of four bits as shown: 0010 0000 0000 0001 2. Convert each bit in a group from right to left, with 0 converting to 0, and 1 converting to its position value: 2001 3. Separate each converted block with a colon: 2001:0DB8:0000:2F3B:02AA:00FF:FE28:9C5A
OV 6 - 7 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
The Hexadecimal Numbering System
§ Base 16 numbering system § 0 through 9, A through F
Binary Decimal Hexadecimal 0001 1 1 0010 2 2 0011 3 3 0100 4 4 0101 5 5 0110 6 6 0111 7 7 1000 8 8 1001 9 9 1010 10 A 1011 11 B 1100 12 C 1101 13 D 1110 14 E 1111 15 F
OV 6 - 8 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Zero Compression
§ Allows reduction of notation § Adjacent zeros are compressed § One or more blocks of zeros can be written as :: § Only one set of :: in an address § Single block of zeros can also be written as 0 Example: 2001:0DB8:0000:0000:02AA:00FF:FE28:9C5A After dropping lead 0s and using zero compression: 2001:DB8::2AA:FF:FE28:9C5A
OV 6 - 9 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
IPv6 Prefixes
§ Network part of address § Can be aggregated for route summarization
Category Prefix Hex Value Prefix Binary Value
Reserved - 0000 0000
Global unicast address 2 or 3 001
Link-local unicast addresses FE8 1111 1110 1000
Unique local unicast addresses
FD 1111 1100
Multicast addresses FF 1111 1111
OV 6 - 10 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Unicast Addresses
§ Global unicast address § Public, routable, from an ISP
§ Link-local unicast addresses § Automatically generated § Non-routable § Similar in function to IPv4 APIPA addresses
§ Unique local unicast addresses § Routable within an organization § Not routable on the Internet § Similar in function to IPv4 private addresses
OV 6 - 11 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Zone ID
§ Relative to sending host § Identifies the interface that is transmitting § Syntax is address%zone_ID
OV 6 - 12 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
IPv6 Address Auto-configuration
§ Automatic for IPv6-enabled hosts § Stateless
§ Host auto-assigns link-local address § Checks to see if link-local address is a duplicate § Collects all valid prefixes advertised by adjacent routers § Creates a global IPv6 address within each advertised /64 IPv6 prefix § Uses either EUI-64 format or pseudo-random host ID as specified by RFC
§ Stateful § Obtained from DHCPv6
§ Combination of stateless and stateful
OV 6 - 13 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Node Types
§ IPv4 only § IPv6 only § IPv6/IPv4 – Uses both IPv4 and IPv6 § IPv4 – Uses IPv4; can be configured for IPv6 § IPv6 – Uses IPv6; can be configured for IPv4
OV 6 - 14 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
IPv6 over IPv4
§ Used in Windows 2008 and Windows 2012 § Also called “6over4” § A transition mechanism § Does translations from IPv4 to IPv6 § Uses multicast; both nodes and routers
OV 6 - 15 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Dual-Layer Architecture
§ Microsoft has dual IP layer § Not dual IP stack § Both IPv4 and IPv6 share same information in same TCP/IP stack § Single shared implementation of TCP and UDP
OV 6 - 16 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
DNS Requirements
§ Required for both IPv4 and IPv6 § IPv4 Host record (A) § IPv6 Host record (AAAA) § PTR
OV 6 - 17 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Tunneling
§ ISATAP § The 6to4 protocol § Teredo
OV 6 - 18 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
ISATAP
§ Transmits packets on top of IPv4 § Treats IPv4 infrastructure as a non-broadcast multi-access network § IPv6 address auto-configuration § Queries DNS for address of ISATAP router § ISATAP router encapsulates IPv6 into IPv4 packets § Not “NAT friendly”
OV 6 - 19 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
The 6to4 Protocol
§ Unicast connectivity between IPv6 across IPv4 § IPv6 encapsulated in IPv4 § Address format 2002:WWXX:YYZZ:Subnet_ID:Interface_ID § Not “NAT friendly”
OV 6 - 20 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Teredo
§ A NAT traversal technology § Full IPv6 connectivity to IPv6 hosts that are on an IPv4 network § Encapsulates IPv6 in IPv4 UDP messages § Clients are assigned an IPv6 address that starts with (2001:0::/32) § Teredo server initially configures Teredo tunnel § Teredo relay – remote end de-encapsulates Teredo tunnel
OV 6 - 21 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
PortProxy
§ Transition mechanism § Application gateway § Proxies TCP traffic between IPv4 and IPv6 nodes § Connection can be forwarded using the same or another protocol to the
specified port number § Allows you to run IPv4 only services (like terminal services) over IPv6 § The following nodes can access each other:
§ An IPv4-only node can access an IPv4 node. § An IPv4 node can access an IPv6 node. § An IPv6 node can access an IPv6 node. § An IPv6 node can access an IPv4 node.
OV 6 - 22 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Migration Considerations
§ Application support § Current routing infrastructure § DNS infrastructure needs § Supporting nodes § Preparation and baselines § Monitoring steps
OV 6 - 23 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Reflective Questions
1. Which benefits of IPv6 would be most important to your network? Which ones are not important to your network?
2. Would you run IPv4 and IPv6 concurrently? If so, which technology seems like a good choice for your network?
OV 7 - 1
Installing and Configuring DHCP
§ Install the DHCP Server Role § Configure DHCP Scopes § Manage a DHCP Database § Secure and Monitor a DHCP Server
OV 7 - 2
Benefits of Automatic TCP/IP Configuration
§ Automatic IP addressing and other TCP/IP configuration settings § The assurance of client configurations § Flexible leasing durations § Multiple configuration options § Optional integration with other technologies such as DNS and Network
Policy Server § Active Directory Domain Services (AD DS) authorization on AD DS
domains § Automatic database backup § Auditing and event monitoring
OV 7 - 3
PXE Boot Clients
§ Client boots from the network. § Some clients do not yet have an operating system. § DHCP starts the process of obtaining an operating system by providing
an IP address lease. § Computers could be thin clients with no hard drive, or bare-metal boxes.
OV 7 - 4
DHCP Lease Process
§ The DHCP client broadcasts a DHCP discover packet. § A DHCP server responds with a DHCP offer packet or a DHCP relay agent
forwards the packet to a DHCP server. § The client receives the DHCP offer packet from the DHCP server(s). § The client accepts the DHCP offer packet from the first DHCP server. § The DHCP server assigns the client address, stores the client IP
information in its database, and issues the client a DHCP ACK (acknowledgement) message.
§ If the client does not get a response from a DHCP server: § The client >= Windows 2000, it configures automatic private IP addressing (APIPA) in
the 169.254.0.0./16 range. § The client is not a Windows client or <= Windows 2000, it will continue to broadcast
the DHCP discover packet until it receives a DHCP offer packet from a DHCP server.
OV 7 - 5
DHCP Relay Agents
§ Allows DHCP services to extend across multi-segmented IP networks. § Routers block broadcasts, but RFC 1542–compliant routers can be
configured as BOOTP/DHCP relay agents to listen for DHCP requests and relay them to DHCP servers on different subnets.
§ You can configure a DHCP relay agent in Windows Server 2012 in Routing and Remote Access. Add the Remote Access role to any server that is not a DHCP server.
§ You cannot use the relay agent on a server that is running Network Address Translation (NAT) with automatic addressing enabled, or with Internet Connection Sharing (ICS).
OV 7 - 6
DHCP Server Authorization
§ For security, the DHCP Server service is integrated with Active Directory to require authorization for DHCP servers.
§ A DHCP server configured on a domain controller or that is a member of an AD DS domain queries Active Directory for a list of authorized servers identified by IP address.
§ If the server's IP address is not on the list, the DHCP server stops its startup sequence and shuts down.
§ A server that is configured with Windows Server 2012 and hosts a DHCP server, but that is not joined to the Active Directory domain can still be authorized.
§ The DHCP server on the standalone machine queries the Active Directory root domain for the list of authorized servers, and if it is authorized, it starts the DHCP service.
OV 7 - 7
DHCP Scopes
§ IPv4 scope properties: § The scope name § The IP addresses available for lease § The subnet mask § The lease duration § Exclusions, which are addresses not offered for lease § Reservations, which predefine the relationship between an IP address and a
machine's media access control (MAC) address § Ensures that a DHCP client always receives the same address for which it is reserved § Options, which may be configured to provide information to specific clients
§ IPv6 scope properties:
§ The scope name and description § The IPv6 prefix § Exclusions, which are addresses not offered for lease § Preferred lifetime, which is the lease duration § Options, which may be configured to provide information to specific clients
OV 7 - 8
DHCP Reservations
§ Predefines relationship between an IP address lease and the device’s MAC address
§ Ensures the device will always receive the same IP address from DHCP
OV 7 - 9
DHCP Options
§ Server level options apply to all scopes defined on a DHCP server. § Scope level options apply to all clients that receive a lease from a specific
scope. § Class level options apply only to those clients identified as a specific user
or vendor class. § Reservation level options apply to one reserved DHCP client.
Option Code Name
1 Subnet Mask
3 Router
6 DNS Server
15 DNS Name
31 Router Discovery
33 Static Route
44 WINS Server
46 WINS/NetBIOS Node Type
47 NetBIOS Scope ID
OV 7 - 10
Policy Address Assignment
§ Windows Server 2012 includes a new policy-based IP address assignment feature for DHCP server.
§ This feature, which is integrated with Network Policy Server, enables you to group DHCP clients and define them based on a set of attribute criteria to customize IP address leasing and configuration settings to that group.
§ You can use the address assignment policies to differentiate between client types.
§ Address assignment policies are set at the server level and scope level.
OV 7 - 11
The DHCP Database
OV 7 - 12
DHCP Database Backup
§ Two methods: § Automatic backup runs at 60-minutes intervals (synchronous) § Manually performed by a network administrator (asynchronous)
§ Both methods back up the entire database: § All scopes § Leases § Reservations
§ Options at all levels: server, scope, reservation, and class § Registry keys and other pertinent configuration settings such as audit log
settings and folder locations that have been set in DHCP server properties:
§ Settings are stored in the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters
OV 7 - 13
DHCP Database Restoration
§ Restore a DHCP backup using the DHCP management console. § If no backup exists, you’ll have to rebuild the scope, delete any client
leases, and force all clients to reboot.
OV 7 - 14
DHCP Database Reconciliation
§ Reconciling the database can fix scope inconsistencies such as an incorrect configuration for a DHCP client IP address that is stored in scope information.
§ The DHCP Server service stores summary and detailed IP address information in the DHCP database.
§ When the server reconciles scopes it compares the summary and detailed entries to find inconsistencies.
§ After reconciliation of any scope inconsistencies, the DHCP server either restores the IP addresses to the original lease owners, or creates a temporary reservation for those addresses.
§ Reconcile DHCP on a per-scope basis by right-clicking the scope and selecting Reconcile.
OV 7 - 15
Move a DHCP Database
§ Back up the DHCP database and restore it on the other server. § Use the netsh dhcp command to export and import the settings:
§ netsh dhcp server export <file_name>.txt all § netsh dhcp server import <file_name>.txt all
OV 7 - 16
DHCP Security Concerns
§ An unauthorized (rogue) DHCP server could give clients improper leases. § Unauthorized clients could obtain a DHCP lease from a server and access
the network. § A DHCP server could run out of available addresses, effectively halting
service availability.
OV 7 - 17
DHCP Activity and Audit Logs
§ Enable DHCP logging for suspicious activities. § Analyze logs regularly. § Server logging requires Administrator permissions or membership in the
DHCP Administrators group. § View logs in %systemroot%\System32\dhcp. § Logs have the name DhcpSrvLog-<day-of-week>.log.
OV 7 - 18
Audit Log Fields
Audit Log Field Description
ID DHCP server event ID
Date Date of log entry on the DHCP server
Time Time of log entry on the DHCP server
Description Description of the DHCP server event
IP Address IP address of the DHCP client
Host Name Host name of the DHCP client
MAC Address MAC address of client's network adapter
OV 7 - 19
Common Event Codes
DHCP server audit logs are located by default in the %systemroot\System32\dhcp folder.
Event ID Description
00 The log started.
01 The log stopped.
02 The log was temporarily stopped due to low disk space.
10 A new IP address was leased to a client.
11 A lease was renewed by a client.
12 A lease was released by a client.
13 An IP address was found in use on the network.
14 A lease request could not be satisfied because the address pool of the scope was exhausted.
15 A lease was denied.
20 A Bootstrap Protocol (BOOTP) address was leased to a client.
OV 7 - 20
Network Access Protection and DHCP
§ Network Access Protection (NAP) is an infrastructure that requires clients to prove system health before they are permitted to connect to the network.
§ DHCP can be configured to be a NAP enforcement point on a per-scope basis, refusing to grant an IP lease to a non-compliant client.
§ Configure DHCP for NAP enforcement in the scope properties.
OV 7 - 21
Client Configuration Settings for NAP
Setting What’s Important
NAP Agent Service This service must be running in order for a client to be NAP-capable.
IP Address Configuration The client must be configured to obtain an IPv4 address automatically.
DHCP Enforcement Client This is enabled through policy settings, either group policy or the local policy settings. If both settings are configured, group policy settings take precedence.
System Health Agents No configuration is necessary to use Windows System Health Validators (SHVs).
OV 7 - 22
Unauthorized Servers
§ An unauthorized server is considered to be a rogue server that must be located on the network and either be disconnected from the network or have the DHCP service disabled.
§ Ensure the DHCP server is authorized and check its IP address against the list of valid IP addresses.
§ If the IP address used by server is not on the list, decommission the server on the network.
OV 7 - 23
DHCP Administration Delegation
§ Restrict membership of the DHCP Administrators group as much as possible.
§ Any DHCP administrator can manage the DHCP Server service. § Those who require only read access should be assigned membership in
the DHCP Users group.
OV 7 - 24
Reflective Questions
1. In your environment, do you envision needing more than one DHCP scope?
2. In your environment, do you envision yourself using DHCP as a NAP enforcement point? Why or why not?
OV 8 - 1 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Installing and Configuring DNS
§ Overview of DNS § Install and Configure the DNS Server Role
OV 8 - 2 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Introduction to Name Resolution
§ Converts alphanumeric computer names to IP addresses. § Clients rely on the Domain Name System (DNS) to locate computers and
services on the network. § DNS forms a logical tree structure hosted by and distributed across
physical servers. § On an internal network, DNS integrates with Active Directory. § Active Directory mirrors the hierarchical DNS logical structure called the
DNS namespace.
OV 8 - 3 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Computer Names
§ The term "computer names" is a catchall used to talk about the name you assign to a computer.
§ A NetBIOS name is a 16-character (byte) name that identifies NetBIOS resources on the network:
§ The first 15 characters of the name identify the computer name, such as wkstnsales1.
§ The sixteenth character identifies the resource—such as an application—that is written to work with NetBIOS.
§ NetBIOS names form a flat namespace in which every name must be different. § The host name is the first label of a fully qualified domain name (FQDN),
which is a DNS name that uniquely identifies a computer in the DNS namespace
§ A valid FQDN must adhere to specific rules: § Use up to 255 characters. § Use any combination of letters A-Z, a-z. § Use any numbers from 0 to 9. § Use hyphens (-) and periods. § Use dots (.) to identify domain levels in an FQDN.
OV 8 - 4 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
What Is DNS?
§ DNS is a hierarchical distributed naming system for computers, services, or any resources connected to the Internet or a private network. DNS forms a logical tree structure hosted by and distributed across physical servers.
§ DNS translates domain names to IP addresses.
OV 8 - 5 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Domain Name Levels
Logical structure:
Name Description
Root level The top of the namespace hierarchy, represented on the Internet by a dot (.).
Top level Represents a type of domain name. The Internet uses .com, .gov, .edu, .org, .biz, as well as extensions for other organizational entities and countries.
Second level Represents domain names for organizations (for example, microsoft.com, logicaloperations.com).
Subdomain Represents additional names appended to the second-level domain name to identify an organization's departments or geographic locations.
Host Represents a leaf in the DNS name tree and refers to a specific computer on an organization's network.
OV 8 - 6 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
DNS Zones
§ A DNS zone is a specific, contiguous portion of the DNS namespace. A DNS database can be partitioned into multiple zones.
§ The zone on a DNS server contains resource records, which contain information about all of the network host names that end with the zone's root domain name.
§ A DNS zone is responsible for responding to queries for resource records in a specific domain.
OV 8 - 7 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Forward Lookup Zones
OV 8 - 8 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
New Zone Wizard
OV 8 - 9 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Reverse Lookup Zones
OV 8 - 10 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Creating a Reverse Lookup Zone
OV 8 - 11 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
DNS Resource Records
Resource Record Type Description
Start of Authority (SOA)
Indicates the DNS server that either created the record or that currently is the authoritative server for the zone.
Host (A) Contains the name of the host and its IP address. Used to resolve a host name to an IP address. The most common resource record found in a forward lookup zone.
Name Server (NS) Identifies the name servers listed in the DNS database for a specific zone.
Service (SRV) Specifies which resources perform a service.
Mail Exchanger (MX) Specifies the resources available for Simple Mail Transport Protocol (SMTP). Allows for mail exchange.
Pointer (PTR) Used in reverse lookup operations to map an IP address to a host name.
Canonical (CNAME) Specifies an alias name. These records allow you to use more than one name to point to a single host.
AAAA Maps an IPv4 IP address into a 128-bit address.
OV 8 - 12 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
DNS Name Resolution Process
1. A network client sends a query to its local DNS server for the IP address of a web server.
2. The local DNS server checks its zone records and then its local cache to see if it has the record.
3. If the local DNS server does not have the record, it checks to see if it is configured to use a forwarder (another DNS server).
4. If it is configured to use a forwarder, it forwards the client query to the forwarder.
5. If it is not configured to use a forwarder, it checks to see if it has root hints (a list of root DNS servers).
6. If it has root hints, it begins an iterative search of the DNS tree, starting at the root, working its way down the tree, until if finds the desired record.
7. Upon finding the record, the DNS server returns the record to the client, caching a copy for future use.
OV 8 - 13 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
DNS Components
§ DNS server § A server service that resolves names to IP addresses. § It responds to resolver queries, providing the record if it has it, or fetching the record
from other DNS servers if it does not.
§ DNS resolver § A DNS client that needs to resolve a name to an IP address, and so queries a DNS
server for the information. § A DNS server can also be a resolver, querying other DNS servers on behalf of the
client.
OV 8 - 14 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
DNS Zone Types
§ Primary zone § Secondary zone § Stub zone § Active Directory–integrated zone
OV 8 - 15 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Primary Zones
A primary zone on a DNS server contains a writeable (master) copy of all zone data.
OV 8 - 16 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Secondary Zone
§ A secondary zone is a read-only copy of the DNS zone. § It replicates on a regular interval with either the primary or another
secondary DNS server.
OV 8 - 17 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Stub Zone
§ A stub zone is a tiny, non-authoritative representation of a zone. § It contains records of authoritative nameservers, and refers clients to
those nameservers. § The stub zone replicates with the authoritative zone, receiving updates
the nameserver records, but no host records.
OV 8 - 18 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Active Directory–Integrated Zone
§ A zone hosted on Active Directory domain controllers. § Each copy of an Active Directory-Integrated zone is writeable (multi-
master). § Active Directory–Integrated zones can be configured for Secure Dynamic
Updates, requiring hosts to authenticate before they can register their records in DNS.
§ The zone replicates as part of Active Directory replication. § The zone is stored in the Active Directory database, protecting it from
unauthorized access or tampering.
OV 8 - 19 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Dynamic Updates
§ DNS clients can register and update their resource records with a DNS server whenever changes occur.
§ The Dynamic Host Configuration Protocol (DHCP) client service performs registration updates for clients with a leased IP address from a DHCP server and for clients with static IP configurations.
§ Clients register when certain events occur: § When a client's IP address is added, configured, or changed. § When the client starts and the DHCP client service starts.
OV 8 - 20 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
DNS Queries
§ DNS queries are lookup requests for specified DNS resource records § An authoritative response means that the DNS server returns an answer it
knows to be correct because the DNS server has a copy of the zone § A non-authoritative response means that the DNS server must query
other DNS servers and cache the response § DNS servers use forwarders, conditional forwarders and root hints to find
records that they do not already have § Recursive queries usually are performed by resolvers that need a name
resolved fully in the response. § Iterative queries require the DNS server either to return the best answer
available based on its zone and cache information or to respond with a referral, which is a pointer to a DNS server that may have the correct data.
OV 8 - 21 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Root Hints
§ Root hints is a file that contains the names and IP addresses of the DNS root servers.
§ If you choose to simulate the Internet in a lab, you should designate one DNS server to be the root, and then on all the other DNS servers remove all the root hints and add your own.
§ On the designated root, create only a single standard primary zone with the name "."
§ Any DNS server configured to be a root will automatically have its Root Hints tab disabled.
§ The safest way to modify the original root hints file, cache.dns, is in the DNS server Properties on the Root Hints tab.
OV 8 - 22 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
DNS Forwarding
§ If a resolver sends a query that a DNS server cannot resolve locally, the DNS server can send the query to a DNS server configured as a forwarder.
§ A DNS server configured to use a conditional forwarder forwards DNS queries according to the query's DNS domain name.
OV 8 - 23 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
DNS Caching
§ When a DNS server resolves a DNS name query successfully, it caches the name and IP information for future use.
OV 8 - 24 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
The DNS Server Role
§ Windows Server 2012 does not install the DNS Server role as part of the operating system's initial configuration setup.
§ It is a simple procedure to install the DNS service via the Server Manager console using the Add Roles and Features Wizard.
§ You can add the DNS Server role when you install AD DS and promote the server to a domain controller, or you can install the DNS Server role using the following PowerShell command:
§ Install-WindowsFeature DNS
OV 8 - 25 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Reflective Questions
1. In your environment, do you foresee the need to use stub zones? Why or why not?
2. In your environment, will you configure your DNS server to use a forwarder? Why or why not?
OV 9 - 1 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Configuring Storage Spaces and File and Print Services
§ Design and Implement Storage Spaces § Secure Files and Folders § Configure Offline Files and Shadow Copies § Implement Network Printing
OV 9 - 2 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Disk Types
§ IDE § EIDE § SATA § SCSI § SAS § SSD
OV 9 - 3 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Network Storage Devices
§ Direct attached storage (DAS) § Network attached storage (NAS) § Storage area networks (SANs)
OV 9 - 4 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
RAID Types
§ RAID 0: Striping § RAID 1: Mirroring § RAID 3 and 4: Striping with dedicated parity § RAID 5: Striping with distributed parity § RAID 6: Striping with dual parity § RAID 0+1: Striping and mirroring disk sets § RAID 1+0 (or RAID 10): Mirroring and striping
OV 9 - 5 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Partition Table Formats
§ Master Boot Record (MBR) partition tables § GUID partition table (GPT)
OV 9 - 6 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Basic and Dynamic Disks
§ Basic disks support traditional partitions: § Up to four primary partitions § One extended partition with logical drives
§ Dynamic disks can host volumes that span or are striped across multiple disks:
§ Simple volume § Spanned volume § Striped volume (RAID 0) § Mirrored volume (RAID 1) § Striped volume with parity (RAID 5)
OV 9 - 7 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Required Volumes for Server 2012
§ System volume – contains the Windows operating system § Boot volume – stores files necessary to begin the boot process
OV 9 - 8 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Partition Types
§ Primary § Extended § Active § Logical
OV 9 - 9 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
File Systems
§ FAT § FAT32 § NTFS § ReFS
OV 9 - 10 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
What Is ReFS?
§ Resilient File System § New for Windows Server 2012 § Advantages include:
§ Metadata integrity with checksums § Integrity streams with user data integrity § Allocation on write transactional model § Large volume, file, and directory sizes (278 bytes with 16-KB cluster size)
§ Storage pooling and virtualization § Data striping for performance and redundancy § Disk scrubbing for protection against latent disk errors § Resiliency to corruptions with recovery § Shared storage pools across machines
OV 9 - 11 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Mount Points
§ A physical location in the directory structure on which you graft—or mount—the root directory of another volume.
§ A mount point is an empty folder that is used as a link to another volume. § It has its own file system, permissions, and quotas. § Mount points are useful when:
§ You’re running out of disk space and you would like to add space without modifying the folder structure or the disk structure, so you configure a folder to point to another hard disk.
§ You are running out of available letters to assign partitions or volumes, so instead you use a directory name.
§ You need to separate disk I/O within a folder structure. Perhaps you have an application that needs to be within a particular directory structure but requires an intensive amount of disk I/O.
OV 9 - 12 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Links
§ Another name for a file or directory § Similar to, but not exactly the same as, a shortcut § Can be understood by applications that do not understand shortcuts § Can be created using the mklink command
OV 9 - 13 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Volume Size Management
§ Extend or shrink NTFS volumes § Extend, but not shrink, ReFS volumes § Can modify the volume using these tools:
§ Disk Manager § Diskpart.exe § Resize-Partition cmdlet
OV 9 - 14 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Storage Management and Advanced Options
§ Virtualize storage using Storage Spaces. § Select any type of available physical disks and add them to a storage
pool. § Create virtual disks from storage pools. § Storage can be allocated dynamically.
OV 9 - 15 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Storage Spaces
OV 9 - 16 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
NTFS Permissions
§ For files: § Read § Write § Read & execute § Modify § Full control § Special permissions
§ For folders: § Read § Write § Read & execute § Modify § Full control § List folder content § Special permissions
OV 9 - 17 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Permissions Inheritance
§ NTFS permissions flow down from parent to child. § To block inheritance, select “This folder only” on the parent. § Top level permissions are set at the volume level. § If “Allow” or “Deny” check boxes are shaded, the permissions have been
inherited.
OV 9 - 18 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Effective Permissions
§ Permissions are cumulative: § Adds all permissions from all of a
user’s group memberships § Deny overrides all.
OV 9 - 19 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Shared Folders
§ Allows users and groups to have access to a folder and its contents, or to an entire drive.
§ SMB or NFS. § Share a folder or an entire drive. § Has an access control list. § Share permissions are generally broader and more permissive. § NTFS permissions refine and narrow the share permissions.
OV 9 - 20 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Access-Based Enumeration
§ First available as a downloadable package for Windows Server 2003 § Now included with Windows Server 2012 § Displays only the files and folders that a user has permissions to access § Only active when viewing files in a shared folder, not on the local file
system
OV 9 - 21 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Configuring Access-Based Enumeration
OV 9 - 22 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Offline Files
§ Enables users to access network files even when a network connection is not available, or is slow or inconsistent
§ Creates a local copy of the network file § Offline Mode is activated when:
§ Always Offline Mode is enabled. § The server is unavailable. § The network connection is slower than a configurable threshold. § The user selects the Work Offline button in Windows Explorer.
OV 9 - 23 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Shadow Copies
§ Provides a copy of a shared folder or file at a specific point in time § Can have multiple shadow copies of the same folder or file § Enables users to:
§ Recover accidentally deleted files. § Recover accidentally overwritten files. § Compare versions of a file to view the changes that have been made.
OV 9 - 24 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Easy Print
§ Proxy for every print job § Redirects all printing-related jobs back to the user’s local machine § No need to install any print drivers on the RDP server § Converts legacy GDI print jobs to XPS § Can be configured in client printer properties § Can also be configured using Group Policy
OV 9 - 25 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Network Printing
§ Local print device – physically attached to a computer § Network print device – set up for remote access over the network
OV 9 - 26 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Printer Pooling
§ Combines multiple physical printers into a single logical unit § Increases availability and scalability § Requires that all printers use the same driver § Requires that all printers are in the same location § Works best when all printers are like models and have like configurations
OV 9 - 27 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Branch Office Direct Printing
§ Enables clients to print directly to network printers shared on a centralized print server
§ Print job is sent directly to branch office printer § Requires Windows Server 2012 and Windows 8
OV 9 - 28 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Reflective Questions
1. Do you expect to use shadow copies in your work environment? Why or why not?
2. How will Windows Server 2012 printing options help your network? What is more useful to you: Branch Office Direct Printing or printer pooling?
OV 10 - 1 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Configuring Group Policy
§ Create Group Policy Objects § Group Policy Processing § Implement a Central Store
OV 10 - 2 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
What Is Group Policy?
§ Configuration settings that enable you to modify registry settings on computers in an Active Directory domain.
§ Settings are combined into Group Policy Objects (GPOs). § Applied to users, groups, and computers by linking the GPO to an OU.
OV 10 - 3 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Group Policy Management Console
OV 10 - 4 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Group Policy Management Editor
OV 10 - 5 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Group Policy Management from Active Directory Management
OV 10 - 6 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Group Policy Storage
§ Group Policy templates § Group Policy containers
OV 10 - 7 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Creating a New GPO
OV 10 - 8 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
GPO Scope
OV 10 - 9 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Configure GPO Settings
OV 10 - 10 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Windows Registry Key Permissions
OV 10 - 11 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
GPO Context Menu
OV 10 - 12 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
GPO Linking
§ A GPO must be linked to an Active Directory container to take effect. § You can use the GPMC or PowerShell to link GPOs. § Child containers and objects inherit Group Policy settings from the parent
container.
OV 10 - 13 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Detecting GPO Status
OV 10 - 14 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Group Policy Preferences
§ Extensions that expand configurable settings § Are not enforced § Can be used to create and manage items on the targeted computer
OV 10 - 15 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Default Domain Controllers Policy
OV 10 - 16 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Starter GPOs
OV 10 - 17 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
GPO Delegation
OV 10 - 18 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
GPO Processing
§ GPO settings are applied to a computer at startup. § GPO settings are applied to a user at logon. § Most GPO settings are refreshed in the background:
§ Every 90 minutes on clients § Every 5 minutes on domain controllers
§ Policies are applied in order: § Local Policy § Site § Domain § OU § Child OU
§ Conflicting settings are overwritten as policies are processed.
OV 10 - 19 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Group Policy Filtering
§ GPO requires two permissions to apply: § Allow Read § Allow Apply Group Policy
§ You can set permission to “Deny Apply” to exempt a user, group, or computer from receiving the permissions.
OV 10 - 20 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Group Policy Modeling Wizard
OV 10 - 21 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Group Policy Modeling Wizard Report
OV 10 - 22 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
The Central Store
§ A single location to keep GPO templates § Simplifies GPO management for administrators who edit from their own
workstations
OV 10 - 23 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Central Store Creation
§ Physically copy the PolicyDefinitions folder and all its contents from C:\Windows\PolicyDefinitions on a client.
§ Copy the templates to C:\Windows\SYSVOL\sysvol\<domain_name>\Policies on the domain controller.
§ The central store will be automatically detected and used by clients.
OV 10 - 24 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Administrative Templates
§ Composed of ADMX and ADML files. § Contain the registry settings to be modified by Group Policy. § Each new version of a Microsoft operating system introduced its own
administrative templates.
OV 10 - 25 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Managed and Unmanaged Policy Settings
§ Managed policy settings: § Controlled by Group Policy service § Removed if out of scope § Have a locked UI § Shown by default in the GPME
§ Unmanaged policy settings: § Not controlled by Group Policy service § Not removed if out of scope § Do not have a locked UI § Hidden by default in the GPME
OV 10 - 26 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Reflective Questions
1. How do you think using GPOs for firewall settings would improve security in your network?
2. Will creating and filtering GPOs to refine who they are applied to help you as a network administrator? Why?
OV 11 - 1 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Securing Windows Servers
§ Analyze Security § Configure Windows Server User Security § Configure Windows Server Software Security § Configure Windows Firewall
OV 11 - 2 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Security Risks
§ Confidentiality – an unauthorized person might access data. § Integrity – unauthorized changes might be made to the data. § Availability – data might not be available when needed.
OV 11 - 3 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Security Measures
§ Individual firewalls § Access control lists § Backup and restore procedures in place § Physical security § Training
OV 11 - 4 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Best Practices
§ Apply patches in a timely manner. § Use the principle of least privileges. § Restrict console logon. § Restrict physical access.
OV 11 - 5 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
User Rights
§ Determine the actions a user can perform within the operating system. § Use secpol.msc to set user rights locally. § Use Group Policy to set user rights in a domain. § Common user rights:
§ Add workstation to domain § Allow log on locally § Allow log on through Remote Desktop Services § Back up files and directories § Change the system time § Force shutdown from a remote system § Shut down the system
OV 11 - 6 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Security Tools
§ secpol.msc § secedit.exe § GPMC § Security Templates § Security Configuration and Analysis § Security Configuration Wizard (SCW) § Security Compliance Manager (SCM)
OV 11 - 7 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
UAC
§ UAC prompts the user for administrator credentials. § By default, both standard users and administrators run applications as a
standard user. § There is no UAC prompt if you are logged in as the built-in administrator.
OV 11 - 8 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
User Account Control Settings
OV 11 - 9 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Account Policies
§ Password policy § Account lockout policy § Kerberos policy
OV 11 - 10 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Local Security Policy
OV 11 - 11 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Restricted Groups
§ Manages group membership automatically. § You define who should and should not be a member of the group. § If someone else changes the membership, it gets changed back on policy
refresh.
OV 11 - 12 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Security Templates
§ Three default security templates in Windows Server 2012: § Defltbase.inf § Defltsvc.inf § Defltdc.inf
§ You can create a blank template and configure: § Account policies § Local policies § Event Log § Restricted Groups § System Services § Registry § File System
OV 11 - 13 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Security Template Distribution
§ secedit.exe § Security Template snap-in § Security Configuration Wizard § Group Policy § Security Compliance Manager
OV 11 - 14 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Auditing
§ Log security-related events. § View events in the Security log of Event Viewer.
OV 11 - 15 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Dynamic Access Control
§ Automatically or manually classify files. § Tag data in file servers across the organization. § Control access to files by deploying Central Access Policies. § Apply Rights Management Services (RMS) to automatically encrypt
sensitive Microsoft Office documents.
OV 11 - 16 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Software Restriction Policies
OV 11 - 17 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Software Restriction Policy Configuration
OV 11 - 18 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
AppLocker
§ Applies Application Control Policies § New capabilities to control how users can access and use executables § AppLocker rules are defined based on:
§ Publisher name § Product name § File name § File version
OV 11 - 19 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Defining AppLocker Settings
OV 11 - 20 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
AppLocker Enforcement
OV 11 - 21 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Windows Firewall with Advanced Security
§ Stateful, host-based firewall that allows or blocks network traffic § Provides enhancements to the original Windows Firewall:
§ Separate inbound and outbound rules that the administrator can configure § Integrated firewall filtering and IPSec protection settings § Network location–aware profiles § The ability to import and export policies
§ Can be configured using a number of tools: § Windows Firewall with Advanced Security console in Server Manager Tools § Windows Firewall with Advanced Security MMC snap-in § secpol.msc § Group Policy § netsh advfirewall command § PowerShell *-NetFirewall* cmdlets
OV 11 - 22 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Windows Firewall with Advanced Security Console
OV 11 - 23 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Inbound and Outbound Rules
OV 11 - 24 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
New Connection Security Rule Wizard
OV 11 - 25 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Firewall Profiles
§ Domain § Public § Private
OV 11 - 26 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Reflective Questions
1. In what ways do you think User Account Control enhances security? 2. Will AppLocker benefit your network's security, and if so, how?
OV 12 - 1 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Installing and Configuring Virtual Servers and Clients
§ Identify Virtualization Solutions § Implement Hyper-V § Configure Hyper-V § Manage Virtual Networking
OV 12 - 2 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Hyper-V Benefits
§ Invisible to users § Different operating systems for guest machines § More efficient use of hardware § Simplified server deployment § Virtual machine templates
OV 12 - 3 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
MED-V and Compatibility Mode
OV 12 - 4 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
VDI
§ Runs desktop in a server-based virtual machine § Makes it easy to deploy new desktops, complete with software § Offers the following benefits:
§ Includes a scenario deployment tool that you can use to automate the configuration and deployment of virtual machines and sessions
§ Standardizes and helps you automate common VDI maintenance tasks such as updates and patching
§ Provides simplified single sign-on that reduces the number of password prompts for each user
§ Creates a historic view of resources assigned to users, along with the ability to change or edit properties of published resources
§ Includes Windows PowerShell scripts that you can use to automate deployment and configuration tasks
OV 12 - 5 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
VDI and Remote Desktop
OV 12 - 6 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Presentation Virtualization
§ Allows you to keep data in a central location, not on the PCs § Many technologies available:
§ Remote Desktop Services § Full Desktop with RDC § Application using RemoteApp § Remote Access through Remote Desktop Gateway § Terminal Services
OV 12 - 7 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Application Virtualization
§ Very similar to desktop virtualization. § Only a single application is virtualized. § Offers the following benefits:
§ Application isolation § Application portability § Application versions on one computer
OV 12 - 8 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Hyper-V Overview
§ Hardware virtualization role in Windows Server 2012. § Can run on full GUI or Server Core. § Guest virtual machines run as child partitions on the host. § Requires x64 platform that supports virtualization. § Provides the following virtual hardware:
§ BIOS § RAM § Processor § IDE Controller 0 § IDE Controller 1 § SCSI Controller § Network Adapter § COM 1 § COM 2 § Diskette drive
OV 12 - 9 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Dynamic Memory
§ Hyper-V allows memory needed by VMs to be allocated and de-allocated dynamically.
§ Smart Paging uses disk space when there isn’t enough physical RAM for a guest VM restart.
OV 12 - 10 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Start and Stop Actions
§ You can configure the following Hyper-V start actions: § Do nothing. § Automatically start if it was running when the VM service stopped. § Always start the VM.
§ You can configure the following Hyper-V stop actions: § Save the state of the VM. § Turn off the VM. § Shut down the virtual operating system.
OV 12 - 11 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Integration of VMs and Hosts
§ Install integration services in the guest OS. § Installed already in Windows Server 2012 and Windows 8. § The following can be integrated:
§ Operating system shutdown § Time synchronization § Date exchange § Heartbeat § Backup (volume snapshot)
OV 12 - 12 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Hyper-V Memory Management
OV 12 - 13 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Virtual Hard Disks
§ New VHDX format § Can still use VHDs § Can convert VHDs to VHDX
OV 12 - 14 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Differencing Disks
§ Stores changes only from original disk. § Saves space. § Base disk (aka master or parent) provides a read-only, sysprepped OS. § Have a differencing disk for every different VM on top of the base. § Changes to the parent will change all the children.
OV 12 - 15 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
VM Snapshots
§ Point-in-time copy of a virtual machine § Used to roll a VM back to a previous state § Can be exported from one VM and imported to another VM
OV 12 - 16 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Pass-Through Disks
§ Physical disk the guest VM can directly access § Can be directly attached or a SAN LUN § Must be placed in an offline state from the host server’s perspective § Cannot be dynamically expanded § Cannot have snapshots § Cannot use differencing disks
OV 12 - 17 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Resource Metering
§ Monitor Hyper-V resources. § Create cost-effective, usage-based billing solutions. § You can monitor:
§ Average GPU use § Memory use (average, minimum, and maximum) § Maximum disk space allocation § Incoming network traffic for a network adapter § Outgoing network traffic for a network adapter
OV 12 - 18 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Network Virtualization
§ Isolate VMs that share the same host. § Each VM has two addresses:
§ Customer IP address assigned to the VM by customer § Provider IP address assigned to VM by provider for management
§ Virtualization can be configured as: § Virtual switches, connecting different VM adapters to the switches § VLANs to extend segmentation to hardware switches that support VLANs
OV 12 - 19 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Types of Virtual Switches
§ External – shares a physical network adapter § Internal – communicate between the VMs and the host § Private – communicate between the VMs, but not with the host
OV 12 - 20 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
MAC Addresses
§ Uniquely identify the network card § Must not be duplicated § Are automatically generated § Can easily be changed manually on a VM interface
OV 12 - 21 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Virtual Network Adapters
§ Network adapter: § Formerly known as a synthetic network adapter § Specifically designed for VMs to significantly reduce CPU overhead during network
I/O § Uses shared memory on the VM bus for more efficient data transfer § Has significantly better performance than the legacy adapter
§ Legacy adapter: § Formerly known as an emulated network adapter § Simulates a hardware network interface card § May be required to boot VM from network
OV 12 - 22 Copyright © 2013 IT University Online All rights reserved. www.ituniversityonline.com
Reflective Questions
1. Consider how MED-V would improve your network’s security and administrative efficiency. Would your end users benefit from virtual desktops they could access from anywhere within the network?
2. Consider your network needs. Is a cloud solution like Azure
best for your network? If so, how would you implement the cloud? What things would you want to virtualize in the cloud?