Administering Windows Server 2012 (70-411)

Explore image-based deployment with Windows Deployment Services (WDS) to deploy Windows Server 2012 efficiently in large networks, and implement updates, software installation, and ongoing monitoring for peak reliability.

Learn how image deployment speeds up OS installation with Windows Deployment Services, covering PXE boot, light touch, zero touch, multicast, and storing images on a network share.

Install and configure Windows deployment services to enable image-based deployments, configure images and boot images, and automate deployment tasks with powershell.

Leverage Windows Deployment Services to deploy operating systems across enterprise networks, using customized or standard configurations, and install the WDS role to image Windows Server 2012 and clients.

Explore how Windows Server Update Services enables centralized patch management for Windows Server 2012, detailing WSUS installation, configuration, and options to deploy updates and defend against vulnerabilities.

Centralized patch management keeps Windows clients and servers up-to-date by applying patches, hotfixes, rollups, cumulative updates, and service packs to address vulnerabilities and maintain security and stability.

Configure WSUS as an update server that downloads updates from Microsoft Update, distributes them to local clients, and follows the four phases—assessment, identify, evaluate and plan, deployment—for testing and approval.

Install and configure Windows Server Update Services (WSUS) via Server Manager, set up components and storage, then handle post-install tasks like Windows Internal Database, automatic approval, and computer groups.

Configure the automatic updates client via group policy to point to the intranet wsus server and set frequency and install method; use wsus console for approvals, computer groups, and testing.

Leverage Windows Server Update Services (WSUS) to download updates to a local server and distribute them across your environment. Enable automatic approvals, testing, and reports to ensure consistent security patches.

Explore performance monitoring for Windows Server 2012, learning its purpose and benefits, and compare tools like performance monitor, event viewer, resource monitor, and task manager with third-party enterprise-level monitoring solutions.

Explore Windows Server 2012 performance monitoring tools—five tools including Task Manager, Resource Monitor, Event Viewer, Performance Monitor, and Windows Network Monitor—with optional SCOM for enterprise monitoring.

Gain hands-on with Windows Server 2012 performance monitor to track objects, instances, and counters in real time, log data, and build baselines using data collector sets and alerts.

Learn to use Windows Server 2012 Event Viewer to monitor performance, analyze logs, and diagnose issues across local and remote servers through custom views and event subscriptions.

Learn performance monitoring in Windows Server 2012 using performance monitor, data collector sets, baselines, event viewer, resource monitor, and task manager to sustain stability and productivity.

Explore how the distributed file system in Windows Server 2012 enables a logical folder hierarchy and fault-tolerant access, using namespaces and replication to synchronize data across servers.

Discover the file server resource manager in Windows Server 2012, including capacity management, disk quotas, file screens, and on-demand reporting to optimize storage and plan future needs.

Explore how File Server Resource Manager in Windows Server 2012 boosts capacity management with quotas, file screening, automatic classification, and management tasks, plus comprehensive reports.

Install and configure file server resource manager (fsrm) to manage quotas, file screening, storage reports, email notifications, classification management, and access denied assistance on Windows Server 2012.

Configure disk quotas with the file server resource manager to control storage across folders and monitor quota usage. Edit quota templates, set thresholds, and configure alerts to notify administrators.

Configure file screens in the File Server Resource Manager to enforce allowed file types in a folder, using file groups and templates, with exceptions and optional email notifications.

Configure file screens with file server resource manager by creating file groups and templates to block or monitor files, set up email alerts, and use PowerShell to simulate file creation.

Configure and generate storage reports to monitor current utilization and plan future capacity with SRM and FSRM, and schedule on-demand or automated reports in dynamic HTML, XML, CSV, or TXT.

Discover how the Encrypting File System on NTFS uses certificates and a file encryption key to protect data, with self-signed or online certificate authority options and sharing implications.

Explore BitLocker drive encryption on Windows Server 2012, including TPM-based full volume protection, startup key options, recovery key management, and group policy driven deployment and AD integration.

Explore configuring security auditing in Windows Server 2012, plan an auditing strategy, and implement basic and advanced audit policies for granular, well-managed logs.

Configure group policy objects to monitor computer accounts and enable nine audit events, including account logon, account management, object access, directory service access, privilege use, and policy changes.

Configure advanced audit policies in Windows Server 2012 to enable granular sub-categories and global access auditing for filesystem and registry objects through group policy management.

Explore configuring DNS and managing zones and resource records to support Active Directory in Windows Server 2012, and set up VPNs, NAT, and Direct Access as network access services.

Explore the domain name system (DNS) architecture, including hierarchical namespaces, zones, SRV records, recursion, and caching, and how DNS enables Active Directory service location and domain controllers.

Install and configure DNS on Windows Server 2012 using server manager or PowerShell. Configure root hints, forwarders, and conditional forwarders to enable name resolution.

Discover how DNS zones define authoritative portions of the namespace and resolve queries. Compare forward and reverse lookup zones, stand-alone versus Active Directory integrated zones, and caching-only configurations.

Demonstrates how to create and manage DNS zones in Windows Server 2012, including forward lookup, primary, secondary, and stub zone, dynamic updates, zone transfers, and start-of-authority records.

Learn to configure DNS zones in Windows Server 2012, including zone transfers, SOA serials, refresh and retry intervals, secure dynamic updates, and delegation with primary, secondary, and stub zones.

Configure dns zones, including primary Active Directory integrated zones and secondary or stub zones, enable controlled zone transfers, and use notify and refresh settings between master and secondary servers.

Administrators configure DNS on Windows Server 2012 and maintain the DNS database to ensure efficient name resolution, while exploring DNS maintenance options and troubleshooting methods for servers and clients.

Learn to troubleshoot DNS servers using DNS event logs, debug logging, and monitoring from the DNS management console to diagnose name resolution problems.

Learn to troubleshoot DNS servers with the DNS Manager, enabling debug logging and targeted queries. Explore lookups, zone transfers, and record enumeration to diagnose resolution issues.

Configure and manage the DNS role in Windows Server 2012, exploring DNS zones, resource records, and troubleshooting name resolution to support Active Directory environments and the Internet.

Explore configuring virtual private networks, network address translation, and routing in Windows Server 2012, and gain an overview of the concepts and terms used in remote access.

Learn how remote access connects home users to corporate resources via VPN or dial-up, with DHCP, Active Directory Domain Services, and Network Policy Server handling authentication and authorization.

Install and configure the remote access role on a windows server 2012 to deploy a vpn server and direct access options.

Discover how Windows Server 2012 enables remote access and site-to-site vpn over the public internet using tunneling and encryption, with pptp, l2tp/ipsec, sstp, and ikev2.

Configure a Windows Server 2012 VPN by installing the remote access role, selecting public and private interfaces, DHCP relay, and local or RADIUS authentication.

Configure a vpn server via the remote access management console in server manager, assign ip ranges, enable routing and remote access, and support pptp, l2tp, and sstp with certificate binding.

Learn to configure and automate VPN connections for remote access in Windows Server 2012, using manual setup or CMAK profiles, and enforce security with encryption, authentication, and network policies.

Demonstrates creating and configuring a VPN connection on Windows Server 2012, including using Active Directory Users and Computers, NPS policy, and validating connectivity from a Windows 8 client.

Configure remote access and VPN on Windows Server 2012, covering authentication, authorization, prerequisites, and options like NAT and router setup for small networks.

Explore how DirectAccess in Windows Server 2012 replaces traditional VPNs with seamless bi-directional connectivity. See how IPv6 and IPsec enable DirectAccess and review the server, client requirements, and configuration.

Install and configure the Windows Server 2012 network policy server to centralize radius-based authentication, authorization, and accounting, and learn to deploy a RADIUS proxy and NAP enforcement.

Demonstrates installing the network policy server role on Windows Server 2012, enabling a centralized radius-based authentication, authorization, and health policy infrastructure via the network policy and access services console.

Demonstrates configuring Windows Server 2012 network policy server as a RADIUS server and the VPN server as a RADIUS client, including RADIUS clients, shared secrets, and connection request policies.

Explore password based authentication, where users identify with username and password, compare pap, chap, ms-chap, and eap, and consider certificate based authentication and md5 hashing for stronger security.

Configure certificate-based authentication in Windows Server 2012 by deploying a PKI with AD CS, creating certificate templates, and enabling auto-enrollment via Group Policy to support EAP-TLS and PEAP.

Demonstrates configuring cert-based authentication by installing Active Directory Certificate Services, setting up certificate templates and auto enrolment, and using group policy to auto-enroll computer certificates.

Introduce configuring network policies and network policy server templates to control which clients and connections can access servers, and explain authorization versus authentication.

Explore how remote access authorization works in Windows Server 2012, including user dialing permissions, network policy permissions, and centralized RADIUS-based authorization for multiple network access servers.

Configure and apply granular network policies on Windows Server 2012 (70-411) using conditions, constraints, and settings to control VPN and dial-in access, including group and time-based restrictions.

Configure and manage network policies in the network policy server to control access and authorization with conditions like user groups, daytime restrictions, and time-based rules.

Explore how network policy server templates duplicate configurations for RADIUS clients, shared secrets, remote servers, health policies, and packet filters, with import/export to reduce administrative overhead in larger organizations.

Learn to create and reuse network policy server templates for shared secrets, radius clients, health policies, and filters, and export or import these templates across servers to reduce administration.

Discover how network access protection in Windows Server 2012 controls client connectivity based on compliance, and configure the system health validator, health policies, and enforcement clients like DHCP and VPN.

Enforce health requirements for client computers and manage access via nap health policy server, enforcement points, remediation, and a restricted network for non-compliant devices.

Configure network access protection and system health validators to enforce client compliance by evaluating statements of health against health policies, covering firewall status, anti-malware, and automatic updates.

Configure network access protection on Windows Server 2012 to enforce client compliance by requiring firewall, antivirus, and updates. Deploy NAP clients via local settings or GPO and define health policies.

Discover how to configure and manage Active Directory Domain Services in Windows Server 2012, including creating users and groups, domain controllers, disaster recovery, account policies, and group managed service accounts.

Manage users, groups, and computers in Windows Server 2012 with Active Directory tools, especially the Administrative Center, PowerShell, and features like the Active Directory Recycle Bin and dynamic access control.

Explore Windows PowerShell for Active Directory administration, creating and managing objects in bulk, using verbs like get, set, and add, and leveraging tab completion for efficient Server Core workflows.

Explore configuring application services with standard user or managed service accounts, and explain why managed service accounts address password, SPN, and administration challenges of domain accounts under a least-privilege approach.

Administer Windows Server 2012 by configuring accounts for service logons, including local system, domain users, and managed service accounts, while handling passwords and service principal names.

Discover how managed service accounts simplify application authentication and automatic password management, enable SPN management, and support group managed service accounts across multiple servers in Windows Server 2012 environments.

Initialize ad kds root key, then create and associate a group managed service account with the host server using PowerShell, install the service, and configure the application to use it.

Learn how to manage Active Directory objects, understand the object concept and security principals in the domain database, create various object types, and use managed service accounts.

Understand how domain controllers host a writeable Active Directory database, enable centralized administration, and support multimaster replication across domains, trees, forests, and organizational units.

Explore FSMO roles in Active Directory, including schema master, domain naming master, read master, infrastructure master, and the PDC emulator. Learn safe transfer and seize methods using ADUC and TDSUTIL.

Learn to configure and transfer the single FSMO roles such as the PDC emulator, infrastructure master, domain naming master, and schema master using GUI tools or NTDSUTIL, with caution.

Explore safe cloning and safe restore of virtual domain controllers in Windows Server 2012. Use VM generation IDs and XML guidance to preserve Active Directory replication.

Demonstrates staging and deploying a read-only domain controller (RODC) using Active Directory Users and Computers, configuring DNS and global catalog options, password replication policies, and an unattended promotion workflow.

Learn how global catalog servers store all domain partitions, support upn logon and universal group caching, and guide placement and promotion decisions for single and multi-domain environments.

Explore implementing and configuring Active Directory with three domain controllers, including single operation masters roles, safe cloning, safer store, read-only domain controllers, and configuring global catalog servers on domain controllers.

Learn to maintain Active Directory database, including partitions, physical database, and programs involved in maintenance, and plan and implement disaster recovery for Active Directory objects in Windows Server 2012.

Explore how the Active Directory database uses the extensible storage engine with in-memory changes and transaction logs for recoverable updates across domain controllers and partitions: domain, configuration, schema, and application.

Demonstrates AD DS maintenance operations, including stopping the Active Directory service, performing offline defragmentation, running integrity checks, copying the compacted database, and restarting services.

Plan disaster recovery for Active Directory by using backups, domain controllers, and snapshots; then restore deleted objects via tombstones or the Active Directory recycle bin.

Study the Active Directory database structure, including physical files and logical partitions, and understand maintenance tasks like defragmentation, moving databases and log files, and recovery of directory objects and backups.

Explore how account policies in Active Directory control password complexity, length, history, and aging, and configure lockout settings for local and domain accounts to strengthen authentication.

Configure fine-grained password policies in Windows Server 2012 by creating password settings objects (PSL) and applying them to users or groups via ADAC or PowerShell, with precedence rules.

Explore how account policies configure password related settings to enforce higher security in Active Directory using group policy and the fine grain password policy object (PSL).

Explore how group policy provides configuration management for desktops and applications in Windows Server 2012, using Active Directory to implement processing. Understand the infrastructure and management framework for group policy.

Explore how group policy controls desktops in Active Directory environments by configuring domain computers, ensuring software availability and data access, and using scripts to streamline management.

Configure folder redirection via a group policy object, using the group policy management console to redirect documents and other folders to a shared path with basic and advanced options.

Learn to configure Group Policy Preferences in Windows Server 2012 to automate drive mappings, registry entries, and startup settings with item-level targeting, a non-mandatory, persistent approach.

Explore implementing configuration management in a Windows Server 2012 environment using Group Policy, including Group Policy components, infrastructure, settings, and practical applications like folder redirection and software deployment.

Explore how group policy processing works, including the order of policy application, administrative templates, client-side extensions, slow-link detection, and loopback processing to define computer-based environments.

Explore how group policy processing works in a domain, detailing GPO structure, client-side extensions, slow link detection, and loopback processing for computers and users.

Configure group policy processing with the Group Policy Management Console, applying defaults at domain, organizational unit, or site, and manage loopback and slow link settings.

Explore how group policy applies to users and computers within Active Directory, including inheritance, blocking inheritance, enforcing policies, and security group filtering for reliable configuration management.

Learn to manage group policy objects, delegate control, and perform GPO actions using the Group Policy Management Console, while covering disaster recovery and backup options.

Delegate administrative control in group policy across containers, GPOs, and WMI filters with the Group Policy Management Console, and grant permissions to read, edit, link, and manage inheritance.

Leverage the group policy framework by using the GPMC and Windows PowerShell to manage GPOs, copy policies across domain boundaries in multi-domain environments, and extend settings with custom Administrative Templates.

Use the Group Policy Management Console and Windows PowerShell to manage and automate Group Policy Objects, including backup, restore, import, and cross-domain migration with a migration table and scheduled tasks.

Create a central store for custom administrative templates and copy policy definitions to the domain controller. This ensures templates load from the central store in GPOs.

Back up group policy objects with the group policy management console or PowerShell, store backups on a separate drive, and restore or import GPOs while safeguarding default domain policies.

Discover updates to Windows Server 2012 R2 virtualization, including safe domain controller virtualization, remote access enhancements with VPN and application proxy, DFS improvements, and VM templates for deployment and savings.

Ensure safe virtualization of domain controllers by preventing replication issues when restoring snapshots, using vm generation identifier support and invalidating the local RID pool to refresh identity.

Clone domain controllers via the Cloneable Domain Controllers group to rapidly deploy Active Directory Domain Services, recover in cloud environments, using PowerShell to create dccloneconfig.xml and import the virtual machine.

Learn to clone domain controllers by adding the DC to the clone group and generating an XML clone config with PowerShell to quickly deploy a new domain controller.

Explore how DFS provides high availability by creating a namespace and replicating a shared folder across London and Toronto servers, with read/write and read-only permissions.