You are previewing Training Guide: Administering Windows Server 2012.
O'Reilly logo
Training Guide: Administering Windows Server 2012

Book Description

Designed to help enterprise administrators develop real-world, job-role-specific skills—this Training Guide focuses on deploying and managing Windows Server 2012. Build hands-on expertise through a series of lessons, exercises, and suggested practices—and help maximize your performance on the job.

This Microsoft Training Guide:

  • Provides in-depth, hands-on training you take at your own pace

  • Focuses on job-role-specific expertise for deploying and managing Windows Server 2012

  • Creates a foundation of skills which, along with on-the-job experience, can be measured by Microsoft Certification exams such as 70-411

  • Sharpen your skills. Increase your expertise.

  • Deploy and update Windows Server 2012

  • Manage account policies and service accounts

  • Configure name resolution

  • Administer Active Directory

  • Manage Group Policy application and infrastructure

  • Work with Group Policy settings and preferences

  • Administer network policies

  • Configure the network to enable remote access

  • Manage file services

  • Monitor and audit Windows Server 2012

  • Table of Contents

    1. Special Upgrade Offer
    2. Introduction
      1. System requirements
        1. Hardware and software requirements
          1. Virtualization hardware requirements
          2. Software requirements
      2. Virtual Machine setup instructions
      3. Acknowledgments
      4. Errata & book support
      5. We want to hear from you
      6. Stay in touch
    3. 1. Deploying and updating Windows Server 2012
      1. Before you begin
      2. Lesson 1: Configuring and servicing Windows Server 2012 images
        1. Understanding Windows images
        2. Configuring Windows images
        3. Servicing Windows images
          1. Using Dism.exe to service images
          2. Mounting images
          3. Adding drivers and updates to images
          4. Adding features and app packages
          5. Committing an image
          6. Build and capture
        4. Lesson summary
        5. Lesson review
      3. Lesson 2: Automated deployment of Windows Server 2012 images
        1. Automating installation
        2. Configuring answer files
        3. Windows Deployment Services
        4. WDS requirements
        5. Managing images
        6. Configuring WDS
          1. PXE response settings
          2. Client Naming Policy
          3. WDS Boot options
          4. Multicast options
          5. Other options
        7. Configuring transmissions
        8. Lesson summary
        9. Lesson review
      4. Lesson 3: Servicing and updating deployed servers
        1. Automated update deployment with WSUS
        2. New WSUS features
        3. Deploy and manage WSUS
          1. Products, security classifications, and languages
          2. Autonomous and replica modes
          3. Update files
          4. Windows PowerShell cmdlets
          5. WSUS security roles
        4. WSUS groups
        5. WSUS policies
        6. Deploying updates
        7. Automatic approval rules
        8. Lesson summary
        9. Lesson review
      5. Practice exercises
        1.  
          1. EXERCISE 1 Configure Windows images
          2. EXERCISE 2 Deploy and configure Windows Deployment Services
          3. EXERCISE 3 Deploy and configure WSUS
      6. Suggested practice exercises
      7. Answers
        1. Lesson 1
        2. Lesson 2
        3. Lesson 3
    4. 2. Managing account policies and service accounts
      1. Before you begin
      2. Lesson 1: Implementing domain password and lockout policies
        1. Domain user password policies
          1. Password policy items
          2. Establishing balanced password policies
        2. Account lockout settings
        3. Account management tasks
          1. Accounts with non-expiring passwords
          2. Locked-out accounts
          3. Inactive accounts
        4. Lesson summary
        5. Lesson review
      3. Lesson 2: Using fine–grained password policies
        1. Delegate password settings permissions
        2. Fine–grained password policies
          1. Managing fine–grained password policies
          2. Configuring Password Settings Objects
          3. Determining password settings
        3. Lesson summary
        4. Lesson review
      4. Lesson 3: Mastering group Managed Service Accounts
        1. Group Managed Service Accounts
          1. Group Managed Service Account requirements
          2. Creating group Managed Service Accounts
          3. Virtual accounts
        2. Kerberos delegation
        3. Kerberos policies
        4. Service principal name management
        5. Lesson summary
        6. Lesson review
      5. Practice exercises
        1.  
          1. EXERCISE 1 Configure password and account lockout policies
          2. EXERCISE 2 Configure account lockout policies
          3. EXERCISE 3 Group Policy Modeling
          4. EXERCISE 4 Locate non-expiring passwords
          5. EXERCISE 5 Create fine–grained password policies
          6. EXERCISE 6 Create and configure group Managed Service Accounts
      6. Suggested practice exercises
      7. Answers
        1. Lesson 1
        2. Lesson 2
        3. Lesson 3
    5. 3. Configuring name resolution
      1. Before you begin
      2. Lesson 1: DNS zones and forwarders
        1. DNS zone types
          1. Active Directory integrated zones
          2. Primary and secondary zones
          3. Reverse lookup zones
        2. Zone delegation
        3. Split DNS
        4. Forwarders and conditional forwarders
          1. Forwarders
          2. Conditional forwarders
        5. Stub zones
        6. Lesson summary
        7. Lesson review
      3. Lesson 2: WINS and GlobalNames zones
        1. WINS
        2. GlobalNames zones
        3. Peer Name Resolution Protocol
        4. Lesson summary
        5. Lesson review
      4. Lesson 3: Advanced DNS options
        1. Resource records
          1. Host records
          2. Alias (CNAME)
          3. Mail exchanger
          4. Pointer record
        2. Zone aging and scavenging
        3. DNSSEC
        4. Lesson summary
        5. Lesson review
      5. Practice exercises
        1.  
          1. EXERCISE 1 Manage DNS zones
          2. EXERCISE 2 Configure partition-based replication
          3. EXERCISE 3 DNS delegation and secondary zones
          4. EXERCISE 4 Configure a secondary zone
          5. EXERCISE 5 Single-label name resolution
          6. EXERCISE 6 Configure and manage DNSSEC
      6. Suggested practice exercises
      7. Answers
        1. Lesson 1
        2. Lesson 2
        3. Lesson 3
    6. 4. Administering Active Directory
      1. Before you begin
      2. Lesson 1: Domain controller management
        1. Managing operations masters
          1. Schema master
          2. Domain naming master
          3. PDC emulator
          4. Infrastructure master
          5. RID master
          6. Seizing FSMO roles
        2. Global Catalog servers
        3. Universal group membership caching
        4. Read-only domain controllers
        5. Domain controller cloning
        6. Lesson summary
        7. Lesson review
      3. Lesson 2: Domain controller maintenance
        1. Active Directory database optimization
        2. Active Directory metadata cleanup
        3. Active Directory snapshots
        4. Lesson summary
        5. Lesson review
      4. Lesson 3: Active Directory recovery
        1. Active Directory Recycle Bin
        2. Active Directory backup
        3. Active Directory recovery
          1. Authoritative restore
          2. Non-authoritative restore
          3. Other methods of recovering deleted items
        4. Lesson summary
        5. Lesson review
      5. Practice exercises
        1.  
          1. EXERCISE 1 Domain controller installation
          2. EXERCISE 2 RODC deployment
          3. EXERCISE 3 Transfer FSMO roles
          4. EXERCISE 4 Active Directory Recycle Bin
      6. Suggested practice exercises
      7. Answers
        1. Lesson 1
        2. Lesson 2
        3. Lesson 3
    7. 5. Managing Group Policy application and infrastructure
      1. Before you begin
      2. Lesson 1: Group Policy Object maintenance
        1. Managing Group Policy Objects
          1. Import and copy GPOs
        2. Migrate Group Policy Objects
        3. Delegate GPO management
          1. Creating GPOs
          2. Editing GPOs
          3. Linking GPOs
          4. Modeling, results, and WMI filters
        4. Lesson summary
        5. Lesson review
      3. Lesson 2: Managing Group Policy application
        1. Policy processing precedence
        2. Policy enforcement and blocking
        3. Group Policy WMI filtering
        4. Loopback processing
        5. Lesson summary
        6. Lesson review
      4. Practice exercises
        1.  
          1. EXERCISE 1 Prepare GPOs, security groups, and OUs
          2. EXERCISE 2 Manage GPOs
          3. EXERCISE 3 Manage Group Policy processing
          4. EXERCISE 4 Group Policy Inheritance and Enforcement
      5. Suggested practice exercises
      6. Answers
        1. Lesson 1
        2. Lesson 2
    8. 6. Group Policy settings and preferences
      1.  
        1.  
          1. Lessons in this chapter:
      2. Before you begin
      3. Lesson 1: Folder Redirection, software installation, and scripts
        1. Folder Redirection
        2. Software installation
          1. .msi files
          2. .zap files
          3. Assign an application
          4. Publishing applications
          5. Software deployment recommendations
          6. Performing software deployment
          7. Upgrading packages
        3. Scripts
        4. Lesson summary
        5. Lesson review
      4. Lesson 2: Administrative templates
        1. Administrative templates
        2. Administrative template settings
        3. Central store
        4. ADMX Migrator
        5. Filter property settings
        6. Lesson summary
        7. Lesson review
      5. Lesson 3: Group Policy preferences
        1. Group Policy preference settings
        2. Item-level targeting
        3. Mapping network drives
        4. Configuring printers
        5. Configuring power options
          1. Power Options (Windows XP)
          2. Power Scheme (Windows XP)
          3. Power Plans
        6. Configuring the registry
        7. Internet options
          1. Local Users And Groups
        8. Additional settings
          1. Windows settings
          2. Control Panel settings
        9. Lesson summary
        10. Lesson review
      6. Practice exercises
        1.  
          1. EXERCISE 1 Prepare Folder Redirection and scripts
          2. EXERCISE 2 Configure Folder Redirection
          3. EXERCISE 3 Configure Group Policy scripts
          4. EXERCISE 4 Configure the central store and administrative template filtering
          5. EXERCISE 5 Configure Group Policy preferences
      7. Suggested practice exercises
      8. Answers
        1. Lesson 1
        2. Lesson 2
        3. Lesson 3
    9. 7. Administering network policies
      1.  
        1.  
          1. Lessons in this chapter:
      2. Before you begin
      3. Lesson 1: Network Policy Server policies
        1. NPS deployment
        2. Connection request policies
          1. Network access server type
          2. Request policy conditions
          3. Connection request forwarding
          4. Authentication methods
          5. Realm and RADIUS attributes
          6. Default connection request policy
          7. Creating a connection request policy
        3. Client configuration
        4. IP filters
        5. Encryption
        6. IP settings
        7. Creating network policies
        8. NPS templates
        9. Lesson summary
        10. Lesson review
      4. Lesson 2: Network Access Protection enforcement methods
        1. DHCP enforcement
        2. IPsec enforcement
        3. 802.1X enforcement
        4. VPN enforcement
        5. RD Gateway enforcement
        6. Lesson summary
        7. Lesson review
      5. Lesson 3: Network Access Protection infrastructure
        1. Windows Security Health Validator
        2. System Health Validators and System Health Agents
        3. Health policies
        4. Health Registration Authorities
        5. Remediation server groups
        6. Lesson summary
        7. Lesson review
      6. Practice exercises
        1.  
          1. EXERCISE 1 Install the DHCP role
          2. EXERCISE 2 Deploy the NPS role
          3. EXERCISE 3 Configure Windows Security Health Validator
          4. EXERCISE 4 Configure a remediation server group
          5. EXERCISE 5 Configure client policies for DHCP enforcement
          6. EXERCISE 6 Configure NAP DHCP enforcement
      7. Suggested practice exercises
      8. Answers
        1. Lesson 1
        2. Lesson 2
        3. Lesson 3
    10. 8. Administering remote access
      1.  
        1.  
          1. Lessons in this chapter:
      2. Before you begin
      3. Lesson 1: Configuring RADIUS
        1. RADIUS servers
        2. RADIUS proxies
        3. RADIUS clients
        4. RADIUS accounting
        5. Lesson summary
        6. Lesson review
      4. Lesson 2: Configuring VPN and routing
        1. Deploy Routing and Remote Access
        2. Configure VPN settings
          1. VPN authentication
          2. VPN protocols
          3. IKEv2
          4. SSTP
          5. L2TP/IPsec
          6. PPTP
        3. Configure routing
        4. Network Address Translation (NAT)
        5. Lesson summary
        6. Lesson review
      5. Lesson 3: Configuring DirectAccess
        1. Understanding DirectAccess
        2. DirectAccess infrastructure
          1. DirectAccess topology
          2. DirectAccess server
          3. Network Location Server
          4. DirectAccess clients
        3. Configure DirectAccess
          1. Step 1: Remote Clients
          2. Step 2: Remote Access Server
          3. Step 3: Infrastructure Servers
          4. Step 4: Application Servers
        4. Lesson summary
        5. Lesson review
      6. Practice exercises
        1.  
          1. EXERCISE 1 Configure a RADIUS server
          2. EXERCISE 2 Configure a remote RADIUS server group
          3. EXERCISE 3 Configure a RADIUS client
          4. EXERCISE 4 Set up RADIUS accounting
          5. EXERCISE 5 Install a VPN server
          6. EXERCISE 6 Configure a VPN server
      7. Suggested practice exercises
      8. Answers
        1. Lesson 1
        2. Lesson 2
        3. Lesson 3
    11. 9. Managing file services
      1.  
        1.  
          1. Lessons in this chapter:
      2. Before you begin
      3. Lesson 1: Configure File Server Resource Manager
        1. Quotas
        2. File screens
        3. File classification
        4. File management tasks
        5. Storage reports
        6. Lesson summary
        7. Lesson review
      4. Lesson 2: Configure a Distributed File System
        1. Distributed File System
        2. DFS namespaces
          1. Domain-based namespaces
          2. Stand-alone namespaces
        3. DFS replication
          1. Replication targets
          2. Replication topology
          3. Replication schedules
        4. Lesson summary
        5. Lesson review
      5. Lesson 3: Configure file and disk encryption
        1. Configure BitLocker
          1. BitLocker requirements
          2. BitLocker Group Policy
          3. BitLocker recovery
        2. Configuring Network Unlock
        3. Configuring Encrypting File System
        4. Using EFS with an Enterprise CA
        5. Key and data recovery
        6. Lesson summary
        7. Lesson review
      6. Practice exercises
        1.  
          1. EXERCISE 1 Install the File Server Resource Manager role service and create a shared folder
          2. EXERCISE 2 Configure file quotas
          3. EXERCISE 3 Configure file screen
          4. EXERCISE 4 Configure file expiration
          5. EXERCISE 5 Configure storage reports
          6. EXERCISE 6 Install DFS
          7. EXERCISE 7 Create a DFS namespace and add a namespace server
          8. EXERCISE 8 Configure DFS replication.
          9. EXERCISE 9 Install Enterprise CA
          10. EXERCISE 10 Configure certificate templates
          11. EXERCISE 11 Configure certificate enrollment
          12. EXERCISE 12 Configure EFS-related Group Policies
          13. EXERCISE 13 Configure BitLocker-related policies
      7. Suggested practice exercises
      8. Answers
        1. Lesson 1
        2. Lesson 2
        3. Lesson 3
    12. 10. Monitoring and auditing Windows Server 2012
      1.  
        1.  
          1. Lessons in this chapter:
      2. Before you begin
      3. Lesson 1: Monitor servers
        1. Data collector sets
        2. Alerts
        3. Event Viewer
          1. Event log filters
          2. Event log views
        4. Event subscriptions
        5. Event-driven tasks
        6. Network monitoring
          1. Resource Monitor
          2. Message Analyzer
        7. Lesson summary
        8. Lesson review
      4. Lesson 2: Advanced audit policies
        1. Advanced auditing
        2. Expression-based audit policies
        3. Configuring file and folder auditing
        4. Using auditpol with auditing
        5. Lesson summary
        6. Lesson review
      5. Practice exercises
        1.  
          1. EXERCISE 1 Configure data collector sets
          2. EXERCISE 2 Collect data
          3. EXERCISE 3 Configure alerts
          4. EXERCISE 4 Prepare computers for event subscriptions
          5. EXERCISE 5 Configure event subscriptions
          6. EXERCISE 6 Configure network monitoring
          7. EXERCISE 7 Using Message Analyzer
          8. EXERCISE 8 Configure removable device auditing
          9. EXERCISE 9 Configure logon auditing
          10. EXERCISE 10 Configure expression-based audit policies
          11. EXERCISE 11 Configure folder auditing
      6. Suggested practice exercises
      7. Answers
        1. Lesson 1
        2. Lesson 2
    13. A. Setup instructions for exercises and labs
      1. Setup instructions for end-of-chapter labs
        1.  
          1. EXERCISE 1 Prepare a computer to function as a Windows Server 2012 domain controller
          2. EXERCISE 2 Prepare AD DS
          3. EXERCISE 3 Prepare a member server and join it to the domain
          4. EXERCISE 4 Prepare a second member server and join it to the domain
          5. EXERCISE 5 Prepare a computer running the Server Core installation option and join it to the domain
    14. B. About the Author
    15. Index
    16. About the Author
    17. Special Upgrade Offer
    18. Copyright