MCITP Self-Paced Training Kit (Exam 70-647) · Windows Server® 2008 Enterprise Administrator by Miller, David R. -- Read -- Imperial Library of Trantor

Index

MCITP Self-Paced Training Kit (Exam 70-647): Windows Server® 2008 Enterprise Administrator

Exam 70-647: Pro: Windows Server 2008, Enterprise Administrator Introduction

Lab Setup Instructions

Hardware Requirements Preparing the Computer Running Windows Server 2008 R2 Enterprise Preparing the Computer Running Windows Vista or Windows 7

Check Operating System Version Requirements Name the Computer Configure Networking

Using the CD

How to Install the Practice Tests How to Use the Practice Tests

Lesson Review Options Practice Test Options

How to Uninstall the Practice Tests

Acknowledgments Support & Feedback

Errata We Want to Hear from You Stay in Touch

Preparing for the Exam 1. Planning Name Resolution and Internet Protocol Addressing

Before You Begin Lesson 1: Planning Name Resolution

Planning Domain Name System Using Windows Server 2008 R2

Configuring Windows Server 2008 R2 DNS Using Stub Zones DNS Forwarding Zone Transfers and Replication DNS Records Administering DNS

Using New DNS Features and Enhancements

Supporting RODCs DNS Security Extensions DNS Cache Locking DNS Socket Pool DNS Devolution Control Background Zone Loading Using the GlobalNames DNS Zone for Legacy Support Planning WINS Replication for Legacy Support Supporting IPv6 Addresses

Planning a DNS Infrastructure

Planning a DNS Namespace Planning DNS Forwarding Planning the Zone Type Planning Root Hints Planning to Integrate AD DS with an Existing DNS Infrastructure Planning the GlobalNames Zone Practice: Configuring DNS

Lesson Summary Lesson Review

Lesson 2: Planning Internet Protocol Addressing

Analyzing the IPv6 Address Structure

IPv6 Address Syntax IPv6 Address Prefixes IPv6 Address Types IPv6 Unicast Addresses Global Unicast Addresses

Link-Local Addresses Site-Local/Unique-Local Addresses Special Addresses NSAP and IPX Addresses

IPv6 Multicast Addresses

The Solicited-Node Multicast Address

IPv6 Anycast Addresses

The Subnet-Router Anycast Address

Investigating the Advantages of IPv6

Increased Address Space Automatic Address Configuration Network-Level Security Real-Time Data Delivery Routing Table Size Header Size and Extension Headers Removal of Broadcast Traffic

Implementing IPv4-to-IPv6 Compatibility

IPv4-Compatible Address IPv4-Mapped Address Teredo Address Intra-Site Automatic Tunneling Addressing Protocol Addresses

Planning an IPv4-to-IPv6 Transition Strategy

Dual-Stack Transition Configured Tunneling Transition Automatic Tunneling 6to4 Teredo ISATAP

Using IPv6 Tools

Verifying IPv6 Configuration and Connectivity Configuring IPv6 Interfaces Verifying IPv6 Connectivity Troubleshooting Connectivity Verifying IPv6-Based TCP Connections

Configuring Clients Through DHCPv6 Planning an IPv6 Network

Analyzing Hardware Requirements Analyzing Software and Application Requirements Documenting Requirements Practice: Configuring IPv6 Connectivity

Lesson Summary Lesson Review

Chapter Review

Chapter Summary Key Terms Case Scenarios

Case Scenario 1: Configuring DNS Case Scenario 2: Implementing IPv6 Connectivity

Suggested Practices

Configure DNS Configure IPv6 Connectivity

Take a Practice Test

2. Designing Active Directory Domain Services

Before You Begin Lesson 1: Designing AD DS Forests and Domains

Designing the Forest Structure

Identifying the Role of AD DS Gathering Business, Technical, Security, and Network Requirements Gathering Autonomy and Isolation Requirements Determining the Number of Forests Required Designing the Forest Model

Designing the Domain Structure

Gathering Domain Design Requirements Designing the Domain Model Determining the Number of Domains Required Determining Whether to Upgrade Existing Domains or Deploy New Ones Designing the Forest Root Domain Designing Domain Trees

Designing Functional Levels

Designing Domain Functional Levels Designing Forest Functional Levels

Designing the Schema

Designing a Schema Modification Process Upgrading the Schema to Support Windows Server 2008 R2

Designing Trusts to Optimize Intraforest Authentication

Practice: Designing AD DS Forests and Domains

Lesson Summary Lesson Review

Lesson 2: Designing the AD DS Physical Topology

Designing the Site Structure

Gathering Site Design Requirements Designing the Site Model

Designing Replication

Designing the Replication Topology Designing Site Links Designing Site Link Properties Designing Site Link Bridging

Designing the Placement of Domain Controllers

Designing the Placement of Forest Root Domain Controllers Designing the Placement of Regional Domain Controllers Designing the Placement of RODCs Designing the Placement of Global Catalog Servers Designing the Placement of Operations Master Role Holders

Designing Printer Location Policies

Practice: Designing the Active Directory Domain Services Physical Topology

Lesson Summary Lesson Review

Chapter Review

Chapter Summary Key Terms Case Scenarios

Case Scenario 1: Designing the AD DS Forest Case Scenario 2: Designing AD DS Sites Case Scenario 3: Designing the Placement of Domain Controllers

Suggested Practices

Implement Forests, Domains, and the Physical Topology Watch a Webcast Read a White Paper

Take a Practice Test

3. Planning Migrations, Trusts, and Interoperability

Before You Begin Lesson 1: Planning for Migration, Upgrade, and Restructuring

Migration Paths

Domain Upgrade Migration Path Domain Restructure Migration Path Upgrade-Then-Restructure Migration Path Active Directory Migration Tool

Upgrading an Existing Domain to Windows Server 2008 R2

Preparing the Environment In-Place Domain Controller Upgrade

Cross-Forest Authentication

Practice: Planning Forest Migration to Windows Server 2008 R2

Lesson Summary Lesson Review

Lesson 2: Planning for Interoperability

Planning Active Directory Federation Services Planning for UNIX Interoperability

Identity Management Password Synchronization Subsystem for UNIX-Based Applications Server for NIS Services for Network File System Practice: Planning for Interoperability

Lesson Summary Lesson Review

Chapter Review

Chapter Summary Key Terms Case Scenario

Case Scenario: Phasing Out a UNIX-Based Computer at Tailspin Toys

Suggested Practices

Plan for Domain or Forest Migration, Upgrade, and Restructuring Plan for Interoperability

Take a Practice Test

4. Designing Active Directory Administration and Group Policy Strategy

Before You Begin Lesson 1: Designing the Active Directory Domain Services Administrative Model

Delegating Active Directory Domain Services Administration

Delegation Benefits and Principles Managing Active Directory Domain Services through Delegation

Service Management Data Management

Defining the Administrative Model

Centralized Administration Model The Distributed Administration Model Mixed Administration Model

Using Group Strategy to Delegate Management Tasks

Management Roles Planning Forest-Level Trusts Planning Trust Type and Direction Creating Forest Trusts Planning Data Management Using Starter GPOs Using Group Policy Modeling and Results Using Migration Tables

Planning to Audit AD DS and Group Policy Compliance Planning Organizational Structure

Practice: Creating a Forest Trust

Lesson Summary Lesson Review

Lesson 2: Designing Enterprise-Level Group Policy Strategy

Planning a Group Policy Hierarchy

Filtering GPOs

Controlling Device Installation

Group Policy Settings That Control Device Installation Obtaining Hardware IDs, Compatible IDs, and GUIDs

Hardware IDs Compatible IDs GUIDs

Planning Authentication and Authorization

Multifactor Authentication and Authorization Using Password Authentication Configuring Fine-Grained Password Policies Using Smart Card Authentication Practice: Implementing Fine-Grained Password Policies

Lesson Summary Lesson Review

Chapter Review

Chapter Summary Key Terms Case Scenarios

Case Scenario 1: Designing a Delegation Strategy Case Scenario 2: Planning Authentication and Authorization

Suggested Practices

Designing the Active Directory Domain Services Administrative Model Designing Enterprise-Level Group Policy Strategy

Take a Practice Test

5. Designing a Network Access Strategy

Before You Begin Lesson 1: Perimeter Networks and Remote Access Strategies

Designing the Perimeter Network

Types of Perimeter Network Architectures Securing the Perimeter Network

Planning for Microsoft Forefront Threat Management Gateway Server Third-Party Firewall Products

Deploying Strategic Services in the Perimeter Network

Planning Web Services Deployment in the Perimeter Network

Planning IPv6 Access for Web Services

Designing a Remote Access Strategy

Planning for VPN Remote Access Connections Designing a VPN Protocol Solution

VPN Tunneling Protocols Point-to-Point Tunneling Protocol Layer 2 Tunneling Protocol Secure Sockets Tunneling Protocol IPsec Tunnel Mode with IKEv2 and VPN Reconnect DirectAccess: The No VPN Solution Other Deployment Considerations for DirectAccess Authentication Protocols

Designing Secure VPN Server Deployment

VPN Server Deployment at Branch Offices Centralized Management of VPN Access

Designing a RADIUS Solution for Remote Access

Designing a RADIUS Solution for the Main Office

Deployment Location for RADIUS Services Planning RADIUS Communication Load Balancing and High Availability of a RADIUS Infrastructure

Designing a RADIUS Solution for Branch Office Remote Access Scaling RADIUS Authentication for Multiple Domains and Forests RADIUS Enhancements in Windows Server 2008 R2 Practice: Designing a RADIUS Solution for a Midsize Enterprise

Lesson Summary Lesson Review

Lesson 2: Designing Network Access Policy and Server and Domain Isolation

Network Access Protection Overview

Overview of NAP Infrastructure Where NAP Works

Considerations for NAP Enforcement Planning NAP IPsec Enforcement

Designing NAP IPsec Enforcement

Restricted Network Boundary Network Secure Network

Scaling NAP IPsec Enforcement for Small Environments Scaling NAP IPsec Enforcement for Larger Environments PKI Support for IPsec Enforcement

Structure of the PKI Configuring Additional NAP Components on Clients Configuring NAP Health Policy Servers

Planning NAP VPN Enforcement

Planning VPN Authentication Protocol Use for VPN Enforcement Other VPN Enforcement Considerations

Non-NAP-Capable VPN Clients Migrating from Network Access Quarantine Control Configuring Additional NAP Components on Clients and NAP Health Policy Servers

Planning NAP 802.1x Enforcement

Design Considerations for 802.1x Enforcement Access Point Considerations ACLs vs. VLANs Planning Authentication Protocols for 802.1x Enforcement Other 802.1x Enforcement Considerations

Configuring Additional NAP Components on Clients and NAP Health Policy Servers

Planning NAP DHCP Enforcement

Design Considerations for DHCP Enforcement

Configuring Additional NAP Components on Clients and NAP Health Policy Servers

Final Say on DHCP Enforcement

Domain and Server Isolation

Domain vs. Server Isolation Comparing Server and Domain Isolation to IPsec Enforcement Moving from Server and Domain Isolation to IPsec NAP

Lesson Summary Lesson Review

Chapter Review

Chapter Summary Key Terms Case Scenario

Case Scenario: Designing a NAP Solution for a Large Enterprise

Suggested Practices

Implement VPNs, RADIUS Solution, and NAP Enforcement Watch a Webcast Read a White Paper

Take a Practice Test

6. Design a Branch Office Deployment

Before You Begin Lesson 1: Branch Office Deployment

Branch Office Services

Designing the Active Directory Structure for Branch Office Administration Administrator Role Separation Components and Services in the Branch Office Windows Deployment Services

Windows Server 2008 R2 Server—Member or Stand-Alone Windows Server 2008 R2 Server Core Windows Server 2008—Full Installation

Adding a Domain Controller

Full Domain Controller Read-Only Domain Controller Server Core Domain Controller Global Catalog Operations Masters Domain Name System DHCP Services Multisite (Branch Office) Clustering with Microsoft Cluster Services DFS Replication for Data Fault Tolerance Routing and Remote Access Services Windows Server Update Services Virtualization in the Branch Office

Branch Office Communications Considerations

Site Link Considerations for the Branch Office Confidentiality for Data in Transit Improve Branch Office Performance Using BranchCache Practice: The Branch Office Administrator

Lesson Summary Lesson Review

Lesson 2: Branch Office Server Security

Overview of Security for the Branch Office Securing Windows Server 2008 in the Branch Office

Security Overview for the Information System in the Branch Office

Infrastructure Firewalls Host-Based Firewalls The Intrusion Detection System/Intrusion Protection System Server Hardening

Securing Windows Server 2008 in the Branch Office

The RODC RODC Disadvantages Installing an RODC Delegated Installation of the RODC Installing the RODC from Customized Media The RODC Authentication Process Replication Concerns with the RODC Automatic Site Coverage RODC Compromise The Password Settings Object

Security for Data in Storage

Read-Only DFS Replicas The Encrypting File System BitLocker

Securing the Branch Office with Network Access Protection

Lesson Summary Lesson Review

Chapter Review

Chapter Summary Key Terms Case Scenarios

Case Scenario 1: Contoso Trucking, Part 1 Case Scenario 2: Contoso Trucking, Part 2 Case Scenario 3: Contoso Trucking, Part 3

Suggested Practices

Branch Office Deployment Read a White Paper

Take a Practice Test

7. Designing Remote Desktop Services and Application Deployment

Before You Begin Lesson 1: Designing Remote Desktop Services

Planning a Remote Desktop Session Deployment Remote Desktop Licensing

License Server Deployment License Server Activation Remote Desktop Services Client Access Licenses Backing Up and Restoring a License Server License Server Deployment License Server High Availability

Deploying Applications Using Remote Desktop Web Access Planning the Deployment of Applications Using RemoteApp Planning RD Session Host Server Farms Planning the Migration to Remote Desktop Connection Broker Planning the Deployment of Remote Desktop Gateway Servers

RD Desktop Gateway Services for Windows Server R2 Planning Connection Authorization Policies Planning Resource Authorization Policies

Planning for Secure Communications Designing for RD Virtualization Host Servers Designing for RemoteFX Content

Practice: Planning Use of the Remote Desktop Gateway

Lesson Summary Lesson Review

Lesson 2: Designing Application Deployment

Designing Application Deployment using Group Policy Planning Application Deployment with System Center Essentials Planning the Deployment of Applications Using System Center Configuration Manager 2007

System Center Configuration Manager 2007 Client Deployment Deploying Applications with System Center Configuration Manager 2007 Practice: Planning Application Deployment

Lesson Summary Lesson Review

Chapter Review

Chapter Summary Key Terms Case Scenario

Case Scenario: Planning a Remote Desktop Services Strategy for Wingtip Toys

Suggested Practices

Provision Applications

Take a Practice Test

8. Designing Virtualization

Before You Begin Lesson 1: Designing Operating System Virtualization

Planning for Hyper-V

Hyper-V Considerations

Planning for Guest Operating Systems

Planning Your Virtual Machine Deployment

Planning your Virtual Machine Storage Planning Processor and Memory Settings For your Virtual Machines Planning the Virtual Network Configuration Planning the Virtual Hard Disks Configuration Installing the Guest Operating systems

Managing Virtualized Servers

Snapshots Licensing Modifying Hardware Settings

Candidates for Virtualization Planning for Server Consolidation

Virtual Server Migration Toolkit System Center Virtual Machine Manager 2008 R2 Components of a System Center Virtual Machine Manager 2008 R2 Deployment SCVMM 2008 R2 in the Branch Office Practice: Designing Virtual Server Deployment

Lesson Summary Lesson Review

Lesson 2: Designing Application Virtualization

Microsoft Application Virtualization

Planning the Deployment of Application Virtualization App-V Branch Office Deployments Practice: Planning Application Virtualization

Lesson Summary Lesson Review

Chapter Review

Chapter Summary Key Terms Case Scenario

Case Scenario: Tailspin Toys Server Consolidation

Suggested Practices

Windows Server Virtualization Plan Application Virtualization Watch a Webcast

Take a Practice Test

9. Designing Solutions for Data Sharing, Data Security, and Business Continuity

Before You Begin Lesson 1: Planning for Data Sharing and Collaboration

Planning a DFS Deployment

Reviewing DFS Concepts and Features DFS Component Technologies

DFS Namespaces Advanced Settings and Features

Referral Ordering Failover and Failback Target Priority Redundant Domain-Based Namespace Servers Namespace Scalability Mode Read-Only Replicated Folders Support for Access-Based Enumeration

DFS Replication Advanced Settings and Features

RDC Cross-File RDC Replication Schedule and Bandwidth Throttling Replication Filters Staging Folder Conflict And Deleted Folder Disabled Memberships

Overview of the DFS Design Process Planning a SharePoint Infrastructure

Assessing Needs for Windows SharePoint Services 3.0

Reviewing Windows for SharePoint Services Features Understanding Windows SharePoint Services Deployment Options

Assessing Needs for Microsoft Office SharePoint Server 2007

Differences Between Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007 Examples of Solutions Based on Microsoft Office SharePoint Server 2007

Practice: Designing a Data Sharing Solution

Lesson Summary Lesson Review

Lesson 2: Choosing Data Security Solutions

Protecting Volume Data with BitLocker

BitLocker Drive Encryption BitLocker Performance Issues

Choosing a BitLocker Authentication Mode BitLocker Security Design Considerations Planning for EFS Using AD RMS

Creating and Viewing Rights-Protected Information AD RMS Applications Practice: Designing Data Storage Security

Lesson Summary Lesson Review

Lesson 3: Planning for System Recoverability and Availability

Planning AD DS Maintenance and Recovery Procedures

Planning for AD DS Backup

Windows Server Backup and Wbadmin

Planning for AD DS Recovery Stopping AD DS to Perform Maintenance Procedures

Seizing Operations Master Roles Using Network Load Balancing to Support High-Usage Servers

Identifying Applications for NLB

When Not to Use NLB

Using Failover Clusters to Maintain High Availability

Comparing NLB and Failover Clusters Preparing Failover Cluster Hardware

Lesson Summary Lesson Review

Chapter Review

Chapter Summary Key Terms Case Scenario

Case Scenario: Designing Solutions for Sharing, Security, and Availability

Suggested Practices

Watch a Webcast Read a White Paper

Take a Practice Test

10. Planning and Designing a Public Key Infrastructure

Before You Begin Lesson 1: Identifying PKI Requirements

Reviewing PKI Concepts Identifying PKI-Enabled Applications Identifying Certificate Requirements

Identifying Certificate Security Requirements

Reviewing the Company Security Policy Assessing Business Requirements Assessing External Requirements Assessing Active Directory Requirements Assessing Certificate Template Requirements

Practice: Identifying PKI opportunities

Lesson Summary Lesson Review

Lesson 2: Designing the CA Hierarchy

Planning the CA Infrastructure

Designing Root CAs Selecting Internal CAs vs. Third-Party CAs

Internal Certification Authorities External Certification Authorities

Defining CA Types and Roles

Enterprise vs. Stand-alone Certification Authorities The Root CA The Subordinate CA

Using Offline CAs Determining the Number of CAs Required Practice: Planning the CA Infrastructure

Lesson Summary Lesson Review

Lesson 3: Creating a Certificate Management Plan

Selecting a Certificate Enrollment Method

Selecting Automatic vs. Manual Requests Selecting Automatic vs. Manual Approval Selecting an Enrollment and Renewal User Interface Using CA Certificate Renewal

Creating a CA Renewal Strategy Defining a Revocation Policy

Certificate Revocation Lists

Problems with Certificate Revocation Lists

Online Certificate Status Protocol (OCSP) Determining Publication Points AD CS Best Practices Analyzer Practice: Planning a PKI Management Strategy

Lesson Summary Lesson Review

Chapter Review

Chapter Summary Key Terms Case Scenario

Case Scenario: Planning a PKI

Suggested Practices

Watch a Webcast Read a White Paper

Take a Practice Test

11. Designing Software Update Infrastructure and Managing Compliance

Before You Begin Lesson 1: Designing a Software Update Infrastructure

Microsoft Update as a Software Update Solution Windows Server Update Services as a Software Update Solution

Managing WSUS WSUS Deployment Hierarchies WSUS Administration Models WSUS Computer Groups Update Installation Behavior Planning Automatic Approvals Planning the Deployment of WSUS in Enterprise Environments

System Center Essentials 2010

System Center Essentials 2010 Software Update Configuration System Center Essentials 2010 in the Enterprise

System Center Configuration Manager 2007

Practice: Windows Server 2008 Software Update Infrastructure

Lesson Summary Lesson Review

Lesson 2: Managing Software Update Compliance

Microsoft Baseline Security Analyzer

WSUS Reporting

System Center Configuration Manager 2007 Compliance and Reporting Planning and Deploying Security Baselines

Security Configuration Wizard The Scwcmd Command-Line Tool Role-Based Security Policy Best Practices Practice: Role-Based Security and System Center Essentials Reporting

Lesson Summary Lesson Review

Chapter Review