Windows server 2012 notes

Need to be using business edition, not home edition to join computer to domain
Without computers joined to domain, if each user needs to change password, need to go
to each individual computer
We can interact with AD Services and make changes to computers throughout the
network
In windows 8, search system, then settings then system to see domain info
In server manager, go to tools active directory users and computers
Mmc snap in
On the windows 8 machine, need to make sure you have turned off any other dhcp server
on the network, other than the server 2012 dhcp server, otherwise there will be problems
-In control panel ipconfig
System, change settings Network id
Enter domain user id and password
Need to restart for it to be part of the domain
In users and computers under computers after refresh we can see the computer
All the security policies/permissions are applied at the domain controller
Users and computers, right click users,new
When person is fired you disable account, and when new person is hired
You rename the account, and everybody has all the permissions
In the windows 8 computer, login as test user
In users and computers, right click and properties gives more info than before
Can restrict logon hours
Roaming profile - each person gets their own profile
Groups allow changes to be made to the users belonging to the group at one time
Permissions is being able to access shared resources on the network
Security is being able to do stuff to computers

The built in groups have default security policies

Domain admins - highest level
To add the test user to domain admins, go to members tab in domain users, then add
Right click user, new group
99.9% of the time you will be creating security groups
For the mcse - microsoft best practice is to assign security and permissions to groups and
not individual users
Share permissions - come into play when you share resources (files, folders, printers)
over the network, need to be accessing resource from another computer
NTFS permissions Security is different from permissions - changing background, being able to access CD
drive etc
Dont assign individual permissions to users, put users into groups (eg marketing) and
assign permissions to those groups, even a group of 1 is better
As you put users into multiple groups their access becomes cumulative
Only if you explicitly click deny permissions
The owner of a folder can assign permissions to other users
The administrator can take ownership of the folder from the original owner to assign
permissions
Mainly use NTFS permissions
If you give a file/folder NTFS permissions only, nobody from the network will be able to
access it, because it hasnt been shared, need to assign share permissions
Share permissions allow you to share the resource over the network
Give the group/everyone the permission to read/write to the folder, so you wont run into
conflicts between share permissions and NTFS permissions
Tools - users and computers
Share the folder from the root directory
Go to explorer, c drive, create folder share
Right click, properties, sharing

Create 2 folders within, private and public, these are protected by ntfs permissions
Right click, properties, security
Can deny access from here
To change ownership, under advanced tab, change from end user to administrator
Child file/folder by default inherit all permissions assigned to parent
In the windows 8 computer, under network
Under search in win 8, type //server
Changes to permissions/security do not take effect until user logs off and logs back in
Permissions is what you can do with the resources, security is what you can do with the
systems
Put users and computers in OUs to administer them
Assign GPOs to OUs to administer them
Use GPOs to lock down users systems
10% - power supply fails, driver gets corrupted, windows update comes along
90 - users installing kazaa, screensavers
Open Group policy management and users and computers
Right click on domain, new OU
Right click GPO and give a name
Right click and edit, user confuguration
Administrative templates, all settings
Remove task manager, clicking on enable will remove it
Need to link ou with GPO
Highlight OU created, select an existing GPO
Right click user and move to OU
User needs to log off and log back in for settings to apply
Google search ...with group policy

Roaming profiles
Logging in on different computers - roaming
Local profile - logging into diff computer you get default configuration
Power of roaming profile
- Used usually in call center environment
- for c level executives, worth alot of money, set up roaming profile
-Hard drives, motherboards fail, computer crashes
With roaming profiles need to come up with a default configuration for all your
computers. Eg, if you log into a different computer you will see your word documents,
but might not be able to open it if it is not installed on that computer
Roaming profiles can be set up with GPO
Create a profile folder with read write access that each computer that the user accesses
can reach
If you have one active directory domain controller, put the profile folder on that server
In large environments, put it on a file server
In
In server 2012, create a profiles folder in c drive
Right click, Share with, specific people, everyone share
Users and computers, find a user profile that you want to change to roaming
Double click user, under profile tab, profile path
\\server\profile\%username% - system variable
Logging out and logging in windows 8 ensures configuration changes show up
Penetration testing - roaming profile hashes roaming profile, so when you loose a
connection, hashed version used
If call center employee not an issue, executive is an issue
Might run into storage space issues with roaming profiles but modern hard drives are 1tb
so probably not an issue
Setting up disk space quotas
Enterprise world you dont need as much storage as home location
Most employees should be having 2-3 Gb storage
Ipod synched with laptop which synched with server
Hard limit - when you hit quota and you dont get anymore
Soft limit - can continue to go past limit, but warnings go off

Can set hard limits for low level employess and soft limits for high level execs
File server resource manager is not installed by default
Needs to be added from AD if not installed - manage, add roles and features
Then file and storage services, file and iscsi services, file and resource manager
Disk space quotas NAS and SAN
Network attached storage and storage area network - both store data
Back in the day, servers stored data - win 2000 etc.
NAS and SAN - infrastructure to store data
NAS - essentially file server
Equivalent to shared drive, use protocols ftp, appletalk, smb, cifs
NAS - specially designed for storing data, not able to browse internet etc
freeNAS - free network OS
NAS is one box, SAN is various boxes in a cluster
You can mount folder on SAN using fiber channel or iscsi, and it would seem like
You are accessing it locally
SAN - reliability and redundancy
Iscsi - 1GB/s, fiber channel - 16gb/s - $250,000 to 500,000
FreeNAS - based on unix BSD
freenas.org
CIFS - share messaging protocol for windows
If you are using CFS for your file system you will need 8GB of RAM
It will use up the whole hard drive for the OS, need atleast 2 hard drives in a NAS hard
drive
OS can be stored on flash SATA
Take down ip address of NAS box and configure it by entering ip address into chrome on
desptop computer
Create volume first, then share drive

Virtualization
Virtualization can be a component of cloud computing
Cloud computing - separating application from underlying hardware
Virtualization - separating operating system from underlying hardware
Gives you a layer on the hardware (hypervisor) and you install OS on hypervisor
Moving server/os instance from equipment to equipment (if power goes down for
example) from hypervisor to hypervisor
Multiple instances of os on a hypervisor
Can have 50 instances of servers on 1 box - in enterprise environment
Cannot install windows on a mac, so install virtual box and install windows on the
hypervisor
Type 1 hypervisor - bare metal hypervisor, installed directly on hardware, then OS
instances installed on hypervisor
Type 2 - hosted hypervisor, OS installed on hardware, then virtual pc, virtual box,
installed on OS, then new OS installed on hypervisor
Hosted solutions for hypervisor - amazon web services, godaddy
Type 1 directly installed on server - need a management console since nothing appears on
screen on the server, just an ip address - no direct interaction with hypervisor
Say you have 20 servers on a rack, and you have the hypervisor installed on all 20
computers - you can move a windows instance from one server to another with the
management console
Active directory server - used to authenticate employees, employees will hit the server
alot in the morning, after lunch, and will need alot of resources, management software
can move/turn servers on and off
If hardware fails, management software can move instances of OS to another server, and
users dont recognize anything
Overallocation - Can give os installed more ram than that is available, windows given
something, apple
Windows server Linux server getting hammered with the website
Generally the hypervisor is free - based on xen hypervisor created in linux
Vmware, citrix, etc is free, but the management software is paid License is usually free for type 1 hypervisor, but vmware management software rates start
at $3000 and go up to $100,000
If you are not worried about consolidating 100 servers on one box, and you are only
looking to use 4-5 servers, use a type 2 hypervisor
Type 1 hypervisor - virtualization for servers
In citrix environment we need to install storage first for the virtualization
With vmware the extra cost will include software support
It isfree to install
Ad servers, ftp servers, lamp (web) servers
The type 1 hypervisor has its own ip address, and each os instance on the server has its

own ip address
Need a management console somewhere - V Sphere
V Sphere and Esxi is free
Data redundancy offered in paid version
60 day trial for esxi
If you are doing it for a production exvironment, check hardware compatibility
To access VSphere, type in the ip address in the browser, and download vsphere client
To turn server on and off - after highlighting server, click on buttons on top
Ifconfig - to get ip address in linux
Type 1 should be used for servers - exchange
Data store may be located on physical server or may be located on a SAN or NAS device
Is on the server for esxi, not for citrix
If you overallocate RAM, server might crash
Connect at power on No 1 reason why hard drives fail - insufficient space
100GB for server environment
Connect at power on - will connect virtual instance you are creating with cd rom

PSTN - public switched telephone network - internet for telephones

Central office
Demarc point on house

LINUX

Sudo - super user do

In ubuntu linux you cannot login as root
Sudo - is like run as administrator, replaces root login
Apt-get is for running programs
Sudo apt-get ...
Man pages
Man ping
Q - quit