Escolar Documentos
Profissional Documentos
Cultura Documentos
M I C R O S O F T
L E A R N I N G
P R O D U C T
6430B
Planning for Windows Server 2008
Servers
Companion Content
Information in this document, including URL and other Internet Web site references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with
any real company, organization, product, domain name, e-mail address, logo, person, place or event is
intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the
user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in
or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding
these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a
manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links
may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not
responsible for the contents of any linked site or any link contained in a linked site, or any changes or
updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission
received from any linked site. Microsoft is providing these links to you only as a convenience, and the
inclusion of any link does not imply endorsement of Microsoft of the site or the products contained
therein.
2009 Microsoft Corporation. All rights reserved.
Microsoft and the trademarks listed at
http://www.microsoft.com/about/legal/en/us/IntellectualProperty/Trademarks/EN-US.aspx are trademarks
of the Microsoft group of companies. All other marks are property of their respective owners.
Module 1
Planning Windows Server 2008 Deployment
Contents:
Lesson 1: Overview of Change Management
10
1-1
1-2
Lesson 1
1-3
Other organizational stakeholders are aware of changes and can gauge the impact on their
systems and staff.
Formalizing the change process ensures that it is consistent so that mistakes are not made.
Change management provides additional review of changes and allows time for additional
planning, if required. Changes without a formal review are often poorly thought out. Not
every alternative is considered.
For an IT professional, using the change management process can serve to deflect blame in
situations in which there are problems during a change.
Recovering from change problems can be simplified because a formal back-out plan can be
included as part of the change management process.
Question: Are there situations in which the normal change process cannot be followed?
Answer: Yes, there are emergency situations in which services are broken and the full change
management process cannot be followed. However, there should be an emergency change process in
place to handle those situations. For example, if a critical service is down, it is not realistic for a
detailed technical plan for troubleshooting and repair to be documented and approved. The first
1-4
priority is repairing the failed service. However, the changes made when repairing the service should
be documented and evaluated afterwards to ensure there will be no negative effects on other
services.
Lesson 3
1-5
1-6
Lesson 4
1-7
1-8
1-9
2.
Click Start, point to All Programs, click Microsoft Windows AIK, and then click Windows
System Image Manager.
3.
In the Windows System Image Manager window, right-click Select a Windows image or
catalog file, and then click Select Windows Image.
4.
In the Select a Windows Image window, in the Files of type box, select Catalog files.
5.
6.
In the Answer File area, right-click Create or open an answer file, and then click New Answer
File. The seven components listed correspond with passes during Windows setup. Settings must
be added to the correct pass to be effective. For example, you can partition a disk only during the
windowsPE pass.
7.
8.
In the Disk Properties area, in the DiskID box, type 0. This specifies that actions will be
performed on the first disk on the primary IDE channel.
9.
In the WillWipeDisk box, select true. This specifies that all existing partitions will be erased from
the disk.
10. In the Answer File area, Expand Disk[DiskID=0], right-click Create Partitions, and click
Insert New CreatePartition.
11. In the CreatePartition Properties area, in the Order box, type 1. This specifies the order of
operations for creating partitions.
12. In the Size box, type 40960. This setting is in megabytes (MB).
13. In the Type box, select Primary.
14. In the Windows Image area, right-click x86_Microsoft-Windows-Shell-Setup, and then click
Add Setting to Pass 4 specialize.
15. In the Microsoft-Windows-Shell-Setup Properties area, in the ProductKey box, type 1234512345-12345-12345-12345.
16. In the ComputerName box, type *. This generates a randomized computer name that can be
changed after installation.
17. Click the File menu, and then click Save Answer File.
18. In the Save As window, in the File name box, type unattend.xml, and then click Save.
19. Close Windows System Image Manager.
1-10
2.
When selecting a version of Windows Server 2008, which factors should you take into account?
3.
4.
Troubleshooting Tip
Application incompatibility
Device driver availability
Servers requiring activation
You want to install Windows Server 2008 as a host for virtualization. This server will host three
virtual machines. Which is the most cost-effective version of Windows Server 2008 to obtain?
2.
You have a line-of-business application that runs on a 32-bit server with Windows Server 2003
Standard Edition. You would like to migrate this server to a 64-bit edition of Windows Server
2008 to take advantage of increased memory. What process should you use to ensure that
downtime is limited?
3.
You are deploying Windows Server 2008 on ten servers in three locations. To simplify
documentation and management, you would like all ten servers to have the same configuration.
How does automating server deployment help to ensure that the configuration is the same for all
ten servers?
In virtualized environments, consider using Windows Server 2008 Datacenter to simplify server
licensing.
Choose a 64-bit version of Windows Server 2008 if necessary drivers and software are
compatible. This also helps with greater memory access.
When possible, perform a migration to Windows Server 2008 rather than an upgrade.
When deploying Windows Server 2008 to multiple computers, consider the use of automated
deployment.
1-11
Tools
Tool
Use For
Where to Find It
Microsoft Solution
Accelerators
Microsoft
Assessment and
Planning Toolkit
Windows
Automated
Installation Kit
Windows
Deployment
Services
Microsoft
Deployment Toolkit
2-1
Module 2
Planning Network Infrastructure for Windows Server 2008
Contents:
Lesson 1: Planning IPv4 Addressing
13
18
20
2-2
Lesson 1
Additional Reading
2-3
2-4
2.
When the virtual machine has started, start the 6430B-SEA-SVR1 virtual machine.
3.
4.
5.
6.
7.
8.
9.
On the Select Server Roles page, in the Roles list, select the DHCP Server check box, and then
click Next.
2.
In the DHCP Console, expand sea-svr1.adatum.com, expand IPv4, and then click IPv4.
3.
4.
5.
On the Scope Name page, in the Name box, type Subnet 1 80 %, and then click Next.
6.
On the IP Address Range page, in the Start IP address box, type 10.10.16.1.
7.
8.
9.
On the Add Exclusions page, in the Start IP address box, type 10.10.28.1.
10. In the End IP address box, type 10.10.31.254, click Add, and then click Next.
11. On the Lease Duration page, click Next.
12. On the Configure DHCP Options page, click Next.
13. On the Router (Default Gateway) page, in the IP address box, type 10.10.31.254, click Add,
and then click Next.
14. On the Domain Name and DNS Servers page, in the Parent domain box, type adatum.com.
15. In the Server name box, type SEA-DC1, and then click Resolve.
16. Click Add, and then click Next.
17. On the WINS Servers page, click Next.
18. On the Activate Scope page, click Next, and then click Finish
In the DHCP Console, right-click IPv4, and then click New Scope.
2.
3.
On the Scope Name page, in the Name box, type Subnet 2 20 %, and then click Next.
4.
On the IP Address Range page, in the Start IP address box, type 10.10.32.1.
5.
6.
7.
On the Add Exclusions page, in the Start IP address box, type 10.10.32.1.
8.
In the End IP address box, type 10.10.43.255, click Add, and then click Next.
9.
2-5
2-6
Additional Reading
What Is a Subnet?
For more information, see Address Allocation for Private Internets.
Configuring scopes
Lesson 2
Additional Reading
12
2-7
2-8
2-9
2.
3.
4.
5.
In the Roles list, select the DNS Server check box, and then click Next.
6.
7.
8.
2.
3.
4.
In the DNS console, expand Forward Lookup Zones, and then expand Adatum.com.
5.
6.
7.
On the Delegated Domain Name page, in the Delegated domain box, type south, and then
click Next.
8.
9.
In the Server fully qualified domain name (FQDN) box, type sea-svr1.south.adatum.com, in
the IP Address list, type 10.10.0.100, and then click Resolve.
Note: This generates an error because the server, SEA-SVR1, has not yet been configured
with that suffix. Proceed.
2.
3.
4.
In the System Properties dialog box, click the Computer Name tab.
2-10
5.
6.
On the DNS Suffix and NetBIOS Computer Name page, clear the Change primary DNS suffix
when domain membership changes check box.
7.
In the Primary DNS suffix of this computer box, type south.adatum.com, and then click OK.
8.
9.
In the You must restart your computer to apply these changes dialog box, click OK.
On the SEA-SVR1 virtual machine, click Start, click Administrative Tools, and then click DNS.
2.
In DNS Manager, expand SEA-SVR1, expand Forward Lookup Zones, right-click Forward
Lookup Zones, and then click New Zone.
3.
4.
On the Zone Type page, click Primary zone, and then click Next.
5.
On the Zone Name page, in the Zone name box, type south.adatum.com, and then click Next.
6.
7.
On the Dynamic Update page, click Allow both nonsecure and secure dynamic updates, click
Next, and then click Finish.
2.
3.
4.
5.
In the Preferred DNS server box, type 127.0.0.1, and then click OK.
6.
7.
8.
At the Command Prompt, type nslookup sea-dc1.adatum.com, and then press ENTER.
Note: This does not provide a result.
2.
3.
2-11
4.
Click Edit, and in the IP addresses of forwarding servers list, type 10.10.0.10, and then press
ENTER.
5.
Click OK.
6.
7.
8.
At the Command Prompt, type nslookup sea-dc1.adatum.com, and then press ENTER.
2-12
Additional Reading
Planning Your DNS Namespace
Understanding forwarders
Lesson 3
14
15
Additional Reading
17
2-13
2-14
2.
3.
4.
5.
In the Features list, select the WINS Server check box, and then click Next.
6.
7.
2.
3.
4.
5.
6.
7.
In the WINS server box, type 10.10.0.10, and then click Add.
8.
9.
10. In the Local Area Connection Properties dialog box, click Close.
Note: sometimes this dialog box displays an OK prompt.
11. Click Start, and then click Command Prompt.
12. At the Command Prompt, type NBTSTAT RR, and then press ENTER
2.
3.
4.
2-15
2-16
2.
3.
4.
In the console, right-click Forward Lookup Zones, and then click New Zone.
5.
Click Next, and on the Zone Type page, click Primary zone, and then click Next.
6.
7.
On the Zone Name page, in the Zone name box, type GlobalNames, and then click Next.
8.
On the Dynamic Update page, click Next, and then click Finish.
9.
2.
3.
4.
In the IP address box, type 10.10.0.10, click Add, and then click OK.
Additional Reading
When Is WINS Required?
WINS Considerations
WINS Components
2-17
2-18
Lesson 5
19
Additional Reading
What Is the IPv6 Address Space?
Introduction to IP Version 6
2-19
2-20
2.
You intend to deploy the DHCP server role where necessary throughout your routed network.
What considerations should you bear in mind?
Answer: You should remember that routers must be RFC-compliant to forward DHCP packets. In
addition, to provide for fault tolerance, you must configure multiple DHCP servers and observe
the 80/20 rule.
3.
What is the difference between a subdomain in a DNS zone, and a delegated zone?
Answer: The former has no name servers of its own, while the latter has authoritative name
servers of its own.
4.
5.
When planning WINS, how many servers should you consider deploying?
Answer: Generally, for larger organizations, at least two, both of which are replication partners;
this provides for fault tolerance of NetBIOS name registration, renewal, release, and querying.
Module 3
Planning for Active Directory
Contents:
Lesson 1: Selecting a Domain and Forest Topology
11
16
3-1
3-2
Lesson 1
Additional Reading
3-3
3-4
Answer. Answers will vary; a forest trust relationship is required between each forest.
Additional Reading
Considerations for Designing a Forest Infrastructure
3-5
3-6
Lesson 2
3-7
3-8
2.
When the virtual machine has started, start the 6430B-SEA-SVR1 virtual machine. You will need
this VM for subsequent demonstrations.
3.
4.
Click Start, point to Administrative Tools, and then click Active Directory Users and
Computers.
5.
In the console, right-click Adatum.com and then click Raise domain functional level.
6.
In the Raise domain functional level dialog box, in the Select an available domain functional
level list, click Windows Server 2008, and then click Raise.
7.
8.
In the subsequent Raise domain functional level dialog box, click OK.
9.
Click Start, point to Administrative Tools, and then click Active Directory Domains and
Trusts.
2.
In the console, right-click Active Directory Domains and Trusts [SEA-DC1.Adatum.com], and
then click Raise Forest Functional Level.
3.
In the Raise forest functional level dialog box, in the Select an available forest functional
level list, click Windows Server 2008, and then click Raise.
4.
5.
In the subsequent Raise forest functional level dialog box, click OK.
6.
Lesson 3
10
3-9
3-10
Additional Reading
What Is AD RMS?
Lesson 4
12
13
3-11
3-12
3-13
On the SEA-DC1 virtual machine, click Start, point to Administrative Tools, and then click Active
Directory Sites and Services.
2.
In the console, expand Sites, right-click Sites, and then click New Site.
3.
In the New Object Site dialog box, in the Name box, type Branch-Office-1.
4.
In the Link Name list, click DEFAULTIPSITELINK, and then click OK.
5.
In the console, expand Inter-Site Transports, expand IP, and then click IP.
2.
In the results pane, in the list, right-click DEFAULTIPSITELINK, and then click Properties.
3.
In the DEFAULTIPSITELINK Properties dialog box, in the Replicate every list, type 15, and then
click Change Schedule.
4.
In the Schedule for DEFAULTIPSITELINK dialog box, click Sunday, and then click Replication
Not Available.
5.
Click Cancel.
6.
7.
2.
3.
4.
At the Command Prompt, type adprep /rodcprep, and then press ENTER.
5.
2.
3.
Click Start, and in the Start Search box, type dcpromo, and then press ENTER.
4.
In the Active Directory Domain Services Installation Wizard, select the Use advanced mode
installation check box, and then click Next.
5.
3-14
6.
On the Choose a Deployment Configuration page, click Existing forest, and then click Next.
7.
8.
9.
On the Select a Site page, in the Sites list, click Branch-Office-1, and then click Next.
10. On the Additional Domain Controller Options page, select the Read-only domain controller
(RODC) check box, and then click Next.
2.
3.
Click Start, point to Administrative Tools, and then click Active Directory Users and
Computers.
4.
5.
6.
In the SEA-SVR1 Properties dialog box, click the Password Replication Policy.
7.
Click Add, and in the Add Groups, Users and Computers dialog box, click Allow passwords
for the account to replicate to this RODC, and then click OK.
8.
In the Select Users, Computers, or Groups dialog box, in the Enter the object names to select
box, type SalesGG, click Check Names, and then click OK.
9.
In the SEA-SVR1 Properties dialog box, click Apply, and then click Advanced.
10. In the Advanced Password Replication Policy for SEA-SVR1 dialog box, click the Resultant
Policy tab.
3-15
11. Click Add, and in the Select Users, Computers, or Groups dialog box, in the Enter the object
names to select box, type Joe, click Check Names, and then click OK.
12. Click Close.
13. In the SEA-SVR1 Properties dialog box, click OK
3-16
2.
From a security perspective, what is the difference between implementing a forest with two trees,
and implementing two forests with forest trusts established between them?
Answer: In the dual tree configuration, there is a single forest-wide Enterprise Admins universal
security group; membership of this group enables you to perform administration in either tree. In
the dual forest configuration, there are two separate Enterprise Admins universal groups;
administration is quite separate.
3.
4.
What domain functional level is required to support the redirection of the default Users and
Computers containers?
Answer: Windows Server 2003.
5.
You are concerned about the reliability of using FRS to replicate the SYSVOL folder between
domain controllers. What domain functional level must you select in order to use DFS?
Answer: Windows Server 2008.
6.
During the creation of a site object, with which other object must you associate it?
Answer: A site link.
Module 4
Planning for Group Policy
Contents:
Lesson 1: Planning Group Policy Application
10
4-1
4-2
Lesson 1
4-3
2.
Click Start, point to Administrative Tools, and then click Group Policy Management.
3.
If necessary, expand Forest: Adatum.com, expand Domains, expand Adatum.com, and then
click Default Domain Policy. Note that Default Domain Policy is linked here.
4.
If a warning message is displayed, select the Do not show this message again check box, and
then click OK.
5.
Click the Settings tab, and then expand the setting under Computer Configuration. This shows
only the settings that are configured.
6.
Right-click Default Domain Policy, and then click Edit. The Group Policy Management Editor
displays all settings whether they are configured or not.
7.
Expand Policies and explain the types of settings that are in each category.
8.
9.
4-4
Lesson 2
4-5
2.
Click Start, point to Administrative Tools, and then click Group Policy Management.
3.
4.
Right-click Default Domain Policy to display the context menu. Note that this is where you can
enforce the policy.
5.
Right-click Adatum.com to display the context menu. Note that this is where you can block
policy inheritance. In this case, it would block policy inheritance from sites.
6.
Click Default Domain Policy, and then click the Scope tab. Note the security filtering area
where the list of security principles is located. Authenticated Users is the default configuration for
security filtering.
7.
8.
9.
4-6
Lesson 3
4-7
4-8
Lesson 4
2.
Click Start, point to Administrative Tools, and then click Group Policy Management.
3.
4.
5.
In the New GPO window, in the Name box, type Preferences, and then click OK.
6.
7.
Under User Configuration, expand Preferences, expand Windows Settings, and then click
Drive Maps.
8.
Right-click Drive Maps, point to New, and then click Mapped Drive.
9.
4-9
4-10
What are some of the ways you can speed up group policy processing?
Answer: You can speed up group policy processing by limiting the number of GPOs that are
processed. Also, you should disable portions of a GPO that are not used. For example, disable the
user portion of a GPO that only contains computer settings.
2.
How can you modify how group policy is processed and applied?
Answer: You can modify how group policy is processed and applied by using enforcement,
blocking inheritance, and by using loopback.
3.
Troubleshooting tip
Use Group Policy Results in Group Policy Management to view the GPOs
that are being applied.
You have configured a kiosk with an application for controlling manufacturing equipment. You
would like all users on the kiosk to have the same configuration regardless of the organizational
unit that their user object resides in. How will you accomplish this?
Answer: You can use loopback processing to apply user settings from a GPO that applies to a
computer. In this case, the user settings in a GPO that applies to the kiosk computer object will
replace the user settings that apply to the users object.
2.
In the past, you have created customized ADM templates and they were automatically included
with the GPO on SYSVOL. This allowed the GPO to be properly edited from any location. You
have now created a customized ADMX template and realize that it is stored locally. Others will
not be able to edit the GPO. How can you resolve this?
4-11
Answer: Create a central store for ADMX templates by using GPMC. Then place the customized
ADMX template in the central store. The central store is replicated to all domain controllers and
will be available for anyone editing the GPO.
3.
Your organization has no formal plan in place for backing up GPOs. Only a full backup, including
system state, is being performed each day. How can you improve this?
Answer: It is very difficult to recover GPOs from the system state of a domain controller. You can
manually back up GPOs by using the GPMC. Or, you can schedule backups to run daily or weekly
by using the BackupAllGPOs.wsf script in C:\Program Files\GPMC\Scripts.
Use group policy to manage settings on computers rather than manually configuring each
computer.
Use security filtering and WMI filtering for more flexible GPO application.
Use loopback processing for special use computers such as kiosks and Terminal Servers.
Use starter GPOs to simplify the creation of new GPOs with similar settings.
Delegate the management of GPOs to OU administrators that are affected by them. For example,
delegate the management of GPOs for a region to an administrator for that region. This can
include linking and modifying the GPOs.
Tools
Tool
Use for
Group Policy
Management
GPResult.exe
ADMX Migrator
BackupAllGPOs.wsf
Where to find it
Creating
and
managing
GPOs
Administrative Tools
Troubleshoo
ting GPO
application
C:\Windows\System32
Converts
customized
ADM
templates to
ADMX
templates
http://go.microsoft.com/fwlink/?LinkID=164211&clcid=0x
409
Script that
can be used
C:\Program Files\GPMC\Scripts
4-12
to create
scheduled
backups of
GPOs
Module 5
Planning Application Servers
Contents:
Lesson 2: Supporting Web-Based Applications
5-1
5-2
Lesson 2
5-3
2.
Click Start, point to Administrative Tools, and then click Internet Information Services (IIS)
Manager.
3.
In the left pane, expand SEA-DC1 and then expand Sites. Point out Application Pools and the
Default Web site.
4.
Click Default Web Site, and then in the Actions pane, click Bindings. Note that only http is
used.
5.
Click Close.
6.
In the left pane, click SEA-DC1, and then double-click Server Certificates.
7.
8.
In the Specify a friendly name for the certificate box, type SSL Cert, and then click OK.
9.
Click Default Web Site and then in the Actions pane, click Bindings. Note that only http is
used.
5-4
Lesson 3
5-5
2.
Click Start, point to All Programs, click Microsoft SQL Server 2008, and then click SQL Server
Management Studio.
3.
In the Connect to Server window, explain the options to the students. In particular, note that it is
connecting to an instance named SQLEXPRESS.
4.
Click Connect.
5.
Click the View menu, and then click Object Explorer Details. This provides a view more like
Windows Explorer.
6.
In Object Explorer, expand Databases, and then click System Databases. These databases are
used by SQL Server for internal tasks and are present on every SQL Server instance.
7.
8.
9.
5-6
24. Click User Mapping. Note that ADATUM\Administrator is mapped to the dbo user in the
AdventureWorksLT2008 database.
25. Click Cancel.
26. Under AdventureWorksLT2008, expand Security, and then click Users. Note that
ADATUM\Administrator is not listed but the dbo user is listed.
27. Double-click dbo. Notice that dbo is a member of the db_owner role, which provided full
administrative permissions.
28. Click Cancel.
29. Close all open windows.
Lesson 4
5-7
5-8
2.
3.
4.
In the box, type Domain Users, click Add, and then click Share.
5.
6.
Click Start, point to Administrative Tools, and then click Group Policy Management.
7.
Expand Forest: Adatum.com, expand Domains, expand Adatum.com and then click Group
Policy Objects.
8.
9.
In the New GPO window, in the Name box, type Applications, and then click OK.
2.
Click Start, point to All Programs, click Microsoft Calculator Plus, and then click Microsoft
Calculator Plus.
3.
If the application does not appear, use gpupdate to refresh the Group Policy settings on
SEA-CL1, log off, and then log on again.
5-9
How can you provide access to a client server application over the Internet and still have
acceptable performance?
2.
Why do you need to consider transaction logs when planning backup and recovery for SQL
Server?
3.
How can you isolate Web applications so that a programming error in one does not affect
another?
Troubleshooting tip
A Web-based application is considered critical for your organization. How can you increase the
availability of this application?
2.
Your organization does not have backup software with an agent for SQL Server. The agent for
SQL Server has been ordered, but will not arrive for several weeks. In the meantime, how can you
backup the SQL Server database without stopping the database?
3.
Your organization has implemented a Web-based application. Authentication for this application
is based on Active Directory accounts. When users access the application, they are prompted for
credentials. How can you eliminate the prompt for credentials?
Simplify user logons by integrating authentication with Active Directory when possible.
Use Terminal Services with RemoteApp to avoid the need to install a client application on each
computer.
Use Terminal Services to provide access to an application for roaming users or remote offices.
Module 6
Planning File and Print Services
Contents:
Lesson 1: Planning and Deploying the File Services Role
10
12
6-1
6-2
Lesson 1
Additional Reading
6-3
6-4
On your host machine, click Start, point to All Programs, point to Microsoft Learning, and then
click 6430B. The Lab Launcher starts.
2.
3.
4.
5.
6.
7.
8.
2.
3.
4.
5.
In the Add Roles Wizard, on the Before You Begin page, click Next.
6.
On the Select Server Roles page, in the Roles list, select both the File Services and Print
Services check boxes, and then click Next.
7.
8.
9.
10. On the Select Role Services page, select the File Server Resource Manager check box, and
then click Next.
11. On the Configure Storage Usage Monitoring page, click Next.
12. On the Confirm Installation Selections page, click Install.
13. On the Installation Results page, click Close.
14. Close Server Manager.
Click Start, click Computer, and then double-click Local Disk (C:).
2.
3.
4.
6-5
5.
In the Transport-data Properties dialog box, on the Security tab, click Advanced.
6.
In the Advanced Security Settings for Transport-data dialog box, click Edit, clear the Include
inheritable permissions from this objects parent check box, and then click Copy.
7.
In the Advanced Security Settings for Transport-data dialog box, click OK.
8.
Click OK again, and in the Transport-data Properties dialog box, click Edit.
9.
In the Permissions for Transport-data dialog box, in the Group or user names list, click Users
(SEA-SVR1\Users), and then click Remove.
10. Click Add, and in the Select Users, Computers, or Groups dialog box, in the Enter the object
names to select (examples): box, type TransportGG, click Check Names, and then click OK.
11. In the Permissions for Transport-data dialog box, in the Permissions for TransportGG list,
select the Allow/Modify check box, and then click OK.
12. In the Transport-data Properties dialog box, click the Sharing tab.
13. Click Advanced Sharing, and in the Advanced Sharing dialog box, select the Share this folder
check box, and then click Permissions.
14. In the Permissions for Transport-data dialog box, select the Allow/Full Control check box,
and then click OK.
15. In the Advanced Sharing dialog box, click OK.
16. In the Transport-data Properties dialog box, click the Close.
17. Close Windows Explorer.
6-6
Additional Reading
Planning Encrypting File System (EFS)
For more information about EFS, see Data Encryption Toolkit for Mobile PCs.
For more information about planning for EFS, see the Plan Data Encryption section of Server
Deployment.
Lesson 2
Managing Storage
Contents:
Question and Answers
6-7
6-8
6-9
2.
Click Start, point to Administrative Tools, and then click File Server Resource Manager.
3.
In File Server Resource Manager (Local), expand Quota Management, and then click Quotas
Templates.
4.
5.
In the Create Quota dialog box, in the Quota path box, type C:\Transport-data.
6.
Click Auto apply template and create quotas on existing and new subfolders.
7.
Click Create.
In the navigation tree, expand File Screening Management, and then click File Screens.
2.
3.
4.
5.
6.
In the Create File Screen dialog box, in the File screen path box, type C:\Transport-data, and
in the list, click Monitor Executable and System Files. Then click Create.
In the navigation tree, right-click File Server Resource Manager (Local), and then click
Configure Options.
2.
Scroll along the tabs, and then click the File Screen Audit tab.
3.
Select the Record file screening activity in auditing database check box, and then click OK.
6-10
Lesson 3
11
Additional Reading
What Is DFS?
Overview of the Distributed File System Solution in Microsoft Windows Server 2003 R2
6-11
6-12
2.
3.
4.
What RAID configuration would you recommend to provide a good balance between fault
tolerance and performance for an organization on a tight budget?
Answer: Answers will vary, but RAID 5 might be suitable.
5.
6.
What notifications can you configure for when users approach their quota thresholds?
Answer: Send e-mail notifications; Log an event; Run a command or script; Generate storage
reports.
7.
8.
9.
10. How can fault tolerance of the content in a DFS namespace be provided?
Answer: By adding multiple namespace targets and configuring replication.
Module 7
Planning Server and Network Security
Contents:
Lesson 2: Planning for Windows Firewall with Advanced Security
7-1
7-2
Lesson 2
7-3
2.
Click Start, point to Administrative Tools, and click Windows Firewall with Advanced
Security.
3.
Right-click Windows Firewall with Advanced Security to display the context menu. Describe
the Import Policy, Export Policy, and Restore Defaults options to students.
4.
In the context menu, click Properties. Explain that this is where you can configure the default
option (block or allow) for inbound and outbound rules for each profile.
5.
Click Cancel.
6.
In the left pane, click Inbound Rules and then double-click the first rule in the list.
7.
Click the Programs and Services tab. Explain that this tab is used to select specific programs
affected by this rule.
8.
Click the Users and Computers tab. Explain that these options only apply when a connection
security rule provides user and computer information from IPSsc authentication by using
Kerberos.
9.
Click the Protocols and Port tab. Explain that this tab is used to configure specific ports and
protocol types affected by the rule.
10. Click the Scope tab. Explain that this tab is used to configure specific IP addresses that the rule
applies to.
11. Click the Advanced tab. Explain that this tab allows you to control which profiles the rule applies
to.
12. Click Cancel.
13. In the left pane, click Connection Security Rules, right-click Connection Security Rules, and
then click New Rule.
14. On the Rule Type page, click Server-to-server and then click Next.
15. On the Endpoint page, accept the default values of Any IP address and click Next. This creates
a rule that applies to all communication.
16. On the Requirements page, accept the default value of Request authentication for inbound
and outbound connections and then click Next. Note that this is the option you should select
during initial testing to prevent a server from becoming unavailable on the network.
17. On the Authentication Method page, click Advanced and then click Customize.
18. In the First authentication area, click Add.
19. In the First Authentication Method window, click Computer (Kerberos V5) and click OK.
20. Click OK and then click Next.
21. On the Profile page, click Next. This applies the rule to all profiles.
22. In the Name box, type Request authentication for all connections and then click Finish.
23. Close Windows Firewall with Advanced Security.
7-4
2.
3.
How can you identify when viruses or malware have infected a computer?
4.
How does UAC prevent viruses and malware from infecting a computer?
5.
Which type of IPsec authentication is required to configure firewall rules based on users and
computers?
Troubleshooting Tip
You have recently created a standardized list of firewall rules that you want to apply to all
Windows Vista computers in your organization. What is the best way to do this?
2.
You have recently migrated your servers to Windows Server 2008. After the migration,
administrators are being prompted for permission each time they run an administrative tool on
the server. A colleague suggests that this functionality be disabled because it is annoying. How
do you respond?
3.
Your organization has recently had a security breach on a Web-based application server. In
addition to analyzing how this problem occurred, you need to evaluate security overall for this
server. What areas do you need to consider as you identify risks to this server?
4.
Your organization has recently reviewed NAP as a potential method for preventing malware from
entering the network. Based on the initial evaluation, your manager has asked you to identify the
type of NAP enforcement that would be most appropriate for your organization. Your
organization would like to begin with the simplest implementation possible for internal users.
What type of NAP enforcement should you use?
7-5
Supplement or modify the following best practices for your own work situations:
Use real-time protection to prevent viruses and malware from infecting a computer. Scheduled
scans find malware only after it is already on the computer.
Use scheduled scans to find malware missed by real-time scanning because the signature files did
not include the malware at the time of infection.
Do not disable UAC, particularly for administrators. Disabling UAC also disables Protected Mode
in Internet Explorer.
Module 8
Planning Server Administration
Contents:
Lesson 1: Selecting the Appropriate Administration Tool
14
8-1
8-2
Lesson 1
8-3
8-4
On your host machine, click Start, point to All Programs, point to Microsoft Learning, and then
click 6430B. The Lab Launcher starts.
3.
4.
5.
6.
7.
2.
3.
At the Command Prompt, type Netsh interface ipv4 set address name=Local Area
Connection source=static address=10.10.0.100 mask=255.255.0.0 gateway=10.10.0.10 1,
and then press ENTER.
4.
At the Command Prompt, type Netsh interface ipv4 set dns name=Local Area Connection
source=static address=10.10.0.10 primary, and then press ENTER.
At the Command Prompt, type netdom query workstation, and then press ENTER.
2.
At the Command Prompt, type netdom query pdc, and then press ENTER.
3.
At the Command Prompt, type netdom query ou, and then press ENTER.
At the Command Prompt, type winrs r:sea-dc1 ipconfig, and then press ENTER.
2.
3.
4.
At the Command Prompt, type winrm quickconfig, and then press ENTER.
5.
6.
7.
At the Command Prompt, type winrs r:sea-dc1 ipconfig, and then press ENTER.
2.
3.
4.
In the Add Features Wizard, on the Select Features page, select the Windows PowerShell
check box, and then click Next.
5.
On the Confirm Installation Selections page, click Install, and then when prompted, click
Close.
6.
8-5
Click Start, point to All Programs, click Windows PowerShell 1.0, and then click Windows
PowerShell.
2.
At the Windows PowerShell Command Prompt, type cd cert:, and then press ENTER.
3.
At the Windows PowerShell Command Prompt, type dir, and then press ENTER.
4.
At the Windows PowerShell Command Prompt, type cd hklm:, and then press ENTER.
5.
At the Windows PowerShell Command Prompt, type dir, and then press ENTER.
6.
At the Windows PowerShell Command Prompt, type cd c:, and then press ENTER.
At the Windows PowerShell Command Prompt, type get-command, and then press ENTER.
2.
At the Windows PowerShell Command Prompt, type function commands {get-command}, and
then press ENTER.
3.
At the Windows PowerShell Command Prompt, type commands, and then press ENTER.
At the Windows PowerShell Command Prompt, type notepad test.ps1, and then press ENTER.
2.
3.
4.
5.
At the Windows PowerShell Command Prompt, type test.ps1, and then press ENTER.
6.
At the Windows PowerShell Command Prompt, type ./test.ps1, and then press ENTER.
7.
At the Windows PowerShell Command Prompt, type get-executionpolicy, and then press
ENTER.
8.
9.
At the Windows PowerShell Command Prompt, type ./test.ps1, and then press ENTER.
At the Windows PowerShell command Prompt, type get-service, and then press ENTER.
2.
At the Windows PowerShell command Prompt, type get-service | ft status,name, and then
press ENTER.
8-6
3.
At the Windows PowerShell command Prompt, type get-service | select-object name, and then
press ENTER.
4.
5.
6.
At the Windows PowerShell command Prompt, type exit, and then press ENTER.
2.
At the Command Prompt, type dsquery user name s*, and then press ENTER.
3.
Click Start, point Administrative Tools, and then click Active Directory Users and Computers.
4.
5.
6.
Click Cancel.
7.
8.
At the Command Prompt, type dsquery user name s* | dsmod user office Redmond,
and then press ENTER.
9.
Switch to Active Directory Users and Computers, and in the results pane, double-click Suroor
Fatima.
Lesson 2
8-7
8-8
Lesson 3
Delegating Administration
Contents:
Question and Answers
10
11
8-9
8-10
8-11
2.
3.
In Server Manager, in the navigation tree, expand Configuration, expand Local Users and
Groups, and then click Groups.
4.
5.
In the Power Users Properties dialog box, click Add, and in the Select Users, Computers, or
Groups dialog box, in the Enter the object names to select (examples) box, type Josh, click
Check Names, and then click OK.
6.
2.
Click Start, point to Administrative Tools, and then click Active Directory Users and
Computers.
3.
In Active Directory Users and Computers, click the Sales organizational unit.
4.
5.
6.
7.
In the Select Users, Computers, or Groups dialog box, in the Enter the object names to select
(examples) box, type Josh, click Check Names, and then click OK.
8.
9.
On the Tasks to Delegate page, in the Delegate the following common tasks list, select the
following check boxes, and then click Next:
10. On the Completing the Delegation of Control Wizard page, click Finish.
In Active Directory Users and Computers, click View, and then click Advanced Features.
2.
3.
In the Sales Properties dialog box, click the Security tab, and then click Advanced.
4.
In the Advanced Security Settings for Sales dialog box, click Add.
8-12
5.
In the Select User, Computer, or Group dialog box, in the Enter the object name to select
(examples) box, type Josh, click Check Names, and then click OK.
6.
In the Permission Entry for Sales dialog box, in the Permissions list, select the following check
boxes, and then click OK:
7.
In the Advanced Security Settings for Sales dialog box, click Add.
8.
In the Select User, Computer, or Group dialog box, in the Enter the object name to select
(examples) box, type Josh, click Check Names, and then click OK.
9.
In the Permission Entry for Sales dialog box, in the Apply to list, click Descendant Computer
objects.
10. In the Permissions list, click Full control/Allow, and then click OK.
11. In the Advanced Security Settings for Sales dialog box, click OK.
12. In the Sales Properties dialog box, click OK.
2.
Log off, and then log on as ADATUM\Josh with the password Pa$$w0rd.
3.
4.
In the User Account Control dialog box, in the User name box, type administrator.
5.
6.
In Server Manager, click Features, and then in the results pane, click Add Features.
7.
In the Add Features Wizard, on the Select Features page, expand Remote Server
Administration Tools.
8.
Expand Role Administration Tools, and then select the Active Directory Domain Services
Tools check box.
9.
10. Click Close, and in the Add Features Wizard, click Yes.
11. Log on as ADATUM\Josh with the password Pa$$w0rd.
12. Click Start, point to Administrative Tools, and then click Active Directory Users and
Computers.
13. In the User Account Control dialog box, in the Password box, type Pa$$w0rd, and then click
OK.
14. In Active Directory Users and Computers, expand Adatum.com, and then click the Sales
organizational unit.
15. In the results pane, double-click Tom Higginbotham.
16. Click Cancel, right-click Sales, click New, and then click User.
17. In the New Object User dialog box, click Cancel.
8-13
8-14
Module 9
Planning and Implementing Monitoring and
Maintenance
Contents:
Lesson 1: Planning Monitoring Tasks
9-1
9-2
Lesson 1
Additional Reading
Planning for Event Monitoring
For more information about SCOM 2007, see the Microsoft System Center Operations Manager
Web site.
For more information about the Dynamic Systems Initiative, see Dynamic Systems Initiative
Overview White Paper on the Microsoft Web site.
9-3
9-4
Lesson 2
Additional Reading
Common Performance Metrics
For more information about common performance metrics, see Performance Tuning Guidelines for
Windows Server 2008 on the Windows Hardware Developer Central Web site.
9-5
9-6
Lesson 3
Additional Reading
Windows Server 2008 Monitoring Tools
For more information about SCOM 2007, see the white paper Introducing Microsoft System Center
Operations Manager 2007 on the Microsoft Download Center Web site.
9-7
9-8
2.
Capacity planning
What are some of the tasks that you should undertake when you create a performance baseline for a
server?
Answer:
3.
4.
Various Windows events can be consolidated by using tools such as SCOM 2007.
5.
Module 10
Planning High Availability and Disaster Recovery
Contents:
Lesson 1: Choosing a High-Availability Solution
10-1
10-2
Lesson 1
10-3
Additional Reading
What Is Failover Clustering?
For more information on failover clusters, see Windows Server 2008 Technical Library.
10-4
Lesson 2
Additional Reading
10-5
10-6
Additional Reading
Shadow Copy Considerations
For more information on restoring a previous version of a file or folder, see Windows Server 2008
Help Topic: How do I restore a previous version of a file or folder?
For more information on best practices for shadow copies of shared folders, see Best Practices
for Shadow Copies of Shared Folders.
10-7
You plan to deploy a Web farm. You want to provide a fault tolerant front end for client computers
connecting from the Internet. Which would be the most suitable technology?
Answer: Network Load Balancing. This provides for load balancing and high availability of front-end
services. To provide high availability of the back end, consider using failover clustering.
2.
You want to implement a RAID solution that provides good read performance and reasonable fault
tolerance; however, lower cost is a factor. Which RAID standard(s) would be suitable?
Answer: RAID 5 probably provides the best balance between cost and fault tolerance. It also provides
for reasonable read operations.
3.
Which editions of Windows Server 2008 support the failover clustering feature?
Answer: Enterprise Edition and Datacenter Edition.
4.
Where do you store shared folders that are part of a File Server cluster?
Answer: On a shared storage device such as an iSCSI SAN.
5.
Shadow copies work on the principal of providing incremental copies of configured volumes at the
block level. True or False?
Answer: False. They provide differential copies.
Planning Virtualization
Module 11
Planning Virtualization
Contents:
Module Reviews and Takeaways
11-1
11-2
2.
3.
4.
Where are the virtual disks stored when a host cluster is implemented?
Troubleshooting tip
You are an IT architect at a large insurance provider with seven physical locations, 12,000 users,
and 220 servers. Your organization wants to use server virtualization to reduce management and
hardware costs by combining existing servers on new hardware. What criteria will you use when
you select servers for consolidation?
2.
You are an IT architect at a large insurance provider. You have migrated many important
applications to VMs and want to increase the availability of those VMs. How can availability of
VMs be increased when you use Hyper-V?
3.
You are the manager responsible for controlling the process that is used for testing new
application updates and releases at a large insurance provider. In the past, you have maintained
development, test, and production servers for all applications. This resulted in hundreds of servers
being stored in the data center. How can you use Hyper-V to reduce hardware costs for
development and testing?
Resources
Contents:
Microsoft Learning
R-1
R-2
Microsoft Learning
This section describes various Microsoft Learning programs and offerings.
Microsoft Learning
Describes the training options available through Microsoft face-to-face or self-paced.
R-3
Note Not all training products will have a Knowledge Base article if that is the case, please ask your
instructor whether or not there are existing error log entries.
Courseware Feedback
Send all courseware feedback to support@mscourseware.com. We truly appreciate your time and effort.
We review every e-mail received and forward the information on to the appropriate team. Unfortunately,
because of volume, we are unable to provide a response but we may use your feedback to improve your
future experience with Microsoft Learning products.
Reporting Errors
When providing feedback, include the training product name and number in the subject line of your email. When you provide comments or report bugs, please include the following:
Please provide any details that are necessary to help us verify the issue.
Important All errors and suggestions are evaluated, but only those that are validated are added to the
product Knowledge Base article.