IT ACADEMY LESSON PLAN 2008 - Wikispacesthsferris.wikispaces.com/file/view/Windows Server 2008...

2008 IT ACADEMY LESSON PLAN

Microsoft Windows Server

Network Infrastructure

Microsoft Windows Server 2008 Network Infrastructure—Lesson Plans

Microsoft Windows Server 2008 Network Infrastructure: Lesson Plans

Introduction

Preparing to teach a course on Microsoft Windows Server 2008 Network Infrastructure Configura-tion, based on Exam 70-642: TS: Network Infrastructure Configuration, can be a challenge that re-quires careful planning and organization. The Microsoft IT Academy provides these lesson plans to help you save time, skillfully manage the teaching environment, and successfully communicate the intended lesson. The lesson plans are flexible and have been created in a concise format of small teachable units to allow you to use them with any textbook. To support a textbook-independent teaching style, each lesson plan contains suggested demonstrations and explanations. The lesson plans have been developed to be independent of a predefined lesson schedule. Whether the course is taught in a semester or quarter term format, we suggest the following class format: a 60-minute lecture followed by a 120-minute lab (hands-on performance) session. This model is rec-ommended in order to increase student performance and enhance the knowledge and skills gained through active participation in the course.

Each lesson plan includes:

Learning Goals for each lesson.

Learning Objectives that may be observed throughout the lesson.

Lecture Outline that details what to present in each class.

Quick Quiz of multiple choice and true/false type questions.

Lesson Exercises and Lesson Projects at the end of each Lesson Plan to directly connect the student with the materials that have just been covered in class. The projects can be used independently of a textbook or as an assessment to determine skill mastery. To sim-plify the scoring process, annotated answer keys for each exercise and project are includ-ed to adequately determine if the learning objective was accomplished through process of lecture and activity.

Video Resources available from Microsoft.


Lesson 1: An Introduction to Networking Concepts

Learning Goals//The goal of this lesson is to introduce students to basic Windows Server 2008 networking concepts.

Learning Objectives Upon completion of this lesson, students will understand:

What is TCP/IP?

What is the Domain Name System (DNS)?

What is Dynamic Host Configuration Protocol (DHCP)?

What is Routing and Remote Access Service (RRAS)?

Lesson Introduction Explain that Microsoft Windows Server 2008 includes basic networking components and that it is important to understand the components of a network. Students will gain introductory knowledge of several network services that are offered by Windows Server 2008.

What is TCP/IP? Instructors should do the following:

Explain that network protocols provide a logical language for communication between computers across a network.

Explain that the most common network protocol used is Transmission Control Protocol/Internet Protocol, generally referred to as TCP/IP.

Point out that a TCP/IP network is divided into subnets or smaller units to make the network more centralized or de-centralized and to optimize administration of the system.

Discuss how the host or computer is configured with the network interface to enable communication on a TCP/IP network using an IP address.

Explain that an IP address is used to uniquely identify a de-vice on a TCP/IP network and that this address is used to communicate with other devices on the network. Explain that an IP address consists of a network address and a host address.

.


Point out that each TCP/IP host must be configured with a

subnet mask and a default gateway in order to communi-

cate.

Explain that IP version 6 is the latest upgraded version of the TCP/IP protocol suite but that IP version 4 is still the most commonly used.

Discuss that TCP/IP version 4 addressing uses four bytes or octets with dotted-decimal notation to address the maxi-mum number of possible network addresses.

Explain that classful addressing uses a field for the network number, which consists of different lengths for different network classes.

Explain that address classes are used to allow networks that require different numbers of nodes.

Discuss how Internet Service Providers (ISPs) allocate small networks to their customers for improved flexibility, and therefore Classless Inter-Domain Routing (CIDR) was creat-ed.

Point out that CIDR creates a hierarchical structure that breaks the network address space into CIDR blocks.

Explain that this hierarchical structure is further divided through subnetting.

Explain that subnetting is the logical partitioning of an or-ganization’s network address range into smaller blocks.

Explain that IP version 6 uses 16 bytes, therefore providing an increased number of possible network addresses.

What is the Domain

Name System?

Instructors should do the following:

Explain that the Domain Name System (DNS) provides a pro-cess for associating human-readable names with network addresses.

Point out that without the use of DNS, Windows Server 2008 would not be able to resolve names to an Internet Pro-tocol (IP) address.

Explain that the method of relating an IP address to a com-puter name is called name resolution.

Point out that DNS provides the following benefits:


Scalability

Transparency

Ease of use

Simplicity

Explain that the DNS namespace has a hierarchical structure and each DNS domain name is unique.

Explain that DNS uses fully qualified domain name (FQDN) to map a host name to an IP address.

What is Dynamic Host

Configuration Protocol

(DHCP)?


Explain that Dynamic Host Configuration Protocol (DHCP) provides a mechanism for conveniently assigning network addresses and other network configuration parameters to a system upon request.

Point out that organizations with large numbers of work-stations struggle to manage the IP addressing manually.

Explain that DHCP simplifies the problem of workstation IP addressing by automatically assigning, tracking, and reas-signing the IP addresses.

Point out that DHCP also prevents duplicate address assign-ment while managing default gateway, subnet mask, and DNS.

Explain that DHCP is an open, industry-standard protocol that reduces the complexity of administering networks based on TCP/IP.

Point that that the following are the key benefits of using DHCP:

Centralized administration of IP configuration

Dynamic host configuration

Seamless IP host configuration

Scalability

Flexibility

Explain that a DHCP Relay Agent is either a host or an IP router that listens for DHCP client messages being broad-cast on a subnet and then forwards those DHCP messages to a DHCP server on a remote server.


Explain that client systems may be configured to automati-cally determine their IP configuration in cases where there is no access to an external DHCP server; this is called Auto-matic Private IP Addressing (APIPA).

Point out that APIPA is a necessary solution for portable computers that move between a corporate, DHCP-enabled network and a home network where static IP addressing is used.

Demonstrate the steps to display the network adapter’s Al-ternate Configuration tab.

What is Routing and

Remote Access Service

(RRAS)?


Explain that routing is the process of transferring data across a network from one IP subnet or LAN to another.

Explain that routing plays a key role in every organization that is connected to the Internet or has more than one net-work segment.

Explain that Remote Access allows remote network clients to access resources on a network as though they were phys-ically connected to the LAN.

What is Network Access

Protection (NAP)?


Explain that Network Access Protection is a feature that en-ables network administrators to specify one or more poli-cies that define the conditions under which network access will or will not be permitted.


Lesson Quiz True/False

1. Active Directory utilizes a single-master database with all updates and changes made on the primary domain control-ler.

2. A domain is the largest container object in Active Directory.

3. By default, security settings applied to an organizational unit will be inherited by all child organizational units.

4. Active Directory uses SRV records in DNS to locate domain controllers and global catalog servers.

5. Each domain within a single Active Directory forest will have its own individual schema.

Multiple Choice

1. Which of the following are valid container objects in Active Directory? Choose three.

a) Organizational unit

b) Forest

c) Domains

d) Security groups

2. The schema database contains what two types of infor-mation?

a) Object attributes

b) User names

c) Object classes

d) Active Directory containers

3. Active Directory uses what protocol for the basis of its nam-ing format?

a) NetBios

b) DNS

c) Answer Choice

d) LDAP


4. What is the default forest functional level in Windows Serv-er 2008 Active Directory?

a) Windows Server 2003

b) Windows Server 2000

c) Windows Server 2000 Mixed

d) Windows Server 2008

5. What type of trust can be created to improve performance between two Active Directory domains within the same for-est that may be separated by a slow WAN link?

a) External Trust

b) Two-way transitive trust

c) Shortcut Trust

d) Direct Domain Trust

Quiz Answers True/False

1. False. Active Directory utilizes a multi-master database.

2. False. A forest is the largest container object in Active Directory.

3. True.

4. True.

5. False. The schema is defined at the forest level for all do-mains in a forest.

Multiple Choice

1. A, B, C

2. A, C

3. D

4. B

5. C


Class Projects Lesson 1—Exercise 1

List and explain the three partitions or naming contexts that are present on each domain controller. Explain how each is replicated.

Explain what an application partition is used for.

List eight types of objects that can be contained in an organiza-tional unit.

Lesson 1—Project 1

List and explain the three domain functional levels supported in Windows Server 2008 Active Directory. What features are sup-ported with each functional level? Give an example of when each functional level would be appropriate.

What are the three forest functional levels supported in Win-dows Server 2008 Active Directory? How do forest functional levels differ from domain functional levels?

Microsoft Video

Resources

What's Up with Windows Server 2008

Show the class the information in this video and explain that the video provides a look at a ton of new stuff, from some real-ly good news in Active Directory to some nifty new deployment tools, a quarantine system that'll help you keep the worm-ridden systems off of your network, a revamped Web server, and a few truly long-awaited changes in group policy.

http://technet.microsoft.com/en-us/windowsserver/cc464952.aspx


Lesson 2: Installing Microsoft Windows Server 2008

Learning Goals//The goal of this lesson is to demonstrate the activities needed for installing Microsoft Windows Server 2008.


Installing Windows Server 2008

Performing Configuration Tasks

Lesson Introduction Explain that Microsoft Windows Server 2008 installation in-cludes learning to use the Server Manager to configure and manage administration tasks and learning the various hard disk storage options that are available.

Installing Windows

Server 2008


Explain that the installation of Windows Server 2008 can result in a configuration containing only the specifically re-quired facilities, called server core, or a full server installa-tion containing all available features.

Point out that Windows provides the options of installing on new media or on previously used media.

Explain that Windows also provides a repair mode to create a minimal execution environment, allowing software to run that may be useful in recovering a damaged Windows sys-tem.

Demonstrate how to install Windows Server 2008 using bootable Windows Server media.


Performing

Configuration Tasks


Explain that when installing Windows Server 2008 on new media, the Initial Configuration Tasks screen will start up.

Point out that it is extremely important to download and install any updates that have been created since the release of the installation media.

Explain that it is critical to configure network settings cor-rectly to allow Windows Server 2008 to communicate with other hosts or remote networks.

Point out that Internet Connection Sharing allows other us-ers on your network to access the Internet through your computer.

Demonstrate how to configure basic network settings using administrative credentials.

Explain that a Windows Firewall is the first task in the instal-lation configuration.

Point out that the network location setting characterizes the network environment to which you are connected.

Point out that network discovery finds and accesses other computers and resources on the network.

Explain that the network location is created using the Net-work and Sharing Center.

Demonstrate how to locate the Windows Firewall Configu-ration Settings dialog box.

Explain that installing one or more Server Roles can aid in managing and securing Windows Server 2008.

Discuss the various roles that are available on Windows Server 2008.

Demonstrate how to configure server roles on Windows Server 2008.

Point out that adding some of the following Windows Serv-er features may be useful for the network environment:

Remote Server Administration Tools

Windows Server Backup

WINS Server

Wireless Networking


Explain that configuring storage in Windows Server 2008 involves adding or removing physical hard disks and logical partitions to increase or modify the available storage on the server.

Point out that Windows Server 2008 supports the following two types of hard disks:

Basic disks

Dynamic disks

Discuss terminology related to dynamic disks that students should be familiar with.

Demonstrate how to configure storage in Windows Server 2008 by logging in with administrator credentials.

Explain that Windows Server 2008 enables the administra-tor to install only the services required for a specific func-tion or the server core.

Point out that installing only the server core typically re-quires less maintenance and fewer updates.

Demonstrate how to manage the server core from the com-mand line.

Explain that configuring Windows activation involves the process of volume activation when a volume license key is being used.


1. Windows Server 2008 contains a repair mode that can be used during installation to run applications that may be used to recover a damaged Windows installation.

2. The online installation procedures of Windows Server 2008 can run under Windows Vista and Windows XP.

3. When configuring a server with a static IP address, you must also configure the server as a DHCP client to receive DNS address configuration.

4. The Windows Firewall is disabled by default and should be enabled during installation.

5. All disks in a Windows Server 2008 installation are config-ured as dynamic by default, but can be converted to basic disk if the advanced disk configuration options are not re-quired.


Multiple Choice

1. How should the network location option in Windows Fire-wall be configured so that network discovery cannot be used to find or access the computer when using a specific network interface?

a) Home

b) Public location

c) Work

d) Default

2. Which of the following tasks can be completed on the Initial Configuration Tasks page? Choose all that apply.

a) Enable automatic updates

b) Set time zone

c) Provide computer name and domain

d) Configure networking

3. Windows Server 2008 supports which two disk types?

a) Simple volumes

b) Spanned volumes

c) Dynamic

d) Basic

4. Which disk configuration option provides improved read performance but no fault tolerance?

a) Raid 5 volume

b) Mirrored volume

c) Striped volume

d) Simple volume


5. Which of the following is a limitation of Windows Server 2008 when installed as a server core?

a) Does not support the DHCP Server service

b) Does not support the DNS Server services

c) Does not support GUI administration

d) Does not support file server functionality


1. True.

2. False. Windows online installation can run under Windows Vista and Windows Server 2008 only.

3. False. When you configure a server with a static IP address, you must also configure the server with the address of the DNS server.

4. False. The Windows Firewall is enabled by default.

5. False. Disks are configured as basic disks by default.

Multiple Choice

1. A, B, C, D

2. B

3. C, D

4. C

5. C


List five possible server roles that can be configured on a Win-dows Server 2008 server.


List and explain five options for disk configuration when dy-namic disks are configured.


Microsoft Video

Resources

Windows Server 2008 R2 Quick Look – Active Directory Admin-istrative Center

A quick look at the new administrative tool called Active Direc-tory Administrative Center in Windows Server 2008 R2.

Windows Server 2008 R2 Quick Look – System Health Report

This video demonstrates how to analyze your servers and pro-vides a roadmap for prescriptive system diagnosis.

http://technet.microsoft.com/en-us/windowsserver/ee895054.aspx




Lesson 3: Configuring and Managing Windows Server 2008

Learning Goals//The goal of this lesson is to provide students with an understanding of the Dynamic Host Configuration Pro-tocol (DHCP) server role within Microsoft Windows Server 2008.


DHCP Installing the DHCP Server Role Configuring the DHCP Server

Lesson Introduction Explain that Microsoft Windows Server 2008 contains the DHCP

Server Role in order to automatically assign IP addresses, sub-

net mask, default gateway, and other configuration options to

a computer. Point out that students will learn the installation

steps and configuration guidelines for a DHCP server.

Understanding DHCP Instructors should do the following:

Explain that network communication cannot take place un-less TCP/IP is correctly configured.

Point out that Dynamic Host Configuration Protocol (DHCP) will automatically assign, track, and reassign IP addresses to computer on a network.

Explain that one benefit of DHCP is to free administrators from manually configuring computers on a network.

Explain that Address Resolution Protocol (ARP) is used to discover the Media Access Control (MAC) address for a par-ticular IP address.

Discuss how Bootstrap Protocol (BOOTP) enables a TCP/IP workstation to retrieve settings for all the configuration pa-rameters it needs to run.

Explain that Trivial File Transfer Protocol (TFTP) is a light-weight version of FTP and enables a workstation to down-load an executable boot file from a BOOTP server.

Point out that DHCP is based upon BOOTP but dynamically allocates an IP address from a pool of addresses and then reclaims the address when no longer needed.


Point out that the main benefits of DHCP are: Centralized administration of IP configuration Dynamic host configuration Seamless IP host configuration Flexibility and scalability

Explain that the core function of DHCP is to assign address-es and that DHCP functions at the application layer of the Open System Interconnection (OSI) reference model.

Inform students that DHCP messages are carried in User Datagram Protocol (UDP) datagrams, which operate at the transport layer of the OSI model.

Discuss the following common DHCP terminologies with students:

DHCP client DHCP server DHCP lease

Discuss the following DHCP message types that are used by DHCP clients and servers on a TCP/IP network:

DHCPDISCOVER DHCPOFFER DHCPREQUREST DHCPDECLINE DHCPPACK DHCPNACK DHCPRELEASE DHCPINFORM

Discuss the four-step process for DHCP lease: Discover Offer Request Acknowledgement

Explain that DHCP clients will perform the initial lease pro-cess under the following situations:

First time the client boots After releasing its IP address After receiving a DHCPNACK message

Explain that using a DHCP relay agent to listen for and broadcast DHCP messages eliminates the need for a DHCP server on every subnet.

Explain that Automatic Private IP Addressing (APIPA) allows a computer to determine IP configuration information with-out a DHCP server, therefore enabling the host to com-municate.


Point out that an alternative configuration may be used to enable a portable computer to communicate between a corporate DHCP-enabled network and a home network.

Demonstrate the steps to view the alternative configura-tion tab on the Network and Sharing Window of the Con-trol Panel.

Installing the DHCP

Server Role


Demonstrate how to install the DHCP Server Role by logging on as the administrator.

Point out that a DHCP server must be authorized before it can issue leases to DHCP clients.

Explain that in order to authorize a DHCP server, a user must be a member of the Enterprise Admins group.

Demonstrate how to authorize a DHCP server by logging on as the default administrator of the local computer.

Configuring the DHCP

Server


Explain that DHCP scopes will determine the IP addresses to allocate to clients.

Explain that a DHCP scope defines the set of IP addresses and associated configuration information that can be sup-plied to a DHCP client.

Demonstrate how to configure a DHCP scope by logging on as the default administrator of the local computer.

Point out that a DHCP superscope is an administrative grouping of scopes that are used to support multiple logical subnets on a single network segment.

Point out that DHCP reservations are used for DHCP-enabled hosts that need to have a static IP address on a net-work.

Demonstrate how to configure a DHCP reservation by log-ging in as the default administrator of the local computer.

Explain that DHCP options are additional client-configuration parameters that a DHCP server can assign when serving leases to DHCP clients.

Point out that the four types of DHCP options available in Windows Server 2008 are:

Server options Scope options Class options Client options


Explain that two methods can be utilized to allow a DHCP server on one subnet to service client requests from remote subnets.

RFC 1542 compliant servers can be configured for BOOTP forwarding.

Configure a DHCP relay agent on the subnet containing the remote clients.

Point out that management of DHCP is vital, since loss of DHCP access would eliminate client network connectivity.

Explain that the following DHCP database management functions are critical:

Backup and restore Reconciliation Compacting the database Removing the database

Explain that backup and restore of the DHCP database are supported by Windows Server 2008 to provide fault toler-ance.

Demonstrate how to back up and restore the DHCP data-base though the DHCP console.

Point out that reconciliation of the DHCP database verifies the database values against the DHCP registry values.


1. The Address Resolution Protocol is used to discover an IP address for a known Media Access Control address.

2. DHCP messages are transported using UDP packets on port 67 and 68.

3. An exclusion range in DHCP is the set of addresses within a subnet that are outside the DHCP scope address pool.

4. A DHCP Relay Agent must be configured when the DHCP server is located on another network segment.

5. If a DHCP client running Windows 7 is unable to contact the DHCP server, it will be automatically configured with an API-PA address in the 192.168.1.X–192.168.255.255 range.


Multiple Choice

1. DHCP is largely based on what protocol? a) ARP b) BOOTP c) RARP d) TFTP

2. At what layer of the OSI model does DHCP work? a) Network b) Transport c) Application d) Data Link

3. What is the default least time period for a DHCP server run-ning on Windows Server 2008?

a) 8 days b) 3 days c) 8 hours d) 1 day

4. After correctly configuring a DHCP server in a Windows Server 2008 domain, what additional step must be taken before the DHCP server can handle DHCP services for do-main computers?

a) Activate the DHCP server in Active Directory b) Publish the DHCP server in Active Directory c) No other steps are needed d) Authorize the DHCP server in Active Directory

5. What two pieces of information must be configured when configuring a DHCP client reservation?

a) Host name b) IP address c) MAC address d) Default gateway



1. False. ARP will discover a MAC for a known IP address. 2. True. 3. False. The exclusion range is part of the scope address pool

but specifically excluded from being assigned. 4. True. 5. False. APIPA assigns an address in the 169.254.x.x range.

Multiple Choice

1. B 2. C 3. A 4. D 5. B, C


List and explain the eight DHCP message types.

List the four steps in a successful DHCP lease process.


Configure a DHCP scope with the following parameters:

Address range of 200.200.200.50–200.200.200.100

Subnet mask of 255.255.255.0

Lease duration 3 days


Using the DHCP scope from the previous exercise, complete

the following additional configurations.

1. Create a client reservation for your partner computer so that DHCP would assign 200.200.200.150.

2. Create a scope level option that assigns a default gateway address of 200.200.200.1.

When you have completed the assignment, ask you instructor

to view your DHCP console.

Microsoft Video

Resources

There are no video resources available for this lesson.


Lesson 4: Configuring and Managing the DNS Server Role

Learning Goals//The goal of this lesson is to provide students

with an understanding of the Domain Name System (DNS)

Server Role within Microsoft Windows Server 2008.


Configuring DNS Installing the DNS Server Role Working with DNS Zones

Lesson Introduction Explain that Microsoft Windows Server 2008 contains the DNS

Server Role in order to enable name resolution of computers

and devices in Active Directory. Point out that students will

learn to implement the service on a Windows Server 2008 net-

work.

Configuring DNS Instructors should do the following:

Explain that for devices to communicate over a network, they must be able to locate one another.

Point out that the Domain Name System (DNS) is the prima-ry means for computers and devices to locate one another through Windows Server 2008.

Point out that Windows Server 2008 includes both the DNS and Windows Internet Naming System (WINS) to translate between readable names and numerical IP addresses.

Discuss the history and creation of DNS for use on TCP/IP networks.

Point out the following benefits of using DNS: Scalability Constancy Ease of use Simplicity


Explain that a DNS namespace is a structural tree list of DNS host names that begins at the unnamed root, which is used for all DNS operations.

Point out that under the DNS root domain, the top-level or first-level domain types are:

Generic Country code Infrastructure domain

Point out that second-level domains are registered to indi-viduals or organizations.

Explain that a DNS zone is a collection of host name–to–IP address mappings for hosts in a contiguous portion of the DNS namespace.

Explain that a DNS server can host primary zones, second-ary zones, stub zones, or no zones.

Explain that a server is considered authoritative for a partic-ular zone if it hosts a primary or secondary zone for a partic-ular DNS domain.

Point out that Windows Server 2008 supports three types of servers:

Primary name server Secondary name server Caching-only server

Installing the DNS

Server Role


Point out that prior to DNS installation, the computer should be configured with a static IP address.

Explain that the DNS server requires the use of an IP ad-dress so that server requests are configured to go to the correct location.

Demonstrate how to install the DNS Server Role by logging onto the server using administrative credentials.


Working with DNS

Zones


Explain that DNS Zones are created and configured using the Microsoft Windows Server 2008 DNS MMS snap-in.

Explain that DNS Zones can hold resource records for a sin-gle domain or multiple domains.

Point out that the zones are classified by the following: Where they are stored Whether they are writable or not What information they receive and return

Point out that zone data is maintained on a DNS server and is stored either:

As a text-based zone file containing lists of mappings (standard zone); or

Within an Active Directory database (Active Directory–integrated zone)

Explain that forward lookup and reverse lookup zones can be one of three types:

Primary zone Secondary zone Stub zone

Explain the standard zone types that can be configured on Windows Server 2008:

Standard primary zone Standard secondary zone Reverse lookup zone Stub zone

Demonstrate how to configure a standard primary zone through the Administrative Tools windows.

Demonstrate how to configure a standard secondary zone through the Administrative Tools windows.

Demonstrate how to configure a standard stub zone through the Administrative Tools windows.

Explain that storing zones in Active Directory is a Microsoft proprietary technology used for managing; securing, and replicating DNS zone information.

Point out that the following are benefits of storing a zone in Active Directory:

Fault tolerance Security Zones are multimaster Efficient replication Maintain use of secondary zones


Explain that Windows Server 2008 can be configured with one of three replication scopes:

To all domain controllers in the domain To all domain controllers that are DNS servers in the

local domain To all domain controllers that are also DNS servers in

the entire forest

Configuring Zones Instructors should do the following:

Explain that as new DNS Zones are added, the administrator must decide how to allocate the added domains.

Explain that DNS zone transfers are complete or partial transfers of data in a zone from the primary DNS server hosting the zone to a secondary DNS server hosting a copy of the zone.

Point out that the following events trigger zone transfers: A transfer is manually initiated using the console at

the secondary server. The zone refresh interval expires. The DNS server service is started at the secondary

server. The master server notifies the secondary server of a

zone change or changes. Discuss the process of a full zone transfer. Discuss the process of an incremental zone transfer. Explain that DNS Notify is a means of initiating notification

to secondary servers when zone changes occur. Discuss the events that occur when a zone on a primary

DNS server is updated. Explain that a DNS resource record contains information

that is related to a DNS domain. Discuss the common set of information that is stored in a

DNS resources record: Owner TTL (Time to Live) Class Type Resource Records Data (RDATA)

Explain that a Start of Authority (SOA) Resource Record indi-cates the starting point or original point of authority for in-formation stored in a zone.


Explain that a Name Server (NS) Resource Record identifies a DNS server that is authoritative for a zone.

Explain that delegation and glue records are resource rec-ords added to a zone to delegate a subdomain to a separate zone hosted on a different DNS server.

Explain that a PRT resource record performs the reverse function of a resource record by mapping an IP address to a FQDN.

Explain that the canonical name (CNAME) resource record creates an alias for a specified FQDN and hides the imple-mentation details of your network from the clients that connect to it.

Explain that the mail exchanger (MX) resource record speci-fies a server that is configured to act as a mail server for the DNS server and is a host that either processes or forwards mail for a DNS domain name.

Explain that the server locator (SRV) resource records ena-ble an administrator to locate servers that provide a specific network server over a specific protocol and in a specific do-main.

Point out that SRV Resource Record Fields include: Service name Protocol type Domain name TTL Protocol class

Explain that wildcard resource records may be used when a large number of records are manually added.

Demonstrate how to configure DNS Resource Records using the DNS console.

Explain that the DNS dynamic update protocol enables DNS clients to dynamically update their resource records in DNS zones.

Point out that DNS dynamic updates can be configured for the following options:

None Nonsecure and secure Secure only

Explain that dynamic update enables individual computers and services to automatically add, update, and delete DNS resource records.

Explain that Windows Server 2008 provides a mechanism called scavenging to remove records as they become out of date.


Point out that DNS scavenging depends on the following: No-refresh interval Refresh interval

Explain that the DNS resolver refers to the DNS client soft-ware that exists on a Windows computer, regardless of whether it is running a client or a server operating system.

Explain that a DNS query contains the DNS domain name, the query type specifying the resource records to be re-turned, and the DNS domain name class.

Point out that the following are the most common types of DNS query responses:

An authoritative answer A positive answer A referral answer A negative answer

Explain that root hints contain the names and IP addresses of the DNS servers authoritative for the root zone.

Explain that DNS servers temporarily cache resource rec-ords that contain information obtained from DNS servers that are authoritative for DNS domain names learned while making iterative queries.

Explain that an iterative query is a DNS query sent to a DNS server in which the querying host requests it to return the best answer it can provide using its own information.

Explain that a forwarder is a DNS server on a network used to forward DNS queries for external DNS names to DNS servers outside of that network.

Explain that a conditional forwarder forward queries on the basis of domain name.

Discuss the behaviors of a DNS server that is configured to use a forwarder.

Demonstrate how to configure forwarders using Adminis-trative Tools.

Discuss with students the tools that are useful in managing and monitoring DNS services.

Explain that Nslookup is a command-line tool built into TCP/IP that is available in Windows Server 2008 to perform DNS queries and enable examination of the content of zone files on local and remote servers.

Discuss the command-line options available with the set command.

Explain that the Dnscmd command-line tool can be used to perform most of the tasks that you can do from the DNS console.


Demonstrate how to view the advanced DNS server proper-ties through the DNSPRI Properties.

Discuss the DNS console configuration options that are available:

Disable Recursion BIND Secondary Fail on Load If Bad Zone Data Enable Round Robin


1. A DNS server that hosts no zones is called a caching-only

server.

2. DNS zone transfers are always initiated by the Secondary

DNS server.

3. DNS Notify is a process by which a Secondary DNS server

notifies the primary server that it has updates that should be

replicated.

4. To use Secure Dynamic Updates, all DNS zones that will be

updated dynamically must be configured as Active Directo-

ry Integrated Zones.

5. NSLookup is a command line tool that can be used to per-

form most DNS configuration tasks.

Multiple Choice

1. Which three of the following are valid DNS zone types in a

Microsoft DNS environment?

a) Primary zone

b) Secondary zone

c) Root zone

d) Stub zone

2. Which type of DNS zone is used to resolve determine a host name based on an IP address?

a) Primary zone b) Reverse Lookup zone c) Stub zone d) Caching only zone


3. Which type of DNS resource record is used to map a host name to an IPv6 address?

a) Host A b) MX c) Host AAA d) SRV

4. What Advanced Configuration Option may need to be con-figured to resolve replication issues between Microsoft and Unix DNS servers?

a) Secure Cache Against Pollution b) Unix Secondaries c) Load Zone Data on Startup d) Bind Secondaries

5. Microsoft DNS data is stored in an Active Directory Partition when what type of DNS zones are configured?

a) Standard Primary b) Standard Secondary c) Active Directory Integrated d) All of the above


1. True. 2. True. 3. False. DNS notify allows a primary server to notify a second-

ary server that its DNS database has been updated. 4. True. 5. False. DNSCMD is a command line tool that can be used to

perform DNS configuration.

Multiple Choice

1. A, B, D 2. B 3. C 4. D 5. C



Explain each of the following DNS record types. What infor-

mation would each record type contain?

SOA

Host

NS

MX

PTR

CNAME

SRV

Explain the advantages of configuring Active Directory Inte-

grated DNS Zones.


Using the DNS Console, create a standard primary zone for the

name space Test.com. Configure the zone for Secure Dynamic

Updates.

Create a Primary Reverse Lookup Zone for the IPv4 address

space 200.200.1.x with a subnet mask of 255.255.255.

Within the test.com zone, create a host record for a computer

named TestComputerX with an IP address of 200.200.1.1.

Create a PTR record for TestComputerX.

Ask your instructor to view your DNS console to verify that you

have completed these tasks correctly.

Microsoft Video

Resources

There are no Microsoft video resources for this lesson.


Lesson 5: Configuring Routing and Remote Access (RRAS) and Wireless Networking


with an understanding of Routing and Remote Access (RRAS)

within Microsoft Windows Server 2008.


Configuring Routing Configuring Remote Access Working with DNS Zones

Lesson Introduction Explain that Microsoft Windows Server 2008 contains Routing

and Remote Access capabilities. Point out that students will

learn to implement interconnected routing services, VPN, and

wireless access on a Windows Server 2008 network.

Configuring Routing Instructors should do the following:

Explain that routing is the process of transferring data across a network from one LAN to another.

Point out that most networks employ common network de-vices such as:

Hubs Switches Routers

Explain that a hub or multi-port repeater organizes data into bits to transmit data across a wired or wireless network.

Explain that a switch examines the destination and source address of an incoming data frame, and forwards the frame to the appropriate destination port according to the desti-nation address.

Explain that a router determines routes from a source net-work to a destination network.

Discuss the most common routing scenarios or protocols. Demonstrate how to configure routing by logging on to the

RRAS computer as the default administrator.


Point out that routing tables are necessary for packets to be successfully forwarded to the correct destination.

Point out that routers “learn” paths to remote networks or subnets in the following ways:

Static routes can be manually configured by the router ad-ministrator.

Routing protocols allow routers to automatically “learn” about remote networks.

Explain that a routing table contains entries called routes, which direct a router toward a destination network.

Point out that entries in the first column of the routing table can include the following:

0.0.0.0: represents the default route and is used when no other match is found in the routing table.

127.0.0.0: points to the loopback address and corre-sponds to the local machine.

224.0.0.0: entries refer to a separate multicast route. w.x.y.255: represents a broadcast address. 255.255.255.255: is the limited broadcast address

and works for all networks and routers. Point out that four types of routes are found in the routing

table: Directly attached network routes Remote network routes Host routes Default route

Explain that demand-dial routing can be used to initiate a connection to a remote site.

Demonstrate how to access the Routing and Remote Access properties window to configure demand-dial routing.

Configuring Remote

Access


Explain that Windows Server 2008 networks can provide both dial-up and VPN access.

Explain that the RRAS service allows a user to configure Net-work Address Translation (NAT), which enables internal net-work clients to connect to the Internet using a single shared IP address.

Point out that the Routing and Remote Access Server role allows a user to provide connectivity for remote access cli-ents using one of the following technologies:

Dial-Up Networking (DUN) Virtual Private Network (VPN)


Point out that the following options are available when con-figuring remote access:

Remote Access (Dial-Up or VPN) Network Access Translation (NAT) Virtual Private Network (VPN) Access and NAT Secure Connection Between Two Private Networks Custom Configuration

Explain that Dial-Up Networking enables remote computers that have a modem to connect to the organization’s net-work.

Demonstrate how to configure Dial-Up Networking remote access through the RRAS computer.

Explain that a VPN is an extension of a private network across a public network.

Point out that a VPN would not be the best solution in the following situations:

When performance at any price is the primary con-cern

When most traffic is synchronous When using an application with unusual protocols

that are not compatible with TCP/IP Explain that the following two tunneling protocols, which

encapsulate the packet in an additional header, are installed with Routing and Remote Access:

Point-to-Point Tunneling Protocol (PPTP) Layer Two Tunneling Protocol (L2TP)

Explain that NAT is a protocol that enables private networks to connect to the Internet.

Discuss the process that occurs when NAT is used to con-nect a private network to a public network.

Explain that the Network Policy Server is used to authorize user credentials to create a remote access connection.

Demonstrate how to access the RemoteAccessUser proper-ties window to configure the dial-in properties of a user ac-count.

Point out that the following are the levels of remote access permission for user accounts:

Control access through NPS Network Policy Deny Access Allow Access

Explain that an NPS Network Policy is a set of permissions or restrictions that are provided by a remote access authenti-cating server and applied to remote access connections.


Explain that an NPS Network Policy is a rule for evaluating remote connections and consists of the following three components:

Conditions Constraints Settings

Discuss the process that takes place when a user attempts to connect to a remote access server.

Demonstrate how to locate the Connections to Microsoft Routing and Remote Access Server properties window for configuring NPS Network Policies.

Point out that policy conditions are used to determine when the policy is applied.

Explain that an NPS Network Policy profile consists of a set of settings and properties that can be applied to a connec-tion.

Demonstrate how to locate the Connections to Other Ac-cess Server properties window for configuring NPS policy server settings.

Explain that the remote access server must first negotiate a common authentication protocol with the remote access client in order to authenticate credentials.

Point out that the following authentication protocols are supported by Routing and Remote Access in Windows Serv-er 2008:

EAP-TLS MS-CHAP v2 MS-CHAP v1 EAP-MD5 CHAP CHAP SPAP PAP Unauthenticated access


Configuring Wireless

Access


Explain that 802.1X is the standard for network access con-trol.

Point out that 802.1X provides port-based security through the use of the following three components:

Supplicant Authenticator Authentication server (AS) Discuss the process that takes place before network access

is permitted through 802.1X. Discuss the steps to configure a Windows Server 2008 serv-

er to allow wireless access.


1. The Open Shortest Path First Routing Protocol is a broad-cast-based protocol that broadcasts routing updates to all connected routers.

2. If two routes exist to the same network, the route with the lowest metric will be chosen as the preferred route.

3. Windows Server can provide NAT services and VPN services at the same time.

4. A VPN connection provides an efficient but unsecure meth-od of remote access.

5. When configuring Network Policy Settings (NPS), adminis-trators are required to choose one of three encryption pro-tocols.

Multiple Choice

1. Which of the following devices operates at layer 3, the net-work layer of the OSI Model?

a) Router b) Hub c) Switch d) Repeater


2. What are two methods a Windows Server 2008 server con-figured to act as a router can learn about routes to remote networks?

a) ARP b) DHCP c) Static routes d) Routing protocols

3. Routes that contain 224 in the first octet of the destination

address represent what type of route? a) Loopback route b) Multicast route c) Default route d) Broadcast Route

4. Windows Server 2008 supports what two types of remote access?

a) VPN b) Remote Desktop c) OSPF d) Dial-Up

5. Which two of the following are tunneling protocols support-ed on a Windows Server 2008 RRAS server for establishing VPN connections?

a) RIPv2 b) PPTP c) EAP d) L2TP


1. False. OSPF is a Link State Protocol that multicasts updates. 2. True. 3. True. 4. False. A VPN connection is a secure connection across a

public network. 5. False. Encryption is an optional setting.


Multiple Choice

1. B 2. C, D 3. B 4. A, D 5. B, D


Explain the differences among the three most common net-

working devices: hubs, switches, and routers.

What are four types of routes that can be found in a Windows

Server 2008 routing table?


List the seven authentication protocols supported by Windows

Server 2008 RRAS.

Microsoft Video

Resources

Enabling a Remote Workforce Discusses how the tools and technologies in the Windows

Presentation Virtualization scenario enable companies to de-

ploy and manage remote workforces.

Server Core Remote Management Highlights the benefits of Server Core, with its low overhead,

and highlights how it is easy to manage Server Core with the

new management tools and technologies included in Windows

Server 2008.

How Do I: Using Group Policy to Manage Services and Enable Remote Management

Demonstrates how to use group policy to enable and disable

services and to ensure that remote management can be used.



http://technet.microsoft.com/en-us/windowsserver/ff730798.aspx

http://technet.microsoft.com/en-us/windowsserver/ff730798.aspx


Lesson 6: Configuring File Services


with an understanding of the File Server Role in Windows Serv-

er 2008.


Planning a File Server Deployment Configuring a File Server Installing the File Services Role Using the Distributed File System

Lesson Introduction Explain that Microsoft Windows Server 2008 contains the File

Server Role, which can be in networks that require multiple or

centralized storage solutions. Students will learn to work with

disk drives, create shares, assign permissions, and design a file

share strategy.

Planning a File Server

Deployment


Explain that file sharing on an enterprise network should involve the following planning:

Scalability Navigation Protection Abuse Diversity Fault Tolerance Availability

Point out that it is vital that administrators determine users’ needs and how they affect file storage and sharing practices prior to implementation.

Point out that a need for high availability and fault toler-ance can lead an administrator to determine that multiple file servers are necessary.


Configuring a File Server Instructors should do the following:

Point out that the following must be determined when in-stalling additional storage for Windows Server 2008:

Select a partition style Select a disk type Divide the disk into partitions and volumes Format the partitions or volumes with a file system Explain the following partition types: System partition Book partition Primary partition Extended partition Explain the following volume types: Simple volume Spanned volume Striped volume Mirrored volume RAID-5 volume

Point out that Windows Server 2008 can support volumes up to 64 terabytes in size.

Explain that creating volumes in a manageable size is advis-able to ease the process of administration.

Point out that the most common method for choosing a vol-ume size is based upon the network backup solution.

Explain that disks must be prepared by selecting the parti-tion type, volume type, and file system prior to configura-tion.

Demonstrate how to access the Disk Management Snap-in tool.

Explain that administrators must determine a file sharing strategy after disks are configured and installed.

Point out that the following are important considerations when developing a file sharing strategy:

Users’ needs for project collaboration File backup Information protection Reduce the number of network shares Workstation shares User storage habits and disk space consumption Sharing and permission assignment

Point out that the system administrator must next deter-mine shares to create and the location to create them.


Explain that the following three resources are critical for a well-designed sharing strategy:

Private storage space Public storage space Share work space

Explain that most network administrators use the principle of least privilege, which provides users with privileges only to complete required tasks and no more.

Point out that NTFS permission is the most common prac-tice for assigning privileges on Windows Server 2008 sys-tems.

Point out that after disks on a file server are configured, cre-ating shares would be the next logical task.

Explain that a strategy for creating shared folders should include the following:

Folders to share Name assigned to shared folder Permissions granted to users for shares Offline file settings to use for shares

Demonstrate how to share a folder using the Computer Management console.

Explain that permissions are privileges granted to specific system entities, enabling them to perform a task or access a resource.

Explain the following set of Windows Server 2008 permis-sions:

Share permissions NTFS permissions Registry permissions Active Directory permissions

Point out that Windows Server 2008 folder permissions are completely separate from other permission sets.

Demonstrate how to set share permissions using the Com-puter Management Console.


Installing the File

Services Role


Explain that the Distributed File System (DFS) is a service that allows you to simplify the view of file shares located across multiple servers as they appear to the user base.

Point out that the following are File Service Roles that may be selected for installation on the Select Role Services Page:

File Server DFS Namespaces DFS Replication File Server Resource Manager Service for Network File System Windows Search Service Windows Server 2003 File Services: File Replication

Service Windows Server 2003 File Services: Indexing Service

Explain that the server service enables the computer to share files with network users.

Using the Distributed

File System


Explain that the installation of multiple servers can improve network performance and reduce internetwork bandwidth by keeping traffic local.

Point out that issues with multiple file systems include syn-chronization of files at different locations and implementing a backup solution for small branch offices.

Explain that the Windows Server 2008 Distributed File Sys-tem (DFS) includes DFS Namespaces and DFS Replication.

Explain that the DFS Namespaces role service provides basic virtual directory functionality.

Explain that the DFS Replication role service enables admin-istrators to deploy the virtual directory on multiple servers for the whole enterprise.

Explain that multiple master replication is a technique in which duplicate copies of a file are all updated on a regular basis, no matter which copy changes.

Explain that single master replication is a technique in which file changes made to one copy of the file are propa-gated, in one direction only.

Point out that DFS Replication and DFS Namespaces work together to provide the following services:

Data distribution Load balancing Data collection


Explain that the creation of a DFS namespace requires Win-dows Server 2008 to have Distributed File System and the DFS Namespace roles installed.

Describe the functionality of a namespace server as com-pared to a file server.

Demonstrate how to create a namespace in the server man-ager console.

Demonstrate how to add folders to a DFS namespace. Explain that DFS includes a replication engine that auto-

matically propagates changes from one target to all others.


1. Windows Server 2008 supports a maximum basic volume size of 64 terabytes.

2. With a basic disk configuration, the operating system must reside on a primary partition.

3. Following the strategy of “least privilege,” administrators should assign permissions to user accounts rather than groups.

4. NTFS permissions control access to resources only when ac-cessed across the network.

5. One of the advantages of DFS is that it uses multi-master replication.

Multiple Choice

1. Windows Server 2008 supports which of the following two disk types?

a) Primary disks b) Basic disks c) Secondary disks d) Dynamic disks

2. Which Windows Server 2008 volume type provides im-proved read performance but does not provide fault toler-ance?

a) Simple volume b) Raid 5 volume c) Striped volume d) Mirrored volume


3. When creating a hidden share, you should append the share name with what character?

a) ! b) $ c) . d) ~

4. The Distributed File System role in Windows Server 2008 is primarily made up of what two functions or technologies?

a) DFS tree b) DFS server service c) DFS name space d) DFS replication

5. By default, DFS uses what type of replication topology? a) Hub and spoke b) Master/slave c) Full mesh d) Partial mesh


1. False. The maximum basic volume size is 2 TB. 2. True. 3. False. Permission should always be assigned to security

groups. 4. False. NTFS permission control access to files stored on a

drive formatted with the NTFS file system. Share permission control access only across the network.

5. True.

Multiple Choice

1. B, D 2. C 3. B 4. C, D 5. C



List and explain the three levels of share permission. How do

share permissions differ from NTFS permissions?


On your desktop, create a folder called Testfolder student

number. Inside the folder, create a text document. Share the

folder so that your lab partner can access and edit the text

document.

Microsoft Video

Resources

Dynamic Partition: Windows Server Discusses the new dynamic partition capabilities in Windows

Server Longhorn. Hardware partitioning enables customers to

create multiple isolated hardware environments on the server,

each able to host a Windows Server operating system and ap-

plications.



Lesson 7: Configuring Print Services


with an understanding of the Print Services Role in Windows

Server 2008.


Deploying a Print Server Using the Print Services Role

Lesson Introduction Explain that Microsoft Windows Server 2008 contains the Print

Services Role to be used for local and wide area networks. Stu-

dents will learn to use print servers, print queues, and printer

pools. Students will also install, configure, and secure printers

through the Print Services Role.

Deploying a Print Server Instructors should do the following:

Explain that one of the most basic functions of a local area network is the ability to share print devices.

Point out that print sharing in Windows Server 2008 in-cludes the following components:

Print device Printer Print server Printer driver

Explain that a print job file is created by the print driver as either an Enhanced Metafile (EMF) or XML Paper Specifica-tion (XPS) format.

Point out that the advantage of using a printer server is to enable multiple users to be able share a single print device.

Explain that print devices may also be connected directly to a network rather than to a computer.

Point out that the administrator must determine which printer will work at the print server if using network-attached print devices.

Discuss the disadvantages of using networked printers. Point out that sharing a printer may also require that addi-

tional memory, hard drive space, and processing power be allocated for the print server.


Demonstrate how to share a printer through the Control Panel Printers window.

Explain that proper permissions must be in place for users to access networked printers.

Demonstrate how to assign printer permissions to users through the Control Panel Printers window.

Explain that managing documents includes pausing, resum-ing, restarting, and cancelling documents that are currently waiting in the print queue.

Demonstrate how to manage documents through the Con-trol Panel Printers window.

Demonstrate how to set a printer’s priority through the Control Panel Printers window.

Demonstrate how to configure a printer’s schedule through the Control Panel Printers window.

Demonstrate how to create a printer pool through the Con-trol Panel Printers window.

Using the Print Services

Role


Explain that the printer services role is useful for adminis-trators involved with network printing at an enterprise lev-el.

Demonstrate how to use the Add Services Role using the Select Role Services page.

Demonstrate how to access the Print Management Console through the Role Administration Tools in the Server Manag-er.

Demonstrate how to add a print server through the Server Manager.

Demonstrate how to view printers through the Print Man-agement console.

Demonstrate how to create a custom filter through the Print Management console.

Point out that the administrator can manipulate the queued jobs through the Print Server console.

Explain that the use of Active Directory can simplify the pro-cess of deploying printers to large numbers of clients.

Demonstrate how to deploy printers with group policy through the Print Management console.



1. On a Windows network, a printer is a hardware device that produces print output.

2. By default, the Allow Print permission is assigned to the Eve-ryone Special Identity.

3. When configuring print priorities, the print server will print the documents from the print device configured with the highest priority first.

4. Windows Server 2008 allows an administrator to control who can access a print device, but not to control when it can be accessed.

5. Windows Server 2008 supports the ability to print via a web-site to shared Windows printers.

Multiple Choice

1. In Windows Server 2008, a print driver can produce print jobs using which two formats?

a) Windows Print File (WPF) b) Enhanced Metafile (EMF) c) Printer Notification File (PRN) d) XML Paper Specification (SPS)

2. Which two features of Windows Server 2008 must be ena-bled before sharing a printer?

a) Network Discovery b) DNS c) Print Manager d) Printer Sharing

3. Which of the following is not an available option for configu-ration under printer permission?

a) Print b) Manage Documents c) Full Control d) Manage Printers


4. In a mixed environment with both Microsoft and Unix print clients, what must be configured to allow Unix clients to send LPR print jobs to Microsoft Print?

a) Print Services for Unix b) LPD Service c) LPR Service d) Internet Printing

5. What is the most efficient method of making a printer avail-

able to all members of an organizational unit? a) Create a security group with all OU members and

share the printer to the group. b) Publish the printer in Active Directory and instruct

users how to search for it. c) Configure a GPO to deploy the printer and link the

GPO to the OU. d) Configure a GPO to deploy the printer and link the

GPO at the domain level so that the OU will inherit the GPO settings.


1. False. A print device is the hardware device that pro-duces print output.

2. True. 3. True. 4. False. Windows Server 2008 provides the ability to

schedule printer access. 5. True.

Multiple Choice

1. B, C 2. A, D 3. C 4. B 5. C



List and explain the four common components in the Microsoft

Windows Server 2008 Print environment.


Windows Server 2008 print permissions differ significantly from

share or NTFS permission. Explain the three default print per-

mission levels.

Microsoft Video

Resource

There are no video resources for this lesson.


Lesson 8: Maintaining and Updating Windows Server 2008


with information on how to maintain and update Windows

Server 2008.


Monitoring a Windows Server 2008 Network Configuring Windows Server Update Services (WSUS)

Lesson Introduction Explain that proper performance for Microsoft Windows Server

2008 includes monitoring performance and reviewing network

events. Using Windows Server Update Services (WSUS) allows

administrators to centrally manage the approval and installa-

tion of updates for the Windows network.

Monitoring a Windows

Server 2008 Network


Explain that the Reliability and Performance Monitor allows the administrator to collect real-time performance infor-mation on a local computer.

Point out that Reliability and Performance Monitor reports can be reviewed in various formats, saved, or printed for documentation purposes.

Point out that the following three types of information are provided by the Reliability and Performance Monitor:

Performance counters Event trace data Configuration information

Point out that the Reliability and Performance Monitor offers three views:

Resource View Performance Monitor Reliability Monitor

Demonstrate how to use the Performance Monitor to moni-tor Windows Server 2008.

Explain that the Data Collector Set allows the administrator to organize a set of performance counters, event traces, and system configuration data into a single object.


Demonstrate how to work with data collector sets through the Reliability and Performance Monitor.

Point out that members of the Performance Monitor Users group are delegated to view real-time and historical data as well as modify the Data Collector Set.

Explain that the Windows Event Viewer records system events that take place and records events in the Directory Service Log.

Point out that the following can be seen in the Event Viewer node:

Custom views Windows Logs Applications and Services

Explain that the newest version of Network Monitor, availa-ble from the Microsoft website, will enable the administra-tor to view network traffic that is being sent to and from the network interface cards on a Windows Server 2008 computer.

Demonstrate how to use Network Monitor to gather net-work data.

Configuring Windows

Server Update Services

(WSUS)


Explain that Windows Server Update Services (WSUS) is a web-based tool for managing and distributing software up-dates that resolve known security vulnerabilities.

Point out that the following are categories of Windows op-erating system updates:

Critical updates Recommended downloads Windows tools Internet and multimedia updates Additional Windows downloads Multilanguage features Documentation

Explain that WSUS is free and provides a means of aggre-gating, testing, deploying, and providing notification of up-dates to client computers in your organization.

Point out that the WSUS solution involves the following components:

A content synchronization service An internal Windows update server Automatic updates on computers


Point out that Windows Update and Automatic Updates are two separate elements that work together to keep Win-dows updated and secure.

Explain that Automatic Updates enable the administrator to obtain critical software updates by automatically inter-acting with the Windows Update website.

Point out that WSUS offers the following service enhance-ments:

Approved content download from a WSUS server Scheduled content download and installation Ability to configure Automatic Updates through

Group Policy Object Editor Support for systems without a local administrator

logged on Point out that the following are the main components of

WSUS: Windows Update Synchronization Service A website hosted on a IIS server that services update

requests from Automatic Updates clients A WSUS MMC Administration

Demonstrate how to install a Windows Server Update Ser-vices (WSUS) server through the Server Manager console.

Point out that a WSUS server can be synchronized from the public Windows Update server or manually configured con-tent distribution point.

Explain that WSUS server management involves reviewing and changing configuration options, automatically or manu-ally synchronizing the server, viewing the update status, and backing up and restoring the server.

Demonstrate how to manage a WSUS installation through the Update Services MMC console.

Explain that in order to use WSUS software, client comput-ers must be running the updated Automatic Updates client.

Discuss the various methods for configuring automatic up-dates.

Discuss the various controls that the administrator has over how updates are downloaded and installed.



1. To access the Reliability and Performance Monitor from the Run line, you should type perfmon.

2. Custom Views is a new feature of Windows Server 2008 Event Viewer that allows administrators to create custom views of system events.

3. Windows Server 2008 contains a built-in tool called Net-work Monitor that can be used to view network traffic be-ing sent to or from a server.

4. One of the advantages of WSUS is that client computers do not need to run the Windows Update client.

5. The WSUS service requires the installation of IIS prior to configuring WSUS.

Multiple Choice

1. Which three of the following are tools provided by Win-dows Server 2008 for monitoring and troubleshooting net-work issues?

a) Event Viewer b) Performance Console c) Network Monitor d) Reliability and Performance Monitor

2. Which component of the Reliability and Performance Mon-itor allows administrators to view real-time data as line graphs, as histograms, or in report graph form?

a) Reliability Monitor b) System Monitor c) Performance Monitor d) Server Monitor

3. Which are the three built-in data sets for Windows Server 2008 Performance Monitor?

a) Network Diagnostics b) System Diagnostics c) System Performance d) LAN Diagnostics


4. Which Microsoft update solution allows for individual con-figuration of how the client computer will download and install Windows updates

a) Windows Software Update Service b) Automatic Updates c) Software Update Service d) SMS

5. A WSUS server can be configured to synchronize updates from three locations. Select which three from the options below.

a) Another WSUS server b) Windows Update website c) Windows Update DVD d) Manually configured distribution point


1. True. 2. True. 3. False, Network Monitor is not built in. It must be download-

ed. 4. False. WSUS Clients do need to run the Windows Update

Client. 5. True.

Multiple Choice

1. A, B, D 2. C 3. B, C, D 4. B 5. A, B, D



List and explain the three components of the Windows Server

Update Service.


List and explain the automatic update behavior options when

using WSUS as the update service.

Microsoft Video

Resources

Windows Server 2008 Server Manager A look into Windows Server 2008 Server Manager, which con-

solidates tools into a single interface that allows a user to more

effectively administer and manage the server.

http://technet.microsoft.com/en-us/windowsserver/bb894731.aspx


Lesson 9: Securing Data Transmission and Authentication


with information on how to secure the transmission of network

traffic.


Securing Network Traffic with IPSec Configuring Network Authentication Configuring the Windows Firewall


2008 may include utilizing technologies to secure the transmis-

sion of network traffic. Students will gain an understanding of

Internet Protocol Security, which is used to provide authentica-

tion and encryption for network traffic.

Securing Traffic with

IPSec


Explain that the two transport layer protocols used for a TCP/IP suite are Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP).

Point out that both TCP and UDP include a checksum, a mathematical value that is used to provide an integrity check for the packet, in the packet header.

Explain that IPSec can be used to provide security for all TCP/IP hosts at the Internet layer.

Point out that the two goals of IPSec are: To protect the contents of IP packets. To provide a defense against network attacks

through packet filtering and the enforcement of trusted communication.

Explain that IPSec offers features that significantly reduce the following attacks:

Packet sniffing Data modification Identify spoofing Man-in-the-middle attacks Denial of service attacks (DoS)


Explain that with IPSec, the only nodes aware of the pres-ence of IPSec are the two hosts using IPSec to communicate with each other.

Point out that IPSec can be deployed to protect data trans-mission in the following scenarios:

Local Area Network (LAN) Wide Area Network (WAN) Remote Access

Explain that IPSec security features for protecting IP packets and defending against attacks through filtering and trusted communication include:

Automatic security associations IP packet filtering Network layer security Peer authentication Data origin authentication Data integrity Data confidentiality Anti-replay Key management

Explain that Transport mode is a configuration of IPSec that requires packet filtering when end-to-end security is re-quired.

Explain that Tunnel mode is a configuration of IPSec that is for site-to-site communications that cross the Internet.

Point out that the IPSec protocol suite provides security us-ing Authentication Header (AH) protocol, which provides authentication, integrity, and anti-replay for the entire pack-et.

Point out that the IPSec protocol suite provides security us-ing Encapsulating Security Payload (ESP) protocol, which provides confidentiality for IP payloads.

Explain that security associations (SAs) are a combination of security services, protection mechanisms, and cryptographic keys mutually agreed upon by communication peers.

Explain that ISAKMP SA or main mode is used to protect IP-Sec security negotiations.

Explain that IPSec SA or quick mode is used to protect data sent between the IPSec peers.

Point out that IPSec peer must track usage for the following when an IPSec session is established between two hosts:

The ISAKMP SA The inbound IPSec SA The outbound IPSec SA


Explain that the Internet Key Exchange (IKE) is a standard that defines a mechanism to establish SAs.

Explain that Windows Server 2008 supports dynamic rekey-ing, the determination of new keying material through a new Diffie-Hellman exchange on a regular basis.

Explain that IPSec policies are the security rules that define the desired security level, hashing algorithm, encryption al-gorithm, and key length.

Point out that the following are components of an IPSec policy:

Tunnel setting Network type IP filter IP filter list Filter action Authentication method

Explain that Connection Security Rules use the new Win-dows Firewall with Advanced Security MMC Snap-in to cre-ate and manage IPSec policies.

Point out that the following are the options for managing the IP Security Policy Management Snap-in:

Local computer The Active Directory domain of which this computer

is a member Another Active Directory domain Another computer

Discuss the high-level tasks involved in creating the first IP-Sec Policy.

Demonstrate how to create an IP Security Policy using the IP security policies MMC Snap-in.

Explain that an isolation rule allows the administrator to re-strict inbound and outbound connections based on certain sets of criteria.

Explain that the Authentication exemption rule allows the administrator to specify one or more computers that do not need to be authenticated in order to pass traffic.

Explain that the Server-to-Server rule secures traffic be-tween two servers or two groups of servers.

Explain that the Tunnel rule secures traffic only between two tunnel endpoints; not between the actual hosts that will be sending and receiving secured traffic.

Demonstrate how to create a connection security rule in the Windows Firewall with Advanced Security MMC Snap-in.


Explain that the IPSec driver receives the active IP filter list from the IPSec Policy Agent and stores all current quick mode SAs in a database.

Point out that IPSec processing is divided into main mode negotiation and quick mode negotiation.

Discuss main mode negotiation and quick mode negotiation with students.

Explain that an IPSec Policy Agent retrieves information about IPSec policies and passes this information to other IPSec components that require it in order to perform securi-ty functions.

Explain that IPSec policies can be deployed using Active Di-rectory or local policies.

Discuss the considerations for assigning an IPSec policy in Active Directory.

Point out that when deploying IPSec policies, the following are the built-in IPSec policies:

Respond Only Request Security Require Security

Explain that the following tools are provided to help man-age and monitor IPSec:

IP Security Monitor RSoP Event Viewer Netsh command-line utility

Explain that the Resultant Set of Policy (RSoP) is an MMC snap-in that can be used to view IPSec policy configuration data.

Configuring Network

Authentication


Explain that the default authentication protocol in Active Directory is Kerberos v5, but NT LAN Manager (NTLM) au-thentication protocol may also be used.

Point out that NTLM is typically considered a legacy authen-tication protocol but is still used in many situations.

Explain that the following versions of NTLM are still availa-ble:

LM Authentication NTLM Authentication NTLMv2 Authentication

Demonstrate how to access the NTLM authentication settings in the Network Security: LAN Manager Authentica-tion level properties window.


Configuring the

Windows Firewall


Explain that the Windows Firewall is a built-in stateful fire-wall that can track and maintain information based on the status of a particular connection.

Demonstrate how to access the Windows Firewall Control Panel applet.

Demonstrate how to access the Windows Firewall Settings window for configuring the Windows Firewall.

Point out the following preconfigured exceptions in the Windows Server 2008 Windows Firewall:

BITS peer caching COM+ Network Access Core Networking Distributed Transaction Coordinator File and Print Sharing iSCSI Service Key Management Service Netlogon Service Network Discovery Performance Logs and Alerts Remote Administration Remote Desktop Remote Event Log Management Remote Scheduled Tasks Management Remote Service Management Remote Volume Management Routing and Remote Access Secure Socket Tunneling Protocol SNMP Trap Windows Firewall Remote Management Windows Management Instrumentation (WMI) Windows Remote Management Windows Security Connection Wizard

Demonstrate how to configure the Windows Firewall through the Control Panel.



1. When using IPSec, only the nodes that are communicating using IPSec are aware that IPSec is being used.

2. IPSec uses the Encapsulation Security Payload protocol to provide security for the IP header and the IP payload.

3. A computer running Windows Server 2008 can have no more than three active IPSec policies at one time.

4. In addition to Kerberos v5, NTLM can also be used as au-thentication protocol in a Windows Server 2008 Active Di-rectory environment.

5. As with Windows Server 2003, the Windows Firewall can be configured to control only inbound traffic.

Multiple Choice

1. What are the two primary goals of IPSec? a) To protect the contents of IP packets b) To provide secure connections between communi-

cating hosts c) To act as a firewall for Windows hosts d) To defend against network attacks

2. What are the two supported modes for IPSec? a) End to End mode b) Tunnel mode c) Transport mode d) Authentication mode

3. What is the default IPSec authentication method in a Win-dows Server 2008 Active Directory Environment?

a) Kerberos v5 b) NTLM c) Kerberos v4 d) LDAP e)


4. Windows Server 2008 comes with four pre-configured IPSec Connection Security rules. Which of these rules will allow one or more computers to be exempt from an IPSec policy?

a) Isolation Rule b) Tunnel Rule c) Authentication Exemption Rule d) Server-to-Server Rule

5. Which of the following are three built-in security policies that can be applied using group policy?

a) Secure Server (Require Security) b) Secure Client (Require Security) c) Server (Request Security) d) Client (Respond Only)


1. True. 2. False. ESP protects only the payload. 3. False. Only one IPSec policy can be active. 4. True. 5. False. As a new feature of Windows Server 2008, the Win-

dows Firewall can control inbound and outbound traffic.

Multiple Choice

1. A, D 2. B, C 3. A 4. C 5. A, C, D


Briefly explain how IPSec helps protect traffic from each of the

following types of network attacks.


Packet Sniffing

Data Modification

Identity Spoofing

Man in the Middle Attacks

Denial of Service Attacks


Explain what is meant by main mode negotiations and quick

mode negotiations.

Microsoft Video

Resources



Lesson 10: Maintaining Network Health


with information on how to create policies to secure resources

on Windows Server 2008 computers.


Active Directory Certificate Services Network Access Protection (NAP)


2008 includes policies to secure resources on the network. Stu-

dents will learn about Active Directory certificate services using

Public Key Infrastructure and Network Access Protection fea-

tures.

Active Directory

Certificate Services


Explain that Public Key Infrastructure (PKI) assures users that they can confirm that they are actually dealing with the entity they intend to work with.

Explain that PKI consists of a number of elements that ena-ble two parties to communicate securely with the use of a mathematical algorithm called public key cryptography.

Point out that public key cryptography stores information called the public key.

Explain that each computer possesses a private key, which is a piece of information that is known only to the individual user or computer.

Discuss the following common terminology that is related to PKI:

Certification Authority (CA) Digital Certificate Digital Signature Certificate Practice Statement (CPS) Certificate Revocation List (CRL) Certificate templates Smart cards Self-enrollment Autoenrollment


Recovery agents Key archival

Explain that the Active Directory Certificate Services server role consists of the following features:

Certification Authorities (CAs) Web Enrollment Online Responder Network Device Enrollment Service (NDES)

Point out that a standalone CA relies on the administrator to intervene in a response to a certificate request.

Point out that an enterprise CA uses certificate templates to permit autoenrollment of digital certificates and stores cer-tificates within the Active Directory Database.

Demonstrate how to install Active Directory Certificate Ser-vices on a standalone Windows Server 2008 server.

Point out that revocation configuration must be configured to allow online responders to provide correct information to clients using the OCSP.

Demonstrate how to configure certificate revocation on a standalone Windows Server 2008 server.

Explain that the following features enable the administrator to automatically distribute PKI certificates through Active Directory:

Certificate templates Group Policy

Explain that the following features enable the administrator to require manual enrollment for PKI certificates through Active Directory:

Certificate Request Wizard Certification Authority Web Enrollment

Explain that one challenge of managing PKI certificates is that users often lose their private keys associated with their certificates.

Point out that private key recovery agents are configured to enable users to perform the sensitive task of private key re-covery.

Point out that the following are predefined security roles within Certificate Services:

CA Administrator Certificate Manager Backup operators Auditor


Network Access

Protection


Explain that Network Access Protection is a solution that controls access to corporate network resources based on the identity of the computer attempting to connect to the resource.

Point out that the following are built-in enforcement meth-ods for Network Access Protection:

DHCP enforcement Internet Protocol Security (IPSec) enforcement VPN enforcement 802.1X enforcement Terminal Services Gateway (TS Gateway) enforce-

ment Point out that the NAP architecture includes the following

components: NAP Enforcement Client (EC) components NAP Server-Side Components NAP Administration Server System Statement of Health Response Health requirement servers Remediation servers

Demonstrate how to install and configure a DHCP server in Windows Server 2008.

Demonstrate how to install the network policy server role on a Windows Server 2008 computer.


1. A standalone CA is not integrated with Active Directory. 2. To use the offline root function, the offline CA must be an

enterprise CA. 3. Windows Server 2008 supports Key Archival, which can al-

low for the recovery of a lost certificate. 4. A NAP server will combine all of the client statements of

health responses into one system of health response to de-termine if the client is compliant.

5. One limitation of NAP is that it does not provide the ability to remediate clients, but simply denies access if a comput-er does not meet the compliance requirements.


Multiple Choice

1. In order for two devices to communicate using PKI, two pieces of information must be used. Which two of the fol-lowing are required for PKI communication?

a) Shared Secret Key b) Public Key c) Digital Signature d) Private Key

2. What protocol is used to enroll network devices such as printers into a Windows Server 2008 PKI environment?

a) IPSec b) NDES c) SCEP d) PKI

3. Which role in a Windows Server 2008 PKI environment re-sponds to Certificate Revocation status request?

a) Subordinate CA b) Online Responder c) Enterprise CA d) Recovery Agent

4. Which two methods of certificate enrollment are available in non–Active Directory PKI environments?

a) Certificate Authority Web Enrollment b) Certificate Templates c) Group Policy d) Certificate Request Wizard

5. Which NAP enforcement method can use network devices such as switches and access points to control network ac-cess?

a) 802.1X enforcement b) IPSec enforcement c) DHCP Enforcement d) VPN enforcement



1. True. 2. False. Offline CAs must be standalone CAs. 3. True. 4. True. 5. False. NAP offers optional remediation servers that can al-

low clients to resolve compliance issues.

Multiple Choice

1. B, D 2. C 3. B 4. A, D 5. A


List and explain five Network Access Protection enforcement

methods that are built in to Windows Server 2008.


Discuss the client-side and server-side components of the Win-

dows Server 2008 NAP architecture.

Microsoft Video

Resources



Lesson 11: Maintaining Windows Server 2008 File Services


with information about maintaining files and folders on Win-

dows Server 2008.


Configuring Shadow Copies of Shared Folders Configuring Disk Quotas Generating Storage Reports Backing Up Windows Server 2008 Restoring Windows Server 2008

Lesson Introduction Explain that proper performance of Microsoft Windows Server

2008 includes features to create copies of shared folders, set

up disk quotas, provide storage reports, and back up or restore

the entire system. Point out to students that these skills are

critical for maintaining the system.

Configuring Shadow

Copies of Shared

Folders


Explain that shadow copies of a shared folder are a Win-dows Server 2008 mechanism that automatically retains copies of files on a server volume in multiple versions from specific points in time.

Point out that the following scenarios are situations in which users need access to previous version of files or fold-ers:

Recovering files that were accidentally deleted Recovering files that were accidentally overwritten Comparing previous versions of a file to the current

version Point out that shadow copies use the Volume Shadow Cop-

ies Service (VSS), which means that volume level will be en-abled or disabled for all shared folders on the C:\ drive or D:\ drive.

Demonstrate how to configure shadow copies of shared folders using administrator privileges.


Configuring Disk Quotas Instructors should do the following:

Explain that a disk quota is a limit placed on the disk space a user is permitted to consume in a particular volume or fold-er.

Point out that a quota template is a collection of settings that defines a number of configuration items for disk quotas and is recommended for large networks.

Demonstrate how to create a disk quota template using the server manager.

Demonstrate how to create a disk quota using the File Serv-er Resource Manager.

Generating Storage

Reports


Explain that a storage report enables the administrator to examine the state of their file server volumes and review company storage policies.

Point out that a file storage report contains the following: Duplicate files File screening audit Files by file group Files by owner Large files Least recently accessed files Most recently accessed files Quota usage

Demonstrate how to generate a scheduled storage report using the File Server Resource Manager.

Backing up Windows

Server 2008


Explain that every administrator is responsible for ensuring that data and operating system information is backed up in the event of a failure.

Point out that Windows PowerShell will enable the backup feature to be run from the command line.

Point out that the two backup types supported by Windows Server 2008 are:

Manual backup Scheduled backup

Demonstrate how to perform a manual Windows Server 2008 backup through the Server Manager.

Demonstrate how to configure a scheduled Windows Server 2008 backup through Administrative Tools.


Restoring Windows

Server 2008


Explain that an understanding of the restore process is nec-essary in order to use the backup materials for Windows Server 2008.

Point out that two types of restores may be performed for Windows Server 2008:

Files and folders Volumes

Explain that when restoring Windows Server 2008, more detailed decisions must be made regarding:

Recovery destination Overwrite options Security settings

Demonstrate how to restore Windows Server 2008 using the Windows Server Backup window in Administrative Tools.


1. When Shadow Copy for Shared Folders is enabled, it is ena-bled for folders or a volume.

2. When configuring soft disk quotas, the user will be notified when the quota limit is reached but will still be able to store files.

3. Windows Server Backup supports backing up both basic and dynamic volumes.

4. When choosing a VSS Backup option, administrators should choose a VSS Full Backup if there is no other backup mecha-nism for applications.

5. If you restore a file to its original location, the process will always overwrite an existing file with the same name.

Multiple Choice

1. What is the maximum number of shadow copies of a file that can be stored on a volume?

a) 128 b) Unlimited c) 64 d) 256


2. What additional service must be running so that the File Server Resource Manager can send quota messages as thresholds are approached or met?

a) Messenger Service b) SMTP Service c) File Services d) Communications Services

3. Which two types of backup are supported by Windows Serv-er 2008?

a) Manual Backup b) Application Only Backup c) Snapshot Backup d) Scheduled Backup

4. In the event of a catastrophic event that requires a bare metal restore of a server, what Windows restore tool should be used?

a) wbadmin b) Windows Server Backup MMC c) Win RE d) Shadow Copy Full Restore

5. What two options are available when restoring data in a Windows Server 2008 environment?

a) Full Restore b) Files and Folder Restore c) Volume Restore d) VSS Restore


1. True. 2. True. 3. False. Backing up dynamic volumes is not supported. 4. False. The VSS Copy Backup should be chosen. 5. False. The existing options are Overwrite, Create a Copy,

and Do Not Recover.


Multiple Choice

1. C 2. B 3. A, D 4. C 5. B, C


List and explain the storage reports that are built in to FSRM.


Explain the difference between disk quotas configured using

the File Server Resource Manager and disk quotas that use

basic NTFS configuration.

Microsoft Video

Resources

There are no videos available for this lesson.

IT ACADEMY LESSON PLAN 2008 - Wikispacesthsferris.wikispaces.com/file/view/Windows Server 2008...

Documents

Transcript of IT ACADEMY LESSON PLAN 2008 - Wikispacesthsferris.wikispaces.com/file/view/Windows Server 2008...