Upload
jonlast93
View
38
Download
1
Tags:
Embed Size (px)
Citation preview
Coach Culbertson | Train Signal, Inc.
Welcome to Windows Server 2008 R2 Training
Coach Culbertson
MCT, MCITP, MCTS ,etc., etc.
Coach Culbertson | Train Signal, Inc.
•A Little About Your Instructor
•Hardware Setup
•What’s In This Course
What Is New In Server 2K8 R2
In this video:
Coach Culbertson | Train Signal, Inc.
A Little About Your Instructor
• MCITP, MCSA, MCDBA, MCT, A+, Net+, CIW, and a few others
• 2 Year Tour of Duty as an Inner City High School Teacher in Chicago
• Launched a couple hundred careers
About Train Signal• Casual Training Method that teaches real skills first
• Scenario-Based Training to answer the question "Why does this change my life?"
About Benjamin “Coach” Culbertson
Coach Culbertson | Train Signal, Inc.
• 2 Hyper-V Compatible Servers with Server 2K8 R2 installed
• 1 Server is a DC, DC1-R2
• The Other is a Hyper-V box
• Both are – 4GB RAM – 2.4 GHZ Quad-Core
Processors– 2 - 250GB HDD’s
Hardware Setup
Here’s What I Have
Coach Culbertson | Train Signal, Inc.
2. New Active Directory Management Tools
3. The Active Directory Recycling Bin
4. New Group Policy in Server 2008 R2
5. Build an ASP.NET Application Server on Server Core
6. Boot a Machine with a Virtual Hard Disk
What’s In This Course
And now, the Hit Parade for this course!
Coach Culbertson | Train Signal, Inc.
7. Hyper-V Dynamic Storage and Quick Switch Settings
8. Remote Desktop Services: Personal Virtual Desktops
9. Hyper-V Clustering!?!?
10.2K8 R2+Win7: AppLocker
11.BranchCache
12.Concept: Direct Access
What’s In This Course
Coach Culbertson | Train Signal, Inc.
SO LET’S GET GOING!
So now…
…you know about your instructor, the basics of the hardware you need if you want to play along at home, and what you and I are going to cover in the course…
Coach Culbertson | Train Signal, Inc.
New Active Directory Management Tools
Easy-Peasy AD Management
Coach Culbertson | Train Signal, Inc.
• The Shiny New Active Directory Management Console
• The Best Practices Analyzer
• RSAT On Windows…7? YES!
New AD Management Tools
In this video:
Coach Culbertson | Train Signal, Inc.
• Engage the Active Directory Administrative Center
• Run the Best Practices Analyzer to find Best Practices for a particular Role
• Install RSAT on Windows 7
What We Covered
After watching this video, you should be able to:
Coach Culbertson | Train Signal, Inc.
The Active Directory Recycling Bin
A PowerShell Solution to Save You Massive Time When Your User Accounts Get
Trashed (Accidentally, of course)
Coach Culbertson | Train Signal, Inc.
• The Server 2008 R2 Domain Functional Level
•Coach’s AD Toolbox: Activating and Using the AD Recycling Bin
The Active Directory Recycling Bin
In this video:
Coach Culbertson | Train Signal, Inc.
• The new Server 2008 R2 Domain Functional Level has all the features of the Server 2008 Functional Level, but adds the AD Recycling Bin
• All Domain Controllers in your network must be running Server 2008 R2—no exceptions
The Server 2008 R2 Domain Functional Level
There’s a new Functional Level in Town…
Coach Culbertson | Train Signal, Inc.
• I Built a PowerShell Script Mini-Library for you so you can use the AD Recycling Bin ASAP
Coach’s AD Toolbox
Activating and Using the AD Recycling Bin
Coach Culbertson | Train Signal, Inc.
• Identify the Functional Level of a AD Domain
• Install the PowerShell Editor on a Server 2008 R2 Machine
• Activate the AD Recycling Bin using Coach’s AD Recycling Bin Mini-Library Script
• Restore an AD Object using Coach’s AD Recycling Bin Mini-Library Script
What We Covered
After watching this video, you should be able to:
Coach Culbertson | Train Signal, Inc.
New Group Policy in Server 2008 R2
And now for some new GPO Toys!
Coach Culbertson | Train Signal, Inc.
• New Look, Nice Interface
• Super Easy Power Plan Preferences
• Internet Explorer 8 Preferences
• Starter GPO’s – Now built-in!
New Group Policy in Server 2008 R2
In this video:
Coach Culbertson | Train Signal, Inc.
• Admire the new interface
• Set Power Preferences for Win XP, Vista, and Win 7 Clients
• Find IE 8 Group Policy Settings Using the Filter Options
• Set IE 8 Options in Group Policy Preferences
• Install and Use the Built-In Starter GPO’s as a base for creating new GPO’s
What We Covered
After viewing this video, you should be able to:
Coach Culbertson | Train Signal, Inc.
Build an ASP.NET Application Server on Server Core
You and I are going to build an IIS 7.5 ASP.NET Web Server From Start to Finish, Including FTP and Remote
Management! BOOYAH!
Coach Culbertson | Train Signal, Inc.
• Ummm, yeah, I’ve already told you what we’re going to do….
–Included: The Batch Script for installing ASP.NET in Server Core So You Don’t Have to Type A Billion Commands
IIS 7.5: Now with More Toys
In this video:
Coach Culbertson | Train Signal, Inc.
1. Change the password on the administrator account on Server Core R2
2. Use sconfig to do the basic configuration:
1. Rename the machine to something intelligible
2. Set up your Network IP Address and DNS settings
3. Set Time Zone, etc.
What We Covered
Here’s your punchlist
Coach Culbertson | Train Signal, Inc.
3. Use sconfig to:
1. Enable Remote Management via MMC
2. Enable PowerShell
3. Enable Remote Management via Server Manager
4. Check Firewall Settings
4. Run the script included in this course, aspCoreInstall.bat
What We Covered
Punchlist Continued
Coach Culbertson | Train Signal, Inc.
5. Connect to your Server Core Machine using Server Manager on a separate machine
6. Connect Your Machine to your IIS Manager on a separate machine
7. Create an FTP site for your Server Core machine using IIS Manager
8. Set up any User Accounts that you want to have access to the FTP site
What We Covered
More Punchlist! I Need More Punchlist!
Coach Culbertson | Train Signal, Inc.
9. Test out the FTP site using either the command line ftp or connect with your favorite FTP client software (Filezilla rules!)
What We Covered
YES! More Punchlist Items
You can use RSAT on Windows 7 to manage your Server Core Machine using Server Manager. IIS Manager is also available for Win 7 (and Vista), and you can manage your Server Core Web Server with it as well.
Don’t forget when you log in to your FTP site to include the name of your Virtual Host: Ex: yourvirutalftpname.yourdomain.com|UserName
Coach Culbertson | Train Signal, Inc.
Boot a Machine with a Virtual Hard Disk
Test Out New Server Stuff (or Win7 stuff!) Without Blowing Away Your Current OS!
Coach Culbertson | Train Signal, Inc.
•Why Would You Do This?
•Coach’s Toolbox | The VHDBoot Script
Boot a Machine with a VHD
In this video:
Coach Culbertson | Train Signal, Inc.
Why Would You Do This?
So,ummm...yeah, what’s up with this VHD boot thing?
The Virtual Hard Drive lives on the
physical hard drive
Instead of booting up from the OS on the physical drive, in Server 2008 R2 we can boot up from the VHD file on the physical disk.
Coach Culbertson | Train Signal, Inc.
• Loading up an OS that’s different than your primary OS allows you to tweak, test, blow stuff up, and see how things work—without blowing away your primary OS
• Great for developers and admins trying out new things—and if doesn’t work, delete the VHD
• Also been tested to boot a VHD from a USB drive—Google or Bing this
Why Would You Do This?
…and here’s why
Coach Culbertson | Train Signal, Inc.
• We’ll need to use the bcdedit command to set this up
• It’s not hard, but it’s still a command that’s easier to use a script for
• Let’s try it out
Coach’s Toolbox | The VHDBoot Script
Easy VHD Boot Setup
Coach Culbertson | Train Signal, Inc.
• Copy a VHD file to another machine (BFD!)
• Use bcdedit /Enum to list the current entries in the Boot Manager
• Create a new boot set up with bcdedit /copy {current} /d “Name You Type Here”
• Modify the VHDBoot.bat script with the GUID from the new cloned boot settings
• Run the VHDBoot script to set up the boot loader for an alternate boot and boot it
What We Covered
After watching this video, you should be able to:
Coach Culbertson | Train Signal, Inc.
Hyper-V Dynamic Storage and Quick Switch Settings
Just a Few New Toys in Hyper-V in Server 2008 R2
Coach Culbertson | Train Signal, Inc.
• A Quick Look at New Hyper-V Capabilities
• WHAT?!?! I Don’t Have to Shut Down?
–Quick Switch Settings
Hyper-V Dynamic Storage
In this video:
Coach Culbertson | Train Signal, Inc.
Comparing Microsoft Hyper-V Server R1 to R2
Feature Hyper-V Server 2008 R1 Hyper-V Server 2008 R2
Physical processor support
Up to 4 processors Up to 8 processors
Logical processor support
Up to 16 Up to 64
Physical memory support
Up to 32GB Up to 1TB
Live migration No Yes
High availablility No Yes
A Quick Look at New Hyper-V Capabilities
New Fun Stuff
Coach Culbertson | Train Signal, Inc.
A Quick Look at New Hyper-V Capabilities
And Even More Fun Stuff
• Support for running up to 384 virtual machines with up to 512 virtual processors
• Processor compatibility mode for live migration across different processors from the same vendor
• Hot add/remove of virtual storage
Coach Culbertson | Train Signal, Inc.
• Now with Server 2008 R2, you can add or remove virtual SCSI Hard Disks without shutting down your VM
• You’ll still need to boot up with a virtual IDE disk, though—no hot swapping on IDE
• It’s easy, let me show this now
WHAT?!?! I Don’t Have to Shut Down?
Ummm, yeah, that’s the point….
Coach Culbertson | Train Signal, Inc.
• Describe some of the new advantages of running Hyper-V on Server 2008 R2
• Add or remove virtual SCSI hard drives on a VM on the fly (without shutdown)
• Use the Quick Switch to move between VM Settings
What We Covered
After watching this video, you should be able to:
Coach Culbertson | Train Signal, Inc.
Remote Desktop Services: Personal Virtual Desktops
Terminal Services No More—Now It’s all Remote Desktop Services
Coach Culbertson | Train Signal, Inc.
•Personal Desktops: Thin-Client Style OS’s
•Also, What is a VDI?
Remote Desktop Services
In this video:
Coach Culbertson | Train Signal, Inc.
• Why would you ever do this?– Reduced
hardware costs (sort of)
– Greater Administrative Control and Security
– It’s Cool
Personal Desktops: Thin Client Style OS’s
Everything old is new again...RDS Server
Hyper-V Server
Coach Culbertson | Train Signal, Inc.
VirtualDesktop
Infrastructure
Also, What the !@#$ is a VDI?
VDI is not a disease….
Coach Culbertson | Train Signal, Inc.
• Define what a VDI actually is
• Install all the necessary Roles and Role Services required for an initial VDI
• Rename Win 7 VM’s for use in a VDI
• Assign a User to a Personal Desktop
• Use RD Web Access to access a Personal Desktop VM
What We Covered
After watching this video, you should be able to:
Coach Culbertson | Train Signal, Inc.
Hyper-V Clustering!?!?
Highly Available (and Highly Expensive) Virtual Machine Movement Between Servers
Coach Culbertson | Train Signal, Inc.
•What Does It Take To Build Highly Available VM’s?
• The 2 Methods of Easy VM Migration
Hyper-V Clustering!?!?
In this video:
Coach Culbertson | Train Signal, Inc.
• Here’s what you need:
– Two Hyper-V Servers with as close to identical hardware configsas possible
– A Separate SCSI-3 Compliant Storage Appliance
What Does It Take To Build Highly Available VM’s?
A lot of expensive hardware, that’s what!
SAN/NAS Storage(iSCSI is a good option)
Your SAN/NAS must support SCSI-3 persistent connections
Coach Culbertson | Train Signal, Inc.
When one machine needs to go down for maintenance, the VM can be migrated to the other live machine
What Does It Take To Build Highly Available VM’s?
So…what it does do once you have it built?
SAN/NAS Storage(iSCSI is a good option)
Virtual Machine
Coach Culbertson | Train Signal, Inc.
• The original method: Quick Migration– The Virtual Machine is taken offline,
moved to the other machine, and then brought back up
• The R2 method: Live Migration– The Virtual Machine is in essence
copied to the other machine while the original continues to run
– Once the copy is moved, the original VM is removed from the source machine, while the new copy is happily running on the destination machine
The 2 Methods of Easy VM Migration
Moving your VM can be easy
Coach Culbertson | Train Signal, Inc.
• Describe what is required to build a Hyper-V Failover Cluster
• Describe the 2 methods of migration and the difference between the tw
• But wait…there’s more
What We Covered
After watching this video, you should be able to:
Coach Culbertson | Train Signal, Inc.
Bonus: Coach’s Hyper-V Clustering Science Experiment
Super Secret Video
If you act right now…by continuing to watch….
Coach Culbertson | Train Signal, Inc.
Science Time!
And here’s what I’ve got…
1 HP Proliant ML350 Xeon Quad Core4GB of RAM2 NIC’s
1 Frankenstein Intel Quad Core4GB of RAM3 NIC’s
ReadyNAS ProStorage Appliance
1 VMWareVirtual MachineWindows StorageServer 2008512 MB of RAM3 NIC’s
Coach Culbertson | Train Signal, Inc.
• Describe Failover Clustering in terms of how it’s useful with Hyper-V
• Describe the Hardware Requirements for Failover Clustering
• Run the Validate a Configuration Wizard to determine viability of hardware for Clustering
• Attach iSCSI storage using the iSCSI Initiator in Server 2008 (and R2)
• Create a Basic Failover Cluster using a Node Majority and File Share Quorum configuration
What We Covered
After watching this video, you should be able to:
Coach Culbertson | Train Signal, Inc.
• Create a Highly Available Virtual Machine using the Failover Clustering Manager
• Describe the differences between Quick Migration and Live Migration
What We Covered
Coach Culbertson | Train Signal, Inc.
2K8 R2+Win7: AppLocker
Decide Who Can Run What Applications On Your Desktops
Coach Culbertson | Train Signal, Inc.
•The AppLockerGPO Setting
2K8 R2+Win7: AppLocker
In this video:
Coach Culbertson | Train Signal, Inc.
The AppLocker GPO Setting
Coach Culbertson | Train Signal, Inc.
• Locate the AppLocker GPO Setting in the Group Policy Editor
• Configure the Application Identity Service to start automatically (and start it!)
• Use the Local Security Policy on a Win 7 client to identify applications that you want to lock down
• Create a basic AppLocker Rule to deny the running of an application for a particular user in both a GPO and in Local Security Policy
What We Covered
After watching this video, you should be able to:
Coach Culbertson | Train Signal, Inc.
BranchCache
A Nifty Feature That Will Help Stop Your Branch Offices From Bleeding
Bandwidth (And Make Your Users Happy)
Coach Culbertson | Train Signal, Inc.
• Stop the Bleeding!
• Two Methods of Implementing BranchCache
• The Easy Implementation: Co-Op
BranchCache
In this video:
Coach Culbertson | Train Signal, Inc.
Stop the Bleeding!
When you’ve got a branch office…
File Server
Coach Culbertson | Train Signal, Inc.
Two Methods of Implementing BranchCache
Instead…Cooperative Mode BranchCache
File Server
Coach Culbertson | Train Signal, Inc.
Two Methods of Implementing BranchCache
Or…Hosted Mode BranchCache
File Server
Coach Culbertson | Train Signal, Inc.
• First, install BranchCache on your File Server (or Web Server)
• Then, you’ll set up BranchCache on the Server using either Local Group Policy, a GPO, or by editing the Registry
• After that, make sure any shared folders that you want your Branch Office Users to have access to are BranchCache Enabled
• Configure the Client machines for BranchCache via Group Policy and the Firewall Exception
• Done
The Easy Implementation: Co-Op
This is how we do it…
Coach Culbertson | Train Signal, Inc.
• Identify the problem of bandwidth bleed and slow download times in a Branch Office scenario
• Describe the advantages of BranchCache
• Install the BranchCache Role Service on Server 2K8 R2
• Enable BranchCache using Local Group Policy on a File Server
• Enable BranchCache on Client Machines in a particular OU by using a GPO
• Create a Rule for your Client Firewall in the same GPO as your BranchCache settings
• Enable BranchCache on specific files and folders
What We Covered
After watching this video, you should be able to:
Coach Culbertson | Train Signal, Inc.
Concept: Direct Access
An Overview of VPN Connections—Without the VPN!
Coach Culbertson | Train Signal, Inc.
• So, Ummm, What Is This Again?
• What You Need To Build a DA Setup
• The Secret Behind Direct Access
Concept: Direct Access
In this video:
Coach Culbertson | Train Signal, Inc.
• Direct Access provides VPN Access without a VPN
• Users can get access to all their usual stuff on the corporate network over standard internet connections
• Admins can push updates and GPO updates without the machine having to be actually on-premises
So, Ummm, What Is This Again?
So here’s how this works…
Internet
Woo-hoo! Access to all my stuff on the road!
Coach Culbertson | Train Signal, Inc.
1. Server 2K8 R2 Machine for use as a Direct Access Server
2. Windows 7 running on your mobile machines
3. At least one DC and a DNS (BFO) running Server 2K8 R2 or 2K8 SP2
4. A PKI Infrastructure along with a Network Access Protection (NAP)
5. IPSec
6. IPv6 Infrastructure (or Teredo)
What You Need To Build a DA Setup
So now for the laundry list-o-wonder….
Coach Culbertson | Train Signal, Inc.
The Secret Behind Direct Access
And now here’s what‘s behind the smoke and mirrors
Internet
The BIGGEST Secret to DA—CONNECT THROUGH PORT 443 –
YES, THAT’S HTTPS!
Two NIC’s on your DA Server
One ConnectedTo Internet
One ConnectedTo Intranet
Coach Culbertson | Train Signal, Inc.
• Describe the basic functions of Direct Access
• Describe the basic requirements of Direct Access
• Be able to talk about at least one of the secrets behind Direct Access
What We Covered
After watching this video, you should be able to: