Light IT up. Microsoft Learning Ignite | May 4 – 8, 2015 | Chicago, IL.

Transcript Light IT up. Microsoft Learning Ignite | May 4 – 8, 2015 | Chicago, IL.

Light IT up.
Microsoft Learning
Ignite | May 4 – 8, 2015 | Chicago, IL
Exam 70-410
Exam Preparation
Mark Grimes
Senior Consultant
Microsoft Consulting Services
About Me
Residence, SE MI
18 Years MCT, 10 years ft active
10 years consulting
½ with Partner, ½ @Microsoft
Lead Internal Identity Technical
Communities
• Lead multiple internal Azure
Cert programs
• Losing weight fast with Joe
Cross’ plan!
•
•
•
•
•
Certification
70-410
Roadmap – Server Certification
MCSA: Windows Server 2008
MCITP: Server Administrator on Windows Server 2008
MCITP: Enterprise Administrator on Windows Server 2008
MCITP: Virtualization Administrator on Windows Server 2008 R2
MCITP: Enterprise Messaging Administrator 2010
MCITP: Lync Server Administrator 2010
MCITP: SharePoint Administrator 2010
MCITP: Enterprise Desktop Administrator on Windows 7
MCDST: Windows XP
MCSE: Windows 2000
MCSA: Windows 2000
MCSA: Security on Windows 2000
MCSA: Security on Windows 2003
MCSA: Windows Server 2003
MCSE: Security on Windows 2000
MCSE: Security on Windows 2003
MCSE: Windows Server 2003
MCSA: Messaging on Windows Server 2000
MCSA: Messaging on Windows Server 2003
MCSE: Messaging on Windows Server 2000
MCSE: Messaging on Windows Server 2003
http://bit.ly/Ignite-Learning
http://bit.ly/Ignite-VirtAcad
http://bit.ly/Ignite-CertApp
aka.ms/migrate/2008R2
Install and
Configure Servers
(15 – 20%)
Install servers
Configure servers
Configure local storage
EDITION
POSE INSTANCES
VOSE INSTANCES
Datacenter
1
Unlimited
Standard
1
2
Foundation
1
0
Essentials
1 (POSE or VOSE)
1 (POSE or VOSE)
Foundation
Essentials
Standard /
Datacenter
Processor Limit
1
2
64
RAM
32GB
64GB
4TB
Max users
15
25
Unlimited
Routing and Remote Access
(RRAS)
50
250
Unlimited
Active Directory Services
Root only
Root only
Full
Active Directory Certificate
Services
CA Only
CA Only
Full
Hyper V / Server Core
No
No
Yes
File Services limits
1 Standalone DFS root
1 Standalone DFS
root
Unlimited
Operating System
Minimum Requirements
1.4 GHz 64-bit processor (no upgrade path from a 32bit system)
512 MB RAM
32 GB available disk space (considered as the minimum)
DVD drive (not normally a pre-requisite)
Super VGA (1024 x 768) or higher resolution monitor
Keyboard and mouse (or other compatible pointing device)
Internet access
Supported Maximums
Component
Logical processors
RAM
Failover cluster nodes
WINDOWS SERVER 2012
640
4 terabytes
64
WINDOWS SERVER 2008 R2
256
2 terabytes
16
Used to keep the server builds simple and targeted
 Located at C:\Windows\WinSXS
directory
 Can be removed and added later if
need
 Install-Windows Feature or UninstallWindows Feature
 Can reduce the total disk space used.
 Also works on VHD and VHDX
 Install-WindowsFeature <featurename> -Source wim:d:\sources\install.wim:2
Number of roles support by Server Core increased
12 of 19 roles are available
Roles not available
Active Directory Federation Services
Fax Server & Application Server
Network Policy and Access Services
Remote Desktop Services/Gateway
/Session Host/Web Access
 Volume Activation Services
 Windows Deployment Services
 To switch from Server full to Core Server
 SQL Server can now run on Server core
Uninstall-WindowsFeature Server-Gui-Shell, Server-Gui-Mgmt-Infra




Deploying Server Images
DISM is your friend
..and my favorite DISM commands:
Dism.exe /online /Get-Features (run the cmd prompt with admin account)
Dism.exe /online /Enable-Feature /FeatureName:NetFx3
The ImageX tool has been deprecated in Server 2012 and
has been replaced with DISM for image management.
Configure Servers
Post installation tasks to consider:
• Configure the
network connection
• Set the time zone
• Enable Remote
Desktop
• Rename the
computer
• Join a domain
Support for 3 Different Modes in Server 2012 R2
Switch Independent Mode
• Incoming Traffic come through one card
• Unless virtual machines are in use
• Need to use Hyper-V Port or Dynamic
Static Teaming or LACP
• Requires hardware support
• 802.3ad or 802.1ax
• Incoming Traffic Controlled
NIC Teaming Powershell Cmd :
New-NetLbfoTeam NewTeam NIC1,NIC2
–TeamingMode Lacp
–LoadBalancingAlgorithm HyperVPorts
Windows Disk Settings
 Select a Partition Style
 Master Boot Record (MBR)
 GUID Partition Table (GPT)
 Select a Disk Type
 Basic Disks
 Dynamic Disks
 Divide Disk Into partitions
 Simple, Spanned, Striped, Mirrored, Raid 5
 Format the partitions
 NTFS, FAT32, FAT16
Working with Disks
 Creating and Mounting VHDs
 VHDs original format
 VHDX a new version that supports up to 64TB
 Fixed vs Dynamically Expanding
 Server Manager Usage




Take advantage of the Disk Management Snap-in
Determine your storage layout
Create Storage Pools
Create simple volumes
 Understand Storage Pools
 64 Bit only
 Versions/editions and differences
 Things not in Core
 Disk Partitions, types, etc
 NIC Teaming
 DISM
You have a server named Core1 that runs a Core installation of
Server 2012 R2 Standard. You need to configure Core1 to run a
Core installation of Server 2012 R2 Datacenter Edition. You must
achieve this goal using the least amount of administrative effort.
What should you do?
a.
b.
c.
d.
Use Servermanagercmd.exe
Perform an offline servicing using DISM
Perform an online servicing using DISM
Insert the Windows Server 2012 R2 media and use Setup.exe.
Reference: http://technet.microsoft.com/en-us/library/hh825265.aspx
Configure Server
Roles & Features
(15–20%)
Configure file and share access
Configure print and document
services
Configure servers for remote
management
Key tips to know …
•
•
•
•
•
•
•
•
•
Network Only
1st line of defense
Read, Change, Full Control
Folders Only, Drive?
Effective Permissions w/ Multiple
Group Membership
Deny Always Wins
Combine w/NTFS
Administrative Shares
Configuring Access-Base
Enumeration
Key tips to know …
• Configuring Offline Files
• Disk Quotas
• Volume Shadow Copy
Authentication
Kerberos (Windows Auth)
Digest (Windows Auth)
Device management policy
File encryption / selective wipe
Require password / device lock
ADFS (OAuth)
Limit access to registered devices
)ADFS(
https://workfolders.contoso.com
Data management
Quotas
File screens
Reporting
Classification
RMS protection
Key tips to know for the exam…
• File and Storage Services sub-role
• An additional access protocol
• Consolidated view of sync activity across your server
 Multiple Sync Shares per server
 Each share maps to a file system location
 Users/groups associated with a single share
 Policy defined per share
 Files stay in sync across all devices
 Local changes sync back to server and then to other devices
 SMB clients can continue to work directly with server files
Understand Windows Printing








Print Devices Management
Print Server Management
Print Drivers
Direct vs Network Printing
Managing, Sharing Printers
Migrating Printers
Deploying Printers via GPO
Consider Remote Desktop Easy Print
Key Tips to Remember…
 Remember VSS applies to the ENTIRE
VOLUME!
 Understand the difference between
basic and advanced permissions
 Remote Management is strongly
encouraged!
 Don’t Forget about Quotas

And storage pools
Practice Question
You create a volume on Disk 1 on the server and create a shared
folder on that volume.
You want to enable the Volume Shadow Copy Service (VSS) on the
shared folder. What step can you take to accomplish the task?
a. In the properties for the shared folder, enable shadow copy
b. In the properties for the volume, enable shadow copy for the
volume
c. Use the xcopy command to enable shadow copy for the shared
folder
Source:
MeasureUp
Configure Hyper-V
(15 – 20%)
Create and configure virtual
machine settings
Create and configure virtual
machine storage
Create and configure virtual
networks
hardware-assisted virtualization.
Intel VT
AMD-V
supports the virtualization hardware
Hardware-enforced Data Execution Prevention (DEP),
must enable
the Intel XD bit (execute disable bit) or the AMD NX bit (no execute bit).
Typical Features
Newer Features…
 Up to 2,048 virtual CPUs
 Up to 4 terabytes (TB) of physical memory
 One server can host as many as 1,024 active VMs
 Each VM can have up to 64 virtual CPUs
 Up to 1 TB of memory.
 Support clusters with up to 64 nodes and 8,000
VMs.
Practice Question
Server1 runs Windows Server 2012 R2 with the Hyper-V role installed.
Server1 runs many Virtual Machines (VMs). A Virtual Machine named VM1 is
configured to use dynamic memory.
You are asked to increase the Startup RAM allocation on VM1. Your solution
must cause the least amount of disruption to the users..
Which should you do?
a. Shutdown VM1, change the Startup RAM on VM1. Start VM1
b. Stop the Hyper-V service on Server1. Change the Startup RAM
on VM1. Start the Hyper-V service on Server1
c. While VM1 is running, change the Maximum RAM on VM1
Source:
MeasureUp
Deploy and
Configure Core
Network Services
(15 – 20%)
Configure IPv4 and IPv6 addressing
Deploy and configure Dynamic Host
Configuration Protocol (DHCP)
service
Deploy and configure DNS service
Important factors to know about Addressing…
• Understand IPv4 Subnetting & Supernetting
• Understand IPv6 Addressing
• Assign an IPv6 Addresses and check the route (route print)
Tunneling





Automatic or Manual Configuration
6to4
ISATAP
Teredo
NAT64
• Understand the DHCP options available
DNS Terminology that you should know…
Host Name Resolution
• Forward and reverse lookups
• Types of DNS
• For AD-Integrated, what is the domain
partition, forestDNSZone, and
domainDNSZone?
• Records =SOA, NS, A, CNAME, PTR, SRV,
and MX Hint: replication scope
 Understand the Importance of Root Hints
 Know your subnetting!!!
 IPv6 Global Unique or Local Address
 Powershell is not the only way to configure DNS
and DHCP settings
 Global Names can still be used
 Be able to distinguish between stub zones,
forward & reverse lookup zones
Configure the correct DNS IP in the DHCP scope options
Install and
Administer Active
Directory (15–
20%)
Install domain controllers
Create and manage Active Directory
users and computers
Create and manage Active Directory
groups and organizational units
(OUs)
Install and Administer Active Directory
Things to Remember In Active Directory




Powershell TidBits



Create and Manage ADUC
 Automate, automate, automate!
 The Active Directory
Administrative Center
 DSADD, LDIFDE & CSVDE still
around
Additional features:
 Recycle Bin
 Fine-Grained Passwords
Create and Manage AD Users and Groups
Tell me something I may not know…



A few more details…


a. Create a system state backup from any Server 2008 R2 server
b. Upgrade one of the existing Server 2008 R2 domain controllers to Server
2012 first and then create an IFM backup
c. Create an IFM backup from any existing Sever 2008R2 backup
Create and Manage
Group Policy
(15 - 20%)
Group Policy objects (GPOs)
Configure Security Policies
Configure Application Restriction
Policies
Configure Windows Firewall
What is a Group Policy
Object (GPO) for?
 Deploy software, configure registry
based settings, configure security
settings
http://aka.ms/GroupPolicyGuide
Types of GPOS
 Local GPOs
 Non-Local GPOs
 Starter GPOS
Group Policy objects
 2 default policies = Domain, Domain
Controller
Domain Admins, Group Policy Creator
Owners
Link to sites, domains, OUs
 Not link directly to users, groups,
computers
 Can use security filtering
 Policy applies to user/computer
Deploy software
 Publish to users
 Assign to users
 Assign to computers
Software removal
Software Restriction
Policies
AppLocker
 Win7 & 2008 R2
•
•
•
•
Remote GP update
GP Infrastructure Status
Windows RT GP Support
Starter GPOS
a.
b.
c.
d.
Universal security groups
Global Groups
Domain Local Groups
None. You can use all group types
Learning Resources
http://borntolearn.mslearn.net/
http://blogs.msdn.com/b/microsoft_press/archive/2014/02/20/new-book-exam-ref-70-410-installing-and-configuring-windows-server-2012-r2.aspx
https://technet.microsoft.com/enus/virtuallabs/default
http://www.microsoftvirtual
academy.com/producttraining/windows-server
© 2015 Microsoft Corporation. All rights reserved.