Date post: | 22-Jan-2015 |
Category: |
Technology |
Upload: | jsantanderq |
View: | 394 times |
Download: | 0 times |
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-1
Module 1
Introduction to Managing Windows Server 2008 Environment
Contents: Lesson 1: Server Roles 1-3
Lesson 2: Overview of Active Directory 1-15
Lesson 3: Using Windows Server 2008 Administrative Tools 1-27
Lesson 4: Using Remote Desktop for Administration 1-35
Lab: Administering Windows Server 2008 1-43
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-2 Configuring, Managing and Maintaining Windows Server 2008 Servers
Module Overview
Multiple tools exist to facilitate management of Windows Server® 2008 computers and Active Directory® domains. In Windows Server 2008, many of these tools have been consolidated into the Server Manager tool. This change offers a single point for server administration.
By understanding the tools available to manage Windows Server 2008 and Active Directory, you will be able to more quickly and effectively implement change requests.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-3
Lesson 1
Server Roles
Windows Server 2008 is configured by adding and removing server roles and features. This is a new method of organizing the addition and removal of services. Understanding server roles and features allows you to install and support only the Windows Server 2008 components you need in your environment.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-4 Configuring, Managing and Maintaining Windows Server 2008 Servers
Windows Server 2008 Editions
Key Points
Windows Server 2008 is available in several editions to meet the needs of various organizations. The editions are available for x86, x64, and Itanium processors.
Windows HPC Server 2008 is designed for clustering hundreds of computers together to work on a single processing task. Hyper-V is a role that is provided for 64-bit installations of Windows Server 2008. You can order Standard, Enterprise, and Datacenter editions that do not have Hyper-V included.
Question: Describe the criteria you will use when deciding what edition of
Windows Server to deploy.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-5
What Are Server Roles?
Key Points
Server roles are a way to configure a computer running Windows Server 2008 to perform a specific function. In a large enterprise, computers can be configured to perform a single role to ensure greater scalability. In a small organization, many roles can be combined on a single computer.
When deploying multiple server roles on a single computer, consider the following:
The capacity of the computer should be sufficient for all the installed roles.
Ensure that security requirements for the roles you plan to install can co-exist on a single computer.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-6 Configuring, Managing and Maintaining Windows Server 2008 Servers
Configure security settings appropriately for all installed roles.
Plan ahead for possible migration paths if the computer becomes overloaded.
Question: In your work environment, what are the advantages of consolidated
servers, dedicated servers, or both?
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-7
What Are the Windows Infrastructure Services Roles?
Key Points
Windows infrastructure services roles are used to form the underlying framework of software and services that are used by other applications within the organization.
The table below describes Windows infrastructure services roles:
Role Description
Active Directory Certificate Services
Creates and manages certification authorities. Certification authorities are used to create digital certificates for identification and encryption.
Active Directory Rights Management Services
Helps protect information from unauthorized use and generates licenses that specify what actions can be taken with protected content and by whom.
DHCP Server Automatically allocates IP addresses and IP configuration information to clients
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-8 Configuring, Managing and Maintaining Windows Server 2008 Servers
Role Description
DNS Server Provides name resolution for TCP/IP networks.
Fax Server Sends and receives faxes electronically rather than requiring paper-based copies of documents.
File Services Provides technologies for storage management, file replication, and file searching.
Network Policy and Access Services
Provides support for LAN or WAN routing, network access policy enforcement, VPN connections, and dial-up connections.
Hyper-V Provides server virtualization functionality.
Print Services Enables and manages network printing.
Terminal Services Allows users to run programs on a remote server but view the results in a Remote Desktop window.
Windows Deployment Services Deploys Windows operating systems to computers over the network.
Question: List the Windows infrastructure services roles used in your work
environment.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-9
What Are the Windows Application Platform Services Roles?
Key Points
Windows application platform services roles are used as a platform for the development of applications.
The table below describes Windows application platform services roles:
Role Description
Application Server Provides a complete solution for hosting and managing distributed business applications. Includes services such as .NET Frameworks, Web server, and Message Queuing.
Universal Description, Discovery, and Integration (UDDI) Services
Shares information about Web services within an organization or between business partners.
Web Server (IIS) Enables Windows Server 2008 as a Web server.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-10 Configuring, Managing and Maintaining Windows Server 2008 Servers
Question: List the Windows application platform roles used in your work
environment.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-11
What Are the Active Directory Server Roles?
Key Points
The Active Directory roles allow you to implement and control Active Directory for your organization.
Question: Briefly describe one or two scenarios where you would implement each
server role.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-12 Configuring, Managing and Maintaining Windows Server 2008 Servers
AD DS Integration with Other Active Directory Server Roles
Key Points
Many of the other Windows Server 2008 server roles integrate with AD DS. Server roles, such as the following, rely on AD DS:
Active Directory Federation Services (AD FS)
Active Directory Rights Management Services (AD RMS)
Active Directory Certificate Services (AD CS)
Question: Describe any other applications you aware of that can leverage AD DS.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-13
What Are Server Features?
Key Points
Server features support server roles or enhance the functionality of a server.
Question: Which of these features do you use in your work environment?
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-14 Configuring, Managing and Maintaining Windows Server 2008 Servers
What Is Server Core?
Key Points
Server Core is a new installation option for Windows Server 2008. It provides a minimal environment for running specific server roles. A graphical interface is not included as part of the Server core installation.
Question: Describe two scenarios in which Server Core would be a beneficial
choice of server platform.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-15
Lesson 2
Overview of Active Directory
Active Directory is a central repository of network information. Understanding how Active Directory is organized is essential to understanding network security and management. In this lesson, you will learn about Active directory domains, forests, and domain controllers.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-16 Configuring, Managing and Maintaining Windows Server 2008 Servers
What Is Active Directory?
Key Points
Active Directory is a central repository of network information that is used for logon security and application configuration. The information stored in Active Directory includes:
User accounts
Computer accounts
Application configuration information
Subnet addresses
Group accounts
Printer objects
Published folder objects
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-17
Active Directory is not a large single database. It is composed of multiple partitions. The domain partition holds information that is specific to a particular domain. The configuration partition holds configuration information for Active Directory and applications. The schema partition is the list of allowed objects and attributes in Active Directory.
Question: Why is it important that the schema is replicated to all domain
controllers in entire forest?
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-18 Configuring, Managing and Maintaining Windows Server 2008 Servers
Benefits of Active Directory
Key Points
Active Directory provides a single repository of information that is used for network management. A workgroup is a peer-to-peer network without a centralized security database. When Windows computers are not joined to a domain, they are considered members of a workgroup. Each workgroup member has its own security database and group policy store.
Question: Are there any situations where a workgroup would be preferable?
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-19
What Is a Domain?
Key Points
A domain is a logical grouping of objects such as:
User accounts. These are required for users to log on and access network resources. Information such as e-mail addresses and mailing addresses can be stored as part of a user account.
Computer accounts. These are required for a computer to participate in the domain and become part of the security infrastructure. To log on with a domain user account, you must use a computer that has a computer account in the domain.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-20 Configuring, Managing and Maintaining Windows Server 2008 Servers
Groups. These are used to organize users and computers into sets for assigning permissions to resources. Using groups make it easier to manage access to resources such as files.
Question: How has your organization used domains to create security boundaries?
If your organization does not use domains, how might domains be used in your
organization?
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-21
What is an Organization Unit?
Key Points
An organizational (OU) unit is a grouping of objects within a domain. OUs can contain:
Users
Groups
Computers
Other OUs
Question: Describe one scenario when you would use a domain to organize a
network. Describe one scenario when you would use an OU to organize a network.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-22 Configuring, Managing and Maintaining Windows Server 2008 Servers
What Is a Forest?
Key Points
A forest is collection of domains that:
Share a common schema
Share a common Global Catalog
Are connected by two-way transitive trusts
When domains have a trust relationship, accounts in the trusted domain can be granted access to resources in the trusting domain.
Domain trees in a forest are not required to have the same naming structures.
Question: Does a trust automatically allow users in one domain to access
resources in another domain?
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-23
What Is a Domain Controller?
Key Points
The following are characteristics of a domain controller:
A domain controller is a computer that holds a copy of Active Directory information.
Domain controllers update this copy of Active Directory information through multi-master replication with other domain controllers in the domain and forest.
At minimum, a domain controller holds a copy of the local domain partition, the configuration partition, and the schema partition.
Note: A global catalog server is a domain controller that holds a subset of the domain
information for all domains in the entire forest.
Question: How many domain controllers should you have?
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-24 Configuring, Managing and Maintaining Windows Server 2008 Servers
What Is a Read-Only Domain Controller?
Key Points
An RODC is a new type of domain controller that Windows Server 2008 supports. An RODC hosts read-only partitions of the AD DS database. This means that no changes can ever be made to the database copy stored by RODC, and all AD DS replication uses a one-way connection from a domain controller that has a writeable database copy to the RODC.
Question: In your work environment, do you have scenarios where an RODC
would be beneficial?
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-25
Read-Only Domain Controller Features
Key Points
RODCs provide several features designed to work together to increase security. These features minimize the risks of deploying a domain controller in a location with low physical security or high exposure to attack.
Question: If you plan to use one or more RODCs in your work environment,
which RODC features do you plan to use?
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-26 Configuring, Managing and Maintaining Windows Server 2008 Servers
Demonstration: Joining a Domain
Key Points
Join NYC-CL1 to the WoodgroveBank.com domain.
View the results of joining the domain.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-27
Lesson 3
Using Windows Server 2008 Administrative Tools
Each administrative tool included with Windows Server 2008 is used to manage different system components. Administrative tools include:
Microsoft Management Console
Problem Reports and Solutions
Server Manager
Computer Management
Device Manager
By understanding the administrative tools available to you in Windows Server 2008, you can choose the best tool for the administrative task at hand.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-28 Configuring, Managing and Maintaining Windows Server 2008 Servers
Microsoft Management Console
Key Points
A snap-in is a program that allows you to perform specific administrative tasks.
New snap-ins are added when you install additional software components. For example, the snap-ins for managing Microsoft® Exchange Server 2007 are added when you install Exchange Server 2007.
You can remotely administer a server by re-focusing the MMC snap-in to the remote server.
Custom consoles allow you to create a console with only the capabilities that you require as part of your job role." Question: Will you create customized consoles for most of your management tasks?
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-29
Server Manager
Key Points
Combining frequently used snap-ins into a single console simplifies administration of your server.
Question: Why is it beneficial to combine frequently used snap-ins into a single
console?
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-30 Configuring, Managing and Maintaining Windows Server 2008 Servers
Computer Management
Key Points
This administrative tool is included with Windows 2000 Server and Windows Server 2003 operating systems. Many of the snap-ins found in Server Manager are also found in Computer Management.
Question: Will you use Computer Management or Server Manager to manage
your servers?
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-31
Device Manager
Key Points
On of the most common uses for Device Manager is updating device drivers. Device drivers are used by the operating system to communicate with devices such as network adapters or video adapters. When an incorrect driver is used, the device will typically have limited functionality or no functionality at all.
Device Manager visually indicates if a device is disabled or is not functioning properly. This makes it easy to identify malfunctioning components.
Question: Why would you update a device driver if a device appears to be
working properly?
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-32 Configuring, Managing and Maintaining Windows Server 2008 Servers
Problem Reports and Solutions
Key Points
Problem Reports and Solutions is a utility for monitoring and resolving system problems. Problem Reports and Solutions records the details of a system problem, and then contacts Microsoft for a resolution of the problem.
Question: How does Problem Reports and Solutions improve upon the Dr.
Watson utility found in previous versions of Microsoft Windows® operating
system?
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-33
Demonstration: Using Windows Server 2008 Administrative Tools
Key Points
Use Problem Reports and Solutions.
Use Server Manager.
Use Computer Management.
Use Device Manager.
Question: Which of the administrative tools demonstrated will you use most
often?
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-34 Configuring, Managing and Maintaining Windows Server 2008 Servers
Common Administration Tasks
Key Points
Administrative tools can be grouped by the task in which each tool will commonly be used. Sometimes multiple tools may be used to carry out a single task.
Question: Describe one or more common administrative tasks you carry out in
your work environment and a tool that would be used to carry out this task.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-35
Lesson 4
Using Remote Desktop for Administration
Remote Desktop for Administration is widely used by most organizations to access servers remotely and to perform system maintenance. There are many configuration options you can use for controlling security of the connections and other connection characteristics. Remote Desktop for Administration can help you reduce the time and effort involved in server administration tasks.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-36 Configuring, Managing and Maintaining Windows Server 2008 Servers
Remote Desktop for Administration
Key Points
Remote Desktop for Administration is a service that allows administrators to access the desktop of a computer running Windows Server 2008 remotely. This service can be used to access a server from a corporate desktop or a remote location.
Note the following primary differences between Remote Desktop for Administration and the Windows Server 2008 Terminal Services role:
Remote Desktop for Administration is limited to 2 concurrent remote connections.
Remote Desktop for Administration requires no extra licensing.
Remote Desktop for Administration is installed by default but is not enabled by default.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-37
Note: Remote Desktop for Administration generates a much smaller amount of network
data than running server management utilities over the network from a workstation.
Question: What concerns are there about allowing a server administrator to use
Remote Desktop for Administration from home?
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-38 Configuring, Managing and Maintaining Windows Server 2008 Servers
Benefits of Remote Desktop for Administration
Key Points
Remote Desktop for Administration is a useful tool with several benefits.
Note: Even though server core does not include a graphical desktop, you can enable
Remote Desktop for Administration. Once connected, you are presented with a
command prompt rather than a Windows desktop.
Question: Can Remote Desktop for Administration result in cost savings for an
organization?
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-39
Demonstration: Remote Desktop Client Configuration
Key Points
View the Remote Desktop options on NYC-CL1.
Question: Why would you disable client features such as local drives and
printers?
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-40 Configuring, Managing and Maintaining Windows Server 2008 Servers
Securing Remote Desktop for Administration
Key Points
The first level of securing Remote Desktop for Administration is controlling who can use it.
Remote Desktop for Administration is disabled by default. You can leave it disabled for high security installations.
When enabled, access can be controlled by making users members of the Remote Desktop Users group. Members of the Local Administrators group are allowed to connect by default.
Security layer determines the type of encryption that is performed between the client and server.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-41
Encryption level controls which data is encrypted and the strength of the encryption.
Require Network Level Authentication setting requires users to enter a username and password before connecting to the server.
Question: Why should you not use the low encryption level?
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-42 Configuring, Managing and Maintaining Windows Server 2008 Servers
Demonstration: Using Remote Desktop for Administration
Key Points
On NYC-DC1, enable Remote Desktop for Administration.
Configure security settings on NYC-DC1.
Connect to the console with the /console switch.
Question: When is connecting to the server console, rather than a remote session,
useful?
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-43
Lab: Administering Windows Server 2008
Exercise 1: Install the Terminal Server Role
Scenario
You have decided to prepare the server NYC-SVR1 for remote management through Remote Desktop. You will also install the DNS Server role and verify domain membership on NYC-SVR1.
In this exercise you will install the DNS Server role and verify domain membership.
The main tasks for this exercise are as follows:
1. Start the virtual machines, and then log on.
2. Install the DNS Server Role.
3. Verify domain membership.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-44 Configuring, Managing and Maintaining Windows Server 2008 Servers
Task 1: Start the virtual machines, and then log on
1. On your host machine, click Start, point to All Programs, point to Microsoft Learning, and then click 6419A. The Lab Launcher starts.
2. In the Lab Launcher, next to 6419A-NYC-DC1, click Launch.
3. In the Lab Launcher, next to 6419A-NYC-CL1, click Launch.
4. In the Lab Launcher, next to 6419A-NYC-SVR1, click Launch.
5. Log on to NYC-DC1 as Administrator with the password Pa$$w0rd.
6. Log on to NYC-CL1 as Administrator with the password Pa$$w0rd.
7. Log on to NYC-SVR1 as Administrator with the password Pa$$w0rd.
8. Minimize the Lab Launcher window.
Task 2: Install the DNS Server Role
1. On NYC-SVR1, use Server Manager to install the DNS Server role using the following settings:
Add only the DNS Server role service.
Task 3: Verify domain membership
1. On NYC-DC1, in Active Directory Users and Computers, verify that the NYC-SVR1 computer account exists.
2. On NYC-SVR1, log on as Woodgrovebank\Administrator with a password of Pa$$w0rd.
3. In Local Users and Groups, verify that Domain Admins is a member of the local administrators group.
Results: After this exercise, you should have successfully installed the Terminal Services role and successfully verified domain membership.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-45
Exercise 2: Configuring Remote Desktop for Administration
Scenario
The server NYC-SVR1 is being used to run a new application for loan applications. The person responsible for monitoring this application needs access to NYC-SVR1 remotely because he is not authorized to enter the data center. You need to enable Remote Desktop for Administration for Axel Delgado with the highest level of security possible.
In this exercise you will enable Remote Desktop for Administration, and configure security settings to allow Axel Delgato to carry out remote administration tasks.
The main tasks for this exercise are as follows:
1. Enable Remote Desktop for Administration.
2. Grant Axelo Delgado access to Remote Desktop for Administration on NYC-SVR1.
3. Configure security for Remote Desktop for Administration.
4. Give Axel Delgado rights to run Reliability and Performance Monitor.
5. Verify Remote Desktop for Administration Functionality.
Task 1: Enable Remote Desktop for Administration
1. On NYC-SVR1, open Remote settings in System Properties.
2. Allow connections only if Network Level Authentication is used.
Task 2: Grant Axel Delgado access to Remote Desktop for
Administration on NYC-SVR1
On NYC-SVR1 in Remote Settings, add Axel Delgado as a user allowed to connect remotely.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-46 Configuring, Managing and Maintaining Windows Server 2008 Servers
Task 3: Configure security for Remote Desktop for Administration
1. On NYC-SVR1, open Terminal Service Configuration.
2. In the properties of RDP-Tcp configure:
Security layer: SSL (TLS1.0)
Encryption level: High
Allow connections only from computers running Remote Desktop with Network Level Authentication
Task 4: Give Axel Delgado rights to run Reliability and Performance
Monitor
On NYC-SVR1, use Local Users and Groups to add Axel Delgado as a member of Performance Log Users.
Task 5: Verify Remote Desktop for Administration Functionality
1. On NYC-CL1, open Remote Desktop Connection.
2. Log on using the following information:
Computer: NYC-SVR1.woodgrovebank.com
User name: woodgrovebank\Axel
Password: Pa$$w0rd
3. In the Remote Desktop Connection window, open Reliability and Performance Monitor. Notice that Resource Overview is not available to Axel Delgado.
4. Verify that Axel Delgado can view information in Performance Monitor.
Results: After this exercise, you should have successfully used Axel Delgado's account to remotely access NYC-SVR1 and run Reliability and Performance Monitor.
Lab Shutdown After you complete the lab, you must shut down the 6419A-NYC-DC1, 6419A-NYC-CL1, and 6419A-NYC-SVR1 virtual machines and discard any changes.
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-47
Module Review and Takeaways
Review Questions
1. Which server role must be installed to configure Windows Server 2008 as a domain controller?
2. What is the relationship between Active Directory domains and Active Directory forests?
3. Which administrative tool tracks system crashes and attempts to resolve them?
4. When monitoring performance, which tools can you use to track CPU utilization over time?
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-48 Configuring, Managing and Maintaining Windows Server 2008 Servers
Real-world Issues and Scenarios
1. You are the lead server administrator for your location in a large organization. There are 4,000 users in your location, with seven server administrators. You would like to configure administrative tools for the server administrators that you manage. Each administrative tool would have all the options required for them to perform their job tasks. How can you create these custom tools?
2. A computer running Windows Server 2008 has been in your organization for about two months. It has been running perfectly until last week. Since last week, it has been crashing once or twice a day. How can you determine the cause of this problem?
3. You are the server administrator for a small organization with 100 users and three computers running Windows Server 2008. Your IT manager would like to respond more quickly to support calls after business hours. Currently, you drive into the office when required. This takes up to an hour. How can you avoid the need to return to the office to perform support tasks after hours? And how will you address security concerns?
Tools
Tool Use for Where to find it
Active Directory Users and Computers
Create user accounts Administrative Tools
Active Directory Domains and Trusts
View and manage trusts Administrative Tools
Active Directory Sites and Services
View and manage Active Directory sites
Administrative Tools
ADSI Edit Perform manual edits of Active Directory objects
Administrative Tools
Microsoft Management Console
Add snap-ins to perform administrative tasks
Create custom consoles
Command prompt
Problem Reports and Solutions
Track solutions to system problems
Administrative Tools
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
Introduction to Managing Windows Server 2008 Environment 1-49
Tool Use for Where to find it
Server Manager Add or remove server roles and features
Perform diagnostics
Manage server configuration
Manage server storage
Administrative Tools
Computer Management Share folders
Access system tools
Manage server storage
Manage services
Manage Routing and Remote Access
Administrative Tools
Device Manager Configure devices
Update drivers
Administrative Tools, Computer Management, Server Management
Task Manager View applications and processes
View basic performance information
Ctrl+Alt+Del, right-click taskbar, Ctrl+Shift+Esc
Reliability and Performance Monitor
Resource Overview
Performance Monitor
Reliability Monitor
Data Collector Sets
Administrative Tools
Event Viewer View events in logs
Collect events at a single computer
Query events
Administrative Tools, Computer Management, Server Management
Remote Desktop for Administration
Remotely connect to servers and perform administrative tasks
Control Panel > System > Remote settings
Terminal Services Configuration
Configure Remote Desktop for Administration
Administrative Tools
BE
TA
CO
UR
SE
WA
RE
EX
PIR
ES
2/6
/20
09
MC
T U
SE
ON
LY
. ST
UD
EN
T U
SE
PR
OH
IBIT
ED
1-50 Configuring, Managing and Maintaining Windows Server 2008 Servers
Tool Use for Where to find it
Local User and Computers snap-in
Used to manage local users and groups
Computer Management, Server Management
Active Directory Users and Computers
Used to manage domain user accounts and groups
Administrative Tools
Run As Administrator Elevate privileges of a program
Context menu when right-clicking an application shortcut
runas Elevate privileges of a program
Command prompt