i

iterative or recursive query

A recursive query is a DNS query where the client that is
submitting the query expects a complete answer .
An iterative query is a DNS query where the client does
not expect a complete answer , Iterative queries usually
take place between name servers. The root name servers
do not respond to recursive queries.

authoritative dns servers

A DNS server that is controlling a zone, is said to be the
authoritative DNS server for that zone. Remember that a
zone is a collection of resource records.
primary and secondary
When you set up the first authoritative dns server for a
zone, then this is called the primary dns server. This
server will have a readable and writable copy of the zone
database. For reasons of fault tolerance, performance or
load balancing you may decide to set up another dns
server with authority over that zone. This is called a
secondary dns server.

zone transfers
The slave server receives a copy of the zone database
from the master server using a zone transfer. Zone
transfers are requested by the slave servers at regular
intervals. Those intervals are defined in the soa record.
 A stub zone contains the list of authoritative DNS servers for a
zone (domain) and host records that contain their IP addresses
(known as glue records). It also contains the IP address of at
least one master server for the zone.
What is difference between forwarder and conditional
forwarder?
Conditional forwarders are DNS servers that only forward
queries for specific domain names. Instead of forwarding all
queries it cannot resolve locally to a forwarder, a conditional
forwarder is configured to forward a query to specific

Root hints are DNS data stored in a DNS server. ... Root hints
are used to prepare servers authoritative for non-root zones so
that they can learn and discover authoritative servers that
manage domains located at a higher level or in other sub trees
of the DNS domain namespace

The dns namespace is hierarchical tree structure, with the root

servers (aka dot-servers) at the top. The root servers are
Module 11
Creating and managing
deployment images
Overview of images

• .wim files contain all of the files and information

for one or more disk images
• WIMBoot files allow a computer to run directly
from a .wim file and reduce the space
requirements for Windows installations
Overview of images

• Thin image
• Contains only the operating system and possibly a few
agents, such as Configuration Manager 2012 agent
• Thick image
• Contains every application required by an end-user

• Hybrid image
• Contains some of the applications required by most
users
Overview of images

Boot image
• Windows PE
• On install media, boot.wim
• 32-bit and 64-bit platform support
• Used to capture and deploy operating systems

Install image
• The operating system
• On install media, install.wim
• Generally based on a captured reference
computer
Overview of image-based installation tools

Tools for image-based installations include:

• Setup.exe. Performs Windows installations by using
interactive or unattended installation methods. Can be
used with answer files and catalog with Windows SIM
• Windows Deployment Services. A role service on
Windows Server 2016
• Windows ADK. New upgraded version of Windows AIK
that contains Windows PE images
• DISM. Command-line and Windows PowerShell tool for
servicing Windows operating system images
• System Center Configuration Manager. Comprehensive,
enterprise-level suite for deployment and management
Creating, updating, and maintaining images

• The process of creating an install image can be

summarized as follows:
• Create a capture image
• Install Windows on a reference computer
• Customize settings on the reference computer
• Generalize the reference computer
• Capture the reference image
Creating, updating, and maintaining images

• Use DISM to manage and maintain images,

including:
• Apply updates, drivers, and language packages
• Add, remove, or enumerate packages and drivers
• Enable or disable Windows features
• Configure locale settings
• Upgrade an image to a different edition of Windows
Windows Deployment Services

Windows Deployment Services is a server role that

is provided with Windows Server 2016

• Windows Deployment Services:

• Enables you to perform network-based installations
• Simplifies the deployment process
• Supports deployment to computers with no operating
system
• Uses existing technologies, such as Windows PE, .wim,
.vhd and .vhdx files, and image-based deployment
 DNS : - A well configured and running DNS to
resolution of name and to configuration of
Active Directory.
DHCP : - A configured DHCP Server to provide
IP address to client for Communication with
WDS Server.
Domain Controller : - To provide
Authentication to the WDS Client and
Authorization to the DHCP Server.
NTFS Volume : - For Security and Installation of
Domain Controller (Domain Controller can not
be loaded on FAT volume)
PXE LAN Card : - It stands for Pre-boot
Execution Environment
Ch 2 RODC
Branch office considerations

Considerations for branch offices include:

• Security
• Availability and reliability
• Performance and capacity
• Legal and regulatory requirements
• IT organization
• Business considerations
• Cost
Considerations for providing AD DS and DNS
services to branch offices

An RODC provides the following services to

branch offices:
• Read-only AD DS
• Read-only DNS
• Credential caching
• Administrative role separation
Considerations for implementing presentation
virtualization for branch offices

• Remote Desktop Services allows users to run

Windows-based applications remotely or to access
full desktops virtually from multiple types of
devices
• Installation of the Remote Desktop Services role is
scenario-based
• Benefits include:
• Quick deployment of applications
• Ease of application maintenance
• Support for multiple device types
• High-end applications can be run from low-end systems
• Good performance across slow connections
Ch5,6
Module 5
Implementing Group Policy
What is configuration management?

• Configuration management is a centralized

approach to applying one or more changes to more
than one user or computer
• The key elements of configuration management are:
• Setting
• Scope
• Application
Overview of Group Policy tools and consoles

Group Policy Management Console Group Policy

Management Editor

Command-line utilities: GPUpdate and GPResult

Benefits of using Group Policy
• Group Policy is a very powerful administrative tool

• You can use it to enforce various types of settings

to a large number of users and computers
• Typically, you use GPOs to:
• Apply security settings
• Manage desktop application settings
• Deploy application software
• Manage Folder Redirection
• Configure network settings
Group Policy Objects

A GPO is:
• A container for one or more policy settings
• Managed with the GPMC
• Stored in the GPOs container
• Edited with Group Policy Management Editor
• Applied to a specific level in the AD DS hierarchy
Overview of GPO scope

• The scope of a GPO is the collection of users and

computers that will apply the settings in the GPO
• You can use several methods to scope a GPO:
• Link the GPO to a container, such as an OU
• Filter by using security settings
• Filter by using WMI filters

• For Group Policy preferences:

• You can filter or target the settings that you configure by
Group Policy preferences within a GPO based on several
criteria
Overview of GPO inheritance

GPOs are processed on a client computer in the

following order:
1. Local GPOs
2. Site-level GPOs
3. Domain-level GPOs
4. OU GPOs, including any nested OUs
The Group Policy Client service and client-side
extensions

• Group Policy application process:

1. Group Policy Client retrieves GPOs
2. Client downloads and caches GPOs
3. Client-side extensions process the settings

• Policy
settings in the Computer Configuration
node apply at system startup and every 90–120
minutes thereafter
• Policy
settings in the User Configuration node
apply at sign-in and every 90–120 minutes
thereafter
Lesson 2: Implementing and administering GPOs

• What are domain-based GPOs?

• GPO storage
• What are starter GPOs?
• Common GPO management tasks
• Delegating administration of Group Policy
• Demonstration: Delegating administration of
Group Policy
What are domain-based GPOs?
What are GPO links?
After you have linked a GPO, the users or computers in that container are within
the scope of the GPO, including computers and users in child OUs
Identifying when settings become effective

• GPO replication must occur

• Group changes must replicate
• Group Policy refresh must occur
• User must sign out and sign in or the computer
must restart
• You must perform a manual refresh
• Most CSEs do not reapply unchanged GPO
settings
Refreshing GPOs

• When you apply GPOs, remember that:

• Computer settings apply at startup
• User settings apply at sign-in
• Polices refresh at regular, configurable intervals
• Security settings refresh at least every 16 hours
• Policies refresh manually by using:
• The gpupdate command-line utility
• The Windows PowerShell cmdlet Invoke-gpupdate
• With the Remote Group Policy Refresh feature, you can
refresh policies remotely
Examining Group Policy event logs
Ch6
Module 6
Managing user settings with
Group Policy
Lesson 1: Implementing administrative templates

• What are administrative templates?

• What are .adm and .admx files?
• Overview of the central store
• Discussion: Practical uses of administrative
templates
• Demonstration: Configuring settings with
administrative templates
• Importing security templates
• Managing administrative templates
 What are administrative templates?
• Administrative templates give you the ability to control the environment
of the operating system and the user experience:
• Administrative template section for computers:
• Control Panel
• Network
• Printers
• System
• Windows-based components
• Administrative template section for users:
• Control Panel
• Desktop
• Network
• Start menu and taskbar
• System
• Windows-based components
• Each of these main sections contain many subfolders to further organize
settings
Discussion: Practical uses of administrative templates

• How do you provide desktop security

currently?
• How much administrative access do
users have to their systems?
• Which Group Policy settings will you
find useful in your organization?

15 minutes
 Importing security templates

• Security Templates contain settings for:

• Account policies
• Local policies
• Event log
• Restricted groups
• System services
• Registry
• File system
• More security settings are available in a GPO
• Security templates created in the Security Templates
snap-in can be imported into a GPO
• The Security Compliance Manager can export security
baselines in a GPO backup format
Managing administrative templates

• Extend the set of administrative templates by:

1. Creating new templates or downloading available
templates
2. Adding the templates to the central store so the
settings become available in all GPOs
3. Configuring the settings in a GPO
4. Deploying the GPO

• .admx files are available for both Microsoft and

third-party applications
• Import legacy .adm files to the Administrative
Templates section of a GPO
Lesson 2: Configuring Folder Redirection,
Software Installation, and Scripts

• What is Folder Redirection?

• Settings for configuring Folder Redirection
• Security settings for redirected folders
• Demonstration: Configuring Folder Redirection
• Managing software with Group Policy
• Group Policy settings for applying scripts
• Demonstration: Configuring scripts with GPOs
 What is Folder Redirection?
• Folder Redirection allows folders to be located on a
network server, but appear as if they are located on a
local drive
• Folders that can be redirected in Windows Vista and later
are:
Settings for configuring Folder Redirection

• Folder Redirection configuration options:

Accounting
• Use Basic Folder Redirection when all users Users
save their files to the same location
• Use Advanced Folder Redirection when
the server hosting the folder location Accounts
A-M
is based on group membership
• Use the Follow the Documents folder to force certain Accounts
folders to become subfolders of Documents N-Z
• Target folder location options: Accounting
• Create a folder for each user under the Managers
root path
• Redirect to the following location Amy
• Redirect to the local user profile location
• Redirect to the user’s home directory
(Documents folder only) Anne
 Security settings for redirected folders
NTFS permissions for root folder
Creator/Owner Full control – subfolders and files only
Administrator None
Security group of users that save data on the List Folder/Read Data, Create Folders/Append
share Data-This Folder Only
Local System Full control
Share permissions for root folder
Creator/Owner Full control – subfolders and files only
Security group of users that save data on the Full control
share
NTFS permissions for each user’s redirected folder
Creator/Owner Full control – subfolders and files only
%Username% Full control, owner of folder
Administrators None
Local System Full control
Lesson 3: Configuring Group Policy preferences

• What are Group Policy preferences?

• Comparing Group Policy preferences and Group
Policy settings
• Features of Group Policy preferences
• Item-level targeting options
• Demonstration: Configuring Group Policy
preferences
What are Group Policy preferences?

Group Policy preferences extensions expand the

range of configurable settings within a GPO:
• Enables you to manage settings that were
previously not manageable by using Group Policy
• Are supported natively on Windows Server 2008
and newer and Windows Vista SP2 and newer
• Can be created, deleted, replaced, or updated
• Categories include mapped drives, shortcuts,
registry changes, power options, schedules tasks,
and Internet Explorer settings
 Comparing Group Policy preferences and Group
Policy settings
Group Policy settings
Strictly enforce policy
settings by writing the
settings to areas of the
registry that standard users
cannot modify
Typically disable the user
interface for settings that
Group Policy is managing
Refresh policy settings at a
regular interval
Group Policy preferences
Are written to the normal locations in the
registry that the application or operating
system feature uses to store the setting
Do not cause the application or operating
system feature to disable the user interface
for settings they configure
Refresh preferences by using the same
interval as Group Policy settings by default,
but can be configured to apply only once