Professional Documents
Culture Documents
6419A
Configuring, Managing and
Maintaining Windows Server 2008 ®
Servers
Volume 2
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part
of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted
in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for
any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory,
regarding these manufacturers or the use of the products with any Microsoft technologies. The
inclusion of a manufacturer or product does not imply endorsement of Microsoft of the
manufacturer or product. Links may be provided to third party sites. Such sites are not under the
control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link
contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for
webcasting or any other form of transmission received from any linked site. Microsoft is providing
these links to you only as a convenience, and the inclusion of any link does not imply endorsement
of Microsoft of the site or the products contained therein.
© 2009 Microsoft Corporation. All rights reserved.
Microsoft, Microsoft Press, Active Directory, ActiveX, BitLocker, Excel, Hyper-V, Internet Explorer, MS,
MSDN, PowerPoint, SharePoint, SQL Server, Visual Basic, Visual Studio, Win32, Windows, Windows
Media, Windows NT, Windows PowerShell, Windows Server, and Windows Vista are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
Released: 02/2009
MICROSOFT LICENSE TERMS
OFFICIAL MICROSOFT LEARNING PRODUCTS - TRAINER
EDITION – Pre-Release and Final Release Versions
These license terms are an agreement between Microsoft Corporation and you. Please read them. They
apply to the Licensed Content named above, which includes the media on which you received it, if any. The
terms also apply to any Microsoft
• updates,
• supplements,
• Internet-based services, and
• support services
for this Licensed Content, unless other terms accompany those items. If so, those terms apply.
By using the Licensed Content, you accept these terms. If you do not accept them, do not use
the Licensed Content.
If you comply with these license terms, you have the rights below.
1. DEFINITIONS.
a. “Academic Materials” means the printed or electronic documentation such as manuals,
workbooks, white papers, press releases, datasheets, and FAQs which may be included in the
Licensed Content.
b. “Authorized Learning Center(s)” means a Microsoft Certified Partner for Learning Solutions
location, an IT Academy location, or such other entity as Microsoft may designate from time to time.
c. “Authorized Training Session(s)” means those training sessions authorized by Microsoft and
conducted at or through Authorized Learning Centers by a Trainer providing training to Students
solely on Official Microsoft Learning Products (formerly known as Microsoft Official Curriculum or
“MOC”) and Microsoft Dynamics Learning Products (formerly know as Microsoft Business Solutions
Courseware). Each Authorized Training Session will provide training on the subject matter of one
(1) Course.
d. “Course” means one of the courses using Licensed Content offered by an Authorized Learning
Center during an Authorized Training Session, each of which provides training on a particular
Microsoft technology subject matter.
e. “Device(s)” means a single computer, device, workstation, terminal, or other digital electronic or
analog device.
f. “Licensed Content” means the materials accompanying these license terms. The Licensed
Content may include, but is not limited to, the following elements: (i) Trainer Content, (ii) Student
Content, (iii) classroom setup guide, and (iv) Software. There are different and separate
components of the Licensed Content for each Course.
g. “Software” means the Virtual Machines and Virtual Hard Disks, or other software applications that
may be included with the Licensed Content.
h. “Student(s)” means a student duly enrolled for an Authorized Training Session at your location.
i. “Student Content” means the learning materials accompanying these license terms that are for
use by Students and Trainers during an Authorized Training Session. Student Content may include
labs, simulations, and courseware files for a Course.
j. “Trainer(s)” means a) a person who is duly certified by Microsoft as a Microsoft Certified Trainer
and b) such other individual as authorized in writing by Microsoft and has been engaged by an
Authorized Learning Center to teach or instruct an Authorized Training Session to Students on its
behalf.
k. “Trainer Content” means the materials accompanying these license terms that are for use by
Trainers and Students, as applicable, solely during an Authorized Training Session. Trainer Content
may include Virtual Machines, Virtual Hard Disks, Microsoft PowerPoint files, instructor notes, and
demonstration guides and script files for a Course.
l. “Virtual Hard Disks” means Microsoft Software that is comprised of virtualized hard disks (such as
a base virtual hard disk or differencing disks) for a Virtual Machine that can be loaded onto a single
computer or other device in order to allow end-users to run multiple operating systems concurrently.
For the purposes of these license terms, Virtual Hard Disks will be considered “Trainer Content”.
m. “Virtual Machine” means a virtualized computing experience, created and accessed using
Microsoft® Virtual PC or Microsoft® Virtual Server software that consists of a virtualized hardware
environment, one or more Virtual Hard Disks, and a configuration file setting the parameters of the
virtualized hardware environment (e.g., RAM). For the purposes of these license terms, Virtual Hard
Disks will be considered “Trainer Content”.
n. “you” means the Authorized Learning Center or Trainer, as applicable, that has agreed to these
license terms.
2. OVERVIEW.
Licensed Content. The Licensed Content includes Software, Academic Materials (online and
electronic), Trainer Content, Student Content, classroom setup guide, and associated media.
License Model. The Licensed Content is licensed on a per copy per Authorized Learning Center
location or per Trainer basis.
3. INSTALLATION AND USE RIGHTS.
a. Authorized Learning Centers and Trainers: For each Authorized Training Session, you
may:
i. either install individual copies of the relevant Licensed Content on classroom Devices only for
use by Students enrolled in and the Trainer delivering the Authorized Training Session, provided
that the number of copies in use does not exceed the number of Students enrolled in and the
Trainer delivering the Authorized Training Session, OR
ii. install one copy of the relevant Licensed Content on a network server only for access by
classroom Devices and only for use by Students enrolled in and the Trainer delivering the
Authorized Training Session, provided that the number of Devices accessing the Licensed
Content on such server does not exceed the number of Students enrolled in and the Trainer
delivering the Authorized Training Session.
iii. and allow the Students enrolled in and the Trainer delivering the Authorized Training Session to
use the Licensed Content that you install in accordance with (ii) or (ii) above during such
Authorized Training Session in accordance with these license terms.
i. Separation of Components. The components of the Licensed Content are licensed as a single
unit. You may not separate the components and install them on different Devices.
ii. Third Party Programs. The Licensed Content may contain third party programs. These license
terms will apply to the use of those third party programs, unless other terms accompany those
programs.
b. Trainers:
i. Trainers may Use the Licensed Content that you install or that is installed by an Authorized
Learning Center on a classroom Device to deliver an Authorized Training Session.
ii. Trainers may also Use a copy of the Licensed Content as follows:
A. Licensed Device. The licensed Device is the Device on which you Use the Licensed Content.
You may install and Use one copy of the Licensed Content on the licensed Device solely for
your own personal training Use and for preparation of an Authorized Training Session.
B. Portable Device. You may install another copy on a portable device solely for your own
personal training Use and for preparation of an Authorized Training Session.
4. PRE-RELEASE VERSIONS. If this is a pre-release (“beta”) version, in addition to the other provisions
in this agreement, these terms also apply:
a. Pre-Release Licensed Content. This Licensed Content is a pre-release version. It may not
contain the same information and/or work the way a final version of the Licensed Content will. We
may change it for the final, commercial version. We also may not release a commercial version.
You will clearly and conspicuously inform any Students who participate in each Authorized Training
Session of the foregoing; and, that you or Microsoft are under no obligation to provide them with
any further content, including but not limited to the final released version of the Licensed Content
for the Course.
b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, you give to
Microsoft, without charge, the right to use, share and commercialize your feedback in any way and
for any purpose. You also give to third parties, without charge, any patent rights needed for their
products, technologies and services to use or interface with any specific parts of a Microsoft
software, Licensed Content, or service that includes the feedback. You will not give feedback that is
subject to a license that requires Microsoft to license its software or documentation to third parties
because we include your feedback in them. These rights survive this agreement.
c. Confidential Information. The Licensed Content, including any viewer, user interface, features
and documentation that may be included with the Licensed Content, is confidential and proprietary
to Microsoft and its suppliers.
i. Use. For five years after installation of the Licensed Content or its commercial release,
whichever is first, you may not disclose confidential information to third parties. You may
disclose confidential information only to your employees and consultants who need to know
the information. You must have written agreements with them that protect the confidential
information at least as much as this agreement.
ii. Survival. Your duty to protect confidential information survives this agreement.
iii. Exclusions. You may disclose confidential information in response to a judicial or
governmental order. You must first give written notice to Microsoft to allow it to seek a
protective order or otherwise protect the information. Confidential information does not
include information that
• becomes publicly known through no wrongful act;
• you received from a third party who did not breach confidentiality obligations to
Microsoft or its suppliers; or
• you developed independently.
d. Term. The term of this agreement for pre-release versions is (i) the date which Microsoft informs
you is the end date for using the beta version, or (ii) the commercial release of the final release
version of the Licensed Content, whichever is first (“beta term”).
e. Use. You will cease using all copies of the beta version upon expiration or termination of the beta
term, and will destroy all copies of same in the possession or under your control and/or in the
possession or under the control of any Trainers who have received copies of the pre-released
version.
f. Copies. Microsoft will inform Authorized Learning Centers if they may make copies of the beta
version (in either print and/or CD version) and distribute such copies to Students and/or Trainers. If
Microsoft allows such distribution, you will follow any additional terms that Microsoft provides to you
for such copies and distribution.
5. ADDITIONAL LICENSING REQUIREMENTS AND/OR USE RIGHTS.
a. Authorized Learning Centers and Trainers:
i. Software.
ii. Virtual Hard Disks. The Licensed Content may contain versions of Microsoft XP, Microsoft
Windows Vista, Windows Server 2003, Windows Server 2008, and Windows 2000 Advanced
Server and/or other Microsoft products which are provided in Virtual Hard Disks.
A. If the Virtual Hard Disks and the labs are launched through the Microsoft
Learning Lab Launcher, then these terms apply:
Time-Sensitive Software. If the Software is not reset, it will stop running based upon the
time indicated on the install of the Virtual Machines (between 30 and 500 days after you
install it). You will not receive notice before it stops running. You may not be able to
access data used or information saved with the Virtual Machines when it stops running and
may be forced to reset these Virtual Machines to their original state. You must remove the
Software from the Devices at the end of each Authorized Training Session and reinstall and
launch it prior to the beginning of the next Authorized Training Session.
B. If the Virtual Hard Disks require a product key to launch, then these terms
apply:
Microsoft will deactivate the operating system associated with each Virtual Hard Disk.
Before installing any Virtual Hard Disks on classroom Devices for use during an Authorized
Training Session, you will obtain from Microsoft a product key for the operating system
software for the Virtual Hard Disks and will activate such Software with Microsoft using such
product key.
C. These terms apply to all Virtual Machines and Virtual Hard Disks:
You may only use the Virtual Machines and Virtual Hard Disks if you comply with
the terms and conditions of this agreement and the following security
requirements:
o You may not install Virtual Machines and Virtual Hard Disks on portable Devices or
Devices that are accessible to other networks.
o You must remove Virtual Machines and Virtual Hard Disks from all classroom Devices at
the end of each Authorized Training Session, except those held at Microsoft Certified
Partners for Learning Solutions locations.
o You must remove the differencing drive portions of the Virtual Hard Disks from all
classroom Devices at the end of each Authorized Training Session at Microsoft Certified
Partners for Learning Solutions locations.
o You will ensure that the Virtual Machines and Virtual Hard Disks are not copied or
downloaded from Devices on which you installed them.
o You will strictly comply with all Microsoft instructions relating to installation, use,
activation and deactivation, and security of Virtual Machines and Virtual Hard Disks.
o You may not modify the Virtual Machines and Virtual Hard Disks or any contents
thereof.
o You may not reproduce or redistribute the Virtual Machines or Virtual Hard Disks.
ii. Classroom Setup Guide. You will assure any Licensed Content installed for use during an
Authorized Training Session will be done in accordance with the classroom set-up guide for the
Course.
iii. Media Elements and Templates. You may allow Trainers and Students to use images, clip
art, animations, sounds, music, shapes, video clips and templates provided with the Licensed
Content solely in an Authorized Training Session. If Trainers have their own copy of the
Licensed Content, they may use Media Elements for their personal training use.
iv. iv Evaluation Software. Any Software that is included in the Student Content designated as
“Evaluation Software” may be used by Students solely for their personal training outside of the
Authorized Training Session.
b. Trainers Only:
i. Use of PowerPoint Slide Deck Templates. The Trainer Content may include Microsoft
PowerPoint slide decks. Trainers may use, copy and modify the PowerPoint slide decks only for
providing an Authorized Training Session. If you elect to exercise the foregoing, you will agree
or ensure Trainer agrees: (a) that modification of the slide decks will not constitute creation of
obscene or scandalous works, as defined by federal law at the time the work is created; and
(b) to comply with all other terms and conditions of this agreement.
ii. Use of Instructional Components in Trainer Content. For each Authorized Training
Session, Trainers may customize and reproduce, in accordance with the MCT Agreement, those
portions of the Licensed Content that are logically associated with instruction of the Authorized
Training Session. If you elect to exercise the foregoing rights, you agree or ensure the Trainer
agrees: (a) that any of these customizations or reproductions will only be used for providing an
Authorized Training Session and (b) to comply with all other terms and conditions of this
agreement.
iii. Academic Materials. If the Licensed Content contains Academic Materials, you may copy and
use the Academic Materials. You may not make any modifications to the Academic Materials
and you may not print any book (either electronic or print version) in its entirety. If you
reproduce any Academic Materials, you agree that:
• The use of the Academic Materials will be only for your personal reference or training use
• You will not republish or post the Academic Materials on any network computer or
broadcast in any media;
• You will include the Academic Material’s original copyright notice, or a copyright notice to
Microsoft’s benefit in the format provided below:
Form of Notice:
© 2009 Reprinted for personal reference use only with permission by Microsoft
Corporation. All rights reserved.
Microsoft, Windows, and Windows Server are either registered trademarks or
trademarks of Microsoft Corporation in the US and/or other countries. Other
product and company names mentioned herein may be the trademarks of their
respective owners.
6. INTERNET-BASED SERVICES. Microsoft may provide Internet-based services with the Licensed
Content. It may change or cancel them at any time. You may not use these services in any way that
could harm them or impair anyone else’s use of them. You may not use the services to try to gain
unauthorized access to any service, data, account or network by any means.
7. SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some
rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you
more rights despite this limitation, you may use the Licensed Content only as expressly permitted in this
agreement. In doing so, you must comply with any technical limitations in the Licensed Content that
only allow you to use it in certain ways. You may not
• install more copies of the Licensed Content on classroom Devices than the number of Students and
the Trainer in the Authorized Training Session;
• allow more classroom Devices to access the server than the number of Students enrolled in and the
Trainer delivering the Authorized Training Session if the Licensed Content is installed on a network
server;
• copy or reproduce the Licensed Content to any server or location for further reproduction or
distribution;
• disclose the results of any benchmark tests of the Licensed Content to any third party without
Microsoft’s prior written approval;
• work around any technical limitations in the Licensed Content;
• reverse engineer, decompile or disassemble the Licensed Content, except and only to the extent
that applicable law expressly permits, despite this limitation;
• make more copies of the Licensed Content than specified in this agreement or allowed by applicable
law, despite this limitation;
• publish the Licensed Content for others to copy;
• transfer the Licensed Content, in whole or in part, to a third party;
• access or use any Licensed Content for which you (i) are not providing a Course and/or (ii) have not
been authorized by Microsoft to access and use;
• rent, lease or lend the Licensed Content; or
• use the Licensed Content for commercial hosting services or general business purposes.
• Rights to access the server software that may be included with the Licensed Content, including the
Virtual Hard Disks does not give you any right to implement Microsoft patents or other Microsoft
intellectual property in software or devices that may access the server.
8. EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and
regulations. You must comply with all domestic and international export laws and regulations that apply
to the Licensed Content. These laws include restrictions on destinations, end users and end use. For
additional information, see www.microsoft.com/exporting.
9. NOT FOR RESALE SOFTWARE/LICENSED CONTENT. You may not sell software or Licensed
Content marked as “NFR” or “Not for Resale.”
10. ACADEMIC EDITION. You must be a “Qualified Educational User” to use Licensed Content marked as
“Academic Edition” or “AE.” If you do not know whether you are a Qualified Educational User, visit
www.microsoft.com/education or contact the Microsoft affiliate serving your country.
11. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you
fail to comply with the terms and conditions of these license terms. In the event your status as an
Authorized Learning Center or Trainer a) expires, b) is voluntarily terminated by you, and/or c) is
terminated by Microsoft, this agreement shall automatically terminate. Upon any termination of this
agreement, you must destroy all copies of the Licensed Content and all of its component parts.
12. ENTIRE AGREEMENT. This agreement, and the terms for supplements, updates, Internet-
based services and support services that you use, are the entire agreement for the Licensed
Content and support services.
13. APPLICABLE LAW.
a. United States. If you acquired the Licensed Content in the United States, Washington state law
governs the interpretation of this agreement and applies to claims for breach of it, regardless of
conflict of laws principles. The laws of the state where you live govern all other claims, including
claims under state consumer protection laws, unfair competition laws, and in tort.
b. Outside the United States. If you acquired the Licensed Content in any other country, the laws
of that country apply.
14. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the
laws of your country. You may also have rights with respect to the party from whom you acquired the
Licensed Content. This agreement does not change your rights under the laws of your country if the
laws of your country do not permit it to do so.
15. DISCLAIMER OF WARRANTY. The Licensed Content is licensed “as-is.” You bear the risk of
using it. Microsoft gives no express warranties, guarantees or conditions. You may have
additional consumer rights under your local laws which this agreement cannot change. To
the extent permitted under your local laws, Microsoft excludes the implied warranties of
merchantability, fitness for a particular purpose and non-infringement.
16. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM
MICROSOFT AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO U.S. $5.00. YOU CANNOT
RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL,
INDIRECT OR INCIDENTAL DAMAGES.
This limitation applies to
• anything related to the Licensed Content, software, services, content (including code) on third party
Internet sites, or third party programs; and
• claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence,
or other tort to the extent permitted by applicable law.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The
above limitation or exclusion may not apply to you because your country may not allow the exclusion or
limitation of incidental, consequential or other damages.
Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in
this agreement are provided below in French.
Remarque : Ce le contenu sous licence étant distribué au Québec, Canada, certaines des clauses
dans ce contrat sont fournies ci-dessous en français.
EXONÉRATION DE GARANTIE. Le contenu sous licence visé par une licence est offert « tel quel ». Toute
utilisation de ce contenu sous licence est à votre seule risque et péril. Microsoft n’accorde aucune autre
garantie expresse. Vous pouvez bénéficier de droits additionnels en vertu du droit local sur la protection dues
consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties
implicites de qualité marchande, d’adéquation à un usage particulier et d’absence de contrefaçon sont
exclues.
LIMITATION DES DOMMAGES-INTÉRÊTS ET EXCLUSION DE RESPONSABILITÉ POUR LES
DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de
dommages directs uniquement à hauteur de 5,00 $ US. Vous ne pouvez prétendre à aucune indemnisation
pour les autres dommages, y compris les dommages spéciaux, indirects ou accessoires et pertes de
bénéfices.
Cette limitation concerne:
• tout ce qui est relié au le contenu sous licence , aux services ou au contenu (y compris le code)
figurant sur des sites Internet tiers ou dans des programmes tiers ; et
• les réclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilité stricte,
de négligence ou d’une autre faute dans la limite autorisée par la loi en vigueur.
Elle s’applique également, même si Microsoft connaissait ou devrait connaître l’éventualité d’un tel
dommage. Si votre pays n’autorise pas l’exclusion ou la limitation de responsabilité pour les dommages
indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou l’exclusion ci-dessus ne
s’appliquera pas à votre égard.
EFFET JURIDIQUE. Le présent contrat décrit certains droits juridiques. Vous pourriez avoir d’autres droits
prévus par les lois de votre pays. Le présent contrat ne modifie pas les droits que vous confèrent les lois de
votre pays si celles-ci ne le permettent pas.
Configuring, Managing and Maintaining Windows Server® 2008 Servers xi
Acknowledgement
Microsoft Learning would like to acknowledge and thank the following for their
contribution towards developing this title. Their effort at various stages in the
development has ensured that you have a good classroom experience.
Contents
Module 1: Introduction to Managing Microsoft Windows Server 2008
Environment
Lesson 1: Server Roles 1-3
Lesson 2: Overview of Active Directory 1-15
Lesson 3: Using Windows Server 2008 Administrative Tools 1-28
Lesson 4: Using Remote Desktop for Administration 1-36
Lab: Administering Windows Server 2008 1-44
Results: After this exercise, you should have successfully installed the DNS Server role
and successfully verified domain membership.
Lab: Administering Windows Server 2008 L1-3
Note: Notice that there is no data in the Resource Overview screen because Axel
Delgado is not a local Administrator.
Lab: Administering Windows Server 2008 L1-5
Results: After this exercise, you should have successfully used Axel Delgado's account
to remotely access NYC-SVR1 and run Reliability and Performance Monitor.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab: Creating AD DS User and Computer Accounts L2-7
Property Value
First name CustomerService
Password Pa$$w0rd
Member Of NYC_CustomerServiceGG
Task 6: Modify the user account properties for all customer service
representatives in New York
1. Select the top user in the details pane, hold SHIFT, and then click the last user
in the details pane.
2. Hold CTRL, and then click NYC_CustomerServiceGG.
3. Right-click the highlighted user accounts, and then click Properties.
Lab: Creating AD DS User and Computer Accounts L2-11
Task 7: Modify the user account properties for all Branch Managers
1. On NYC-DC1, in Active Directory Users and Computers, right-click
WoodgroveBank.com, and then click Find.
2. In the Find Users, Contacts, and Groups dialog box, click the Advanced tab.
3. Click Field, point to User, and then click Job Title.
4. In the Condition list, click Is (exactly), and in the Value field, type Branch
Manager.
5. Click Add, and then click Find Now.
6. Select all of the user accounts in the Search Results, right-click the highlighted
user accounts, and then click Add to a group.
7. In the Select Groups dialog box, type BranchManagersGG, and then click
OK twice.
8. Close the Find Users, Contacts, and Groups dialog box.
L2-12 Module 2: Creating AD DS User and Computer Accounts
Results: At the end of this exercise you will have created and configured user
accounts; created a template and a user account based on the template; and created a
saved query and verified its ability to return expected search results.
Lab: Creating AD DS User and Computer Accounts L2-13
Results: At the end of this exercise you will have created and configured computer
accounts deleted a computer account and joined a computer to an AS DS domain.
Lab: Creating AD DS User and Computer Accounts L2-15
dn: CN=Dieter
Massalsky,OU=ITAdmins,OU=Houston,DC=WoodgroveBank,DC=com
changetype: modify
replace: physicalDeliveryOfficeName
physicalDeliveryOfficeName: Houston
-
Results: At the end of this exercise you will have examined several options for
automating the management of user objects.
Lab: Creating an Organizational Unit Infrastructure L3-19
Results: At the end of this exercise you will have created three new groups by using
Active Directory Users and Computers and you will have created one group by
using Dsadd. You also will have added users to the groups and inspected the results.
L3-22 Module 3: Creating Groups and Organizational Units
Scenario
A new subsidiary of Woodgrove Bank is located in Vancouver, Canada. It will have
the following departments:
• Management
• Customer Service
• Marketing
• Investments
Discussion questions:
1. Which approach to extending the organizational hierarchy of
WoodgroveBank.com is most likely to be applied in creating the new
subsidiary’s resources: Geographic, Organizational, or Functional? Why?
Answer: The Geographical approach to naming top level OUs (those that
already exist within the domain hierarchy) should be extended in order to
keep that logic. Geographic naming and organization is permanent, allows for
future expansion, and its name easily identifies its functionality.
2. What would be the most logical way to further subdivide the subsidiary’s
organizational unit: Geographic, Organizational, or Functional?
Answer: Four new OUs inside the Vancouver OU that are based on the
organizations departments would best support the operations of the new
subsidiary. Organizations can use these OUs to handle groupings of similar
user, computer, and other AD DS resources, according to their similarities.
This also supports the need to delegate administrative roles over those
resources, as somebody within each group will be able to respond to most
needs in a timely manner.
Lab: Creating an Organizational Unit Infrastructure L3-23
Results: At the end of this exercise you will have discussed and determined how to plan
an OU hierarchy.
L3-24 Module 3: Creating Groups and Organizational Units
Note: This message indicates that Yvonne McKay’s account has the authorization to reset
passwords of fellow users in the Marketing OU.
18. Close the Find Users, Contacts, and Groups dialog box.
19. In the console pane, expand WoodgroveBank.com, expand Miami, and then
click BranchManagers.
Lab: Creating an Organizational Unit Infrastructure L3-29
Note: This warning appears because user Yvonne McKay does not have delegated
control over the Miami OU.
Results: At the end of this exercise you will have created OUs by using Active
Directory Users and Computers and Dsadd. You also will have delegated and tested
administrative permissions.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab: Managing Access to Resources L4-31
Answer: Create a new folder named Company. Assign it a shared permissions level
of Read for all Domain Users. Next, add the Branch Managers global group as
Contributors. Inside the Company folder, create a folder for: News, Staffing, and
Projections.
Answer: You should create a new global group for this project, and a new shared
folder that has as its only member, in addition to Administrator, the new global
group that you create. You should set their permission level to Contributors.
L4-32 Module 4: Managing Access to Resources
Results: Since the permissions of the Unshared folder were blocked, Dorena will
not be able to view or access the Unshared folder.
4. Right-click inside the details pane of Windows Explorer, point to New, and
then click Text Document.
5. On the navigation bar in Windows Explorer, click the Back button.
6. Double-click CompanyNews and then double-click the News folder.
7. Double-click Welcome.
8. Click Start, then point to the right-arrow and then click Log Off.
Results: Dorena has permissions to create new files inside the SpecialFolders folder
and also view existing files in the News folder.
Result: At the end of this exercise you will have delegated the administrative tasks for
the Toronto office.
L5-44 Module 5: Configuring Active Directory Objects and Trusts
Result: At the end of this exercise you will have configured trusts based on a trust
configuration design.
Lab A: Creating and Configuring GPOs L6-49
Result: At the end of this exercise you will have created and configured GPOs.
L6-54 Module 6: Creating and Configuring GPOs
Result: At the end of this exercise you will have configured the scope of GPO settings.
Lab B: Verifying and Managing GPOs L6-57
Task 2: Verify that a Miami branch user is receiving the correct policy
1. Click Start and then verify that the Control Panel is not present on the Start
menu.
2. Click Start, point to All Programs, point to Accessories and then verify that
Run is not present in the Start menu.
3. Log off.
Hint: When you attempt to access display settings you will receive a message informing
you that this has been disabled.
Lab B: Verifying and Managing GPOs L6-59
Note: To see this information, press CTRL-ALT-DEL to see the logon screen.
Result: At the end of this exercise you will have tested and verified a GPO application
L6-60 Module 6: Creating and Configuring GPOs
Note: If more than one copy of the Restrict Control Panel GPO appears, choose the
newer one.
8. On the Scanning Backup page, click Next, and then click Finish.
9. When the import completes, click OK.
10. In the Group Policy Objects folder, click the Import GPO, and then in the
details pane, click the Settings tab.
11. Click show all.
12. Verify that the Prohibit access to the Control Panel policy setting is enabled.
Result: At the end of this exercise you will have backed up restored and imported
GPOs.
L6-62 Module 6: Creating and Configuring GPOs
Note: This step is included in the lab to allow you to test the delegated permissions. As a
best practice you should install the administration tools on a Windows workstation rather
than enable Domain Users to log on to domain controllers.
Result: At the end of this exercise, you will have backed up, restored, and imported
GPOs.
Lab A: Configuring Scripts and Folder Redirection with Group Policy L7-65
3. Close Computer.
4. Click Start, right-click Documents, and then click Properties.
5. In the Documents Properties dialog box, verify the location is
\\NYC-DC1\ExecData\Tony, and then click Cancel.
6. Log off NYC-CL1.
Result: At the end of this exercise, you will have configured logon scripts and folders
redirection.
Lab B: Configuring Administrative Templates L7-69
Result: At the end of this task, you will have enabled remote administration through
the firewall. This allows the Group Policy Results Wizard to query target computers.
L7-70 Module 7: Configure User and Computer Environments by Using Group Policy
Task 3: Create and assign a GPO to encrypt offline files for executive
computers
1. In the Group Policy Management console pane, right-click Group Policy
Objects, and then click New.
2. In the New GPO dialog box, in the Name field, type Encrypt Offline Files,
and then click OK.
3. Right-click Encrypt Offline Files, and then click Edit.
4. In the Group Policy Management Editor console pane, under Computer
Configuration, expand Policies, expand Administrative Templates, expand
Network and then click Offline Files.
Lab B: Configuring Administrative Templates L7-71
Task 4: Create and assign a domain-level GPO for all domain users
1. In the Group Policy Management console pane, right-click Group Policy
Objects, and then click New.
2. In the New GPO dialog box, in the Name field, type All Users Policy, and
then click OK.
3. Right-click All Users Policy, and then click Edit.
4. In the Group Policy Management Editor console pane, under User
Configuration, expand Policies, expand Administrative Templates, and then
click System.
5. In the details pane, double-click Prevent access to registry editing tools.
6. In the Prevent access to registry editing tools Properties dialog box, click
Enabled, and then click OK.
7. In the console pane, click Start Menu and Taskbar.
8. In the details pane, double-click Remove Clock from the system notification
area.
9. In the Remove Clock from the system notification area Properties dialog
box, click Enabled, and then click OK.
10. Close Group Policy Management Editor.
11. In the Group Policy Management console pane, right-click
WoodgroveBank.com, and then click Link an Existing GPO.
12. In the Select GPO dialog box, click All Users Policy, and then click OK.
L7-72 Module 7: Configure User and Computer Environments by Using Group Policy
Note: Some user settings can only be applied during logon or may not apply due to
cached credentials. These include roaming user profile path, Folder Redirection path, and
Software Installation settings. If the user is already logged on when these settings are
detected, they will not be applied until the next time the user is logged on.
Task 3: Use the Group Policy Results Wizard to review Group Policy
application for a target user and computer
1. On NYC-DC1, in the Group Policy Management console pane, right-click
Group Policy Results, and then click Group Policy Results Wizard.
2. In the Group Policy Results Wizard, click Next.
3. On the Computer Selection page, click Another computer, type
WoodgroveBank\NYC-CL1 and click Next.
Note: If you receive an error after the step above, retry the step above in 2 minutes.
Result: At the end of this exercise, you will have configured several Administrative
Templates policy settings for various OUs in the organization and then verified
successful GPO application.
L7-76 Module 7: Configure User and Computer Environments by Using Group Policy
Result: At the end of this exercise, you will have successfully deployed an assigned
software package using Group Policy.
Lab D: Configuring Group Policy Preferences L7-79
Note: You aren’t actually deleting the GPO, just the link to it in the domain.
Note: To apply Group Policy preferences to Windows Vista computers, you must
download and install Group Policy Preference Client Side Extensions for Windows Vista
(KB943729).
Result: At the end of this exercise, you will have configured and tested Group Policy
Preferences and verified their application.
L7-82 Module 7: Configure User and Computer Environments by Using Group Policy
Note: The changes you are looking for below may not appear until the second logon.
1. On NYC-CL1, click Start, and then verify you see the classic Start menu.
2. On the desktop, double click Internet Explorer.
3. In the Windows Internet Explorer window, click the Home button. After a
moment the WoodgroveBank.com IIS7 home page will load.
4. Close Internet Explorer.
5. On the desktop, double-click Computer.
6. In the Computer window, verify that the K: drive is mapped to the Data share
on NYC-DC1.
7. Log off, and then log back on to as WOODGROVEBANK\Roya using the
password Pa$$w0rd.
8. Click Start, and then verify you see the classic Start menu.
Lab E: Troubleshooting Group Policy Issues L7-85
Note: If time permits, you can view the Group Policy operational log as Administrator on
NYC-CL1. If you filter the view to show events that Roya generates, you would see that
the log does not detect any errors or warnings for this user. This is because the GPO only
sets a registry value that defines the location of the scripts folder. Group Policy is
unaware if the user has access to the location. The write to the registry was successful.
Therefore, the Group Policy log does not see any errors. You would have to audit Object
Access for the scripts folder to determine access issues.
Note: Another way to resolve the issue would be to move the script to the Netlogon
share, or to eliminate the need for such a logon script altogether you could configure a
Group Policy Preference.
Result: At the end of this exercise, you will have resolved a Group Policy scripts issue.
Lab E: Troubleshooting Group Policy Issues L7-87
2. Click Start, and then verify you see the classic Start menu.
3. On the desktop, double click Internet Explorer.
4. In the Internet Explorer window, click the Home button. After a moment the
WoodgroveBank.com IIS7 home page will load.
5. Close Internet Explorer.
6. On the desktop, double-click Computer.
7. In the Computer window, verify that the K: drive is mapped to the Data share
on NYC-DC1
8. Notice that the Control Panel does not appear on the desktop or Start menu.
This is a setting from the Lab 7B GPO that was applied to the Miami OU.
L7-88 Module 7: Configure User and Computer Environments by Using Group Policy
Result: At the end of this exercise, you will have resolved a Group Policy objects issue.
L7-90 Module 7: Configure User and Computer Environments by Using Group Policy
Result: At the end of this exercise, you will have resolved a Group Policy objects issue.
L7-92 Module 7: Configure User and Computer Environments by Using Group Policy
Note: Group Policy applies to the user or computer in a manner that depends on where
both the user and the computer objects are located in Active Directory. However, in
some cases, users may need policy applied to them based on the location of the
computer object alone. You can use the Group Policy loopback feature to apply Group
Policy Objects (GPOs) that depend only on which computer the user logs on to.
L7-94 Module 7: Configure User and Computer Environments by Using Group Policy
Note: Another alternative would be to disable loopback processing in the GPO itself,
especially if there were other settings in the GPO that you did wish to have applied.
Result: At the end of this exercise, you will have resolved a Group Policy objects issue.
Lab A: Implementing Security Using Group Policy L8-95
Result: At the end of this exercise you will have configured account and security policy
settings.
Lab A: Implementing Security Using Group Policy L8-99
Note: PSO values are time-based values entered using the integer8 format. Integer8 is a
64-bit number that represents the amount of time, in 100-nanosecond intervals, that has
passed since 12:00 AM January 1, 1601.
L8-100 Module 8: Implementing Security Using Group Policy
Result: At the end of this exercise, you will have implemented fine grained password
policies.
Lab B: Configuring and Verifying Security Policies L8-101
Result: At the end of this exercise you will have configured restricted groups and
software restriction policies.
Lab B: Configuring and Verifying Security Policies L8-103
Note: This next step is performed to simplify the lab and is not a recommended
practice.
Result: At the end of this exercise you will have configured security templates.
Lab B: Configuring and Verifying Security Policies L8-107
Note: This error message may not appear until the second logon.
Result: At the end of this exercise, you will have verified the security configuration.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab: Manage Server Security L9-111
Task 2: Use the Group Policy Management Console to create and link
a Group Policy Object (GPO) to the domain to configure client
updates
1. On NYC-DC1, click Start, point to Administrative Tools, and then click
Group Policy Management.
2. In the console pane, expand Forest: WoodgroveBank.com, expand Domains,
and then click WoodgroveBank.com.
3. Right-click WoodgroveBank.com, and then click Create a GPO in this
domain, and Link it here.
4. In the New GPO dialog box, type WSUS, and then click OK.
5. In the details pane, right-click WSUS, and then click Edit.
6. In the Group Policy Management Editor window, under Computer
Configuration, expand Policies, expand Administrative Templates, expand
Windows Components, and then click Windows Update.
L9-112 Module 9: Configuring Server Security Compliance
Note: the order of the settings below may be different and you may need to locate and
open each one separately.
Task 4: Create a computer group, and add NYC-CL2 to the new group
1. In the console pane, expand Computers, and then click All Computers.
2. In the Actions pane, click Add Computer Group.
3. In the Add Computer Group dialog box, type HO Computers, and then click
Add.
4. In the console pane, expand All Computers, and then click Unassigned
Computers.
5. In the details pane, in the Status list, click Any, and then click Refresh.
6. Right-click nyc-cl2.woodgrovebank.com, and then click Change
Membership.
7. In the Set Computer Group Membership dialog box, select the HO
Computers check box, and then click OK.
Note: Entering yesterday’s date will cause the update to be installed as soon as the client
computers contact the server. Note that because these VMs use the Microsoft Lab
Launcher environment, their date will not correspond with the actual date. This is by
design. Take note of the VMs configured date and enter a date one day before the VMs
configured date.
3. At the command prompt, type wuauclt /detectnow, and then press ENTER.
4. The Windows Update dialog box will appear notifying you that the update is
being installed and the computer needs to restart. Click Restart now.
Note: It may take several minutes for the Window Update dialog box to appear.
Lab: Manage Server Security L9-115
Note: Due to the limitations of the lab environment, the KB957097 update is pre-loaded
on the WSUS server to demonstrate the update process.
Note: You may have to wait a minute for the event to appear.
Results: After this exercise, you should have successfully installed the FSRM role
service on NYC-SVR1.
Lab B: Configuring Storage Quotas L10-121
Task 3: Test that the Quota is working by generating several large files
1. Click Start, and then click Command Prompt.
2. Type E:, and then press ENTER.
3. Type cd \Mod10\Users\Roya, and then press ENTER.
4. Type fsutil file createnew file1.txt 89400000, and then press ENTER. This
creates a file that is over 85 MB, which will generate a warning in Event
Viewer.
5. Click Start, point to Administrative Tools, and then click Event Viewer.
Lab B: Configuring Storage Quotas L10-123
Important: When the Users folder is compressed, you reduced the file’s actual space. If
you were to specify this using NTFS file system quotas, the actual file size would be
calculated and not the compressed size.
12. In the Confirm Attribute Changes dialog box, verify that Apply changes to
this folder, subfolders and files is selected and then click OK.
13. In the File Server Resource Manager details pane, right-click Quotas, and then
click Refresh. Notice that the amount of used space is reduced significantly.
14. In the Command Prompt window, type fsutil file createnew file2.txt
16400000, and then press ENTER. The file will now be successfully created.
Important: When creating files, you are specifying the number of bytes they will be. This
is why they are not exactly 85000000, because a byte is only eight bits.
Results: After this exercise, you should have seen the effect of a quota template that
imposes a 100MB limit on user storage on the E:\Mod10\Labfiles\Labfiles\Users folder.
L10-124 Module 10: Configuring and Managing Storage Technologies
Results: After this exercise, you should have successfully implemented a file screen
that logs attempts to save executable files in E:\Mod10\Labfiles\Labfiles\Users.
L10-126 Module 10: Configuring and Managing Storage Technologies
Results: After this exercise, you should have successfully generated an on-demand
storage report.
Lab A: Installing the Distributed File System Role Service and Creating a DFS Namespace L11-127
Note: If they are not visible, you may need to wait up to five minutes for the
configuration to complete.
3. Double-click HRTemplates.
4. On the File menu, point to New, and then click Rich Text Document.
5. Type Vacation Request, and then press ENTER.
6. On the navigation bar, click the Back button.
7. Double-click PolicyFiles.
8. On the File menu, point to New, and then click Rich Text Document.
9. Type Order Policies, and then press ENTER.
10. Close the PolicyFiles window.
11. On NYC-SVR1, click Start, type \\WoodgroveBank.com\CorpDocs, and then
press ENTER.
12. In the Windows Explorer window that opens, notice that the HRTemplates
and PolicyFiles folders both are visible.
13. Browse both folders and verify that you can access the files. Close the window
when complete.
Results: After this exercise, you should have established shadow copies on a share,
changed a file, and then restored the original version.
L13-144 Module 13: Configuring Availability of Network Resources and Content
Note: Perform these steps on both NYC-DC1 and NYC-SVR1. First perform the steps on
NYC-DC1. Then perform the steps on NYC-SVR1.
Note: Do not begin the steps below until after the previous change has completed. Use
the log entries in the bottom pane to determine when the previous change has
completed.
Note: It may take three minutes for the NLB cluster hosts to converge. Wait for both NLB
hosts to display a status of Converged before moving to the steps below.
Results: Even though a NLB Cluster member is unavailable, the web site is still
available.
Lab A: Identifying Windows Server 2008 Monitoring Requirements L14-147
Note: If you receive an error, click OK, and attempt to start the collector set again.
$aryComputers = "NYC-DC1","NYC-SVR1"
Set-Variable -name intDriveType -value 3 -option constant
Note: This command allows you to run scripts that are unsigned.
9. Type C:\Users\Administrator.Woodgrovebank\Documents
\DriveReport.ps1 and then press ENTER.
10. Review the results of the script.
11. Type exit, and then press ENTER.
Ensure that the 6419A-NYC-DC1 virtual machine has fully started before you start
the 6419A-NYC-SVR1 virtual machine.
Backup Frequency
Sales Daily
Finance Daily
2. How would you address the requirement to restore the servers and how
frequently would you back up the servers?
Answer: Back up the system state data on the servers so that you can restore
them later. The backup should be at an appropriate frequency, so this will
depend on how often the server configuration is changed. Typical schedules
may be weekly or monthly.
Lab A: Planning Windows Server 2008 Backup Policy L15-159
Requirements
2. What additional consideration must you make for performing a trial restore of
the HR data on NYC-FS1?
Answer: You must retrieve the off-site backup media for testing.
3. With what types of backup data should you perform a trial restore?
Answer: You should perform trial restores on all types of backup, including
volume backups, complete server backups, and database backups.
Lab B: Planning Windows Server 2008 Restore L15-167
This is where you can view any issues that occur with a restore operation.
Note: A full system restore would take a considerable amount of time to complete, but
once it is done, the DHCP Server service will start successfully.
Results: You have successfully backed up and restored files using the Windows Server
Backup utility.