Table of Contents - TestOut€¦ · Web viewThis course prepares students for TestOut’s Server Pro: Manage and Administer exam and Microsoft’s 70-411 certification exam. Module
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
TestOut Server Pro:Manage and Administer – English 3.1.x
Revised 2016/05/17
Table of Contents
Course Overview...................................................................................................4Course Introduction for Instructors........................................................................5Section 1.1: Active Directory Overview.................................................................7Section 1.2: Speeding Up Authentication..............................................................8Section 1.3: Single Master Operations Roles (FSMO)..........................................9Section 1.4: Read Only Domain Controllers (RODCs)........................................11Section 1.5: Virtual Domain Controllers...............................................................13Section 1.6: Service Accounts.............................................................................14Section 1.7: Maintaining Active Directory............................................................16Section 1.8: Restoring Active Directory...............................................................18Section 2.1: Group Policy Foundation.................................................................20
Section 2.2: Administrative Templates................................................................23Section 2.3: Folder Redirection...........................................................................25Section 2.4: Software Deployment......................................................................26Section 2.5: Security Settings..............................................................................28Section 2.6: Password and Account Policies......................................................30Section 2.7: Advanced Auditing...........................................................................32Section 2.8: Preferences.....................................................................................34Section 2.9: Group Policy Management..............................................................36Section 2.10: Management Delegation...............................................................38Section 3.1: File Server Resource Manager........................................................39Section 3.2: Distributed File System....................................................................41Section 3.3: Distributed File System Replication.................................................43Section 3.4: File Encryption.................................................................................45Section 3.5: Disk Encryption................................................................................47Section 4.1: DNS Name Resolution....................................................................49Section 4.2: DNS Forwarding and Delegation.....................................................50Section 4.3: DNS Zone........................................................................................52Section 4.4: DNS Zone Management..................................................................54Section 4.5: DNS Records...................................................................................56Section 4.6: DNS Options....................................................................................58Section 5.1: Routing............................................................................................60Section 5.2: Network Address Translation (NAT)................................................62Section 5.3: Virtual Private Networks (VPN).......................................................63Section 5.4: Network Policy Server.....................................................................65Section 5.5: RADIUS...........................................................................................67Section 5.6: Network Access Protection..............................................................69
Section 5.7: DirectAccess....................................................................................71Section 6.1: Windows Software Update Services (WSUS).................................73Section 6.2: Windows Deployment Services (WDS)...........................................76Section 6.3: WDS Image Management...............................................................78Section 6.4: Performance Monitor.......................................................................80Section 6.5: Event Viewer...................................................................................82Section 6.6: Network Monitor..............................................................................84Server Pro: Manage and Administer Practice Exams.........................................85Microsoft 70-411 Practice Exams........................................................................86Appendix A: Approximate Time for the Course...................................................87Appendix B: Exam 70-411: Administering Windows Server 2012 Objectives.....90Appendix C: Server Pro: Manage and Administer Objectives.............................96
Course OverviewThis course prepares students for TestOut’s Server Pro: Manage and Administer exam and Microsoft’s 70-411 certification exam.
Module 1 – Active DirectoryThis module teaches the students details about using Active Directory. This will include authentication, FSMO, RODCs, and maintaining and restoring Active Directory.
Module 2 – Group PolicyIn this module students will learn about creating, configuring and managing GPOs.
Module 3 – File Services This module teaches students about controlling and organizing file resources and protecting access to data.
Module 4 – DNSThis module examines name resolution, resolving queries for records, creating and managing DNS zones, and creating DNS records.
Module 5 – Remote Access ManagementIn this module students will learn concepts about managing remote access. This includes understanding and configuring routers, securing communications over an untrusted network, authorizing remote clients and protecting access to a network.
Module 6 – Server ManagementThis module discusses management of server such as, updating software, deploying operating systems, and monitoring server, logs, and network traffic.
Practice ExamsIn Practice Exams students will have the opportunity to test themselves and verify that they understand the concepts and are ready to take the certification exam. The practice exams contain examples of the types of questions that a student will find on the actual exam:
Microsoft 70-411 Practice Exams Server Pro: Manage and Administer Practice Exams
This course provides students with the knowledge to become industry certified as a Windows professional. It prepares the student for the following exams:
Microsoft’s 70-411: Administering Windows Server 2012 TestOut’s Server Pro: Manage and Administer
Microsoft’s 70-411: Administering Windows 2012 certification measures the students’ ability to administer, configure, and manage Windows Server 2012 operating system. The following knowledge domains are addressed:
Deploy, manage, and maintain servers Configure file and print services Configure network services and access Configure a network policy server infrastructure Configure and manage Active Directory Configure and manage Group Policy
Note: MS 70-411 objectives are listed in Appendix B: 70-411: Administering Windows Server 2012 Objectives
TestOut’s Server Pro: Manage & Administer certification measures the students’ ability to perform real-world job skills using the Windows Server 2012 operating system. The following knowledge domains are addressed:
Active Directory Management Group Policy Configuration File Services Management DNS Configuration Routing Configuration Routing and Remote Access Configuration Deployment Management
Note: TestOut’s Server Pro: Manage & Administer objectives are listed in Appendix C: Server Pro: Manage and Administer Objectives
The section introductions in LabSim and the lesson plans list the objectives that are met for each of the exams in that section.
The following icons are placed in front of lesson items in LabSim to help students quickly recognize the items in each section:
= Demonstration
= Exam
= Lab/Simulation
= Text lesson or fact sheet
= Video
The video and demonstration icons are used throughout the lesson plans to help instructors differentiate between the timing for the videos and demonstrations.
In the lesson plans the Total Time for each section is calculated by adding the approximate time for each section which is calculated using the following elements:
Video/demo times Approximate time to read the text lesson (the length of each text lesson is
taken into consideration) Simulations (5 minutes is assigned per simulation. This is the amount of
time it would take for a knowledgeable student to complete the lab activity. Plan that the new students will take much longer than this depending upon their knowledge level and computer experience.)
Questions (1 minute per question)
Note: Appendix A: Approximate Time for the Course contains the approximate time for each section which are totaled for the entire course.
Section 1.2: Speeding Up Authentication SummaryThis section provides information about speeding up authentication in the case of multiple-domain and multiple-site design. Features to improve performance in these situations include:
Global Catalog Universal Group Membership Caching (UGMC) Global Catalog vs UGMC Lightweight Directory Access Protocol (LDAP)
Students will learn how to:
Add or remove the global catalog from a domain controller. Enable Universal Group Membership Caching for a site.
Server Pro: Manage and Administer Exam Objectives: 1.0 Active Directory Management.
o Implement Global Catalog Serverso Implement Universal Group Membership Caching (UGMC)
o Configure Universal Group Membership Caching (UGMC)
Lecture Focus Questions: What are the advantages of having more than one Global Catalog server? Why does a single domain network not need a Global Catalog server? What is the function of Universal Group Membership caching? When should Universal Group Membership caching be implemented?
When would you use global catalog servers instead?
Video/Demo Time1.2.1 Authentication Overview 4:471.2.2 Global Catalog Servers and UGMC 2:23
Total 7:10Lab/Activity
Configure Global Catalog ServersEnable Universal Group Membership Caching
Section 1.3: Single Master Operations Roles (FSMO) SummaryThis section provides details about Single Master Operations Roles (FSMO). Students will learn about:
The role of operations master roles Operation roles at the forest levels:
o Schema mastero Domain naming master
Operation roles at the domain levels:o Relative ID (RID) Mastero Primary Domain Controller (PDC) Emulatoro Infrastructure Master
Considerations about using operations master roles Recommendations when designing operations master roles placement Managing operations master role placement Tools to manage operations master role placement:
o MMC Snap-in Management Toolo Ntdsutil.exe
Details about the standby operations master
Students will learn how to:
Transfer operation master roles among domain controllers. Troubleshoot operation master roles to diagnose network problems. Seize an operation master role in the case of a failed role operations
master.
Server Pro: Manage and Administer Exam Objectives:
1.0 Active Directory Management.o Manage Flexible Single-Master Operation (FSMO) roles
70-411 Exam Objectives:
502. Configure Domain Controllers. o Transfer and seize operations masters
What is the purpose of an operation master role server? What is the function of a PDC emulator? What does the infrastructure
master do? Which operations master roles are located at the forest level? How many
of these roles are there in a forest? How many domain operations masters are in a forest? You are installing a new domain controller in a new domain in an existing
forest. How many operation master roles will that server hold? What might happen if the RID master becomes unavailable? Which role(s) should be placed on a global catalog server? Which roles
should not? What is the difference between transferring a role and seizing a role?
Section 1.4: Read Only Domain Controllers (RODCs) SummaryThis section provides information about deploying Read Only Domain Controllers (RODCs). Details covered include:
Features of RODCs:o Administrator role separationo Unidirectional replicationo Read-only datao Password replicationo DNS Server service
Installing RODC
Students will learn how to:
Pre-create RODC accounts in Active Directory. Install an RODC.
Server Pro: Manage and Administer Exam Objectives:
1.0 Active Directory Management.o Implement a Read Only Domain Controller (RODC)
70-411 Exam Objectives:
502. Configure Domain Controllers. o Install and configure a read-only domain controller (RODC)
Lecture Focus Questions:
What is the purpose of administrator role separation? How does unidirectional replication protect your network? How does using an RODC allow for domain logon in the event of a WAN
link failure? How do DNS zones work differently on an RODC? What are the forest functional level requirements for installing an RODC? Which operating system versions must run on the PDC emulator? Which permissions do you need to install an RODC?
Issues concerning creating a snapshot of a Virtual Domain Controller and later reverting back to earlier snapshots
o Update Sequence Number (USN) rollbacko VM-Generation-ID
System requirements:o Supported hypervisorso Supported guest operating systems
Virtual Domain Controller Cloning System prerequisites before cloning a virtual domain controller:
o Supported hypervisorso Supported guest operating systemso PDC Emulator
The basic steps for cloning a virtual domain controller
70-411 Exam Objectives:
502. Configure Domain Controllers. o Configure Domain Controller cloning
Lecture Focus Questions: Which versions of the Windows operating system support VM-
Generation-ID identifiers? Why is the VM-Generation-ID stored in two different locations? What is the advantage of creating a new virtual domain controller by
cloning an existing virtual domain controller? Which group must the computer object for the domain controller be a
Section 1.6: Service Accounts SummaryThis section examines using service accounts to allow an application or service to interact with the operating system. Concepts covered include:
Categories of service accounts:o Built-in local user accounto Domain user accounto Managed service accounto Virtual accounto Group managed service account
Requirements to use managed or virtual accounts Common service account cmdlets:
o New-ADServiceAccounto Get-ADServiceAccounto Set-ADServiceAccounto Remove-ADServiceAccounto Install-ADServiceAccount
Considerations when using group managed service accounts
Students will learn how to:
Create a service account. Create a managed service account and a group managed service
account.
70-411 Exam Objectives:
501 Configure service authentication. o Create and configure Service Accounts o Create and configure Group Managed Service Accounts o Create and configure Managed Service Accounts o Configure Kerberos delegation o Manage Service Principal Names (SPNs) o Configure virtual accounts
What are the differences between a managed service account and a virtual service account?
Which operating system is required to manage a service with a managed service account?
Which Windows PowerShell cmdlet will create a new managed service account?
If you have a domain controller running Windows Server 2003, how can you still use a virtual account?
Video/Demo Time1.6.1 Overview of Service Accounts 2:551.6.2 Kerberos Delegation 2:331.6.3 Creating Service Accounts 10:321.6.4 Creating Managed Service Accounts 5:131.6.5 Creating Group Managed Service Accounts 7:431.6.6 Configuring Virtual Accounts 1:25Total 30:21
Section 1.7: Maintaining Active DirectorySummaryIn this section students will learn details about maintaining Active Directory. Concepts covered include:
Considerations when performing a system state backup Using the Group Policy Management console to back up and restore only
Group Policy data Steps to make and use snapshots of the Active Directory database Tasks that can be performed from the command using the NTDSUtil
commando Changing the recovery mode passwordo Cleaning the metadatao Manually compacting the databaseo Manually moving the database and log files
Students will learn how to:
Back up Active Directory and the SYSVOL. Create and mount an Active Directory snapshot. Use the NTDSUtil command to manage and optimize Active Directory
from the command line.
Server Pro: Manage and Administer Exam Objectives:
1.0 Active Directory Management.o Backup Active Directory
70-411 Exam Objectives:
503 Maintain Active Directory. o Back up Active Directory and SYSVOLo Manage Active Directory offlineo Optimize an Active Directory databaseo Clean up metadatao Configure Active Directory snapshots
Which backup type should you perform if you want to protect Active Directory?
What are the requirements for performing a system state backup? When using the dsamain command with the /dbpath option to expose a
snapshot through an LDAP server, why can't you use port 389? Which port should you use?
Using NTDSUtil, which tasks can you perform to manage the Active Directory?
Video/Demo Time1.7.1 Backing up Active Directory 2:101.7.2 Backing up AD and the SYSVOL 2:361.7.4 Managing AD Snapshots 7:511.7.7 Active Directory Maintenance 4:171.7.8 Using NTDSUtil 12:25
Section 1.8: Restoring Active DirectorySummaryThis section discusses methods of restoring Active Directory. Details include:
Active Directory Recycle Bin:o Requirementso Enabling the Recycle Bin
Steps to enable the Recycle Bin in an existing forest Considerations when using the Recycle Bin to restore delete Active
Directory objects Types of restoration available when restoring Active Directory:
o Nonauthoritativeo Authoritative
Methods for performing a domain controller restore:o Reinstalling Active Directoryo Nonauthoritative system state restoreo Authoritative system state restoreo Critical volume or Bare metal recovery
Set the Burflags registry settings at the domain controller to perform a restore to all replicas in the domain:
o D2 performs a nonauthoritative restoreo D4 performs an authoritative restore
Methods to restore lost Active Directory data:o LostAndFound containero Nonauthoritative restoreo Authoritative restoreo Active Directory Recycle Bino Database snapshot
Warning and solution of a problem where group membership will not be restored when you restore Active Directory objects with an authoritative restore
Students will learn how to:
Use the AD Recycle Bin to recover AD deleted objects. Use the Administrative Center to recover a user. Use the PowerShell command to recover a user. Perform an authoritative restore using NTDSUtil.
503 Maintain Active Directory. o Perform object- and container-level recoveryo Perform Active Directory restoreo Configure and restore objects by using the Active Directory Recycle
Bin
Lecture Focus Questions:
What is the difference between an authoritative and a nonauthoritative restore?
Why might group membership not be restored with an authoritative restore? When would this problem exist and how can you overcome it?
Which forest functional level is required for the Active Directory Recycle Bin?
What are the differences when a deleted object lifetime expires versus when a recycled object lifetime expires?
Video/Demo Time1.8.1 Restoring Active Directory 6:561.8.2 Active Directory Recycle Bin 6:281.8.4 AD Restore 10:00
Section 2.1: Group Policy Foundation SummaryThis section discusses creating and managing Group Policy objects. Details include:
GPO settings:o Undefinedo Defined
Considerations when you configure GPO settings Intervals that Windows refreshes the effective Group Policy settings Gpupdate command switches to manually refresh group policy settings:
o No switcho /forceo /target:usero /target:computero /booto /logoff
Group Policy inheritance:o The order in which GPOs are appliedo Effective GPO settingso Categories:
Computer policies User policies
Methods to customize how GPO settings are applied:o Block inheritanceo Enforcedo GPO Permissionso Disabling a GPO linko Disabling a part of the GPOo WMI filteringo Loopback processingo Slow link detectiono Group Policy cachingo Account policies
Guidelines when you use GPOs to deploy GPOs
Students will learn how to:
Create and link Group Policy objects. Modify and control Group Policy processing order. Control how group policies are processed by configuring Group Policy
Troubleshoot Group Policy from a workstation using gpresult and RSOP. Troubleshoot Group Policy from a server using Group Policy Modeling and
Group Policy Results. Block inheritance to domain controllers and member servers.
Server Pro: Manage and Administer Exam Objectives:
2.0 Group Policy Configuration. o Manage Group Policy processing order
70-411 Exam Objectives:
601 Configure Group Policy processing. o Configure processing order and precedenceo Configure blocking of inheritanceo Configure enforced policieso Configure security filtering and WMI filteringo Configure loopback processingo Configure and manage slow-link processingo Configure client-side extension (CSE) behavior
Lecture Focus Questions:
What is the difference between deleting a GPO and deleting a GPO link? What is an undefined GPO setting? How does this affect the effective
settings for a user or computer? When are Group Policy settings refreshed? How do you manually refresh Group Policy settings? What will determine the effective Group Policy setting when an individual
setting is configured in two different GPOs? When are computer policies enforced? User policies enforced? How do you prevent inheritance from being blocked for a specific GPO?
Video/Demo Time2.1.1 Group Policy Processing Order 4:512.1.2 Linking GPOs 4:042.1.3 Modifying GPO Processing Order 4:342.1.4 Modifying GPO Processing Order 8:542.1.5 Loopback Processing and Slow Link Detection 2:252.1.6 Loopback Processing and Slow Link Detection 8:162.1.7 Configuring Group Policy Caching 3:542.1.9 Troubleshooting Group Policy 8:51
What is the Administrative Template central store and where is it located? What are the advantages of the .admx file format? What is the function of .adml files?
Video/Demo Time2.2.1 Custom Administrative Templates 1:502.2.2 Importing Custom Administrative Templates 3:582.2.4 Converting Administrative Templates 4:062.2.5 Configuring Property Filters 2:182.2.6 Central Stores 1:452.2.7 Creating a Central Store 3:522.2.8 Exploring Admin Template Settings 6:48
Section 2.5: Security Settings SummaryThis section examines the following common GPO security setting categories:
Account Policies Local Policies/Audit Policy Local Policies/User Rights Assignment Local Policies/Security Options Windows Firewall with Advanced Security Network List Manager Policies Public Key Policies Software Restriction Policies Application Control Policies IP Security Policies Advanced Audit Policy Configuration Event Log Restricted Groups System Services Registry File System Wireless Network
Students will learn how to:
Configure, save, and import a security template.
Server Pro: Manage and Administer Exam Objectives:
2.0 Group Policy Configuration. o Implement the following GPO policies:
Security Advanced audit
70-411 Exam Objectives:
602. Configure Group Policy settings. o Import security templates
What is the difference between a user right and a security option? Under what conditions are Account Policies in effect? What are some of the User Rights Assignments you might consider using? What is the function of the Network List Manager Policies?
Considerations when managing account policies Kerberos policies:
o Enforce user logon restrictionso Maximum lifetime for service ticketo Maximum lifetime for user ticketo Maximum lifetime for user ticket renewalo Maximum tolerance for computer clock synchronization
The role of granular password policies Facts about granular password policies Using ADSI Edit to create a PSO Managing granular passwords using Active Directory Administrative
Center
Students will learn how to:
Configure and manage Account Policy settings. Use ADSI Edit to configure granular password policy settings.
Server Pro: Manage and Administer Exam Objectives:
2.0 Group Policy Configuration. o Implement the following GPO policies:
504. Configure account policies. o Configure domain user password policyo Configure and apply Password Settings Objects (PSOs)o Delegate password settings managemento Configure local user password policyo Configure account lockout settingso Configure Kerberos policy settings
Lecture Focus Questions:
Users in a network have to change their passwords every 30 days, but many users have reported that they simply enter the same password to make the change. Which policy can you configure to prevent this?
What is the effect of setting the minimum password age account policy to 5 days?
How can you prevent users from creating passwords like desk, mom, chair, or office?
What is the effect of setting the account lockout policy to 0? What happens when you configure the Account Policies settings in a GPO
linked to an OU? How can you configure different account policy settings for different
users? Which object types can you associate with a granular password policy? A user has a granular password policy applied directly to the user account,
and a different policy applied to a group of which the user is a member. Which policy will be in effect?
Section 2.7: Advanced Auditing SummaryThis section provides information about 53 new auditing capabilities that have been integrated with Group Policy. Concepts covered include:
Details about the advanced audit policy configuration Categories of the 53 new auditing policy settings:
Section 2.8: Preferences SummaryThis section discusses using Group Policy preferences to configure, deploy, and manage operating system and application settings that you cannot manage using Group Policy settings. Details covered include:
Comparison of characteristics of Group Policy preferences to Group Policy settings
Facts about Group Policy preferences Group Policy preferences:
o Drive mapso Environmento Files Folderso Ini Fileso Network shareso Registryo Shortcutso Deviceso Folder optionso Internet settingso Local users and groupso Network optionso Power optionso Printerso Regional optionso Scheduled taskso Serviceso Start menu
Students will learn how to:
Configure Group Policy preferences in a GPO. Deploy shortcuts in a GPO.
Server Pro: Manage and Administer Exam Objectives:
2.0 Group Policy Configuration. o Configure Group Policy Preferences
604 Configure Group Policy preferences. o Configure Group Policy Preferences (GPP) settings including
printers, network drive mappings, power options, custom registry settings, Control Panel settings, Internet Explorer settings, file and folder deployment, and shortcut deployment.
o Configure item-level targeting
Lecture Focus Questions:
What is the main difference between Group Policy preferences and Group Policy settings?
Which types of applications and operating system features does Group Policy preferences support?
How do you configure Group Policy preferences? What are the operating system prerequisites for applying Group Policy
preferences?
Video/Demo Time2.8.1 Group Policy Preferences 1:582.8.2 Configuring Group Policy Preferences 7:47
Total 9:45
Lab/Activity
Configure Internet Explorer Settings in a GPOConfigure Power Options in a GPODeploy Desktop Shortcuts in a GPO
The dcgpofix command switches to restore the default group Policy objects to their original state:
o /target:dco /target:domaino /target:botho /ignoreschema
Using the Remote Group Policy update Updating Group Policy using the Group Policy Management console
Students will learn how to:
Back up and restore a GPO. Create and configure a migration table to migrate domain-specific settings. Restore default GPOs to what they were initially when Active Directory
Server Pro: Manage and Administer Exam Objectives:
2.0 Group Policy Configuration.o Backup and restore GPOs
70-411 Exam Objectives:
603. Manage Group Policy objects (GPOs).o Back up, import, copy, and restore GPOso Create and configure Migration Tableo Reset default GPOso Force Group Policy update
Lecture Focus Questions:
What is the difference between deleting a GPO and deleting a GPO link? How can you copy a GPO from one domain to another? How can you
copy starter GPOs? Which tools can you use to manage GPOs and GPO links? When moving GPOs from one domain to another, how do you handle
settings that are domain-specific and cannot be copied directly?
Section 3.1: File Server Resource Manager SummaryThis section provides details of using the File Server Resource Manager to allow administrators to understand, control, and manage the quantity and type of data stored on their servers. Concepts covered include:
FSRM is installed as a role service of the File Services role Key FSRM features:
Methods for configuring quotas for Windows Server:o NTFS Disk Quotaso FSRM Folder and Volume Quotas
Students will learn how to:
Configure volume and folder quotas. Create quota templates. Configure file screens and file screen exceptions. Generate FSRM reports for both quotas and overall file system use.
Schedule FSRM reports.
Server Pro: Manage and Administer Exam Objectives:
What are the primary differences between disk quotas with NTFS and quotas implemented through FSRM?
How does a soft quota differ from a hard quota? How do quota templates facilitate quota management? What is the difference between a quota and a file screen? How is an active file screen more restrictive than a passive file screen? How can you automatically assign classification information to files? What can you accomplish with the file expiration task?
Section 3.2: Distributed File System SummaryThis section discusses using the Distributed File System (DFS) to provide a way to logically organize shared folders on multiple servers into a single logical folder hierarchy called a namespace. Concepts covered include:
DFS Namespaces include the following components:o Namespaceo Namespace servero Namespace rooto Folder
Namespace types and criteria:o Stand-aloneo Domain-based
Considerations when managing DFS Namespaces
Students will learn how to:
Create a DFS namespace with folders and targets. Add role services as required to support DFS and the appropriate
replication method.
Server Pro: Manage and Administer Exam Objectives:
Section 3.3: Distributed File System Replication SummaryThis section discusses using the Distributed File System replication to increase fault tolerance and improve access. Concepts covered include:
Components that DFS replication uses to control replications:o Replication groupo Replicated foldero Connection
Considerations when configuring DFS Cloning the DFS database in Windows Server 2012 R2 Recovering a corrupted database using DFS Replication in Windows
Configure DFS replication of folder targets. Create and configure a replication schedule. Manage and optimize DFS by configuring staging and fault tolerance.
Server Pro: Manage and Administer Exam Objectives:
When can you add a failover cluster to a DFS replication group? How does Remote Differential Compression conserve bandwidth? Adam, Bob, and Curt access different copies of a replicated folder and
modify the same file simultaneously. When each of them saves the file, which file becomes the authoritative copy? What happens to the other copies of this file?
Video/Demo Time3.3.1 Staging and Fault Tolerance 12:003.3.2 Configuring DFS Replication Targets 6:533.3.3 Cloning the DFS Database 10:583.3.5 Optimizing DFS 10:00
Section 3.4: File EncryptionSummaryIn this section students will learn about protecting data through file and disk encryption. Concepts covered include:
Components of EFS:o Encryption Processo Access to Encrypted Datao EFS-Related Group Policyo Encrypted Data Managemento Remote Storageo Certificate Management
Students will learn how to:
Encrypt or decrypt a file or folder. Add authorized users to allow encrypted file access. Designate DRAs for file recovery. Configure EFS settings in Group Policy.
Server Pro: Manage and Administer Exam Objectives:
3.0 File Services Management.o Encrypt files and folders with EFS
70-411 Exam Objectives:
203. Configure file and disk encryption. o Configure the EFS recovery agento Manage EFS and Bitlocker certificates including backup and
restore
Lecture Focus Questions:
What is the importance of the DRA in the encryption process? Which users have access to encrypted files and folders? What is the relationship between encryption and compression? What is the significance of encrypting the pagefile? How does Rekeywiz affect your encryption deployment?
Section 3.5: Disk EncryptionSummaryIn this section students will learn about using BitLocker to protect unauthorized data access on lost, stole or otherwise compromised systems. Concepts covered include:
BitLocker key is required to access the contents of the encrypted volume BitLocker uses integrity checking BitLocker is only available on:
o Windows Vista Ultimate and Enterprise editionso Windows 7 Ultimate and Enterprise editionso Windows 8 Professional and Enterprise editionso Windows Server 2008 or Windows Server 2008 R2o Windows Server 2012
BitLocker is not installed by default BitLocker To Go Components of BitLocker:
o BitLocker partitiono Trusted Platform Module (TPM)o Non-TPM device support
How BitLocker differs from the Encrypting File System (EFS) Security components of a BitLocker configuration:
o TPM owner passwordo Recovery keyo PINo Startup keyo Data volume keyo Data Recovery Agento Network Unlock
BitLocker modes which determine the security level:o TPM-onlyo TPM with startup keyo TPM with PINo TPM with PIN and startup keyo Without a TPM
How to configure and manage BitLocker
Students will learn how to:
Generate recovery keys and create a BitLocker DRA. Configure BitLocker on a computer with a TPM.
Server Pro: Manage and Administer Exam Objectives:
3.0 File Services Management.o Encrypt the server hard disk with BitLocker
70-411 Exam Objectives:
203. Configure file and disk encryption. o Configure BitLocker encryptiono Configure the Network Unlock featureo Configure BitLocker policieso Manage EFS and BitLocker certificates including backup and
restore
Lecture Focus Questions:
When implementing BitLocker, why is it a good idea to run a system check before encrypting the drive?
What is the difference in function between BitLocker and BitLocker To Go?
When using BitLocker, what are the requirements of the Trusted Platform Module? How can you implement BitLocker without a TPM?
What would happen if BitLocker were enabled, and the USB flash device which holds the key were to be lost?
Video/Demo Time3.5.1 BitLocker Disk Encryption 11:353.5.2 Configuring BitLocker Encryption 11:40
Section 4.1: DNS Name Resolution SummaryThis section provides details of how DNS Name Resolution maps logical host names to IP addresses. Concepts covered include:
A DNS server holds a database of hostnames and their corresponding IP addresses
HOSTS file Components of the DNS hierarchy:
o .dot domain (also called the root domain)o Top Level Domains (TLDs) (.com, .edu, .gov)o Second-level and additional domainso Hosts
Fully Qualified Domain Name (FQDN) DNS is a distributed database Caching-only DNS DNS name resolution process for the client DNS name resolution process for the server
Lecture Focus Questions:
What is the purpose of DNS? How does an FQDN identify a host? What is the difference between a DNS server and a caching-only DNS
server? What is the difference between forwarding and recursion?
Video/Demo Time 4.1.1 Fully Qualified Domain Names 3:204.1.3 Name Resolution 8:17Total 11:37
Section 4.2: DNS Forwarding and Delegation SummaryThis section provides details of using DNS forwarding and delegation to resolve queries for records. Concepts covered include:
The role of a forwarder Methods to control the server’s use of forwarders:
o Secondary zoneo Stub zoneo Conditional forwardero Disable recursion
Reasons to perform zone delegation Process to delegate a zone
Students will learn how to:
Create a root zone. Use DNS Manager to setup forwarding and conditional forwarding to
resolve names. Create a delegation to enable name resolution.
Server Pro: Manage and Administer Exam Objectives:
4.0 DNS Configuration.o Configure DNS forwarderso Create DNS delegations
70-411 Exam Objectives:
301. Configure DNS zones. o Configure zone and conditional forwardso Configure zone and conditional forward storage in Active Directoryo Configure zone delegation
Lecture Focus Questions:
What is the role of a forwarder? What could be a disadvantage of using secondary zones? Under what circumstances would you choose to set up conditional
forwarding? When should you set up zone delegation?
Section 4.3: DNS ZoneSummaryThis section discusses provides the basic information about creating and using DNS zones. Concepts covered include:
Types of DNS zones:o Primary o Secondaryo Active Directory-integratedo Stub
Zones are classified as one of two types:o Forward lookup zoneo Reverse lookup zone
Details about zone transfers Tools to update of zone data:
o DNS consoleo Dnscmd command
An Active Directory-integrated zone stores DNS information in Active Directory rather than a zone file
Students will learn how to:
Create a standard primary zone and a standard secondary zone. Create a stub zone to refer requests over to the authoritative server. Create a Primary forward lookup zone and configure it to allow zone
transfers to any server. Configure a reverse lookup zone. Create a new zone and configure the zone to be stored in Active
Directory.
Server Pro: Manage and Administer Exam Objectives:
4.0 DNS Configuration.o Create the following types of DNS zones
Primary Secondary Stub Reverse-lookup Active Directory-integrated
301. Configure DNS zones.o Configure primary and secondary zoneso Configure stub zones
Lecture Focus Questions:
What is the difference between the name resolution of a forward lookup zone and a reverse lookup zone?
What are the advantages of using an Active Directory-integrated zone? What are the main difference between a primary zone and a secondary
zone? Which tools can you use to manually force an update of zone data? Which type of DNS server can host an Active Directory-integrated zone? What is the function of the Start of Authority (SOA) record?
Video/Demo Time4.3.1 Forward and Reverse Lookup Zones 2:054.3.2 Standard DNS Zones 5:574.3.3 AD Integrated Zones 5:374.3.6 Creating a New Zone 11:29
Total 25:08
Lab/Activity
Create Standard ZonesCreate a Reverse Lookup ZoneCreate an Active Directory-integrated Zone
Section 4.4: DNS Zone ManagementSummaryThis section discusses management of DNS zones. Concepts covered include:
Details about configuring DNS zones Zone data is replicated based on the replication scope:
o All domain controllers in this domaino All DNS servers in this domaino All DNS servers in this foresto Application partition
Reverse Zone Name Format for:o IPv4o IPv6
Students will learn how to:
Change an existing zone to a different zone type. Configure the properties of an existing zone as needed. Disable zone transfers for a specified zone. Enable Dynamic DNS to minimize DNS administration.
Server Pro: Manage and Administer Exam Objectives:
4.0 DNS Configuration.o Manage zone transfers
70-411 Exam Objectives:
302. Configure DNS records. o Configure zone scavengingo Configure record options including Tim to Live (TTL) and weighto Configure secure dynamic updates
Lecture Focus Questions:
How does replicating DNS information to all domain controllers in the domain affect network traffic versus replicating to all DNS servers in the forest?
Which type of zone would you create if you wanted to use secure dynamic updates?
Section 4.5: DNS Records SummaryThis section discusses DNS records which store entries for hostnames, IP addresses, and other information in the zone database. Details include:
Common resource records:o SOA (Start of Authority)o NS (Name Server)o A (Host Address)o AAAA (Quad-A)o MX (Mail Exchanger)o CNAME (Canonical Name)o DNAME (Domain Alias)o SRV (Service Locator)o PTR (Pointer)o WINS and WINS-R Resource Records
Considerations when managing resource records Using the dnscmd command to add a DNS record
Students will learn how to:
Create and configure an MX record to identify email servers. Configure the priority and weight of a SRV record to regulate the traffic to
the records. Create A records and PTR records for hosts. Create CNAME records to be used as aliases to allow clients to access an
intranet website. Use ping to troubleshoot DNS problems.
Server Pro: Manage and Administer Exam Objectives:
4.0 DNS Configuration.o Manage dynamic DNS updates
70-411 Exam Objectives:
302. Configure DNS records. o Create and configure DNS Resource Records (RR) including A,
What information does an SOA record contain? What is the difference between an A and a quad-A record? How is the DNAME record similar to a CNAME record? Which are the most common DNS records?
Video/Demo Time4.5.1 DNS Record Types 6:194.5.2 Creating Common Records 9:44Total 16:03
Lab/Activity
Create Host RecordsCreate CNAME RecordsTroubleshoot DNS Records
Section 4.6: DNS Options SummaryIn this section students will learn about different DNS options that can be configured or controlled. Concepts covered in this section include:
DNS Manager tabs to configure DNS server properties:o Interfaceso Forwarderso Root Hintso Debug Loggingo Event Loggingo Monitoringo Securityo Advanced
Configure DNS Round Robin Debug logging options to configure debug logging:
o Packet directiono Packet contentso Transport protocolo Packet typeo Other optionso File path and nameo Maximum size (bytes)
Stale records and Time to Live (TTL) value Scavenging is controlled through a combination of DNS server and zone
properties:o Zone properties
No-refresh interval Refresh interval
o DNS server properties: Scavenge Stale Resource Records Enable automatic scavenging of stale records
o Considerations when configuring scavenging
Students will learn how to:
Enable DNS round robin on a DNS server. Enable scavenging of stale records on a DNS server. Enable scavenging of stale records and aging on Active Directory zones.
Server Pro: Manage and Administer Exam Objectives:
4.0 DNS Configuration.o Manage dynamic DNS updates
Create DNS records Configure DNS Round Robin Configure DNS aging and scavenging
70-411 Exam Objectives:
302. Configure DNS records. o Configure record options including Time to Live (TTL) and weighto Configure round robino Configure secure dynamic updates
Lecture Focus Questions:
How do stale records affect DNS server performance? When is a DNS record considered stale? How does the no-refresh interval affect scavenging? When should you activate debug logging? For what period of time? Where do you enable scavenging?
Video/Demo Time4.6.1 DNS Server Properties 0:334.6.2 Exploring DNS Server Properties 6:21
Total 6:54
Lab/Activity
Configure DNS Round RobinConfigure DNS Aging and Scavenging
303. Configure VPN and routing. o Install and configure the Remote Access role
Configure routing
Lecture Focus Questions:
Which role do you install on a Windows server to get the routing component?
What is the purpose of a default route? Under what circumstances can you most effectively use static routes? Which switch used with route add allows you to make a route permanent? Which routes are automatically added to the routing table when routing is
enabled? Which routing protocols does Windows Server 2012 support? What is the difference between RIP version 2 and RIP? Why has RIP
version 2 become the standard? What is Silent RIP and how does it affect learning and sharing routes? What affect does configuring neighbors have on RIP broadcasts and
Section 5.3: Virtual Private Networks (VPN) SummaryThis section discusses using a Virtual Private Network (VPN) to support secured communications over an untrusted network.
VPN protocols that are supported:o Point-to-Point Tunneling protocol (PPTP)o Layer Two Tunneling Protocol (L2TP)o Secure Socket Tunneling Protocol (SSTP)o Internet Key Exchange 2 (IKEv2)
Comparison of authentication protocols:o Password Authentication Protocol (PAP)o Challenge Handshake Authentication Protocol (CHAP)o Microsoft Challenge Handshake Authentication Protocol version 2
303. Configure VPN and routing. o Configure VPN settingso Configure remote dial-in settings for userso Configure routingo Configure Web Application proxy in pass-through mode
Lecture Focus Questions:
Which VPN protocols does Windows support? Which authentication protocols support smart card use? What makes CHAP vulnerable to security breaches? What type of security environments use EAP?
Section 5.4: Network Policy Server SummaryThis section discusses using the Network Policy Server for authorization of remote clients. Concepts covered include:
The role of authorization Components of a network policy:
o Conditionso Constraintso Permissionso Settings
The process used for authentication when a remote access connection is requested
Students will learn how to:
Create and configure a connection request policy with conditions, permissions, authentications, and constraints.
Create and save NPS templates that can be used later when configuring other features of NPS.
Server Pro: Manage and Administer Exam Objectives:
5.0 Routing and Remote Access Configuration.o Create Network Policy Server (NPS) policies
70-411 Exam Objectives:
402. Configure NPS policies. o Configure connection request policieso Configure network policies for VPN clients (multilink and bandwidth
allocation, IP filters, encryption, IP addressing)o Manage NPS templateso Import and export NPS policies
Section 5.5: RADIUS SummaryThis section examines using network policies stored on a RADIUS server to authenticate remote access clients from multiple servers. Concepts covered include:
Components of a RADIUS solution:o Remote access clientso RADIUS cliento RADIUS servero RADIUS proxyo Remote RADIUS server groupo Network policieso Connection request policieso RADIUS Accountingo NPS templateso User account databaseso RADIUS messages
Configuration components and tasks to configure a RADIUS solution:o RADIUS servero RADIUS cliento Remote access cliento RADIUS proxyo RADIUS Accounting
Best practices for configuring NPS for RADIUS RADIUS Accounting
o Types of events to log on the RADIUS server: Accounting requests Authentication requests Periodic status information logs
o Types of logging that can be configured: Local file logging SQL server logging
Students will learn how to:
Configure a remote access server as a RADIUS client. Configure a RADIUS server. Configure a RADIUS proxy by configuring Remote RADIUS Server groups
Server Pro: Manage and Administer Exam Objectives: 5.0 Routing and Remote Access Configuration.
o Configure a RADIUS authentication solutiono Implement a RADIUS proxy server
70-411 Exam Objectives: 401. Configure Network Policy Server (NPS).
o Configure multiple RADIUS server infrastructureso Configure a RADIUS servero Configure RADIUS clientso Manage RADIUS templateso Configure RADIUS accountingo Configure certificates
Lecture Focus Questions: When using a RADIUS solution, where are network access policies
configured? What is the difference between a RADIUS client and a remote access
client? Why would you implement a RADIUS proxy? What is the difference between a RADIUS client and a RADIUS proxy? What is the difference between a connection request policy and a network
access policy? How does the RADIUS proxy use the remote RADIUS server group when
Section 5.6: Network Access Protection SummaryThis section discusses using Network Access Protection (NAP) to allow administrators to regulate network access or communication based on a computer’s compliance with health requirement policies. Concepts covered include:
Features of NAPo Health state validationo Health policy complianceo Limited access network
Components that comprise the NAP system:o NAP Cliento NAP Servero Enforcement Server (ES)o Remediation Server
Steps to configure the NAP server Steps to configure the client computer Configuration steps for the following enforcement points:
o DHCPo VPNo 802.1xo Remote Desktop Gatewayo IPsec
Students will learn how to:
Configure a DHCP server as an enforcement point. Configure SHV settings, remediation server groups, health policies, and
network policies for NAP. Enable NAP enforcement on a client computer.
Server Pro: Manage and Administer Exam Objectives:
5.0 Routing and Remote Access Configuration.o Implement a Network Access Protection (NAP) by creating the
following policies: Security Health Validator Health Network Connection Request
403. Configure Network Access Protection (NAP). o Configure System Health Validators (SHVs)o Configure health policieso Configure NAP enforcement using DHCP and VPNo Configure isolation and remediation of non-compliant computers
using DHCP and VPNo Configure NAP client settings
Lecture Focus Questions:
Why is a non-compliant computer not necessarily an immediate security threat?
What happens to a computer that receives a limited access health state validation?
What functions are performed by the System Health Validator (SHV)? Which NAP component do you modify to identify the health checks that
should be performed? How do remediation servers and auto-remediation help clients become
compliant? Which type of communication occurs in the boundary network when using
IPsec enforcement?
Video/Demo Time5.6.1 Overview of NAP 10:105.6.3 Configuring NAP Enforcement using DHCP 14:085.6.4 Configuring Auto-remediation 0:585.6.5 Configuring NAP Enforcement using VPN12:31
Section 5.7: DirectAccess SummaryThis section discusses using DirectAccess to connect through an Internet connection to a corporate intranet. Details covered include:
How DirectAccess works DirectAccess connection methods:
o Full enterprise network access (end-to-edge)o Selected server access (modified end-to-edge)o End-to-end
The process that DirectAccess clients use to connect to intranet resources DirectAccess requirements:
o Infrastructureo Servero Client
DirectAccess configuration components:o Servero Client side
Students will learn how to:
Prepare a server with the server requirements to set up DirectAccess. Build the infrastructure for DirectAccess by configuring DNS and
certificates to support DirectAccess. Deploy DirectAccess by identifying remote clients, defining the remote
access server, setting up the infrastructure servers, and identifying internal application servers.
70-411 Exam Objectives:
304. Configure DirectAccess. o Implement server requirements o Implement client configuration o Configure DNS for DirectAccess o Configure certificates for DirectAccess
Section 6.1: Windows Software Update Services (WSUS) SummaryThis section examines using the Windows Software Update Services (WSUS) to update software. Details covered include:
WSUS advantages Components of WSUS:
o Microsoft Updateo Windows Server Update Services (WSUS) servero Automatic Updates
WSUS deployment scenarios:o Single WSUS servero Multiple independent serverso Multiple synchronized serverso Disconnected WSUS server
Products that Microsoft Update and WSUS support updating:o Windows operating systemso Exchange Servero SQL Servero Microsoft Office
Control updates based on the following criteria:o Product family (such as operating system version or producto Update classification (such as critical updates or drivers)o Language
Considerations for configuring WSUS on the server:o Installationo Configure the servero Approve updateso Add downstream servers
Automatic Update policies:o Configure Automatic Updateso Specify Intranet Microsoft Update Service Locationo Enable Client-Side Targetingo Reschedule Automatic Updates Scheduled Installationso No Auto-Restart with Logged On Users for Scheduled Automatic
Updates Installationso Automatic Updates Detection Frequencyo Allow Automatic Updates Immediate Installationo Re-prompt for Restart with Scheduled Installationo Allow Non-administrators to Receive Update Notifications
o Do Not Display ‘Install Updates and Shut Down’ Option in Shut Down Windows Dialog Box
Settings in the Configure Automatic Updates policy:o Download Option
Automatic Notification
o Installation Option Automatic (Scheduled) Notification
Targeting provides different updates based on group membership Groups are created on the WSUS server through the console Client computers are assigned to a group with:
o Server-side targetingo Client-side targeting
Facts to be aware of when using computer groups
Students will learn how to:
Install WSUS and configure a WSUS server to download updates from Microsoft Update.
Synchronize and approve updates. Run reports to view client and update information. Control client update behavior through Group Policy. Create computer groups for targeting, and manually modify group
membership. Enable client-side targeting on the WSUS server. Configure client-side targeting through Group Policy.
Server Pro: Manage and Administer Exam Objectives: 6.0 Deployment Manager.
o Configure a WSUS servero Control access to WSUS updates using the following:
Computer groups Client-side targeting
70-411 Exam Objectives:
102. Implement patch management. o Install and configure the Windows Server update Services (WSUS)
roleo Configure group policies for updateso Configure client-side targetingo Configure WSUS synchronizationo Configure WSUS groupso Manage patch management in mixed environments
Section 6.2: Windows Deployment Services (WDS) SummaryThis section discusses using the Windows Deployment Services (WDS) to enable the deployment of Windows operating systems to client and server computers. Details covered include:
Condition under which WDS can be used to deploy virtual hard disk images
Server and network requirements for Windows Deployment Services Clients requirements for using WDS to install a Windows operating system Prestaging a computer account Managing computer accounts used by WDS PXE response methods:
o Do not respond to any client computero Respond only to known client computerso Respond to all (known and unknown) client computers
Methods to control how computer accounts are created
Students will learn how to:
Add the Windows Deployment Services server role and install the Deployment Server and Transport Server role services.
Configure and manage settings for the WDS server. Prestage computer accounts to control which computers will respond to
WDS servers.
Server Pro: Manage and Administer Exam Objectives:
6.0 Deployment Manager.o Install and configure a WDS servero Create WDS images
70-411 Exam Objectives: 101. Deploy and manage server images.
o Install the Windows Deployment Services (WDS) roleo Configure and manage boot, install, and discover images
Considerations when configuring multicasting with WDS Use the WDS console to view and manage multicast transmission that are
in progress Tools to manage WDS images
o Windows Preinstallation Environment (WinPE)o System Preparation Tool (Sysprep)o Deployment Image Servicing and Management (DISM.exe)o ImageXo Windows System Image Manager (Windows SIM)o WDSUtil
Windows PowerShell cmdlets to perform common tasks in WDS Facts about WDS images
Students will learn how to:
Configure WDS server properties for multicast. Configure WDS multicast transmissions. Create image groups and add install images. Add boot images to WDS.
Server Pro: Manage and Administer Exam Objectives:
6.0 Deployment Manager.o Create WDS imageso Control access to imageso Deploy images to clients
70-411 Exam Objectives:
101. Deploy and manage server images. o Update images with patches, hotfixes, and drivers o Install features for offline images o Configure driver groups and packages
Lecture Focus Questions:
How does multicasting differ from unicasting? How does auto-cast differ from scheduled-casting?
You have enabled scheduled-casting without a start condition. What must you do for a client to obtain an image using multicasting?
What is the difference between deleting and deactivating a multicast transmission?
Which two ways can you force a client currently using multicast to use unicast to complete the installation?
How do you split a multicast transmission so that faster clients are not slowed down by slower clients?
What are the differences between Sysprep, ImageX, and DISM? When can you use each tool? Which tasks can only be performed by one tool?
Which type of boot image can you use to deploy a 64-bit install image? What is the relationship between a .wim file and a .rwm file? What is the advantage of dynamic driver provisioning?
Video/Demo Time6.3.1 Managing Images 10:306.3.3 Updating Images with Features 13:43
Section 6.4: Performance Monitor SummaryThis section discusses Performance Monitor and the other tools that can be used to monitor the reliability and performance of a Windows Server 2012 system:
View events to gather information, such as Event ID, Log Name, User, and Computer.
Create event filters and custom views. Search and save logs. Attach tasks to events or to logs. Configure subscriptions to pull events from remote machines.
Which log do you view to troubleshoot errors during a software installation?
What options do you have for a log file that has reached its designated capacity?
What happens to the data in a log that you save that has a filter on it? How does a custom view differ from adding a filter to a log? How can you combine events from multiple logs into a single report? What tasks can you attach to an event or log? What is the purpose of the Event Log Online Help link inside each event? What two services are required to configure event subscriptions? Where do you go to view events collected from remote computers
Section 6.6: Network Monitor SummaryThis section discusses using Network Monitor to capture, view, and analyze network traffic. Details covered include:
System Requirementso Supported operating systemso Hardware requirements
Capture Filter
o Display filtero Capture filter
Aliases Conversations Parsers Command line
Students will learn how to:
Configure Network Monitor to capture packets. Configure and remove capture and display filters. Configure conversations to group data by type. Configure aliases to replace IP addresses with names.
70-411 Exam Objectives: 103. Monitor servers.
o Configure network monitoring
Lecture Focus Questions: What are the differences between display filters and capture filters? What is the difference between capturing in promiscuous mode and
capturing without promiscuous mode? When will using promiscuous mode not result in significant differences in the data captured?
How can aliases make troubleshooting easier? What permissions do you need to run Network Monitor?
Server Pro: Manage and Administer Practice ExamsSummary This section provides information to help prepare students to take the Server Pro: Manage and Administer certification exam. Students will have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam.
Students will typically take about 5-10 minutes (depending upon the complexity and their level of knowledge) to complete each simulation question in the following practice exams. There is no time limit on the amount of time a student can take to complete the practice exams for the following domains.
The Server Pro: Manage and Administer Certification Practice Exam consists of 15 simulation questions that are randomly selected from the above practice exams. Each time the Certification Practice Exam is accessed different questions may be presented.
Microsoft 70-411 Practice ExamsSummary This section provides information to help prepare students to take the MS 70-411 exam and to register for the exam. Students will have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam.
Students will typically take about 1 minute to complete each question in the following practice exams. There is no time limit on the amount of time a student can take to complete the practice exams for the following domains.
Objective 100. Deploy, Manage, and Maintain Servers (61 questions)Objective 200. Configure File and Print Services (69 questions)Objective 300. Configure Network Services and Access (110 questions)Objective 400. Configure a Network Policy Server Infrastructure (31 questions)Objective 500. Configure and Manage Active Directory (76 questions)Objective 600. Configure and Manage Group Policy (63 questions)
The Microsoft 70-411 Certification Practice Exam consists of 60 questions that are randomly selected from the above practice exams. Each time the Certification Practice Exam is accessed different questions may be presented. The Certification Practice Exam has a time limit of 2 hours. A passing score of 95% should verify that the student has mastered the concepts and is ready to take the real certification exam.
The total time for the LabSim Server Pro: Manage and Administer course is approximately 44 hours and 30 minutes. The time is calculated by adding the approximate time for each section which is calculated using the following elements:
Video/demo times Approximate time to read the text lesson (the length of each text lesson is
taken into consideration) Simulations (5 minutes assigned per simulation, of course many students
may take longer depending upon their knowledge level and experience) Questions (1 minute per question)
The breakdown for this course is as follows:
Module Sections Time Minute HR:MM
1.0 Active Directory1.1 Active Directory Overview 201.2 Speeding Up Authentication 301.3 Single Master Operations Roles (FSMO) 551.4 Read Only Domain Controllers (RODCs) 301.5 Virtual Domain Controllers 201.6 Service Accounts 451.7 Maintaining Active Directory 501.8 Restoring Active Directory 45 295 4:55
2.0 Group Policy2.1 Group Policy Foundation 702.2 Administrative Templates 352.3 Folder Redirection 102.4 Software Deployment 502.5 Security Settings 302.6 Password and Account Policies 602.7 Advanced Auditing 452.8 Preferences 352.9 Group Policy Management 402.10 Management Delegation 25 400 6:40
3.0 File Services3.1 File Server Resource Manager 503.2 Distributed File System (DFS) 253.3 Distributed File System Replication 553.4 File Encryption 503.5 Disk Encryption 50 220 3:50
4.0 DNS4.1 DNS Name Resolution 254.2 DNS Forwarding and Delegation 354.3 DNS Zones 554.4 DNS Zone Management 454.5 DNS Records 504.6 DNS Options 35 245 4:05
Microsoft 70-411 Practice Exams100. Deploy, Manage, and Maintain Servers (61 questions) 61200. Configure File and Print Services (69 questions) 69300. Configure Network Service and Access, (110 questions) 110400. Configure a Network Policy Server Infrastructure (31 questions) 31500. Configure and Manage Active Directory (76 questions) 76600. Configure and Manage Group Policy (63 questions) 63Certification Practice Exam (60 questions) 60 470 7:50
Appendix B: Exam 70-411: Administering Windows Server 2012 Objectives
The Windows Exam 70-411: Administering Windows Server 2012 certification exam covers the following objectives. In the spread sheet below the column to the right lists the sections where the information is located in the course:
# Objective Module.Section
100
Deploy, Manage, and Maintain Servers (17 percent)
101 Deploy and manage server imagesThis objective may include but is not limited to:
Install the Windows Deployment Services (WDS) roleConfigure and manage boot, install, and discover
imagesUpdate images with patches, hotfixes, and driversInstall features for offline imagesConfigure driver groups and packages
6.2, 6.3
102 Implement patch managementThis objective may include but is not limited to:
Install and configure the Windows Server Update Services (WSUS) role
Configure group policies for updatesConfigure client-side targetingConfigure WSUS synchronizationConfigure WSUS groupsManage patch management in mixed environments
6.1
103 Monitor serversThis objective may include but is not limited to:
202 Configure File Server Resource Manager (FSRM)This objective may include but is not limited to:
Install the FSRM roleConfigure quotasConfigure file screensConfigure reports
3.1
203 Configure file and disk encryptionThis objective may include but is not limited to:
Configure BitLocker encryptionConfigure the Network Unlock featureConfigure BitLocker policiesConfigure the EFS recovery agentManage EFS and BitLocker certificates including
backup and restore
3.4, 3.5
204 Configure advanced audit policiesThis objective may include but is not limited to:
Implement auditing using Group Policy and AuditPol.exe
Configure Network Services and Access (17 percent)
301 Configure DNS zonesThis objective may include but is not limited to:
Configure primary and secondary zonesConfigure stub zonesConfigure conditional forwardsConfigure zone and conditional forward storage in
Active DirectoryConfigure zone delegationConfigure zone transfer settingsConfigure notify settings
4.2, 4.3
302 Configure DNS recordsThis objective may include but is not limited to:
Create and configure DNS Resource Records (RR) including A, AAAA, PTR, SOA, NS, SRV, CNAME, and MX records
Configure zone scavengingConfigure record options including Time To Live (TTL)
and weightConfigure round robinConfigure secure dynamic updates
4.4, 4.5, 4.6
303 Configure VPN and routingThis objective may include but is not limited to:
Install and configure the Remote Access roleImplement Network Address Translation (NAT)Configure VPN settingsConfigure remote dial-in settings for usersConfigure routingConfigure Web Application Proxy in pass-through
mode
5.1, 5.2, 5.3
304 Configure DirectAccessThis objective may include but is not limited to:
Implement server requirementsImplement client configurationConfigure DNS for DirectAccessConfigure certificates for DirectAccess
5.7
40 Configure a Network Policy Server Infrastructure (14
401 Configure Network Policy Server (NPS)This objective may include but is not limited to:
Configure multiple RADIUS server infrastructuresConfigure a RADIUS server, including RADIUS proxyConfigure RADIUS clientsConfigure NPS templatesConfigure RADIUS accountingConfigure certificates
5.5
402 Configure NPS policiesThis objective may include but is not limited to:
Configure connection request policiesConfigure network policies for VPN clients (multilink
and bandwidth allocation, IP filters, encryption, IP addressing)
Manage NPS templatesImport and export NPS policies
5.4
403 Configure Network Access Protection (NAP)This objective may include but is not limited to:
Configure System Health Validators (SHVs)Configure health policiesConfigure NAP enforcement using DHCP and VPNConfigure isolation and remediation of non-compliant
computers using DHCP and VPNConfigure NAP client settings
5.6
500
Configure and Manage Active Directory (19 percent)
501 Configure service authenticationThis objective may include but is not limited to:
Create and configure Service AccountsCreate and configure Group Managed Service
AccountsCreate and configure Managed Service AccountsConfigure Kerberos delegationManage Service Principal Names (SPNs)Configure virtual accounts
Configure Universal Group Membership Caching (UGMC)
Transfer and seize operations mastersInstall and configure a read-only domain controller
(RODC)Configure Domain Controller cloning
503 Maintain Active DirectoryThis objective may include but is not limited to:
Back up Active Directory and SYSVOLManage Active Directory offlineOptimize an Active Directory databaseClean up metadataConfigure Active Directory snapshotsPerform object- and container-level recoveryPerform Active Directory restoreConfigure and restore objects by using the Active
Directory Recycle Bin
1.7, 1.8
504 Configure account policiesThis objective may include but is not limited to:
Configure domain user password policyConfigure and apply Password Settings Objects
(PSOs)Delegate password settings managementConfigure local user password policyConfigure account lockout settingsConfigure Kerberos policy settings
2.6
600
Configure and Manage Group Policy (18 percent)
601 Configure Group Policy processingThis objective may include but is not limited to:
Configure processing order and precedenceConfigure blocking of inheritanceConfigure enforced policiesConfigure security filtering and WMI filteringConfigure loopback processingConfigure and manage slow-link processingConfigure client-side extension (CSE) behaviorForce Group Policy update
Configure and manage slow-link processing and Group Policy caching.
602 Configure Group Policy settingsThis objective may include but is not limited to:
Configure settings including software installation, folder redirection, scripts, and administrative template settings
Import security templatesImport custom administrative template fileConvert administrative templates using ADMX MigratorConfigure property filters for administrative templates
2.2, 2.3, 2.4, 2.5
603 Manage Group Policy objects (GPOs)This objective may include but is not limited to:
Back up, import, copy, and restore GPOsCreate and configure Migration TableReset default GPOsDelegate Group Policy management
2.9, 2.10
604 Configure Group Policy preferencesThis objective may include but is not limited to:
Configure Group Policy Preferences (GPP) settings including printers, network drive mappings, power options, custom registry settings, Control Panel settings, Internet Explorer settings, file and folder deployment, and shortcut deployment
Appendix C: Server Pro: Manage and Administer Objectives
The Server Pro: Manage and Administer certification exam covers the following objectives. In the spread sheet below the column to the right lists the sections where the information is located in the course:
# Objective Module.Section
1.0 Active Directory Management
Implement Global Catalog Servers.Implement Universal Group Membership Caching
roles.Implement a Read Only Domain Controller (RODC).Backup Active Directory.
1.2, 1.3, 1.4, 1.7
2.0 Group Policy Configuration
Manage the Group Policy processing order.Create custom administrative templates by importing
GPOs.Deploy software using Group Policy.Implement the following GPO policies:
o Securityo Accounto Fine-grained passwordo Advanced audit
Configure Group Policy preferences.Backup and restore GPOs.Delegate GPO management.
2.1, 2.2, 2.42.5, 2.6, 2.72.8, 2.9, 2.10
3.0 File Services Management
Configure FSRM quotas.Configure FSRM file screens.Implement DFS replication.Encrypt files and folders with EFS.Encrypt the server hard disk with BitLocker.
Configure DNS forwarders.Create DNS delegations.Create the following types of DNS zones:
o Primaryo Secondaryo Stubo Reverse-lookupo Active Directory-integrated
Manage zone transfers.Manage dynamic DNS updates.Create DNS records.Configure DNS Round Robin.Configure DNS aging and scavenging.
4.2, 4.3, 4.44.5, 4.6
5.0 Routing and Remote Access Configuration
Configure LAN routing.Configure Network Address Translation (NAT) routing.Configure a VPN server.Create Network Policy Server (NPS) policies.Configure a RADIUS authentication solution.Implement a RADIUS proxy server.Implement Network Access Protection (NAP) by
creating the following policies:o Security Health Validatoro Healtho Networko Connection Request
5.1, 5.2, 5.35.4, 5.5, 5.6
6.0 Deployment Management
Configure a WSUS server.Control access to WSUS updates using the following:
o Computer groupso Client-side targeting
Install and configure a WDS server.Create WDS images.Control access to images.Deploy images to clients.