Material modulo01 asf6501(6419-a_01)

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED

Introduction to Managing Windows Server 2008 Environment 1-1

Module 1

Introduction to Managing Windows Server 2008 Environment

Contents: Lesson 1: Server Roles 1-3

Lesson 2: Overview of Active Directory 1-15

Lesson 3: Using Windows Server 2008 Administrative Tools 1-27

Lesson 4: Using Remote Desktop for Administration 1-35

Lab: Administering Windows Server 2008 1-43

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED

1-2 Configuring, Managing and Maintaining Windows Server 2008 Servers

Module Overview

Multiple tools exist to facilitate management of Windows Server® 2008 computers and Active Directory® domains. In Windows Server 2008, many of these tools have been consolidated into the Server Manager tool. This change offers a single point for server administration.

By understanding the tools available to manage Windows Server 2008 and Active Directory, you will be able to more quickly and effectively implement change requests.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Lesson 1

Server Roles

Windows Server 2008 is configured by adding and removing server roles and features. This is a new method of organizing the addition and removal of services. Understanding server roles and features allows you to install and support only the Windows Server 2008 components you need in your environment.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Windows Server 2008 Editions

Key Points

Windows Server 2008 is available in several editions to meet the needs of various organizations. The editions are available for x86, x64, and Itanium processors.

Windows HPC Server 2008 is designed for clustering hundreds of computers together to work on a single processing task. Hyper-V is a role that is provided for 64-bit installations of Windows Server 2008. You can order Standard, Enterprise, and Datacenter editions that do not have Hyper-V included.

Question: Describe the criteria you will use when deciding what edition of

Windows Server to deploy.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


What Are Server Roles?

Key Points

Server roles are a way to configure a computer running Windows Server 2008 to perform a specific function. In a large enterprise, computers can be configured to perform a single role to ensure greater scalability. In a small organization, many roles can be combined on a single computer.

When deploying multiple server roles on a single computer, consider the following:

The capacity of the computer should be sufficient for all the installed roles.

Ensure that security requirements for the roles you plan to install can co-exist on a single computer.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Configure security settings appropriately for all installed roles.

Plan ahead for possible migration paths if the computer becomes overloaded.

Question: In your work environment, what are the advantages of consolidated

servers, dedicated servers, or both?

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


What Are the Windows Infrastructure Services Roles?

Key Points

Windows infrastructure services roles are used to form the underlying framework of software and services that are used by other applications within the organization.

The table below describes Windows infrastructure services roles:

Role Description

Active Directory Certificate Services

Creates and manages certification authorities. Certification authorities are used to create digital certificates for identification and encryption.

Active Directory Rights Management Services

Helps protect information from unauthorized use and generates licenses that specify what actions can be taken with protected content and by whom.

DHCP Server Automatically allocates IP addresses and IP configuration information to clients

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Role Description

DNS Server Provides name resolution for TCP/IP networks.

Fax Server Sends and receives faxes electronically rather than requiring paper-based copies of documents.

File Services Provides technologies for storage management, file replication, and file searching.

Network Policy and Access Services

Provides support for LAN or WAN routing, network access policy enforcement, VPN connections, and dial-up connections.

Hyper-V Provides server virtualization functionality.

Print Services Enables and manages network printing.

Terminal Services Allows users to run programs on a remote server but view the results in a Remote Desktop window.

Windows Deployment Services Deploys Windows operating systems to computers over the network.

Question: List the Windows infrastructure services roles used in your work

environment.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


What Are the Windows Application Platform Services Roles?

Key Points

Windows application platform services roles are used as a platform for the development of applications.

The table below describes Windows application platform services roles:

Role Description

Application Server Provides a complete solution for hosting and managing distributed business applications. Includes services such as .NET Frameworks, Web server, and Message Queuing.

Universal Description, Discovery, and Integration (UDDI) Services

Shares information about Web services within an organization or between business partners.

Web Server (IIS) Enables Windows Server 2008 as a Web server.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Question: List the Windows application platform roles used in your work

environment.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


What Are the Active Directory Server Roles?

Key Points

The Active Directory roles allow you to implement and control Active Directory for your organization.

Question: Briefly describe one or two scenarios where you would implement each

server role.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


AD DS Integration with Other Active Directory Server Roles

Key Points

Many of the other Windows Server 2008 server roles integrate with AD DS. Server roles, such as the following, rely on AD DS:

Active Directory Federation Services (AD FS)

Active Directory Rights Management Services (AD RMS)

Active Directory Certificate Services (AD CS)

Question: Describe any other applications you aware of that can leverage AD DS.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


What Are Server Features?

Key Points

Server features support server roles or enhance the functionality of a server.

Question: Which of these features do you use in your work environment?

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


What Is Server Core?

Key Points

Server Core is a new installation option for Windows Server 2008. It provides a minimal environment for running specific server roles. A graphical interface is not included as part of the Server core installation.

Question: Describe two scenarios in which Server Core would be a beneficial

choice of server platform.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Lesson 2

Overview of Active Directory

Active Directory is a central repository of network information. Understanding how Active Directory is organized is essential to understanding network security and management. In this lesson, you will learn about Active directory domains, forests, and domain controllers.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


What Is Active Directory?

Key Points

Active Directory is a central repository of network information that is used for logon security and application configuration. The information stored in Active Directory includes:

User accounts

Computer accounts

Application configuration information

Subnet addresses

Group accounts

Printer objects

Published folder objects

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Active Directory is not a large single database. It is composed of multiple partitions. The domain partition holds information that is specific to a particular domain. The configuration partition holds configuration information for Active Directory and applications. The schema partition is the list of allowed objects and attributes in Active Directory.

Question: Why is it important that the schema is replicated to all domain

controllers in entire forest?

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Benefits of Active Directory

Key Points

Active Directory provides a single repository of information that is used for network management. A workgroup is a peer-to-peer network without a centralized security database. When Windows computers are not joined to a domain, they are considered members of a workgroup. Each workgroup member has its own security database and group policy store.

Question: Are there any situations where a workgroup would be preferable?

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


What Is a Domain?

Key Points

A domain is a logical grouping of objects such as:

User accounts. These are required for users to log on and access network resources. Information such as e-mail addresses and mailing addresses can be stored as part of a user account.

Computer accounts. These are required for a computer to participate in the domain and become part of the security infrastructure. To log on with a domain user account, you must use a computer that has a computer account in the domain.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Groups. These are used to organize users and computers into sets for assigning permissions to resources. Using groups make it easier to manage access to resources such as files.

Question: How has your organization used domains to create security boundaries?

If your organization does not use domains, how might domains be used in your

organization?

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


What is an Organization Unit?

Key Points

An organizational (OU) unit is a grouping of objects within a domain. OUs can contain:

Users

Groups

Computers

Other OUs

Question: Describe one scenario when you would use a domain to organize a

network. Describe one scenario when you would use an OU to organize a network.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


What Is a Forest?

Key Points

A forest is collection of domains that:

Share a common schema

Share a common Global Catalog

Are connected by two-way transitive trusts

When domains have a trust relationship, accounts in the trusted domain can be granted access to resources in the trusting domain.

Domain trees in a forest are not required to have the same naming structures.

Question: Does a trust automatically allow users in one domain to access

resources in another domain?

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


What Is a Domain Controller?

Key Points

The following are characteristics of a domain controller:

A domain controller is a computer that holds a copy of Active Directory information.

Domain controllers update this copy of Active Directory information through multi-master replication with other domain controllers in the domain and forest.

At minimum, a domain controller holds a copy of the local domain partition, the configuration partition, and the schema partition.

Note: A global catalog server is a domain controller that holds a subset of the domain

information for all domains in the entire forest.

Question: How many domain controllers should you have?

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


What Is a Read-Only Domain Controller?

Key Points

An RODC is a new type of domain controller that Windows Server 2008 supports. An RODC hosts read-only partitions of the AD DS database. This means that no changes can ever be made to the database copy stored by RODC, and all AD DS replication uses a one-way connection from a domain controller that has a writeable database copy to the RODC.

Question: In your work environment, do you have scenarios where an RODC

would be beneficial?

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Read-Only Domain Controller Features

Key Points

RODCs provide several features designed to work together to increase security. These features minimize the risks of deploying a domain controller in a location with low physical security or high exposure to attack.

Question: If you plan to use one or more RODCs in your work environment,

which RODC features do you plan to use?

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Demonstration: Joining a Domain

Key Points

Join NYC-CL1 to the WoodgroveBank.com domain.

View the results of joining the domain.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Lesson 3

Using Windows Server 2008 Administrative Tools

Each administrative tool included with Windows Server 2008 is used to manage different system components. Administrative tools include:

Microsoft Management Console

Problem Reports and Solutions

Server Manager

Computer Management

Device Manager

By understanding the administrative tools available to you in Windows Server 2008, you can choose the best tool for the administrative task at hand.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED



Key Points

A snap-in is a program that allows you to perform specific administrative tasks.

New snap-ins are added when you install additional software components. For example, the snap-ins for managing Microsoft® Exchange Server 2007 are added when you install Exchange Server 2007.

You can remotely administer a server by re-focusing the MMC snap-in to the remote server.

Custom consoles allow you to create a console with only the capabilities that you require as part of your job role." Question: Will you create customized consoles for most of your management tasks?

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Server Manager

Key Points

Combining frequently used snap-ins into a single console simplifies administration of your server.

Question: Why is it beneficial to combine frequently used snap-ins into a single

console?

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Computer Management

Key Points

This administrative tool is included with Windows 2000 Server and Windows Server 2003 operating systems. Many of the snap-ins found in Server Manager are also found in Computer Management.

Question: Will you use Computer Management or Server Manager to manage

your servers?

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Device Manager

Key Points

On of the most common uses for Device Manager is updating device drivers. Device drivers are used by the operating system to communicate with devices such as network adapters or video adapters. When an incorrect driver is used, the device will typically have limited functionality or no functionality at all.

Device Manager visually indicates if a device is disabled or is not functioning properly. This makes it easy to identify malfunctioning components.

Question: Why would you update a device driver if a device appears to be

working properly?

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED



Key Points

Problem Reports and Solutions is a utility for monitoring and resolving system problems. Problem Reports and Solutions records the details of a system problem, and then contacts Microsoft for a resolution of the problem.

Question: How does Problem Reports and Solutions improve upon the Dr.

Watson utility found in previous versions of Microsoft Windows® operating

system?

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Demonstration: Using Windows Server 2008 Administrative Tools

Key Points

Use Problem Reports and Solutions.

Use Server Manager.

Use Computer Management.

Use Device Manager.

Question: Which of the administrative tools demonstrated will you use most

often?

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Common Administration Tasks

Key Points

Administrative tools can be grouped by the task in which each tool will commonly be used. Sometimes multiple tools may be used to carry out a single task.

Question: Describe one or more common administrative tasks you carry out in

your work environment and a tool that would be used to carry out this task.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Lesson 4

Using Remote Desktop for Administration

Remote Desktop for Administration is widely used by most organizations to access servers remotely and to perform system maintenance. There are many configuration options you can use for controlling security of the connections and other connection characteristics. Remote Desktop for Administration can help you reduce the time and effort involved in server administration tasks.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Remote Desktop for Administration

Key Points

Remote Desktop for Administration is a service that allows administrators to access the desktop of a computer running Windows Server 2008 remotely. This service can be used to access a server from a corporate desktop or a remote location.

Note the following primary differences between Remote Desktop for Administration and the Windows Server 2008 Terminal Services role:

Remote Desktop for Administration is limited to 2 concurrent remote connections.

Remote Desktop for Administration requires no extra licensing.

Remote Desktop for Administration is installed by default but is not enabled by default.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Note: Remote Desktop for Administration generates a much smaller amount of network

data than running server management utilities over the network from a workstation.

Question: What concerns are there about allowing a server administrator to use

Remote Desktop for Administration from home?

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Benefits of Remote Desktop for Administration

Key Points

Remote Desktop for Administration is a useful tool with several benefits.

Note: Even though server core does not include a graphical desktop, you can enable

Remote Desktop for Administration. Once connected, you are presented with a

command prompt rather than a Windows desktop.

Question: Can Remote Desktop for Administration result in cost savings for an

organization?

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Demonstration: Remote Desktop Client Configuration

Key Points

View the Remote Desktop options on NYC-CL1.

Question: Why would you disable client features such as local drives and

printers?

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Securing Remote Desktop for Administration

Key Points

The first level of securing Remote Desktop for Administration is controlling who can use it.

Remote Desktop for Administration is disabled by default. You can leave it disabled for high security installations.

When enabled, access can be controlled by making users members of the Remote Desktop Users group. Members of the Local Administrators group are allowed to connect by default.

Security layer determines the type of encryption that is performed between the client and server.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Encryption level controls which data is encrypted and the strength of the encryption.

Require Network Level Authentication setting requires users to enter a username and password before connecting to the server.

Question: Why should you not use the low encryption level?

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Demonstration: Using Remote Desktop for Administration

Key Points

On NYC-DC1, enable Remote Desktop for Administration.

Configure security settings on NYC-DC1.

Connect to the console with the /console switch.

Question: When is connecting to the server console, rather than a remote session,

useful?

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Lab: Administering Windows Server 2008

Exercise 1: Install the Terminal Server Role

Scenario

You have decided to prepare the server NYC-SVR1 for remote management through Remote Desktop. You will also install the DNS Server role and verify domain membership on NYC-SVR1.

In this exercise you will install the DNS Server role and verify domain membership.

The main tasks for this exercise are as follows:

1. Start the virtual machines, and then log on.

2. Install the DNS Server Role.

3. Verify domain membership.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Task 1: Start the virtual machines, and then log on

1. On your host machine, click Start, point to All Programs, point to Microsoft Learning, and then click 6419A. The Lab Launcher starts.

2. In the Lab Launcher, next to 6419A-NYC-DC1, click Launch.

3. In the Lab Launcher, next to 6419A-NYC-CL1, click Launch.

4. In the Lab Launcher, next to 6419A-NYC-SVR1, click Launch.

5. Log on to NYC-DC1 as Administrator with the password Pa$$w0rd.

6. Log on to NYC-CL1 as Administrator with the password Pa$$w0rd.

7. Log on to NYC-SVR1 as Administrator with the password Pa$$w0rd.

8. Minimize the Lab Launcher window.

Task 2: Install the DNS Server Role

1. On NYC-SVR1, use Server Manager to install the DNS Server role using the following settings:

Add only the DNS Server role service.

Task 3: Verify domain membership

1. On NYC-DC1, in Active Directory Users and Computers, verify that the NYC-SVR1 computer account exists.

2. On NYC-SVR1, log on as Woodgrovebank\Administrator with a password of Pa$$w0rd.

3. In Local Users and Groups, verify that Domain Admins is a member of the local administrators group.

Results: After this exercise, you should have successfully installed the Terminal Services role and successfully verified domain membership.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Exercise 2: Configuring Remote Desktop for Administration

Scenario

The server NYC-SVR1 is being used to run a new application for loan applications. The person responsible for monitoring this application needs access to NYC-SVR1 remotely because he is not authorized to enter the data center. You need to enable Remote Desktop for Administration for Axel Delgado with the highest level of security possible.

In this exercise you will enable Remote Desktop for Administration, and configure security settings to allow Axel Delgato to carry out remote administration tasks.

The main tasks for this exercise are as follows:

1. Enable Remote Desktop for Administration.

2. Grant Axelo Delgado access to Remote Desktop for Administration on NYC-SVR1.

3. Configure security for Remote Desktop for Administration.

4. Give Axel Delgado rights to run Reliability and Performance Monitor.

5. Verify Remote Desktop for Administration Functionality.

Task 1: Enable Remote Desktop for Administration

1. On NYC-SVR1, open Remote settings in System Properties.

2. Allow connections only if Network Level Authentication is used.

Task 2: Grant Axel Delgado access to Remote Desktop for

Administration on NYC-SVR1

On NYC-SVR1 in Remote Settings, add Axel Delgado as a user allowed to connect remotely.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Task 3: Configure security for Remote Desktop for Administration

1. On NYC-SVR1, open Terminal Service Configuration.

2. In the properties of RDP-Tcp configure:

Security layer: SSL (TLS1.0)

Encryption level: High

Allow connections only from computers running Remote Desktop with Network Level Authentication

Task 4: Give Axel Delgado rights to run Reliability and Performance

Monitor

On NYC-SVR1, use Local Users and Groups to add Axel Delgado as a member of Performance Log Users.

Task 5: Verify Remote Desktop for Administration Functionality

1. On NYC-CL1, open Remote Desktop Connection.

2. Log on using the following information:

Computer: NYC-SVR1.woodgrovebank.com

User name: woodgrovebank\Axel

Password: Pa$$w0rd

3. In the Remote Desktop Connection window, open Reliability and Performance Monitor. Notice that Resource Overview is not available to Axel Delgado.

4. Verify that Axel Delgado can view information in Performance Monitor.

Results: After this exercise, you should have successfully used Axel Delgado's account to remotely access NYC-SVR1 and run Reliability and Performance Monitor.

Lab Shutdown After you complete the lab, you must shut down the 6419A-NYC-DC1, 6419A-NYC-CL1, and 6419A-NYC-SVR1 virtual machines and discard any changes.

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Module Review and Takeaways

Review Questions

1. Which server role must be installed to configure Windows Server 2008 as a domain controller?

2. What is the relationship between Active Directory domains and Active Directory forests?

3. Which administrative tool tracks system crashes and attempts to resolve them?

4. When monitoring performance, which tools can you use to track CPU utilization over time?

BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED


Real-world Issues and Scenarios

1. You are the lead server administrator for your location in a large organization. There are 4,000 users in your location, with seven server administrators. You would like to configure administrative tools for the server administrators that you manage. Each administrative tool would have all the options required for them to perform their job tasks. How can you create these custom tools?

2. A computer running Windows Server 2008 has been in your organization for about two months. It has been running perfectly until last week. Since last week, it has been crashing once or twice a day. How can you determine the cause of this problem?

3. You are the server administrator for a small organization with 100 users and three computers running Windows Server 2008. Your IT manager would like to respond more quickly to support calls after business hours. Currently, you drive into the office when required. This takes up to an hour. How can you avoid the need to return to the office to perform support tasks after hours? And how will you address security concerns?

Tools

Tool Use for Where to find it

Active Directory Users and Computers

Create user accounts Administrative Tools

Active Directory Domains and Trusts

View and manage trusts Administrative Tools

Active Directory Sites and Services

View and manage Active Directory sites

Administrative Tools

ADSI Edit Perform manual edits of Active Directory objects



Add snap-ins to perform administrative tasks

Create custom consoles

Command prompt


Track solutions to system problems


BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED



Server Manager Add or remove server roles and features

Perform diagnostics

Manage server configuration

Manage server storage


Computer Management Share folders

Access system tools

Manage server storage

Manage services

Manage Routing and Remote Access


Device Manager Configure devices

Update drivers

Administrative Tools, Computer Management, Server Management

Task Manager View applications and processes

View basic performance information

Ctrl+Alt+Del, right-click taskbar, Ctrl+Shift+Esc

Reliability and Performance Monitor

Resource Overview

Performance Monitor

Reliability Monitor

Data Collector Sets


Event Viewer View events in logs

Collect events at a single computer

Query events

Administrative Tools, Computer Management, Server Management

Remote Desktop for Administration

Remotely connect to servers and perform administrative tasks

Control Panel > System > Remote settings

Terminal Services Configuration

Configure Remote Desktop for Administration


BE

TA

CO

UR

SE

WA

RE

EX

PIR

ES

2/6

/20

09

MC

T U

SE

ON

LY

. ST

UD

EN

T U

SE

PR

OH

IBIT

ED



Local User and Computers snap-in

Used to manage local users and groups

Computer Management, Server Management

Active Directory Users and Computers

Used to manage domain user accounts and groups


Run As Administrator Elevate privileges of a program

Context menu when right-clicking an application shortcut

runas Elevate privileges of a program

Command prompt

Material modulo01 asf6501(6419-a_01)

Technology

server roles windows

servers windows server

management of windows

windows hpc server

edition of windows server

remote server

server administration

dhcp server