Administering Windows server 2012 R2 : exam 70- · PDF fileContents xxi Lesson4: Configuring...
Transcript of Administering Windows server 2012 R2 : exam 70- · PDF fileContents xxi Lesson4: Configuring...
Contents
j
Lesson 1: Deploying and ManagingServer Images 1
Using Windows Deployment Services 2
Installing the Windows Deployment Services Role 2
Configuring the WDS Server 4
Performing the Initial Configuration of WDS 5
Configuring the WDS Properties 7
Starting WDS 8
Configuring the Custom DHCP Option 9
Configuring and Managing Boot, Install, and Discover
Images 10
Adding Boot Images 11
Adding Image Files 12
Creating an Image File with WDS 13
Creating a Discover Image 15
Using Wdsutil 16
Managing WDS with Windows Powershell 18
Performing an Unattended Installation 19
Updating Images with Patches, Hotfixes, and Drivers 26
Installing Features for Offline Images 27
Configuring Driver Groups and Packages 27
Skill Summary 29
Knowledge Assessment 29
Business Case Scenarios 32
Lesson 2: Implementing Patch
Management 33
Understanding Windows Updates and Automatic
Updates 34
Deploying Windows Server UpdateServices (WSUS) 37
Installing WSUS 39
Configuring WSUS 41
Configuring WSUS Synchronization 43
Configuring WSUS Computer Groups 47
Configuring Group Policies for Updates 49
Configuring Client-Side Targeting 50
Approving Updates 52
Managing Patch Management In Mixed
Environments 56
Viewing Reports 57
Administrating WSUS with Commands 58
Troubleshooting Problems with Installing Updates 59
Understanding System Center ConfigurationManager 60
Skill Summary 60
Knowledge Assessment 61
Business Case Scenarios 64
Lesson 3: Monitoring Servers 65
Introducing the Microsoft ManagementConsole (MMC) 66
Using Server Manager 68
Using Computer Management 69
Using the Services Console 69
Using Event Viewer 72
Understanding Logs and Events 73
Filtering Events 75
Adding a Task to an Event 75
Configuring Event Subscriptions 77
Using Reliability Monitor 79
Managing Performance 81
Using Task Manager 81
Using Resource Monitor 85
Using Performance Monitor 88
Using Common Performance Counters 90
Configuring Data Collector Sets (DCS) 91
Configuring Performance Alerts 92
Scheduling Performance Monitoring 93
Monitoring the Network 94
Using the netstat Command 95
Using Protocol Analyzers 96
Monitoring Virtual Machines (VMs) 101
Skill Summary 102
Knowledge Assessment 103
Business Case Scenarios 106
XX
www.wiley.com/college/microsoft or
call the MOAC Toll-Free Number: 1+(888) 764-7001 (U.S. & Canada only)
Contents xxi
Lesson 4: Configuring Distributed File
System (DFS) 107
Using Distributed File System 107
Installing and Configuring DFS Namespace 108
Installing DFS Namespace 109
Configuring DFS Namespaces 110
Managing Referrals 114
Managing DFS Security 116
Installing and Configuring DFS Replication 116
Installing DFS Replication 117
Configuring DFS Replication Targets 117
Scheduling Replication 121
Configuring Remote Differential Compression 121
Configuring Staging 124
Cloning a DFS Database 125
Recovering DFS Databases 126
Optimizing DFS Replication 127
Configuring Fault Tolerance Using DFS 128
Skill Summary 128
Knowledge Assessment 129
Business Case Scenarios 133
Lesson 5: Configuring File Server
Resource Manager(FSRM) 134
Using File Server Resource Manager 134
Installing File Server Resource Manager 135
Using Quotas 136
Creating Quotas 136
Changing Quotas Templates 140
Monitoring Quota Use 141
Managing Files with File Screening 142
Creating File Groups 142
Creating a File Screen 143
Creating a File Screen Exception 144
Creating a File Screen Template 145
Using Storage Reports 146
Enabling SMTP 147
Configuring File Management Tasks 148
Skill Summary 150
Knowledge Assessment 151
Business Case Scenarios 154
Lesson 6: Configuring File Services
and Disk Encryption 155
Securing Files 155
Encrypting Files with EFS 156
Configuring EFS 157
Using the Cipher Command 158
Sharing Files Protected with EFS with Others 159
Configuring EFS with Group Policies 159
Configuring the EFS Recovery Agent 160
Managing EFS Certificates 161
Encrypting Files with Bitlocker 163
Configuring Bitlocker Encryption 164
Configuring BitLockerTo Go 168
Bitlocker Pre-Provisioning 168
Configuring BitLocker Policies 169
Managing BitLocker Certificates 171
Configuring the Network Unlock Feature 171
Skill Summary 173
Knowledge Assessment 173
Business Case Scenarios 176
Lesson 7: Configuring AdvancedAudit Policies 177
Enabling and Configuring Auditing 177
Implementing Auditing Using Group Policies 178
Implementing an Audit Policy 179
Implementing Object Access Auditing Using GroupPolicies 180
Implementing Advanced Audit Policy Settings 183
Implementing Advanced Audit Policy Settings Using GroupPolicies 183
Removing Advanced Audit Policy Configuration 196
Implementing Auditing Using AuditPol.exe 196
Viewing Audit Events 198
Creating Expression-Based Audit Policies 199
Creating Removable Device Audit Policies 201
Skill Summary 202
Knowledge Assessment 203
Business Case Scenarios 206
www.wiley.com/college/microsoft or
call the MOACToll-Free Number: 1+(888) 764-7001 (U.S. & Canada only)
xxii Contents
Lesson 8: Configuring DNS
Zones 207
Understanding DNS 208
Understanding DNS Names and Zones 209
Understanding the Address Resolution Mechanism 211
Configuring and Managing DNS Zones 212
Installing DNS 213
Configuring Primary and Secondary Zones 214
Configuring Active Directory-Integrated Zones 218
Configuring Zone Delegation 219
Configuring Stub Zones 221
Configuring Caching-Only Servers 222
Configuring Forwarding and Conditional Forwarding 222
Configuring Zone Transfers 224
Understanding Full and Incremental Transfers 225
Configuring Notify Settings 225
Using the Dnscmd Command to ManageZones 226
Skill Summary 227
Knowledge Assessment 228
Business Case Scenarios 231
Lesson 9: Configuring DNSRecords 232
Configuring DNS Record Types 233
Creating and Configuring DNS Resource
Records 233
Start of Authority (SOA) Records 234
Name Server (NS) Records 235
Host (A and AAAA) Records 236
Canonical Name (CNAME) Records 236
Pointer (PTR) Records 237
Mail Exchanger (MX) Records 237
Service Location (SRV) Records 238
Configuring Record Options 239
Configuring Round Robin 241
Configuring Secure Dynamic Updates 242
Configuring Zone Scavenging 242
Using the DNSCMD Command to Manage Resource
Records 244
Troubleshooting DNS Problems 245
Skill Summary 249
Knowledge Assessment 250
Business Case Scenarios 253
Lesson 10: Configuring VPN and
Routing 254
The Remote Access Role 255
Installing and Configuring the Remote Access Role 255
Installing Routing and Remote Access 255
Configuring Routing and Remote Access 257
Configuring RRAS for Dial-Up Remote Access 258
Configuring VPN Settings 261
Configuring the VPN Connection on the Server 263
Creating a VPN Connection on a Client 265
VPN Reconnect 267
Configuring Split Tunneling 267
Configuring Remote Dial-In Settings for Users 268
Troubleshooting Remote Access Problems 269
Implementing NAT 271
Disabling Routing and Remote Access 272
Configuring Routing 272
Managing Static Routes 274
Configuring RIP 276
Configuring Demand-Dial Routing 277
Configuring the DHCP Relay Agent 277
Configuring Web Application Proxy in Passthrough Mode 278
Skill Summary 281
Knowledge Assessment 282
Business Case Scenarios 285
Lesson 11; Configuring Direct
Access 286
Understanding DirectAccess 286
Looking at the DirectAccess Connection Process 287
Understanding DirectAccess Requirements 288
Understanding DirectAccess Server Requirements 288
Understanding DirectAccess Client Requirements 289
Running the DirectAccess Getting Started Wizard 289
Running the Remote Access Setup Wizard 290
Implementing Client Configuration 293
Implementing DirectAccess Server 295
Implementing Infrastructure Servers 296
Configuring the Application Servers 299
Preparing for DirectAccess Deployment 299
Configuring DNS for DirectAccess 300
Configuring Certificates for DirectAccess 300
Troubleshooting DirectAccess 305
Skill Summary 306
Knowledge Assessment 307
Business Case Scenarios 311
www.wiley.com/college/microsoft or
call the MOAC Toll-Free Number: 1+(888) 764-7001 (U.S. & Canada only)
Contents xxiii
Lesson 12: Configuring a Network
Policy Server 312
Configuring a Network Policy ServerInfrastructure 312
Installing and Configuring a RADIUS Server 314
Configuring Multiple RADIUS Server Infrastructures 316
Configuring RADIUS Clients 318
Configuring NPS Templates 324
Configuring RADIUS Accounting 326
Understanding NPS Authentication Methods 330
Using Password-Based Authentication 330
Using Certificates for Authentication 331
Skill Summary 333
Knowledge Assessment 334
Business Case Scenarios 337
Lesson 13: Configuring NPS
Policies 338
Managing NPS Policies 338
Configuring Connection Request Policies 339
Configuring Network Policies 344
Multilink and Bandwidth Allocation 347
IP Filters 348
Encryption 348
IP Addressing 349
Managing NPS Templates 350
Exporting and Importing Templates 350
Exporting and Importing the NPS ConfigurationIncluding NPS Policies 352
Skill Summary 353
Knowledge Assessment 354
Business Case Scenarios 357
Lesson 14: Configuring Network
Access Protection
(NAP) 358
Using Network Access Protection (NAP) 359
Installing Network Access Protection 361
Configuring NAP Enforcement 363
Configuring NAP Enforcement for DHCP 363
Configuring NAP Enforcement for VPN 370
Configuring System Health Validators 371
Configuring Health Policies 372
Configuring Isolation and Remediation 375
Configuring NAP Client Settings 376
Skill Summary 377
Knowledge Assessment 378
Business Case Scenarios 382
Lesson 15: Configuring Service
Authentication 383
Configuring Service Authentication 384
Understanding NTLM Authentication 384
Managing Kerberos 384
Managing Service Principal Names 386
Configuring Kerberos Delegation 388
Managing Service Accounts 388
Creating and Configuring Service Accounts 389
Creating and Configuring Managed Service Accounts 390
Creating and Configuring Group Managed Service
Accounts 393
Configuring Virtual Accounts 393
Skill Summary 394
Knowledge Assessment 395
Business Case Scenarios 398
Lesson 16: Configuring Domain
Controllers 399
Understanding Domain Controllers 399
Managing Global Catalogs and ConfiguringUniversal Group Membership Caching 401
Managing Operations Masters 403
Viewing the Operations Masters Role Holders 405
Transferring the Operations Masters Role 407
Seizing the Operations Masters Role 409
Installing and Configuring an RODC 410
Cloning a Domain Controller 413
Skill Summary 416
Knowledge Assessment 417
Business Case Scenarios 420
www.wiley.com/college/microsoft or
call the MOAC Toll-Free Number: 1+(888) 764-7001 (U.S. & Canada only)
xxiv Contents
Lesson 17: Maintaining Active
Directory 421
Automating User Account Management 422
Backing Up and Restoring Active Directory 424
Understanding the Active Directory Database,
SYSVOL, and System State 424
Using Windows Backup 426
Performing a Backup of Active Directory and
SYSVOL 427
Performing an Active Directory Restore 428
Configuring Active Directory Snapshots 431
Performing Object- and Container-Level Recovery 433
Configuring and Restoring Objects by Using the Active
Directory Recycle Bin 435
Managing Active Directory Offline 438
Optimizing an Active Directory Database 439
Cleaning Up Metadata 441
Skill Summary 442
Knowledge Assessment 443
Business Case Scenarios 446
Lesson 18: Configuring AccountPolicies 447
Working with Account Policies 447
Configuring Domain User Password Policy 449
Understanding Strong Passwords 449
Configuring Password Policy Settings 449
Configuring Account Lockout Settings 451
Configuring and Applying Password Settings Objects 452
Configuring Local User Password Policy 455
Delegating Password Settings Management 455
Configuring Kerberos Policy Settings 457
Skill Summary 458
Knowledge Assessment 458
Business Case Scenarios 461
Lesson 19: Configuring Group PolicyProcessing 462
Understanding Group Policy Processing 462
Configuring Processing Order and Precedence 463
Understanding Group Policy Inheritance 463
Managing Group Policy Links 466
Using Filtering with Group Policies 467
Configuring Blocking of Inheritance 467
Configuring Enforced Policies 467
Configuring Security Filtering and WMI Filtering 468
Using Security Filtering 468
Using WMI Filtering 470
Configuring Loopback Processing 472
Configuring Client-Side Extension Behavior 473
Looking at GPOs and Disconnected Computers 474
Configuring and Managing Slow-Link Processingand Group Policy Caching 474
Forcing Group Policy Update 475
Troubleshooting GPOs 476
Skill Summary 479
Knowledge Assessment 480
Business Case Scenarios 483
Lesson 20: Configuring Group PolicySettings 484
Configuring Group Policy Settings 485
Performing Software Installation Using GroupPolicy 486
Assigning or Publishing a Package 487
Redeploying an Application 490
Uninstalling a Package 490
Using Folder Redirection 491
Using Scripts with Group Policy 494
Using Administrative Templates 496
Managing Administrative Templates 496
Creating a Central Store 498
Using Security Templates 499
Using Custom Administrative Template Files 503
Converting Administrative Templates Using ADMX
Migrator 504
Configuring Property Filters for Administrative
Templates 505
Skill Summary 506
Knowledge Assessment 507
Business Case Scenarios 510
Lesson 21: Managing Group PolicyObjects 511
Managing Group Policy Objects 511
Backing Up and Restoring GPOs 512
Using a Migration Table 514
www.wiley.com/college/microsoft or
call the MOAC Toll-Free Number: 1+(888) 764-7001 (U.S. & Canada only)
Contents 1 xxv
Resetting the Default GPOs 516
Delegating Group Policy Management 516
Skill Summary 518
Knowledge Assessment 519
Business Case Scenarios 522
Lesson 22: Configuring Group PolicyPreferences 523
Using Group Policy Preferences 523
Configuring Preference Settings 524
Configuring Windows Settings 526
Configuring Network Drive Mappings 526
Performing File and Folder Deployment 527
Performing Shortcut Deployment 529
Configuring Control Panel Settings 530
Configuring Printer Settings 530
Configuring Custom Registry Settings 531
Configuring Power Options 532
Configuring Internet Explorer Settings 533
Configuring Item-Level Targeting 534
Skill Summary 535
Knowledge Assessment 536
Business Case Scenarios 539
Appendix A 540
Index 542
www.wiley.com/college/microsoft or
call the MOAC Toil-Free Number; 1+(888) 764-7001 (U.S. & Canada only)