Exam prep: 70-410 & 70-417 MCSA: Installing and Configuring Windows Server 2012Alfred Ojukwu
(R2)
Alfred [email protected]
19 Years of IT ExperienceSenior Consultant with Microsoft Consulting Services (MCS)Desktop Enterprise Management, ConfigMgr 2012 and Intune Microsoft communities both Internal and ExternalBlogSite
http://thedevicepros.com @thedevicepros - twitter.com/thedevicepros
Facebook – http://www.facebook.com/thedeviceprofessionals
Member of #TheKrewe
But first… a little about me!
Session Objective(s): Certification OverviewExam Preparation per sectionDescribe key 70-410 exam objectivesPrepare more effectively use of the available study materialRelate practical Windows Server 2012 R2 experiences to the exam
Identify areas that may require extra studyingAction plan for exam preparation and success
Session Objectives And Takeaways
Microsoft Certification
For YouIncreased confidence in your abilities at workEnhanced product knowledgeLearn about certification to educate your coworkers and bosses
For Your CareerMakes a great commitmentShows drive an initiativeTangible way to demonstrate mastery of a productSets you apart from your peers at review timeRecognition inside and outside of MicrosoftCompletely achievable at SPC
Changes to Certifications and Exams
Deeper Skill Set
Certification
Requirements
Broader Skill Set
Recertification
Relevance Rigor
MCSE and MCSD Certifications
Web Applications Windows Store Apps
Server Infrastructure Desktop Infrastructure
Business Intelligence Data Platform
Private Cloud
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Reflection of the real worldLearn more, validate moreSolutions are more complex, questions must reflect thatBest way to measure candidates know what they know
New item typesFewer multiple choiceCase studies
Scenario basedSee big picture and make decisions
Innovative item types
Increased Rigor
Exam Tips
Exam Basics40-60 questions1-4 hours to complete examCan review questionsCannot move between case studies
700 is passing700 is not 70%
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
How to interpret questions
One or Multiple Correct Answers
Goal Statement
Business ProblemAll questions have a consistent anatomy
Multiple Distracters
Questions are not intended to trick you
Exam ScoringEach exam has a "cut score"Each question is worth one pointNo partial creditNo points deducted for wrong answers
70-410
& 70-417
Install and Configure Servers (17%)Configure Server Roles and Features (17%)Configure Hyper-V (18%)Deploy and Configure Core Network Services (17%)Install and Administer Active Directory (14%)Create and Manager Group Policy (16%)
70-410 Exam Objectives
Install and Configure Servers (15 – 20%)Install servers
PlanningOptimizationMigration
Configure serversConfigure Server CoreDelegationOffline image managementRemote servers
Configure local storage
Planning for server storage Working with Disks
OS Licensing and Server VersioningServer 2012 is not available in 32-bit
Data CenterStandardEssentials (same functionality of standard and web version of Windows Server 2008)Foundations(Don’t forget about Windows Hyper-V, Storage & Multipoint Server 2012)
Differences in licensing are exposed by the number of users and physical/virtual instances each support.EDITION POSE INSTANCES VOSE INSTANCES
Datacenter 1 Unlimited
Standard 1 2
Foundation 1 0
Essentials 1 (POSE or VOSE) 1 (POSE or VOSE)
Windows Server 2012 LimitsIn comparison…
Foundation Essentials Standard / Datacenter
Processor Limit 1 2 64
RAM 32GB 64GB 4TB
Max users 15 25 Unlimited
Routing and Remote Access (RRAS)
50 250 Unlimited
Active Directory Services Root only Root only Full
Active Directory Certificate Services
CA Only CA Only Full
Hyper V / Server Core No No Yes
File Services limits 1 Standalone DFS root
1 Standalone DFS root
Unlimited
Windows Server 2012Operating System
Installation RequirementsMinimum Requirements1.4 GHz 64-bit processor (no upgrade path from a 32bit system)512 MB RAM 32 GB available disk space (considered as the minimum)DVD drive (not normally a pre-requisite)Super VGA (1024 x 768) or higher resolution monitor Keyboard and mouse (or other compatible pointing device) Internet access
Supported Maximums Component WINDOWS SERVER
2012 WINDOWS SERVER 2008 R2
Logical processors 640 256 RAM 4 terabytes 2 terabytes Failover cluster nodes
63 16
Features on Demand
Located at C:\Windows\WinSXS directoryCan be removed and added later if needInstall-Windows Feature or Uninstalll-Windows FeatureCan reduce the total disk space used.Also works on VHD and VHDX
Used to keep the server builds simple and targeted
Install-WindowsFeature <featurename> -Source wim:d:\sources\install.wim:2
Windows 2012 Server CoreNumber of roles support by Server Core increased
12 of 19 roles are available
Roles not availableActive Directory Federation ServicesFax Server & Application ServerNetwork Policy and Access ServicesRemote Desktop Services/Gateway/Session Host/Web AccessVolume Activation ServicesWindows Deployment ServicesTo switch from Server full to Core ServerSQL Server can now run on Server coreUninstall-WindowsFeature Server-Gui-Shell, Server-Gui-Mgmt-Infra
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
DISM is your friend ..and my favorite DISM commands:
Deploying Server Images
Dism /online /Get-Features (run the cmd prompt with admin account)
Dism.exe /online /Enable-Feature /FeatureName:NetFx3
And….
The ImageX tool is deprecated in Windows 8 and has been replaced with DISM for image management.
MICROSOFT CONFIDENTIAL – INTERNAL ONLY
Configure the network connection Set the time zone Enable Remote Desktop Rename the computer Join a domain
Configure Servers Post installation tasks to consider:
Switch Independent ModeIncoming Traffic come through one cardUnless virtual machines are in use
Need to use Hyper-V Port or Dynamic
Static Teaming or LACPRequires hardware support
802.3ad or 802.1axIncoming Traffic Controlled
Powershell commands to configure NIC Teaming:
Configuring NIC TeamingSupport for 3 Different Modes in Server 2012
New-NetLbfoTeam NewTeam NIC1,NIC2 –TeamingMode Lacp –LoadBalancingAlgorithm HyperVPorts
Select a Partition StyleMaster Boot Record (MBR)GUID Partition Table (GPT)
Select a Disk TypeBasic DisksDynamic Disks
Divide Disk Into partitions
Simple, Spanned, Striped, Mirrored, Raid 5
Format the partitionsNTFS, FAT32, FAT16
Windows Disk Settings
, ReFS
Working with Disks
Creating and Mounting VHDs
VHDs original formatVHDX a new version that supports up to 64TBFixed vs Dynamically Expanding
Server Manager UsageTake advantage of the Disk Management Snap-inDetermine your storage layoutCreate Storage PoolsCreate simple volumes
Understand Storage Pools
Key Tips to Remember
64 Bit onlyVersions/editions and differencesThings not in CoreDisk Partitions, types, etcNIC TeamingDISM
Practice QuestionWhich of the following are valid reasons why administrators might want to install their Windows Server 2012 servers using the Server Core option? (Choose all that apply)
a. A Server Core installation can be converted to the full GUI without reinstalling the operating system.
b. The PowerShell 3.0 interface in Windows Server 2012 includes more than 10 times as many cmdlets as PowerShell 2.0
c. The new Server Manager in Windows Server 2012 makes it far easier to administer servers remotely.
d. A Windows Server 2012 Server Core license costs significantly less than a full GUI license.
Source: Exam Ref 70-
410
Configure Server Roles & Features (15–20%)Configure file and share access
Configure access-based enumeration (ABE)Volume Shadow Copy ServiceMigration
Configure print and document services
Configure the easy print driverConfigure Enterprise Print Management
Configure servers for remote management
WinRMConfigure Server CoreConfigure Firewal
Configuring File Shares (NTFS Permissions)
Network Only1st line of defenseRead, Change, Full ControlFolders Only, Drive?Effective Permissions w/ Multiple Group MembershipDeny Always WinsCombine w/NTFSAdministrative SharesConfiguring Access-Base Enumeration
Key tips to know for the exam..
Additional File Share Features
Configuring Offline FilesNetwork SharesFiles available when disconnected or “work offline”Very good synch mechanismCan be controlled through group policy
Disk QuotasLimit disk usageConfiguration
Windows ExplorerSoft or Hard configurationFolders in FSRMTemplates
Volume Shadow CopyUseful for VM Snapshots and Server Backup and File Recovery
Key tips to know for the exam..
Configuring Work FoldersKey tips to know for the exam.. File and Storage Services sub-
roleAn additional access protocolConsolidated view of sync activity across your serverMultiple Sync Shares per serverEach share maps to a file system locationUsers/groups associated with a single sharePolicy defined per share
Files stay in sync across all devices
Local changes sync back to server and then to other devicesSMB clients can continue to work directly with server files
Work Folders Infrastructure
Data managementQuotasFile screensReportingClassificationRMS protection
Device management policyFile encryption / selective wipeRequire password / device lock
Limit access to registered devices )ADFS(
AuthenticationKerberos (Windows Auth)Digest (Windows Auth)
ADFS (OAuth)
https://workfolders.contoso.com
Print Devices ManagementPrint Server ManagementPrint DriversDirect vs Network PrintingManaging, Sharing PrintersMigrating PrintersDeploying Printers via GPOConsider Remote Desktop Easy Print
Configure Print and Document ServersUnderstand Windows Printing
Key Tips to RememberRemember VSS applies to the ENTIRE VOLUME!Understand the difference between basic and advanced permissionsRemote Management is deeply encouraged!Don’t Forget about Quotas
And storage pools
Practice QuestionYou create a volume on Disk 1 on the server and create a shared folder on that volume.You want to enable the Volume Shadow Copy Service (VSS) on the shared folder. What step can you take to accomplish the task?
Source: MeasureUp
a. In the properties for the shared folder, enable shadow copy
b. In the properties for the volume, enable shadow copy for the volume
c. Use the xcopy command to enable shadow copy for the shared folder
Configure Hyper-V (15 – 20%)Create and configure virtual machine
settingsConfigure Dynamic Memory
Smart paging & Resource MeteringConfigure Integrations
Create and configure virtual machine storage
Creating VHDs
Configure Enterprise Print Management
Configure servers for remote managementHyper-V Network Virtualization
Optimize Network PerformanceNetwork IsolationConfigure MAC Address and Legacy Virtual Address
Requirements64-bit processor that includes hardware-assisted virtualization. This is available in processors that include a virtualization option, such as Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD-V) technology.
A system BIOS that supports the virtualization hardware, on which the virtualization feature has been enabled.
Hardware-enforced Data Execution Prevention (DEP), which Intel describes as eXecuted Disable (XD) and AMD describes as No eXecute (NX). This is a technology used in CPUs to segregate areas of memory for use by either storage of processor instructions or for storage Specifically, you must enable the Intel XD bit (execute disable bit) or the AMD NX bit (no execute bit).
VM Settings & Configuration Typical FeaturesEnable Dynamic MemoryAbility to add ProcessorAdd addition hard drives or disksIDE vs SCSI Controller
Newer Features…Integration Features
Operating System shutdownTime SynchronizationData ExchangeHeartbeatBackup (volume snapshot)
Demo: Hyper-V Content
Key Tips to RememberUp to 2,048 virtual CPUsUp to 4 terabytes (TB) of physical memoryOne server can host as many as 1,024 active VMs Each VM can have up to 64 virtual CPUs Up to 1 TB of memory. Support clusters with up to 64 nodes and 8,000 VMs.
Practice Question
a. Minimum RAMb. Maximum RAMc. Startup RAM
Source: MeasureUp
Server1 run Windows Server 2012 with the Hyper-V role installed.A Virtual Machine (VM) named VM1 runs on the Hyper-V server. VM1 is configured to use dynamic memory. You need to change memory allocation settings for VM1.Which memory allocation setting can NOT be changed while VM1 is running?
Deploy and Configure Core Network Services (15 – 20%)
Configure IPv4 and IPv6 addressingConfigure IP Address Options, Subnetting, SupernettingIPv4 & IPv6 Interoperability, Teredo & ISATAP
Deploy and configure Dynamic Host Configuration Protocol (DHCP) service
Creating and configured DHCP scopes and reservationsPXE boot options for client & serverDHCP Relay agent
Deploy and configure DNS serviceCreating Primary and Forward lookup zones, DNSCache; A & PTR Records
Configure IPv4 and IPv6 Addressing Important factors to know about
AddressingUnderstand IPv4 Subnetting & SupernettingUnderstand IPv6 Addressing
Global Unicast Address -> Routable world wide & unique to the internetLink-Local Unicast Address ->Auto-Assigned IPv6 address
Assign an IPv6 Addresses and check the route (route print) TunnelingAutomatic or Manual Configuration6to4ISATAPTeredoNAT64
Deploy and Configure DHCP Service Understand the DHCP options available
Deploy & Configure DNS
DNS = System
DNS = Host Name ResolutionForward and reverse lookupsTypes of DNS
Primary, secondary, Active Directory-Integrated, and stub zones
For AD-Integrated, what is the domain partition, forestDNSZone, and domainDNSZone?
Records =SOA, NS, A, CNAME, PTR, SRV, and MX Hint: replication scope
DNS Terminology that you should know…
Key Tips to RememberUnderstand the Importance of Root HintsKnow your subnetting!!!IPv6 Global Unique or Local AddressPowershell is not the only way to configure DNS and DHCP settingsGlobal Names can still be usedBe able to distinguish between stub zones, forward & reverse lookup zones
Practice QuestionServer1 runs Server 2012 with the DNS Server role installed. Server1 is joined to the Active Directory domain.Users that have computers joined to the same domain are reporting that they are not able to resolve any server names. After troubleshooting this issue, you find that the DNS IP address configured on the clients is different from the IP address of Server1. You need to prevent this issue in the future. What should you do?
Source: MeasureUp
a. Configure a static IP address for Server1b. Create a PTR DNS resource record for
Server1c. Configure static IP addresses for client
computers
Install and Administer Active Directory (15 – 20%)Install and Administer Active Directory
Add or Remove, Upgrade DC’s, Install AD DS, via Server Core or (IFM) Resolve DNS SRV registration Issues Configure Global Catalog servers
Create and manage Active Directory users and computers Create, Copy, Configure or Delete user or computer objects Perform bulk operations, including offline domain join, etc.
Create and manage Active Directory groups and organizational units (OUs) Manage Groups and Group Memberships in Active Directory
Install and Administer Active Directory
Note: The Dcpromo.exe program from previous version of Windows Server has been deprecated in favor of the Server Manager domain controller installation process.It is still possible to automate AD DS installations by running Dcpromo.exe with an answer file.
Know your FSMO rolesAD DS is different from AD LDS Installing AD from media (IFM) will work DC Cloning is still cool!
Powershell TidBits
It’s relevant so use it when you can…
Things to Remember In Active Directory
Create and Manage ADUCMore things to remember about Active DirectoryAutomate, automate, automate!The Active Directory Administrative CenterDSADD, LDIFDE & CSVDE still live
Two new(er) features:
Recycle BinFine-Grained Passwords
Create and Manage AD Users and Groups
Distribution Groups vs Security GroupsUnderstand Group scopes Group Nesting: How does it work
A few more details…
Create groups Active Directory Administrative CenterCreate OUs for decentralized administration
Tell me something I may not know…
Practice QuestionCurrently all domain controllers run Server 2008 R2. You install a Windows Server 2012 server. You need to promote the Server 2012 server to a domain controller. You need to use the Install From Media (IFM) option.
What should you do?
Source: MeasureUp
a. Create a system state backup from any Server 2008 R2 server
b. Upgrade one of the existing Server 2008 R2 domain controllers to Server 2012 first and then create an IFM backup
c. Create an IFM backup from any existing Sever 2008R2 backup
Create and Manage Group Policy (15 - 20%)Group Policy objects (GPOs)
Configure a central store, manage starter GPOSGPO Links, security filtering and manage local GPOs
Configure Security PoliciesUser rights assignmentSecurity Options and TemplatesAudit Policy and manage local user request
Configure Application Restriction PoliciesRules enforcement, Applocker Rules and Software Restrictions
Configure Windows Firewall Firewall Policies to allow\deny certain access.
Create Group Policy ObjectsWhat is Group Policy?
Deploy software, configure registry based settings, configure security settings
Group Policy objects2 default policies = Domain, Domain Controller
Domain Admins, Group Policy Creator OwnersLink to sites, domains, OUs
Not link directly to users, groups, computers
Can use security filtering
Policy applies to user/computer
Create Group Policy ObjectsTypes of GPOS
Local GPOsNon-Local GPOsStarter GPOS
Group Policy objects2 default policies = Domain, Domain Controller
Domain Admins, Group Policy Creator OwnersLink to sites, domains, OUs
Not link directly to users, groups, computers
Can use security filtering
Policy applies to user/computer
Create Application Restriction Policies
Deploy softwarePublish to usersAssign to usersAssign to computers
Software removalSoftware Restriction PoliciesAppLocker
Win7 & 2008 R2
Key tips to knowRemote GP updateGP Infrastructure StatusWindows RT GP SupportStarter GPOS
Practice QuestionYou are the system administrator for a medium-sized Active Directory Domain. Currently, the environment supports many different domain controllers, some of which are running Windows 2003 and Server 2012. When you are running domain controllers in this type of environment, which of the following types of groups can’t you use? (Choose all the apply)
Source: Study Guide
a. Universal security groupsb. Global Groupsc. Domain Local Groupsd. None. You can use all group types
Session Objective(s): Certification OverviewExam Preparation per Section• Describe key 70-410 exam objectives• Prepare more effectively using available study material• Relate practical Windows Server 2012 experience to exam
Identify areas that may require extra studyingAction plan for exam preparation and success
In Review: Session Objectives And Takeaways
Addition Exam Prep SessionsEXM08 Exam Prep: 70-410 and 70-417 - MCSA: Windows Server 2012 (Repeated)Tuesday, May 13 5:00 PM - 6:15 PM Room: Hilton L2 Ballrm F (Alfred Ojukwu)
EXM02 Exam Prep: 70-411 and 70-417 - MCSA: Windows Server 2012Monday, May 12 3:00 PM - 4:15 PM Room: Hilton L2 Ballrm F (Alfred Ojukwu)
EXM03 Exam Prep: 70-412 and 70-417 - MCSA: Windows Server 2012Monday, May 12 4:45 PM - 6:00 PM Room: Hilton L2 Ballrm F (Peter De Tender)
EXM10 Exam Prep: 70-413 and 70-414 - MCSE: Server Infrastructure Wednesday, May 14 10:15 AM - 11:30 AM Room: Hilton L2 Ballrm F (AlfrRyan
Sokolowski)
Hands-on LabsAny session that starts with PCIT-H3XX Windows Server 2012 R2
Related Content
Resources
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
msdn
Resources for Developers
http://microsoft.com/msdn
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Sessions on Demand
http://channel9.msdn.com/Events/TechEd
Complete an evaluation and enter to win!
Evaluate this session
Scan this QR code to evaluate this session.
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.