Introduction xxxvii Part I EXAM: 70—640 Chapter 1: …toc.dreamtechpress.com/toc_978-93-5004-010-2.pdf · Introduction ..... xxxvii Part I EXAM: 70—640 Chapter 1: Working with

Introduction ............................................................................................................................ xxxvii

Part I EXAM: 70—640

Chapter 1: Working with Active Directory ................................................................................ 3 Working with Active Directory Infrastructure ................................................................................................. 4

Exploring Active Directory Domain Services ............................................................................................. 5 Identity and Access .................................................................................................................................. 5 Elements of Active Directory .................................................................................................................. 5

Domain Controller ............................................................................................................................. 6 Domain ................................................................................................................................................ 6 Tree ...................................................................................................................................................... 6 Forest ................................................................................................................................................... 7 Trust Relationship ............................................................................................................................. 8 Organizational Unit ........................................................................................................................... 8 Site ....................................................................................................................................................... 9

Exploring the Functional Levels ................................................................................................................... 9 The Domain Functional Levels ............................................................................................................. 10 The Forest Functional Levels ................................................................................................................ 11

Installing Windows Server 2008 ................................................................................................................. 11 Configuring Post-Installation Settings ................................................................................................ 16 Installing a Server Core DC .................................................................................................................. 18

Lab 1.1: Installing Server Core ....................................................................................................... 19 Configuring Initial Server Settings ................................................................................................ 20 Adding AD DS through the Command-Line ............................................................................... 22

Creating a Forest in Windows Server 2008 ............................................................................................... 22 Preparing to Create a Forest ................................................................................................................. 23 Adding the AD DS Role ........................................................................................................................ 23 Lab 1.2: Adding AD DS by using the Windows Interface ................................................................ 24 Lab 1.3: Creating a Domain Controller ............................................................................................... 24

Creating a Child Domain ............................................................................................................................ 26 Lab 1.4: Creating the content.dreamtechpress.net Child Domain ......................................................... 26

Removing a DC ................................................................................................................................................... 28 Working with Active Directory Administration Tools .................................................................................. 28

Exploring the Microsoft Management Console ........................................................................................ 28 Managing a Custom Console by using AD Snap-ins .............................................................................. 29 Lab 1.5: Creating and Managing a Custom Console ............................................................................... 30

Exploring the Objects in Active Directory ....................................................................................................... 32 User Objects .................................................................................................................................................. 33 Group Objects ............................................................................................................................................... 33 Computer Objects ......................................................................................................................................... 33

Summary .............................................................................................................................................................. 33 Questions and Answers ..................................................................................................................................... 34

vi Table of Contents

Chapter 2: Configuring Domain Name System for Active Directory................................. 41 Working with DNS ............................................................................................................................................. 42

Overview of the DNS Name Resolution Process ..................................................................................... 43 Exploring DNS Terms and Concepts ......................................................................................................... 44 Exploring Features of Windows Server DNS ........................................................................................... 45 Integrating DNS with AD DS ..................................................................................................................... 46 Installing the DNS Service........................................................................................................................... 46

Lab 2.1: Installing a Primary DNS Server ........................................................................................... 47 Lab 2.2: Installing AD DS and Creating the dreamtechpress.net Domain ..................................... 48 Lab 2.3: Creating the Manual Zone Delegation.................................................................................. 50 Lab 2.4: Creating the kogent.com Domain Tree ................................................................................. 51

Configuring the DNS Service ...................................................................................................................... 53 Configuring the DNS Server Scavenging Settings ............................................................................. 53 Configuring the Forward Lookup Zone Settings ............................................................................... 55 Creating and Configuring the Responsible Person Record .............................................................. 56 Configuring the Reverse Lookup Zone Settings ................................................................................ 57

Using DNS ........................................................................................................................................................... 59 Using Forwarders and Root Hints ............................................................................................................. 59 Managing Single-Label Names ................................................................................................................... 60 Linking DNS with WINS ............................................................................................................................. 61 Integrating DNS and DHCP ....................................................................................................................... 62

Creating and Assigning a Custom Application Directory Partition ............................................................ 62 Administrating DNS Using DNS Tools ........................................................................................................... 63 Summary .............................................................................................................................................................. 64 Questions and Answers ..................................................................................................................................... 64

Chapter 3: Working with AD Objects ...................................................................................... 71 Working with User Accounts ............................................................................................................................ 72

Creating User Accounts ............................................................................................................................... 73 Using Templates ..................................................................................................................................... 75 Using AD Command-line Tools ........................................................................................................... 76

The Dsadd Command ..................................................................................................................... 76 Lab 3.1: Using the Dsadd Command ............................................................................................ 77 The CSVDE Command ................................................................................................................... 77 The LDIFDE Command .................................................................................................................. 77 Lab 3.2: Using the LDIFDE Command ......................................................................................... 78

Using Windows PowerShell ....................................................................................................................... 79 Lab 3.3: Using Windows PowerShell ......................................................................................................... 80

Using VBScript ....................................................................................................................................... 81 Lab 3.4: Using VBScript to Create a New User .................................................................................. 81

Managing User Attributes ........................................................................................................................... 82 Using Active Directory Users and Computers ................................................................................... 82 Using the Dsmod and Dsget Commands ........................................................................................... 82 Using Windows PowerShell and VBScript ......................................................................................... 83

Maintaining User Accounts ........................................................................................................................ 83 Changing a User Account’s Password ................................................................................................ 84

Table of Contents vii

Disabling and Enabling a User Account ............................................................................................. 84 Lab 3.5: Using the Dsmod Command .............................................................................................................. 85

Removing a User Account .................................................................................................................... 86 Moving and Renaming a User Account .............................................................................................. 86

Working with Groups ........................................................................................................................................ 88 Creating a Group .......................................................................................................................................... 89 Creating and Managing the Groups using Commands .......................................................................... 90

Using the Dsadd Command ................................................................................................................. 90 Using the CSVDE Command ............................................................................................................... 91

Lab 3.6: Using the CSVDE Command ........................................................................................... 91 Using the LDIFDE Command .............................................................................................................. 91 Using the Dsmod and Dsget Command ............................................................................................. 92 Using the Dsmove and Dsrm Command ............................................................................................ 92

Administrating Groups ............................................................................................................................... 93 Protecting Groups .................................................................................................................................. 93 Delegating Group Membership Management ................................................................................... 94

Using the Managed By Tab ............................................................................................................ 94 Using Advanced Security Settings ................................................................................................ 95

Working with Computer ................................................................................................................................... 95 Creating Computers ..................................................................................................................................... 96

Exploring Workgroups, Domains, and Trusts ................................................................................... 96 Creating an Organizational Unit .......................................................................................................... 96

Delegating Permissions ................................................................................................................... 97 Prestaging a Computer Account .................................................................................................... 97

Lab 3.7: Creating an OU .............................................................................................................................. 97 Creating Computer Objects ......................................................................................................................... 98

Using the CSVDE Command ............................................................................................................... 98 Lab 3.8: Using the CSVDE Command ....................................................................................................... 99

Using the LDIFDE Command .............................................................................................................. 99 Using the Dsadd and Netdom Commands ........................................................................................ 99 Using Windows PowerShell ............................................................................................................... 100 Using VBScript ..................................................................................................................................... 100

Adding Computers to the Domain .......................................................................................................... 101 Managing Computer Objects .................................................................................................................... 102

Recognizing Problems Related to Computer Accounts .................................................................. 102 Configuring Properties of Computer Objects ................................................................................... 103

Using the Dsmod Command ........................................................................................................ 103 Using Windows PowerShell or VBScript.................................................................................... 103

Shifting a Computer ............................................................................................................................ 103 Resetting a Computer Account .......................................................................................................... 104 Renaming a Computer Account ......................................................................................................... 105 Disabling a Computer Account .......................................................................................................... 106 Removing a Computer Account ........................................................................................................ 106

Summary ............................................................................................................................................................ 106 Questions and Answers ................................................................................................................................... 107

viii Table of Contents

Chapter 4: Implementing Group Policies and Authentication .......................................... 113 Working with Group Policies ......................................................................................................................... 114

Exploring Group Policy Objects ............................................................................................................... 115 The Local GPOs .................................................................................................................................... 115 The Domain-Based GPOs .................................................................................................................... 115 Lab 4.1: Creating, Editing, and Linking GPOs ................................................................................. 116

Configuring Group Policy Settings .......................................................................................................... 118 The Computer Configuration and User Configuration Nodes ...................................................... 118 The Software Settings Node ............................................................................................................... 118 The Windows Settings Node .............................................................................................................. 118 The Administrative Templates Node ................................................................................................ 119 The Preferences Node .......................................................................................................................... 120

Administrating Group Policy Scope ........................................................................................................ 120 Linking GPOs to Sites, Domains and OUs ....................................................................................... 120 Exploring GPO Inheritance and Precedence .................................................................................... 121

Blocking Inheritance of GPOs ...................................................................................................... 122 Enforcing a GPO Link ................................................................................................................... 122

Filtering Group Policies ...................................................................................................................... 122 Applying GPO to Specific Groups .............................................................................................. 122 Excluding GPO from a Specific Group ....................................................................................... 123

Implementing WMI Filters ................................................................................................................. 124 Lab 4.2: Implementing WMI Filters ................................................................................................... 125 Enabling and Disabling GPOs ............................................................................................................ 126 Targeting Preference Items ................................................................................................................. 126 Examining Group Policies Processing ............................................................................................... 126 Using Loopback Policy Processing .................................................................................................... 127 Lab 4.3: Configuring Loopback Policy Processing .......................................................................... 128

Managing Group Policy Settings .............................................................................................................. 130 Using Restricted Group Policies with Members Setting ................................................................. 130 Using Restricted Group Policies with Member Of Setting ............................................................. 130 Lab 4.4: Using Restricted Group Policies with the Member Of Setting ........................................ 130

Working with Software Deployment Group Policy .............................................................................. 132 Creating Software Deployment Group Policy ................................................................................. 132 Lab: 4.5: Creating Software Deployment Group Policy .................................................................. 133 Managing the Scope of Software Deployment Group Policy ......................................................... 135 Maintaining Deployed Software using Group Policy ..................................................................... 135

Working with Audit Policies ........................................................................................................................... 136 Configuring Audit Settings on Files or Folders ...................................................................................... 137 Auditing Changes in Directory Service ................................................................................................... 138

Lab 4.6: Auditing Changes in Directory Service .............................................................................. 138 Implementing Authentication ......................................................................................................................... 140

Configuring Security Settings ................................................................................................................... 141 The Local Security Policy .................................................................................................................... 141 Using Security Templates ................................................................................................................... 142

The Security Template Snap-In .................................................................................................... 142 Lab: 4.7: Creating and Using Security Template for Security Configuration ..................................... 142

Table of Contents ix

The Group Policy Objects ............................................................................................................. 144 Working with Security Configuration Wizard ....................................................................................... 145

Creating, Editing and Applying a Security Policy ........................................................................... 145 Lab: 4.8: Creating, Editing and Applying a Security Policy ..................................................... 145

Modifying and Rolling Back the Applied Security Policy .............................................................. 150 Deploying a Security Policy ................................................................................................................ 150

Working with Password and Lockout Policies....................................................................................... 151 Configuring the Domain Password Policy ....................................................................................... 152 Configuring the Account Lockout Policy ......................................................................................... 152 Configuring the Fine-Grained Policy ................................................................................................ 153

Implementing Auditing Authentication ................................................................................................. 155 Configuring Authentication Audit Policies ...................................................................................... 155 Scoping Authentication Audit Policies ............................................................................................. 156

Configuring RODC .................................................................................................................................... 156 Installing RODC ................................................................................................................................... 157 Lab: 4.9: Installing RODC .................................................................................................................... 157 Configuring Password Replication Policy ........................................................................................ 159 Managing the RODC Credentials Caching ....................................................................................... 160 Configuring Administrative Role Separation .................................................................................. 162


Chapter 5: Implementing Active Directory Replication and Operation Master ............ 171 Working with Active Directory Sites ............................................................................................................. 172

Managing Active Directory Sites .............................................................................................................. 172 Creating, Renaming, and Deleting a Site .......................................................................................... 173 Adding Subnets to Sites ...................................................................................................................... 174 Configuring Site Properties ................................................................................................................ 175

Creating Site Links ..................................................................................................................................... 176 Lab 5.1: Creating Site Links Between Sites ....................................................................................... 176

Implementing Replication ............................................................................................................................... 179 Exploring Intrasite Replication ................................................................................................................. 179

The Site Link Bridges ........................................................................................................................... 180 The Site Link Cost ................................................................................................................................ 180

Configuring Intersite Replication ............................................................................................................. 180 Selecting Replication Transfer Protocols ........................................................................................... 181 Bridging the Site Links ........................................................................................................................ 181 Configuring Bridgehead Servers ........................................................................................................ 182 Lab 5.2: Configuring Bridgehead Server Manually ......................................................................... 182

Configuring the Global Catalog ...................................................................................................................... 183 Configuring the Universal Group Membership Caching ..................................................................... 185 Adding an Attribute to the Global Catalog............................................................................................. 186

Working with Operation Masters ................................................................................................................... 187 Exploring Single Master Operations ........................................................................................................ 188

The Forest-Wide Operation Master ................................................................................................... 188 The Domain-Wide Operation Master ................................................................................................ 188

Placing Operation Master Roles ............................................................................................................... 189 Locating the Replication Partners ...................................................................................................... 189

x Table of Contents

Selecting Domain Controllers ............................................................................................................. 190 Determining the Per-Domain Role Placement ................................................................................. 190 Determining the Per-Forest Role Placement ..................................................................................... 190

Transferring Operation Master Roles ...................................................................................................... 190 Seizing Operation Master Roles ............................................................................................................... 191


Chapter 6: Configuring AD Server Roles .............................................................................. 201 Working with AD LDS ..................................................................................................................................... 202

Installing the AD LDS Role ....................................................................................................................... 203 Lab 6.1: Installing AD LDS on Windows Server 2008 Full Server Installation ............................ 203 Installing AD LDS on Server Core ..................................................................................................... 205

Exploring the AD LDS Role Configuration ............................................................................................ 206 Creating a New AD LDS Instance ............................................................................................................ 206

Using the Active Directory Lightweight Directory Services Setup Wizard ................................. 206 Performing an Unattended Creation of AD LDS Instance ............................................................. 209

Working with AD LDS Instances ............................................................................................................. 210 Using the ADSI Edit Tool .................................................................................................................... 210 Using the LDP.exe Console................................................................................................................. 213 Using the Active Directory Schema Snap-in .................................................................................... 214 Using the Active Directory Sites and Services Snap-In ................................................................... 215 Migrating Instances to AD LDS ......................................................................................................... 216

Working with AD RMS .................................................................................................................................... 216 Exploring AD RMS Certificates ................................................................................................................ 217 Lab 6.2: Installing AD RMS ....................................................................................................................... 218 Configuring the AD RMS Role ................................................................................................................. 222

Working with AD FS ........................................................................................................................................ 225 Lab 6.3: Installing and Configuring AD FS ............................................................................................. 226

Adding Cross-DNS References .......................................................................................................... 227 Installing the Federation Servers ....................................................................................................... 227 Installing the Federation Service Proxies .......................................................................................... 229 Configuring IIS to Require SSL .......................................................................................................... 230 Exporting and Importing Certificates ............................................................................................... 231 Exporting the SSL Server and Client Authentication Certificates ................................................. 232 Importing an SSL Authentication Certificate into a Server ............................................................ 234 Configuring the Web Server ............................................................................................................... 234 Configuring the Federation Servers .................................................................................................. 235

Configuring Trust Policies ............................................................................................................ 235 Creating User Claims .................................................................................................................... 236

Configuring the Federation Trust ...................................................................................................... 239 Summary ............................................................................................................................................................ 241 Questions and Answers ................................................................................................................................... 241

Chapter 7: Configuring the AD Environment ....................................................................... 249 Implementing Backup and Restore ................................................................................................................ 250

Using Windows Server Backup Feature .................................................................................................. 250 Backing up System State Data by using Windows Server Backup ................................................ 253

Table of Contents xi

Lab 7.1: Performing Full Server Backup by using the wbadmin Command ................................ 255 Backing up Data to the Removable Media ....................................................................................... 256 Scheduling Backup by using Backup Schedule Wizard ................................................................. 257 Backing Up GPOs ................................................................................................................................. 259

Performing Restores ................................................................................................................................... 260 Using DSRM ......................................................................................................................................... 261 Performing Authoritative Restore ..................................................................................................... 262 Performing Non-authoritative Restore ............................................................................................. 264 Restoring GPOs .................................................................................................................................... 264

Performing Offline Maintenance .................................................................................................................... 265 Monitoring AD .................................................................................................................................................. 266

Using System Tools .................................................................................................................................... 267 The Task Manager Tool ....................................................................................................................... 267 The Event Viewer Tool ........................................................................................................................ 268 The Reliability Monitor Tool .............................................................................................................. 270 The Performance Monitor Tool .......................................................................................................... 270

Using the Windows System Resource Manager Feature ...................................................................... 272 Summary ............................................................................................................................................................ 272 Questions and Answers ................................................................................................................................... 272

Chapter 8: Configuring AD Certificates ................................................................................ 279 Working with AD Certificate Services ........................................................................................................... 280 Installing AD CS ............................................................................................................................................... 280 Lab 8.1: Installation of AD CS ......................................................................................................................... 281 Managing Certificate Templates ..................................................................................................................... 284 Lab 8.2: Configuring Certificate Templates ................................................................................................... 285 Managing Certificate Revocations .................................................................................................................. 286

The Online Responders ............................................................................................................................. 287 The Certificate Revocation List ................................................................................................................. 287

Lab 8.3: Configuring Online Responder and Certificate Revocation ......................................................... 288 The CRL Distribution Point ...................................................................................................................... 293 The Authority Information Access ........................................................................................................... 293


Part II EXAM: 70—642

Chapter 1: Working with IP Addressing and Services ........................................................ 303 Exploring the Layers of TCP/IP Model ......................................................................................................... 304

The Network Interface Layer .................................................................................................................... 304 The Internet Layer ...................................................................................................................................... 305 The Transport Layer................................................................................................................................... 305 The Application Layer ............................................................................................................................... 306

Exploring IPv4 Addressing ............................................................................................................................. 307 Exploring Structure of IPv4 Addresses ................................................................................................... 307

The Network ID and Host ID ............................................................................................................. 307

xii Table of Contents

The Subnet Masks ................................................................................................................................ 307 Exploring Routing and Default Gateways .............................................................................................. 309 Exploring IPv4 Address Ranges ............................................................................................................... 309

Exploring Subnetting and Supernetting ........................................................................................................ 310 Exploring IPv6 Addressing ............................................................................................................................. 312

Exploring Structure of IPv6 Addresses ................................................................................................... 313 Receiving IPv6 Addresses on Computer ................................................................................................. 313 Exploring IPv6 Address Types ................................................................................................................. 313

Global Addresses ................................................................................................................................. 314 Link-Local Addresses .......................................................................................................................... 314 Unique Local Addresses ..................................................................................................................... 314

Setting Network Properties for a Windows Vista or Windows Server 2008 Client ................................. 315 Using Network and Sharing Center ........................................................................................................ 315 Using Network Connections ..................................................................................................................... 316

Displaying Advanced Connection Settings ...................................................................................... 316 Bridging Network Connections ......................................................................................................... 317 Configuring IPv4 Address Manually ................................................................................................ 318

Using the Internet Protocol Version 4 (TCP/IPv4) Properties Dialog Box ............................ 318 Lab 1.1: Configuring IPv4 Address Manually using the Internet Protocol Version 4 (TCP/IPv4) Properties Dialog Box ............................... 318 Using Command Prompt .............................................................................................................. 319

Configuring IPv6 Manually ................................................................................................................ 320 Using the Internet Protocol Version 6 (TCP/IPv6) Properties Dialog Box ............................ 320 Lab 1.2: Configuring IPv6 Address Manually using the Internet Protocol Version 6 (TCP/IPv6) Properties Dialog Box ............................... 320 Using Command Prompt .............................................................................................................. 322

Configuring IPv4 Connection ............................................................................................................. 322 The DHCP-assigned Addresses ................................................................................................... 322 The Alternate Configuration ........................................................................................................ 322 APIPA .............................................................................................................................................. 322


Chapter 2: Working with Name Resolution and DNS Zone Infrastructure .................... 331 Using Name Resolution Methods in Windows ............................................................................................ 332

The Link Local Multicast Name Resolution Protocol ............................................................................ 332 The NetBIOS Protocol ................................................................................................................................ 333

Setting NetBIOS .................................................................................................................................... 333 Configuring NetBIOS Node Types .................................................................................................... 334

The DNS Service ......................................................................................................................................... 334 Exploring DNS Components .............................................................................................................. 335 Exploring DNS Client and Server Caches ......................................................................................... 336 Working with a DNS Query ............................................................................................................... 336

Hosting the DNS Server ................................................................................................................................... 337 Hosting on the Active Directory Domain Controller ............................................................................ 337 Hosting on the Stand-alone Server .......................................................................................................... 338 Lab 2.1: Installing a Primary DNS Server ................................................................................................ 338 Lab 2.2: Installing AD DS and Creating the dreamtechpress.net Domain .......................................... 340

Table of Contents xiii

Lab 2.3: Creating the Manual Zone Delegation ...................................................................................... 342 Lab 2.4: Creating the kogent.com Domain Tree ..................................................................................... 343 Hosting on Server Core Installation ......................................................................................................... 344

Configuring the DNS Server ........................................................................................................................... 345 The Caching-only DNS Server .................................................................................................................. 345 The Properties Dialog Box of the DNS Server ........................................................................................ 345

Configuring DNS Client Settings ................................................................................................................... 346 Configuring DNS Server Address for Client .......................................................................................... 346 Setting Computer Name and DNS Suffixes ............................................................................................ 347 Configuring DNS Domain Suffix Search List ......................................................................................... 348 Configuring Dynamic Updates ................................................................................................................ 349 Clearing the DNS Client Cache ................................................................................................................ 350

Configuring the DNS Zone Infrastructure .................................................................................................... 350 Creating DNS Zones .................................................................................................................................. 351

Selecting Zone Type ............................................................................................................................. 352 Selecting Active Directory Zone Replication Scope ........................................................................ 353 Selecting Forward or Reverse Lookup Zone .................................................................................... 353 Specifying Zone Name ........................................................................................................................ 354 Specifying Dynamic Update Settings ................................................................................................ 355

Examining Records of a New Zone.......................................................................................................... 355 The Start of Authority (SOA) Zone .................................................................................................... 355 The Name Server Records ................................................................................................................... 357 The Host Resource Records ................................................................................................................ 357 The Alias Resource Records ............................................................................................................... 358 The MX Resource Records .................................................................................................................. 358 The PTR Resource Records ................................................................................................................. 359 The SRV Resource Records ................................................................................................................. 359

Setting DNS to Use WINS Resolution ..................................................................................................... 361 Enabling Aging and Scavenging .............................................................................................................. 362 Deploying a GlobalNames Zone .............................................................................................................. 364

Lab 2.5: Deploying the GlobalNames Zone .................................................................................................. 364 Implementing Zone Replication for Active Directory-Integrated Zones .................................................. 366

Exploring Replication and Application Directory Partitions ............................................................... 367 Selecting Zone Replication Scope ............................................................................................................. 367 Creating New Application Directory Partitions ..................................................................................... 368

Working with Zone Transfers ......................................................................................................................... 369 Enabling Zone Transfers ........................................................................................................................... 369 Updating the Secondary Zone Manually ................................................................................................ 371

Working with Stub Zones ................................................................................................................................ 371 Lab 2.6: Configuring a Stub Zone ................................................................................................................... 372 Summary ............................................................................................................................................................ 373 Questions and Answers ................................................................................................................................... 373

Chapter 3: Working with DHCP .............................................................................................. 383 Overview of DHCP .......................................................................................................................................... 384

The DHCP Address Assignment Process ................................................................................................ 384

xiv Table of Contents

The Address Leases .................................................................................................................................... 385 The DHCP Scopes ...................................................................................................................................... 385 The DHCP Options .................................................................................................................................... 385

Installing the DHCP Server ............................................................................................................................. 386 Configuring the DHCP Server ........................................................................................................................ 393

Creating Address Exclusion Range .......................................................................................................... 393 Creating Address Reservation .................................................................................................................. 393 Modifying Lease Durations ...................................................................................................................... 394 Setting Additional DHCP Options ........................................................................................................... 395

Lab 3.1: Installing and Configuring DHCP on Server Core ........................................................................ 396 Summary ............................................................................................................................................................ 397 Questions and Answers ................................................................................................................................... 397

Chapter 4: Working with IP Routing and Network Connections ..................................... 405 Working with IP Routing ................................................................................................................................ 406

Exploring Network Routes ....................................................................................................................... 407 Explaining Routing Internet Protocol ...................................................................................................... 408 Lab 4.1: Installing RRAS and Configuring RIP ...................................................................................... 409 Configuring the Static Routing ................................................................................................................. 411

Using the Route Command ................................................................................................................ 412 Using Routing and Remote Access .................................................................................................... 412

Working with Networks .................................................................................................................................. 413 Configuring NAT ....................................................................................................................................... 413

Using Internet Connection Sharing ................................................................................................... 414 Lab 4.2: Configuring NAT by using ICS ........................................................................................... 414 Using RRAS .......................................................................................................................................... 415

Configuring Wireless Network Access .................................................................................................... 417 Exploring Wireless Network and Security Standards ..................................................................... 417 Comparing the Ad Hoc and Infrastructure Wireless Networks .................................................... 419 Configuring the RADIUS Server ........................................................................................................ 419 Lab 4.3: Configuring the RADIUS Server in a Network ................................................................. 419 Configuring the RADIUS Proxies ...................................................................................................... 421

Configuring Remote Access ...................................................................................................................... 423 The Dial-Up Connections .................................................................................................................... 423

Configuring the Server .................................................................................................................. 424 Lab 4.4: Configuring the Dial-Up Server .................................................................................... 425 Configuring the RADIUS Server ................................................................................................. 427

The Virtual Private Network .............................................................................................................. 429 Configuring the VPN Server ........................................................................................................ 430 Lab 4.5: Configuring the VPN Server in the Network .............................................................. 430 Configuring the VPN Packet Filters ............................................................................................ 432


Chapter 5: Configuring Security Settings and Authentication .......................................... 443 Working with IPsec .......................................................................................................................................... 444

Exploring IPsec Policies ............................................................................................................................. 444 Establishing IPsec Connections ................................................................................................................ 445

Table of Contents xv

Exploring Authentication Methods for IPsec ......................................................................................... 445 Exploring the Protocol Types of IPsec ..................................................................................................... 445 Creating IPsec Policy ................................................................................................................................. 446 Working with Connection Security Rule................................................................................................. 452

Creating the Connection Security Rule ............................................................................................. 453 Configuring the Connection Security Rule ....................................................................................... 454

Configuring Network Access Protection Settings ........................................................................................ 455 Installing and Configuring NAP .............................................................................................................. 455 Enabling the NAP Enforcement ............................................................................................................... 458

The IPsec Enforcement ........................................................................................................................ 458 Lab 5.1: Installing and Configuring the NAP Using IPsec Enforcement ................................................... 458

The 802.1X Enforcement ...................................................................................................................... 460 The DHCP Enforcement ...................................................................................................................... 460 The VPN Enforcement ......................................................................................................................... 463

Setting NAP Components ......................................................................................................................... 463 The NAP Clients ................................................................................................................................... 464 The Health Requirement Policy ......................................................................................................... 465

Configuring SHVs ......................................................................................................................... 465 Configuring Remediation ............................................................................................................. 465 Configuring Network Policies ..................................................................................................... 466

Lab 5.2: Configuring the Health Requirement Policy .................................................................................. 466 Configuring Windows Firewall Settings ....................................................................................................... 469

Filtering Network Traffic .......................................................................................................................... 470 The Inbound Traffic ............................................................................................................................. 470 The Outbound Traffic .......................................................................................................................... 472

Lab 5.3: Configuring Inbound and Outbound Traffic ................................................................................. 473 Configuring Firewall Using Group Policy .............................................................................................. 475

Lab 5.4: Using Group Policy ............................................................................................................................ 476 Configuring Firewall Using Isolation Policy .......................................................................................... 477 Identifying Ports and Protocols ................................................................................................................ 478


Chapter 6: Monitoring System Performance and Software Updates ................................ 487 Monitoring Performance and Reliability ....................................................................................................... 488

Using the Performance Monitor ............................................................................................................... 488 Using the Reliability Monitor ................................................................................................................... 490 Using the Data Collector Sets ................................................................................................................... 491

Creating a Data Collector Set .............................................................................................................. 492 Customizing a Data Collector Set ...................................................................................................... 493 Displaying the Performance Data in a Report .................................................................................. 495

Using the Event Viewer Tool .................................................................................................................... 496 Lab 6.1: Configuring Computers to Collect and Forward Events ........................................................ 498 Using the Microsoft Baseline Security Analyzer Utility ........................................................................ 499 Using the SNMP Service ............................................................................................................................ 501 Working with the Network Monitor Tool ............................................................................................... 502

xvi Table of Contents

Installing the Network Monitor Tool ................................................................................................ 502 Capturing, Analyzing, and Filtering Network Data ....................................................................... 503 Lab 6.2: Capturing Network Data using Command Line ............................................................... 506

Working with Software Updates .................................................................................................................... 506 Exploring Windows Update Client .......................................................................................................... 507 Installing the WSUS Service ..................................................................................................................... 507 Working with WSUS .................................................................................................................................. 508

Configuring the WSUS Options ......................................................................................................... 509 Configuring the Computer Groups ................................................................................................... 510

The Server-side Targeting ............................................................................................................. 510 The Client-Side Targeting ............................................................................................................. 511

Configuring the Client Computers .................................................................................................... 512 Approving Updates ............................................................................................................................. 513 Declining Updates................................................................................................................................ 514 Viewing Reports ................................................................................................................................... 515


Chapter 7: Working with Files, Folders, and Printers ......................................................... 523 Working with Files and Folders ..................................................................................................................... 524

Working with Folders ................................................................................................................................ 524 Installing the File Services Server Role .............................................................................................. 525 Exploring the File Server Resource Manager Role Service ............................................................. 526 Lab 7.1: Installing the File Server Resource Manager Role Service ............................................... 526 Configuring Disk Quotas .................................................................................................................... 528

Using the Quota Management Console ...................................................................................... 528 Lab 7.2: Creating a new template using the Quota Management Console ............................ 529 Using the Command Prompt or Script ....................................................................................... 530 Using Windows Explorer ............................................................................................................. 531 Using Group Policy ....................................................................................................................... 532

Sharing Folders across Networks ...................................................................................................... 532 Using Windows Explorer ............................................................................................................. 533 Using Provision a Shared Folder Wizard ................................................................................... 533 Using Command Prompt or Script .............................................................................................. 535

Accessing a Shared Folder .................................................................................................................. 536 Controlling Access to Files and Folders .................................................................................................. 536

The NTFS File Permissions ................................................................................................................. 537 The Encrypting File System ................................................................................................................ 538

Protecting Files and Folders using EFS ....................................................................................... 539 Sharing an EFS-Protected File ...................................................................................................... 540 Configuring EFS Using Group Policy Settings .......................................................................... 540 Configuring a Data Recovery Agent ........................................................................................... 541

Working with Distributed File System .................................................................................................... 542 Creating a DFS Namespace ................................................................................................................ 544 Adding Folders to the DFS Namespace ............................................................................................ 546 Configuring DFS using Command Prompt or Script ...................................................................... 547

Table of Contents xvii

Working with Offline Files ........................................................................................................................ 547 Configuring Shadow Copy Services ........................................................................................................ 549

Using Windows Explorer .................................................................................................................... 549 Using Command Prompt .................................................................................................................... 550

Recovering Files .......................................................................................................................................... 551 Performing Backup Manually ............................................................................................................ 552 Configuring Backup Schedules .......................................................................................................... 554 Performing Backup Using Command Prompt ................................................................................. 555 Restoring Files or Volumes ................................................................................................................. 555

Working with Printers ..................................................................................................................................... 556 Installing Print Services Server Role ........................................................................................................ 557 Installing Printers ....................................................................................................................................... 558

Using Control Panel ............................................................................................................................. 558 Using the Print Management Snap-in ............................................................................................... 559

Adding Drivers for Printers ...................................................................................................................... 561 Sharing Printers .......................................................................................................................................... 562 Setting up Printer Permissions ................................................................................................................. 563 Setting up Printer Pooling ......................................................................................................................... 564 Setting Printer Priorities ............................................................................................................................ 565 Deploying Printers using Group Policies ................................................................................................ 566 Exporting and Importing Printers ............................................................................................................ 567 Managing Printers Using Command Prompt or Script ......................................................................... 570 Monitoring Printers using the Performance Monitor Snap-in ............................................................. 571


Part III EXAM: 70—643

Chapter 1: Configuring Windows Deployment Infrastructure ......................................... 583 Exploring Server Roles ..................................................................................................................................... 584

The File Services Role ................................................................................................................................ 585 The Terminal Services Role ....................................................................................................................... 586 The Web Server Role .................................................................................................................................. 586 The Application Server Role ..................................................................................................................... 587 The Print Services Role .............................................................................................................................. 587 The Fax Server Role .................................................................................................................................... 588 The Streaming Media Services Role ......................................................................................................... 588

Deploying Server by using WDS .................................................................................................................... 588 Installing the WDS Role ............................................................................................................................. 589 Configuring WDS ....................................................................................................................................... 590

Configuring Initial Server Settings .................................................................................................... 590 Using Windows Deployment Services Configuration Wizard ................................................ 591 Using the wdsutil Command Line Tool ..................................................................................... 592

Adding the Default Boot Image (The Boot.wim File) ............................................................................ 593 Adding the Default Install Image (The Install.wim File) ...................................................................... 594 Configuring the Boot Menu ...................................................................................................................... 596

xviii Table of Contents

Capturing Images by using WDS ............................................................................................................. 597 Creating the Capture Image ............................................................................................................... 597 Creating the Discover Image .............................................................................................................. 598

Deploying Images by using WDS ............................................................................................................ 599 Implementing Windows Activation ............................................................................................................... 601

Using Multiple Activation Key ................................................................................................................. 601 Using the Key Management Service Key ................................................................................................ 601

Lab 1.1: Installing and Configuring the KMS Host ......................................................................... 602 Configuring Storage in Windows Server 2008 .............................................................................................. 602

Exploring Server Storage Technologies ................................................................................................... 603 The Direct-attached Storage ............................................................................................................... 603 The Network-attached Storage........................................................................................................... 603 The Storage-attached Network ........................................................................................................... 603

Exploring Disk Types ................................................................................................................................ 604 Working with Volumes ............................................................................................................................. 604

Creating a Volume ............................................................................................................................... 604 The Simple or Basic Volume ......................................................................................................... 605 The Spanned Volume .................................................................................................................... 606 The Mirrored Volume ................................................................................................................... 607 The Striped Volume ....................................................................................................................... 607 The RAID-5 Volume ...................................................................................................................... 608

Extending or Shrinking the Volume .................................................................................................. 608 Configuring a Mount Point in a Volume .......................................................................................... 609


Chapter 2: Working with Web Applications and Web Server Security ........................... 617 Working with Internet Information Services ................................................................................................ 618

Installing the IIS Role ................................................................................................................................. 619 Lab 2.1: Installing the IIS Role by using the ServerManagerCmd Tool ............................................... 622 Verifying IIS Installation ........................................................................................................................... 622

Using the Server Manager Console ................................................................................................... 622 Using Internet Explorer ....................................................................................................................... 623

Using the WSRM Feature .......................................................................................................................... 624 Working with Web Sites ............................................................................................................................ 625

Managing the Default Web Site ......................................................................................................... 626 Adding a New Web Site ...................................................................................................................... 627 Configuring the Web Site Limits Settings ......................................................................................... 628 Configuring the Web Site Logging Settings ..................................................................................... 629

Working with Web Applications ............................................................................................................. 630 Creating and Configuring Application Pools ......................................................................................... 632 Creating Virtual Directories ...................................................................................................................... 634 Managing the Web Server by Using XML Configuration Files ............................................................ 635

Restoring the applicationHost.config File ......................................................................................... 635 Migrating Web Sites and Web Applications by using Web.config................................................ 636 Backing up and Restoring Configuration Data ................................................................................ 636

Table of Contents xix

Working with Web Server Security ................................................................................................................ 637 Managing IIS Security ................................................................................................................................ 638

Setting File System Permissions ......................................................................................................... 638 Configuring Administrative Features for IIS ................................................................................... 639

Enabling the Remote Management Functionality ..................................................................... 639 Creating IIS Manager Users ......................................................................................................... 640 Defining IIS Management Permissions for Remote Access ..................................................... 641 Delegating Features ....................................................................................................................... 642 Connecting to a Remote Server .................................................................................................... 642

Configuring Handler Mappings by using IIS ......................................................................................... 643 Managing Web Services Access ................................................................................................................ 644

Implementing Authentication Modes ............................................................................................... 644 Anonymous Authentication ......................................................................................................... 645 Forms Authentication ................................................................................................................... 645 Challenge-based Authentication ................................................................................................. 646 ASP.NET Impersonation Authentication ................................................................................... 646 Client Certificate Authentication ................................................................................................. 647

Creating and Managing URL Authorization Rules ......................................................................... 648 Working with Server Certificates ....................................................................................................... 649

Creating and Submitting a Certificate Request .......................................................................... 649 Creating a Self-signed Certificate ................................................................................................ 650 Importing and Exporting Certificates by using the IIS Manager ............................................ 650 Enabling Connections Using SSL ................................................................................................ 651


Chapter 3: Working with the FTP and SMTP Services ....................................................... 661 Working with FTP Services ............................................................................................................................. 662

Installing FTP Publishing Service Role Service ...................................................................................... 662 Lab 3.1: Creating a New FTP Site by using IIS 6.0 Manager ................................................................. 664 Configuring the Properties of the FTP Site ............................................................................................. 668

The FTP Site Tab ................................................................................................................................... 669 The Security Accounts Tab ................................................................................................................. 670 The Messages Tab ................................................................................................................................ 670 The Home Directory Tab ..................................................................................................................... 671 The Directory Security Tab ................................................................................................................. 672

Creating and Managing FTP Sites by using FTP 7.5 .............................................................................. 673 Lab 3.2: Installing FTP 7.5 ................................................................................................................... 673

Lab 3.3: Creating and Managing FTP Sites by using IIS 7.0 Manager ................................................. 675 Configuring FTP User Security ................................................................................................................ 678

Authentication Options ....................................................................................................................... 679 FTP Authorization Rules ..................................................................................................................... 679 FTP User Isolation Options ................................................................................................................. 680 IIS Manager Permissions ..................................................................................................................... 681

Setting FTP Network Security .................................................................................................................. 681 FTP SSL Settings ................................................................................................................................... 682

xx Table of Contents

FTP Firewall Options ........................................................................................................................... 683 Monitoring FTP Site Settings .................................................................................................................... 685

FTP Current Sessions ........................................................................................................................... 685 FTP Messages ....................................................................................................................................... 685 FTP Logging.......................................................................................................................................... 686 FTP Directory Browsing ...................................................................................................................... 688

Working with SMTP ......................................................................................................................................... 690 Installing the SMTP Server Feature.......................................................................................................... 690 Creating an SMTP Virtual Server ............................................................................................................. 692 Configuring an SMTP Virtual Server ....................................................................................................... 694

Configuring Properties in the General tab ........................................................................................ 695 Configuring the Properties in the Access Tab .................................................................................. 695 Configuring Properties in the Messages Tab .................................................................................... 698 Configuring Properties in the Delivery Tab ..................................................................................... 699 Configuring Properties in the LDAP Routing Tab .......................................................................... 700 Configuring Properties in the Security Tab ...................................................................................... 700

Accessing the SMTP Virtual Server ......................................................................................................... 701 Using Telnet .......................................................................................................................................... 701 Using a Client Messaging Application .............................................................................................. 701


Chapter 4: Working with Terminal Services Infrastructure .............................................. 709 Deploying and Configuring Terminal Services ...................................................................................... 710 Comparing Terminal Services with Remote Desktop ........................................................................... 711

Enabling the Remote Desktop Feature .............................................................................................. 711 Enabling a Remote Desktop on a Server Core Installation ............................................................. 712 Similarities between Remote Desktop and Terminal Services ....................................................... 713 Features of Terminal Services over Remote Desktop ...................................................................... 713

Exploring the Components of Terminal Services ................................................................................... 714 Terminal Server .................................................................................................................................... 714 Remote Desktop Connection (RDC) .................................................................................................. 714 RDP ........................................................................................................................................................ 715

Deploying Terminal Services .................................................................................................................... 715 Exploring the Available Role Services in Terminal Services .......................................................... 715 Adding the Terminal Services Role ................................................................................................... 715

Installing Applications............................................................................................................................... 719 Adding Features to the Terminal Server ................................................................................................. 720 Configuring Terminal Services ................................................................................................................. 721

Using the RDP-Tcp Properties Dialog Box ....................................................................................... 721 The General Tab ............................................................................................................................. 723 The Log on Settings Tab ................................................................................................................ 723 The Sessions Tab ............................................................................................................................ 724 The Environment Tab .................................................................................................................... 724 The Remote Control Tab ............................................................................................................... 725 The Client Settings Tab ................................................................................................................. 725

Table of Contents xxi

The Network Adaptor Tab ........................................................................................................... 726 The Security Tab ............................................................................................................................ 726

Using the Terminal Server Edit Setting Section ............................................................................... 727 Using Group Policy ............................................................................................................................. 728

Configuring and Using RemoteApp ........................................................................................................ 729 Lab 4.1: Configuring RemoteApp ............................................................................................................ 730 Lab 4.2: Packaging a RemoteApp Program ............................................................................................ 732 Lab 4.3: Deploying RemoteApp Programs Using MSI Package ........................................................... 735 Deploying and Configuring Terminal Services Clients ........................................................................ 736 Connecting to the Terminal Server by using RDC ................................................................................. 737 Configuring RDC Options ........................................................................................................................ 738 Creating an RDP file .................................................................................................................................. 740 Using Group Policy .................................................................................................................................... 740 Configuring User Profiles and Home Folders ........................................................................................ 740 Managing Terminal Services User Connections ..................................................................................... 741 Deploying and Configuring Terminal Services Licensing .................................................................... 743 Lab 4.4: Installing TS Licensing Role Service .......................................................................................... 743 Lab 4.5: Activating a Terminal Services License Server ........................................................................ 744 Lab 4.6: Installing Terminal Services Client Access Licenses ............................................................... 748 Lab 4.7: Configuring License Settings on a Terminal Server ................................................................ 749 Deploying and Configuring Terminal Services Web Access ................................................................ 750 Installing TS Web Access Role Service .................................................................................................... 750 Configuring a Terminal Server to use TS Web Access .......................................................................... 751 Configuring TS Web Access to use an External Terminal Server ........................................................ 751 Publishing Terminal Server Resources on the Web ............................................................................... 752

Publishing RemoteApp Applications ................................................................................................ 752 Publishing a Terminal Server Desktop .............................................................................................. 752

Deploying and Configuring Terminal Services Gateway ..................................................................... 753 Installing the TS Gateway Role Service ................................................................................................... 754 Creating a Self-signed Certificate for the TS Gateway Server .............................................................. 756 Importing and Mapping a Certificate on the TS Gateway Server ........................................................ 758

Importing a Certificate on the TS Gateway Server .......................................................................... 758 Mapping the TS Gateway Server Certificate .................................................................................... 760

Creating a TS CAP ...................................................................................................................................... 761 Creating a TS RAP ...................................................................................................................................... 763 Configuring Remote Desktop Connection Settings ............................................................................... 766 Importing a Certificate ............................................................................................................................... 767 Monitoring Terminal Services Resources ................................................................................................ 767 Using Reliability and Performance Monitor ........................................................................................... 767 Installing and Using WSRM ..................................................................................................................... 768 Monitoring Active Connections through a TS Gateway Server ........................................................... 770 Configuring Terminal Services Load Balancing ..................................................................................... 771 Installing the TS Session Broker Role Service ......................................................................................... 771 Adding Terminal Servers to the Session Directory Computers Local Group .................................... 772 Configuring TS Session Broker Settings .................................................................................................. 773 Configuring DNS ........................................................................................................................................ 774

xxii Table of Contents

Summary ..................................................................................................................................................... 775 Questions and Answers ............................................................................................................................. 776

Chapter 5: Working with Windows Media and SharePoint Services............................... 785 Installing and Configuring Windows Media Services ................................................................................. 786

Exploring the Deployment Requirements of Streaming Media Services ............................................ 788 Difference between Downloading and Streaming the Content ..................................................... 788 Deployment factors for Windows Media Services .......................................................................... 788 Types of Transmission ......................................................................................................................... 789 Types of Streaming .............................................................................................................................. 790 Types of Data Transfer Protocols ....................................................................................................... 790

Installing Streaming Media Services Role ............................................................................................... 791 Creating a Publishing Point ...................................................................................................................... 793 Creating Announcements for a Publishing Point .................................................................................. 797 Configuring Windows Media Services .................................................................................................... 801

Installing and Configuring Windows SharePoint Services ......................................................................... 804 Adding Prerequisites of WSS .................................................................................................................... 804 Installing WSS ............................................................................................................................................. 805 Verifying IIS Websites of WSS .................................................................................................................. 807

SharePoint-80 ........................................................................................................................................ 807 SharePoint Central Administration v3 .............................................................................................. 807

Adding Users .............................................................................................................................................. 809 Configuring Antivirus Settings ................................................................................................................ 811 Managing Security Settings ...................................................................................................................... 812 Protecting Data by Performing Database Backups ................................................................................ 813 Configuring E-Mail Settings ..................................................................................................................... 815

Lab 5.1: Installing SMTP Server ......................................................................................................... 816 Lab 5.2: Configuring Outgoing E-Mails ............................................................................................ 817 Lab 5.3: Configuring Incoming E-Mails ............................................................................................ 818

Configuring Digital Rights Management ...................................................................................................... 820 Using Windows Media Rights Manager ................................................................................................. 820 Using Active Directory Rights Management Services ........................................................................... 821


Chapter 6: Implementing High Availability Technologies ............................................... 835 Exploring the RAID Technology .................................................................................................................... 836 Exploring and Implementing a Storage Area Network ............................................................................... 837

Exploring Fibre Channel ........................................................................................................................... 838 Exploring iSCSI ........................................................................................................................................... 838

Lab 6. 1: Installing the iSNS Server .................................................................................................... 840 Lab 6.2: Using iSCSI Target and Initiator .......................................................................................... 841 Lab 6.3: Using the Storage Manager Snap-in .................................................................................... 842 Lab 6.4: Using the Storage Explorer Snap-in .................................................................................... 843

Configuring Clusters ........................................................................................................................................ 844 Exploring Server Clusters Concepts ........................................................................................................ 844

Table of Contents xxiii

The Round-Robin Distribution ........................................................................................................... 845 The Network Load Balancing ............................................................................................................. 845 The Failover Clustering ....................................................................................................................... 846

Installing and Configuring NLB ............................................................................................................... 847 Working with Failover Clusters ............................................................................................................... 850

Preparing a List of Hardware Requirements for a Cluster ............................................................. 851 Adding the Failover Clustering Feature ........................................................................................... 851 Validating Hardware Configuration for a Failover Cluster ........................................................... 852 Creating a Failover Cluster ................................................................................................................. 855 Configuring a Failover Service ........................................................................................................... 856 Testing a Cluster .................................................................................................................................. 857

Implementing Virtualization ........................................................................................................................... 857 The Virtual PC 2007 ................................................................................................................................... 858 The Virtual Server 2005 R2 SP1 ................................................................................................................ 860 The Hyper-V ............................................................................................................................................... 861

Installing the Hyper-V Role ................................................................................................................ 862 Exploring Virtual Disk Types ............................................................................................................. 864 Exploring Virtual Network Types ..................................................................................................... 865 Creating a Virtual Network ................................................................................................................ 865 Creating a Virtual Machine in Hyper-V ............................................................................................ 866 Modifying the Settings of Virtual Machine ...................................................................................... 867


Part IV EXAM: 70—680

Chapter 1: Installing, Upgrading, and Migrating to Windows 7 ....................................... 879 Preparing to Install Windows 7 ...................................................................................................................... 880

Windows 7 Editions ................................................................................................................................... 881 Windows 7 Editions Matrix ................................................................................................................ 882 User Interface Features ........................................................................................................................ 882 Digital Media and Entertainment Features ...................................................................................... 882 Internet and E-mail features ............................................................................................................... 883 Security and Reliability features ........................................................................................................ 883 Performance Features .......................................................................................................................... 884 Networking Features ........................................................................................................................... 884 Mobility Features ................................................................................................................................. 885 Other Windows 7 Features ................................................................................................................. 886 Improved Features of Windows 7 over Windows Vista ................................................................. 886

Hardware Requirements ........................................................................................................................... 889 Installation Methods .................................................................................................................................. 889

Lab 1.1: Installing Windows 7 ............................................................................................................ 891 Upgrading Windows 7 ..................................................................................................................................... 900

Upgrading from Windows Vista to Windows 7 ..................................................................................... 901 Upgrading from One Edition of Windows 7 to another ....................................................................... 903 Windows 7 Upgrade Advisor ................................................................................................................... 906

xxiv Table of Contents

Lab 1.2: Running Upgrade Advisor ................................................................................................... 906 Migrating User Profile Data ............................................................................................................................ 910

Migrating from Windows XP ................................................................................................................... 910 Side-by-Side Migration ........................................................................................................................ 911 Wipe-and-load Migration ................................................................................................................... 911

Migrating from Previous Versions of Windows .................................................................................... 912 Lab 1.3: Using Windows Easy Transfer to Migrate User Profile Data .......................................... 913

User State Migration Tool ......................................................................................................................... 917 Migration Store Types ............................................................................................................................... 919

Troubleshooting Windows 7 Installation Problems ..................................................................................... 919 Identifying Common Installation Issues ................................................................................................. 919 Troubleshooting Installation Errors by using Installation Log Files ................................................... 920

Implementing Dual Booting ............................................................................................................................ 921 Lab 1.4: Booting a System in Dual Mode ................................................................................................. 921


Chapter 2: Configuring System Images in Windows 7 ....................................................... 941 Creating a System Image ................................................................................................................................. 942

The Windows Automated Installation Kit .............................................................................................. 946 Lab 2.1: Installing the Windows AIK................................................................................................. 946

The Windows PE Environment ................................................................................................................ 950 The WIM Image .......................................................................................................................................... 950

Preparing a System Image for Deployment .................................................................................................. 951 Using the DISM Tool.................................................................................................................................. 951 Adding Driver into a System Image ........................................................................................................ 951 Preparing Windows PE for Deployment ................................................................................................. 952 Installing an Update in a System Image .................................................................................................. 952 Configuring Tasks ...................................................................................................................................... 952 Exploring the MDT 2010 Tool ................................................................................................................... 953

Lab 2.2: Using the MDT 2010 Toolkit ................................................................................................ 954 The WDS Server Role ................................................................................................................................. 956

WDS Server Requirements ................................................................................................................. 957 Network Services Requirements ........................................................................................................ 957

Lab 2.3: Using the WDS server role.......................................................................................................... 957 The SCCM 2007(ConfigMgr) Tool ............................................................................................................ 963 Manual Deployment of an Image ............................................................................................................. 964

Configuring VHD ............................................................................................................................................. 964 Creating a VHD .......................................................................................................................................... 964 Exploring the Native VHD ........................................................................................................................ 969

Attaching and Detaching a VHD ....................................................................................................... 969 Lab 2.4: Using the Diskpart Utility .............................................................................................. 971

Booting from a Native VHD ............................................................................................................... 972 Updating a VHD Image ............................................................................................................................. 972 Deploying a VHD ....................................................................................................................................... 972


Table of Contents xxv

Chapter 3: Configuring Hardware and Applications .......................................................... 979 Using the ReadyBoost Feature ........................................................................................................................ 980

Lab 3.1: Configuring a Flash Memory Device for ReadyBoost ............................................................ 981 Using the Performance Information and Tools Feature .............................................................................. 982

The Adjust visual effects Option .............................................................................................................. 983 The Adjust indexing options Option ....................................................................................................... 984 The Adjust power settings Option ........................................................................................................... 984 The Open disk cleanup Option ................................................................................................................. 985 The Advanced tools Option ...................................................................................................................... 986

Configuring Windows 7 Device Drivers ....................................................................................................... 987 Lab 3.2: Installing Windows 7 Device Drivers........................................................................................ 987 Exploring Device Manager........................................................................................................................ 990 Signing Drivers ........................................................................................................................................... 990 Updating Drivers ........................................................................................................................................ 991 Uninstalling Drivers ................................................................................................................................... 994 Describing Conflict between Drivers ....................................................................................................... 995 Rolling Back Drivers .................................................................................................................................. 997

Configuring Application Compatibility ........................................................................................................ 997 Using the Program Compatibility Feature .............................................................................................. 998 Setting the Compatibility Mode ............................................................................................................. 1002 Resolving Application Compatibility Issues using ACT .................................................................... 1003

Lab 3.3: Using the Application Compatibility Toolkit .................................................................. 1007 Exploring the Application Compatibility Diagnostics Policies .......................................................... 1010 Specifying Windows XP Mode ............................................................................................................... 1010

Configuring Application Restrictions .......................................................................................................... 1011 Setting Software Restriction Policies ...................................................................................................... 1011 Setting Restrictions through Group Policy or Local Security Policy ................................................. 1012 Setting Application Control Policies using AppLocker ...................................................................... 1013

Lab 3.4: Using AppLocker Policies .................................................................................................. 1014 Configuring Windows Defender .................................................................................................................. 1018

Exploring Windows Defender Real-Time Protection .......................................................................... 1018 Configuring and Running Custom Scans ............................................................................................. 1019 Exploring Windows Defender Definitions ........................................................................................... 1021 Checking Spyware Definitions before Scanning .................................................................................. 1022

Configuring Security in IE8 ........................................................................................................................... 1024 Configuring Pop-up Blocker ................................................................................................................... 1024

Lab 3.5: Allowing Specific Websites to Display Pop-ups ............................................................. 1025 Working with Security Zones (Trusted Sites Zone) ............................................................................. 1026 Configuring Privacy Settings .................................................................................................................. 1028

Allowing and Blocking Cookies for Specific Websites .................................................................. 1028 Deleting a Browsing History ............................................................................................................ 1029

Lab 3.6: Removing the Browsing History ................................................................................. 1030 Summary .......................................................................................................................................................... 1031 Questions and Answers ................................................................................................................................. 1031

Chapter 4: Configuring Network Connectivity .................................................................. 1039 Creating a Network Connection ................................................................................................................... 1040 Troubleshooting Post-Installation Network Configuration Problems .................................................... 1042

xxvi Table of Contents

Troubleshooting Network Problems using Device Manager ............................................................. 1043 Opening Device Manager ................................................................................................................. 1044 Viewing Properties of a Device ........................................................................................................ 1045

Enabling and Disabling a Device ........................................................................................................... 1046 Using the Reliability Monitor Tool ........................................................................................................ 1048

Reporting and Solving Problems .................................................................................................................. 1049 Changing Display Settings ............................................................................................................................ 1051

Lab 4.1: Changing the Display Settings of a Computer ....................................................................... 1051 Changing Visual Appearance Settings ........................................................................................................ 1053

Changing Color and Appearance ........................................................................................................... 1053 Setting Desktop Background .................................................................................................................. 1054 Setting a Screen Saver .............................................................................................................................. 1056 Changing a Theme ................................................................................................................................... 1058

Exploring the Windows Aero Feature ......................................................................................................... 1058 Configuring and Troubleshooting Parental Controls ................................................................................ 1060

Lab 4.2: Setting up Parental Controls .................................................................................................... 1060 Controlling Access to Websites .............................................................................................................. 1062 Controlling Access to Specific Programs ............................................................................................... 1064 Controlling Access to Games .................................................................................................................. 1065

Lab 4.3: Setting Restrictions to Access Games ................................................................................ 1065 Configuring Internet Explorer ...................................................................................................................... 1067

Configuring Instant Search ..................................................................................................................... 1067 Configuring RSS Feeds ............................................................................................................................ 1069

Lab 4.4: Subscribing to an RSS Feed ................................................................................................ 1069 Specifying Printing Options .................................................................................................................... 1071 Specifying Page Setup Options ............................................................................................................... 1071 Specifying Print Preview Options .......................................................................................................... 1072 Configuring Compatibility View ........................................................................................................... 1074 Configuring Security Settings ................................................................................................................. 1076 Managing Add-ons .................................................................................................................................. 1076 Using InPrivate Browsing and InPrivate Filtering ............................................................................... 1078 Securing Web Sites using Certificates .................................................................................................... 1080

Configuring IPv4 and IPv6 ............................................................................................................................ 1080 Configuring Name Resolution ................................................................................................................ 1081 Configuring Network Locations ............................................................................................................ 1081 Resolving Connectivity Issues ................................................................................................................ 1082 Describing Automatic Private IP Addressing....................................................................................... 1086 Describing Link Local Multicast Name Resolution ............................................................................. 1086

Configuring Remote Management ............................................................................................................... 1087 Using Remote Assistance ........................................................................................................................ 1087

Lab 4.5: Creating a Remote Assistance Invitation and Providing Remote Assistance .............. 1089 Using Remote Desktop ............................................................................................................................ 1092

Lab 4.6: Establishing a Remote Desktop Connection .................................................................... 1093 Using the Windows Remote Management Method ............................................................................. 1095 Executing PowerShell Commands ......................................................................................................... 1096

Configuring Windows Firewall .................................................................................................................... 1097

Table of Contents xxvii

Enabling Windows Firewall ................................................................................................................... 1097 Enabling the Firewall Exception ............................................................................................................. 1098

Lab 4.7: Enabling Exceptions ............................................................................................................ 1098 Creating Windows Firewall Rules ......................................................................................................... 1100 Adding or Removing a Program ............................................................................................................ 1105

Configuring Network Settings ...................................................................................................................... 1107 Adding a Physically Connected Wired Device to a System ............................................................... 1108 Connecting to Wireless Network ........................................................................................................... 1110

Lab 4.8: Setting a Wireless Network ................................................................................................ 1110 Configuring Security Settings on a Client ............................................................................................. 1113 Configuring Network Adapters ............................................................................................................. 1114

Summary .......................................................................................................................................................... 1117 Questions and Answers ................................................................................................................................. 1117

Chapter 5: Configuring Access to Resources ....................................................................... 1125 Configuring Shared Resources ..................................................................................................................... 1126

Using the Network and Sharing Center Feature .................................................................................. 1126 Sharing Resources on a Home Network ............................................................................................... 1129

Creating a HomeGroup ..................................................................................................................... 1130 Joining a HomeGroup ....................................................................................................................... 1132 Sharing Files and Folders .................................................................................................................. 1133

Using Shared Folders ............................................................................................................................... 1134 Using the Net Share Commands ...................................................................................................... 1135 Using the Public Folders to Share Files ........................................................................................... 1135

Lab 5.1: Creating a Shared Folder .............................................................................................. 1136 Using Libraries ......................................................................................................................................... 1139 Using Shared Printers .............................................................................................................................. 1141

Lab 5.2: Configuring Shared Printer on a Windows 7 Computer ................................................ 1142 Configuring File and Folder Access ............................................................................................................. 1145

Configuring NTFS Permissions .............................................................................................................. 1145 Using the icacls Command ............................................................................................................... 1147 Using the Effective Permissions Tool .............................................................................................. 1147 Copying and Moving Files ............................................................................................................... 1148

Configuring Auditing .............................................................................................................................. 1148 Encrypting Files and Folders .................................................................................................................. 1149

Configuring BranchCache ............................................................................................................................. 1152 Configuring Windows 7 as a BranchCache Client ............................................................................... 1153

Using Group Policy ........................................................................................................................... 1154 Using the Netsh Command .............................................................................................................. 1154

Configuring BranchCache on Windows Server 2008 R2 ..................................................................... 1155 Lab 5.3: Configuring BranchCache in the Distributed Mode ....................................................... 1157

Configuring UAC ........................................................................................................................................... 1159 Creating a New User Account ................................................................................................................ 1161

Lab 5.4: Creating a New User Account in Windows 7 .................................................................. 1161 Managing UAC Settings through Group Policy .................................................................................. 1163

Lab 5.5: Managing UAC Settings ..................................................................................................... 1165

xxviii Table of Contents

Configuring UAC using Local Security Policies .................................................................................. 1166 Configuring Authentication and Authorization ......................................................................................... 1166

Using Credential Manager ...................................................................................................................... 1167 Using the Credentials of another User .................................................................................................. 1169

Lab 5.6: Managing Credentials ......................................................................................................... 1170 Configuring User Rights.......................................................................................................................... 1174 Using Smart Cards ................................................................................................................................... 1175 Using Account Policies ............................................................................................................................ 1175 Resolving Authentication Issues ............................................................................................................ 1176 Creating a Backup of EFS Certificates ................................................................................................... 1178


Chapter 6: Configuring Mobile Computing ........................................................................ 1187 Configuring DirectAccess .............................................................................................................................. 1188

Understanding the DirectAccess Process .............................................................................................. 1189 Configuring DirectAccess on a Client Computer ................................................................................. 1189 Configuring a DirectAccess Server ........................................................................................................ 1192

Configuring Remote Connections ................................................................................................................ 1192 Using VPN................................................................................................................................................. 1193

Authentication Protocols ................................................................................................................... 1193 VPN Reconnect ................................................................................................................................... 1194

Lab 6.1: Configuring a VPN Connection .................................................................................. 1195 Using NAP ................................................................................................................................................ 1198 Using Remote Desktop Gateway ........................................................................................................... 1199 Configuring Dial-up Connections .......................................................................................................... 1201 Configuring Windows 7 to Accept Incoming Connections ................................................................ 1202

Configuring BitLocker and BitLocker To Go .............................................................................................. 1204 BitLocker .................................................................................................................................................... 1205

Lab 6.2: Enabling BitLocker .............................................................................................................. 1208 BitLocker To Go ........................................................................................................................................ 1212

Configuring Mobility Options ...................................................................................................................... 1212 Using the Offline Files Feature ............................................................................................................... 1212

Using Transparent Caching .............................................................................................................. 1213 Using the Sync Center Feature ......................................................................................................... 1213

Lab 6.3: Synchronizing Files Stored on a Network ................................................................. 1214 Configuring Power Options .................................................................................................................... 1217

Selecting and Customizing a Power Plan ....................................................................................... 1218 Configuring Button Behavior ........................................................................................................... 1220 Creating a Custom Power Plan ........................................................................................................ 1221

Lab 6.4: Creating Custom Power Plans ..................................................................................... 1221 Summary .......................................................................................................................................................... 1223 Questions and Answers ................................................................................................................................. 1223

Chapter 7: Monitoring and Maintaining Systems that Run Windows 7 ....................... 1231 Configuring Updates for Windows 7 ........................................................................................................... 1232

Windows Update ..................................................................................................................................... 1233

Table of Contents xxix

Installing Updates for Microsoft Products ...................................................................................... 1234 Lab 7.1: Downloading Updates for Microsoft Products ......................................................... 1235

Installing Updates by using a Proxy Server ................................................................................... 1238 Installing Windows 7 Update Files Manually ................................................................................ 1239

Action Center ............................................................................................................................................ 1239 Windows Server Update Services .......................................................................................................... 1240 Windows Update Policies ....................................................................................................................... 1240 Microsoft Baseline Security Analyzer .................................................................................................... 1241

Managing Disks .............................................................................................................................................. 1241 Defragmenting Disks ............................................................................................................................... 1241 Checking Errors in a Hard Disk ............................................................................................................. 1243 Using Local Group Policy Editor to Set Disk Policies ......................................................................... 1243

Lab 7.2: Denying the Write Operation for Data to USB Device ................................................... 1244 Exploring Disk Management .................................................................................................................. 1245

Using Basic and Dynamic Disks ...................................................................................................... 1246 Transferring Disk to Another Computer ........................................................................................ 1246 Reactivating Dynamic Disk .............................................................................................................. 1247

Creating Different Types of Volumes .................................................................................................... 1247 Simple Volume ................................................................................................................................... 1248 Spanned Volume ................................................................................................................................ 1250 Striped Volume .................................................................................................................................. 1250 Mirrored Volume (RAID-1) .............................................................................................................. 1250 Striped Volume with Parity (RAID-5) ............................................................................................. 1250

Expanding and Shrinking Volumes ....................................................................................................... 1250 Deleting a Partition .................................................................................................................................. 1252

Monitoring Systems ....................................................................................................................................... 1252 Monitoring Performance ......................................................................................................................... 1252

Performance Monitor......................................................................................................................... 1253 Lab 7.3: Monitoring Disk Performance ..................................................................................... 1253

Data Collector Sets ............................................................................................................................. 1255 Assessing System Reliability and Stability ............................................................................................ 1256

Stability Index ..................................................................................................................................... 1256 Stability Chart ..................................................................................................................................... 1257

Using System Tools .................................................................................................................................. 1257 Task Manager ..................................................................................................................................... 1257 Resource Monitor ............................................................................................................................... 1260 System Information ........................................................................................................................... 1261 Process Explorer ................................................................................................................................. 1261

Using Event Viewer ................................................................................................................................. 1262 Creating an Event Subscription .............................................................................................................. 1263

Configuring Performance Settings ............................................................................................................... 1264 Accessing System Management Information ....................................................................................... 1265

CIMOM ............................................................................................................................................... 1265 WMI Providers ................................................................................................................................... 1265 WMI Service ........................................................................................................................................ 1265 CIM Repository .................................................................................................................................. 1266

xxx Table of Contents

CIM Classes ........................................................................................................................................ 1266 WMI Consumers ................................................................................................................................ 1266 WMI Scripting Library ...................................................................................................................... 1266 WMI Administrative Tools ............................................................................................................... 1266

WMI CIM Studio ...................................................................................................................................... 1269 WMI Object Browser ................................................................................................................... 1270 WMI Event Registration ............................................................................................................. 1271

WMI Event Viewer ............................................................................................................................ 1272 Using the System Configuration Tool ................................................................................................... 1272 Using the Services Console ..................................................................................................................... 1273 Using the Performance Options Tool .................................................................................................... 1274 Managing Hard Disk Write Cache ......................................................................................................... 1275 Using Event Viewer to Troubleshoot Performance Problems ............................................................ 1275 Using Performance Analysis Tools in Windows 7 ............................................................................... 1276

Using the Xperf.exe Command-Line Tool ...................................................................................... 1276 Using the Visual Trace Analysis Tool ............................................................................................. 1277 Using the Xbootmgr.exe Command-Line Tool .............................................................................. 1277


Chapter 8: Configuring Backup and Recovery Options ................................................... 1285 Configuring Backup ....................................................................................................................................... 1286

Creating Backup ....................................................................................................................................... 1286 Lab 8.1: Creating Backup and Restoring Files and Folders .......................................................... 1287

Using System Image Backup................................................................................................................... 1290 Configuring System Recovery Options ....................................................................................................... 1290

System Restore .......................................................................................................................................... 1291 Advanced Boot Options .......................................................................................................................... 1294 Boot Configuration Data ......................................................................................................................... 1294

Configuring File Recovery Options .............................................................................................................. 1294 Configuring File Restore Points .............................................................................................................. 1295

Lab 8.2: Creating Restore Point ........................................................................................................ 1295 Restoring Previous Versions of Files and Folders ................................................................................ 1297 Restoring Damaged or Deleted Files by using Shadow Copies ......................................................... 1297 Restoring User Profiles ............................................................................................................................ 1298


Part V EXAM: 70—647

Chapter 1: Planning IP Addressing and Name Resolution in Windows Server 2008 ....... 1309 Planning for IP Addressing ........................................................................................................................... 1310

Exploring IP Addressing Techniques .................................................................................................... 1310 Exploring IP Addressing Ranges ........................................................................................................... 1311 Exploring IPv6 Addressing ..................................................................................................................... 1311

The IPv6 Shorthand Notation ........................................................................................................... 1312 The IPv6 Anatomy ............................................................................................................................. 1312

Table of Contents xxxi

The IPv6 Address Types ................................................................................................................... 1312 The IPv6 Unicast Address ................................................................................................................. 1313 The Advantages of IPv6 Addresses ................................................................................................. 1313

Exploring IPv4 to IPv6 Transitional Techniques .................................................................................. 1314 The Dual Stacking Technique ........................................................................................................... 1314 The Tunneling Technique ................................................................................................................. 1314

Planning Name Resolution ............................................................................................................................ 1315 Planning for DNS in Windows Server 2008 .......................................................................................... 1315

Using New Features of DNS ............................................................................................................. 1317 Configuring DNS in Windows Server 2008 .................................................................................... 1317 Lab1.1: Installing and Configuring DNS in Windows Server 2008 ............................................. 1317

Planning for DNS Infrastructure ............................................................................................................ 1321 The Domain Namespaces ................................................................................................................. 1321 The Split Zones DNS ......................................................................................................................... 1322 The DNS Forwarding ........................................................................................................................ 1323 The Zone Types .................................................................................................................................. 1324 The Root Hints .................................................................................................................................... 1325 The AD DS with Existing DNS Infrastructure ............................................................................... 1326 The GlobalNames Zones ................................................................................................................... 1327

Planning Name Resolution Support for Legacy Clients ..................................................................... 1328 Using WINS ........................................................................................................................................ 1328 Using GlobalNames DNS Zones ...................................................................................................... 1331


Chapter 2: Planning and Designing AD Domain Services and Physical Topology .... 1339 Designing an AD Forest Structure ................................................................................................................ 1340

Exploring AD Functional Levels ............................................................................................................ 1341 Exploring Forest Design Elements ......................................................................................................... 1343 Exploring Forest Design Models ............................................................................................................ 1343

Designing an AD Domain Structure ............................................................................................................ 1345 Exploring Domain Design Models ......................................................................................................... 1345 Creating a Domain Structure .................................................................................................................. 1347

Upgrading an Existing Domain or Deploying New Domain ....................................................... 1348 Designing the Forest and Domain Trust Models ........................................................................................ 1348

The Forest Trusts ...................................................................................................................................... 1349 The Domain Trust .................................................................................................................................... 1349

Designing the AD DS Schema ....................................................................................................................... 1350 Designing the Schema Modification ...................................................................................................... 1351 Upgrading the AD DS Schema ............................................................................................................... 1351

Lab 2.1: Designing the Forest Structure .......................................................................................... 1352 Lab 2.2: Designing the Domain Structure ....................................................................................... 1352 Lab 2.3: Designing the Functional Levels ....................................................................................... 1353 Lab 2.4: Designing the Shortcut Trusts............................................................................................ 1353

Designing Physical Topology of AD DS ...................................................................................................... 1354 Designing AD DS Site Structure ............................................................................................................. 1354

Gathering Requirements ................................................................................................................... 1354

xxxii Table of Contents

Designing the AD DS Site Model ..................................................................................................... 1355 Designing the AD DS Replication .......................................................................................................... 1355

The AD DS Replication Topology .................................................................................................... 1355 The AD DS Site Links and Site Link Properties ............................................................................. 1357 The AD DS Site Link Bridging.......................................................................................................... 1357

Designing the Placement of Domain Controllers ................................................................................. 1358 The Placement of Forest Root Domain Controllers ....................................................................... 1358 The Placement of Regional Domain Controllers ............................................................................ 1358 The Placement of RODCs .................................................................................................................. 1358

Designing the Placement of Global Catalog Servers............................................................................ 1359 Designing the Placement of Operation Master Roles .......................................................................... 1359 Designing the Placement of Printers ...................................................................................................... 1360

Lab 2.5: Designing the Site Structure ............................................................................................... 1361 Lab 2.6: Designing Replication ......................................................................................................... 1362 Lab 2.7: Designing the Placement of Domain Controllers ............................................................ 1363


Chapter 3: Planning Migration of Forests and Domains and Cross-Platform Interoperability ........................................................................ 1375

Planning for Migration of Forests and Domains ........................................................................................ 1376 Exploring the Migration Paths ................................................................................................................ 1376

The Domain Upgrade Migration Path ............................................................................................ 1377 The Domain Restructure Migration Path ........................................................................................ 1377 The Upgrade-Then-Restructure Migration Path ............................................................................ 1377

Exploring the Active Directory Migration Tool ................................................................................... 1378 Planning for Migrating an Existing Domain to Windows Server 2008 ............................................. 1378

Lab 3.1: Planning for Migrating an Existing Forest to Windows Server 2008 ............................ 1379 Exploring the Migration of Network Objects ....................................................................................... 1380 Exploring the Consolidation of Network Objects ................................................................................ 1380 Exploring Cross-forest Authentication .................................................................................................. 1381

Planning for Interoperability of Disparate Technologies .......................................................................... 1382 Planning for Active Directory Federation Services .............................................................................. 1382 Exploring Microsoft ILM 2007 FP1 ........................................................................................................ 1383 Planning for Cross-Platform Interoperability ....................................................................................... 1384

Managing User Identity .................................................................................................................... 1384 Understanding Password Synchronization .................................................................................... 1384 Exploring Server for NIS ................................................................................................................... 1385 Exploring Services for NFS ............................................................................................................... 1386


Chapter 4: Planning and Designing AD .............................................................................. 1397 Planning for Delegation of AD Administration and Administrative Model .......................................... 1398

Planning the Classification of Organizations ....................................................................................... 1399 Planning Delegation of Principles and Benefits ................................................................................... 1399

Table of Contents xxxiii

Planning AD Management through Delegation .................................................................................. 1400 The Service Management .................................................................................................................. 1400 The Data Management ...................................................................................................................... 1400

Planning for AD Administrative Model ................................................................................................ 1401 The Centralized Administrative Model .......................................................................................... 1401 The Decentralized Administrative Model ...................................................................................... 1401 The Hybrid Administrative Model .................................................................................................. 1402

Planning Group Strategy to Delegate AD Management Tasks .......................................................... 1403 Planning for Management Roles ............................................................................................................ 1403 Planning Trusts ......................................................................................................................................... 1404

The Forest-Level Trusts ..................................................................................................................... 1404 The Trust Type and Direction .......................................................................................................... 1405

Planning for AD DS Audit and Group Policy Compliance ................................................................ 1406 Planning the Organizational Structure .................................................................................................. 1407

Planning and Designing Group Policy Strategies ...................................................................................... 1409 Planning the Group Policy Hierarchy ................................................................................................... 1409

Planning the GPO Structure ............................................................................................................. 1409 Planning the AD Structure ................................................................................................................ 1410 Planning the AD Schema .................................................................................................................. 1410

Planning the Group Policy Scope Filtering ........................................................................................... 1410 Planning the Group Policies to Control Device Installation ............................................................... 1411

Planning Group Policy Settings ....................................................................................................... 1412 Planning for Hardware IDs, Compatible IDs, and GUIDs ........................................................... 1413

Planning for Authentication and Authorization .................................................................................. 1414 The Password Authentication .......................................................................................................... 1414 The Fine-Grained Password Policy Based Authentication ........................................................... 1415 Lab 4.1: Implementing Fine-Grained Password Policy Based Authentication .......................... 1416 The Smart Card Authentication ....................................................................................................... 1418


Chapter 5: Designing Network Access Strategy and Branch Office Deployment ............................................................................................... 1427

De Designing Network Access Strategy ...................................................................................................... 1428 Designing the Perimeter Network Strategy .......................................................................................... 1428

Designing for Securing the Perimeter Network ............................................................................. 1429 Designing for Strategic Services in the Perimeter Network ......................................................... 1430 Designing for Web Service Deployment in the Perimeter Network ........................................... 1431

Designing for Remote Access Strategy .................................................................................................. 1431 Planning for VPN based Remote Access ......................................................................................... 1431

Planning Secure VPN Server Deployment ............................................................................... 1433 Planning for RADIUS Server based Remote Access ...................................................................... 1433

Planning RADIUS Server for Main Office ................................................................................ 1434 Lab 5.1: Designing the VPN Solution .............................................................................................. 1435 Lab 5.2: Designing the RADIUS Solution ....................................................................................... 1436

Designing Network Access Protection .................................................................................................. 1436

xxxiv Table of Contents

Planning and Designing NAP IPSec Enforcement ........................................................................ 1438 Planning PKI Support for IPSec Enforcement ................................................................................ 1439 Planning VPN Enforcement with NAP ........................................................................................... 1440 Planning DHCP Enforcement with NAP ........................................................................................ 1440

Designing Domain and Server Isolation ............................................................................................... 1441 Comparing IPSec Enforcement with Domain and Server Isolation ............................................ 1441 Migrating to IPSec NAP from Domain and Server Isolation ....................................................... 1442

Designing Branch Office Deployment ......................................................................................................... 1442 Designing Components and Services of Branch Office ....................................................................... 1442

Designing Windows Deployment Services .................................................................................... 1443 Adding DC in a Branch Office .......................................................................................................... 1443

Designing Branch Office Server Security .............................................................................................. 1444 Designing Security of Windows Server 2008 in Branch Office .................................................... 1445

The RODC ..................................................................................................................................... 1446 Designing Branch Office Security with NAP ................................................................................. 1446


Chapter 6: Planning for Terminal Services, Application Deployment and Virtualization ......................................................................... 1457

Planning for Terminal Services ..................................................................................................................... 1458 Planning TS Licensing ............................................................................................................................. 1459

The Licensing Types .......................................................................................................................... 1459 The Licensing Server Scopes ............................................................................................................. 1459 The TS License Server Activation .................................................................................................... 1460 The License Server Placement .......................................................................................................... 1461 The License Server Backup and Restore ......................................................................................... 1461 The License Server Deployment ...................................................................................................... 1461

Planning the TS Web Access for Application Deployment ................................................................ 1461 Planning Terminal Server Farm Deployment ....................................................................................... 1463 Planning Terminal Services Gateway .................................................................................................... 1463

The TS Gateway Protocols ................................................................................................................ 1463 The TS Gateway Placement .............................................................................................................. 1464 The TS Gateway Security .................................................................................................................. 1464

Planning the Deployment of Applications .................................................................................................. 1465 Using Group Policy .................................................................................................................................. 1465 Using System Center Essentials .............................................................................................................. 1466 Using SCCM 2007 ..................................................................................................................................... 1467

Planning for Virtualization ............................................................................................................................ 1468 Planning for Operating System Virtualization ..................................................................................... 1468

Planning for Virtual Server 2005 R2 ................................................................................................ 1469 Planning for Hyper–V ....................................................................................................................... 1470

Creating Virtual Servers ............................................................................................................. 1470 Managing Virtual Servers ........................................................................................................... 1470

Planning for Server Upgrade or Migration .................................................................................... 1471 Using VSMT ................................................................................................................................. 1472

Table of Contents xxxv

Planning for Application Virtualization ................................................................................................ 1473 Planning Application Virtualization using Microsoft SoftGrid ................................................... 1473 Deployment of Application Virtualization using Microsoft SoftGrid ........................................ 1474 Branch office Deployment using Microsoft SoftGrid .................................................................... 1474


Chapter 7: Planning and Designing Security in an Enterprise ........................................ 1485 Planning PKI Requirements .......................................................................................................................... 1486

Planning PKI – Enabled Applications ................................................................................................... 1487 Planning Certificate Requirements ........................................................................................................ 1487 Planning Certificate Security Requirements ......................................................................................... 1488 Planning the Company Security Policy ................................................................................................. 1488 Planning Business Requirements ........................................................................................................... 1489 Planning Active Directory Requirements ............................................................................................. 1489 Planning Certificate Template Requirements ....................................................................................... 1489

Designing Certificate Authority Hierarchy ................................................................................................. 1490 Designing the Certificate Authority Infrastructure ............................................................................. 1490

The Root Certificate Authority ......................................................................................................... 1490 The Internal and Third-Party Certificate Authority ...................................................................... 1491

Designing Certificate Types and Roles .................................................................................................. 1492 Designing the Certificate Lifecycle Management Plan .............................................................................. 1493

Planning Certificate Enrollment ............................................................................................................. 1493 The Automatic and Manual Requests ............................................................................................. 1494 The Automatic and Manual Approval ............................................................................................ 1495

Designing the Certificate Authority Renewal Strategy ....................................................................... 1495 Designing the Certificate Revocation Policy ......................................................................................... 1495

The Certificate Revocation List ........................................................................................................ 1495 The Online Certificate Status Protocol ............................................................................................ 1496


Chapter 8: Planning for Data Sharing, Data Security, and Business Continuity ......... 1505 Planning for Data Sharing ............................................................................................................................. 1506

Planning for DFS Deployment ................................................................................................................ 1506 DFS Elements ...................................................................................................................................... 1507 The Advanced Settings and Features of DFS Namespace ............................................................ 1508 DFS Replication .................................................................................................................................. 1509 The DFS Design Process .................................................................................................................... 1510

Planning for Implementing SharePoint Infrastructure ........................................................................ 1511 WSS 3.0 ................................................................................................................................................ 1511 MOSS 2007 .......................................................................................................................................... 1512

Planning for Data Security ............................................................................................................................ 1512 Using Windows BitLocker ...................................................................................................................... 1513

The BitLocker Authentication Mode ............................................................................................... 1513 The BitLocker Security Design ......................................................................................................... 1514

xxxvi Table of Contents

Using EFS .................................................................................................................................................. 1514 Using AD RMS ......................................................................................................................................... 1515

The AD RMS Rights-Protected Information ................................................................................... 1516 The AD RMS Applications ................................................................................................................ 1517 Lab 8.1: Designing a Data Sharing and Data Storage Security Solutions ................................... 1518

Planning for Business Continuity ................................................................................................................. 1518 Using AD DS Backup and Recovery ...................................................................................................... 1519

AD DS Backup .................................................................................................................................... 1519 AD DS Recovery ................................................................................................................................. 1520

Seizing the Operations Master Roles ..................................................................................................... 1520 Using NLB ................................................................................................................................................. 1521 Using Failover Clusters ........................................................................................................................... 1521


Chapter 9: Designing Software Updates and Compliance Management ...................... 1531 Designing Software Updates ......................................................................................................................... 1532

Using Microsoft Update .......................................................................................................................... 1532 Using Windows Server Update Services (WSUS) ................................................................................ 1533

Managing Windows Server Update Services ................................................................................. 1533 Deploying Windows Server Update Services ................................................................................ 1533 Deploying Windows Server Update Services in an Enterprise .................................................... 1535 Lab 9.1: Installing WSUS 3.0 SP1 on Windows Server 2008 ......................................................... 1536

Using System Center Essential 2007 ...................................................................................................... 1541 Configuring SCE 2007 Software Update ......................................................................................... 1542 Configuring SCE 2007 in an Enterprise ........................................................................................... 1542

Using System Center Configuration Manager 2007 ............................................................................ 1542 Designing Compliance Management ........................................................................................................... 1543

Lab 9.2: Installing the MBSA Tool on Windows Server 2008 ....................................................... 1544 Summary .......................................................................................................................................................... 1546 Questions and Answers ................................................................................................................................. 1547

About the CD ............................................................................................................................ 1557

Index ........................................................................................................................................... 1573

Documents

Introduction xxxvii Part I EXAM: 70—640 Chapter 1: …toc.dreamtechpress.com/toc_978-93-5004-010-2.pdf · Introduction ..... xxxvii Part I EXAM: 70—640 Chapter 1: Working with