Exam 70-411: Administrating Windows Server 2012

Learn to set up Windows deployment services for network-based operating system installation, plan ntfs storage for deployment images, and install the role via Server Manager or PowerShell.

Compare functionality across Windows Server 2008/2008 R2 and 2012/2012 R2, noting newer images, removal of older OS, and support for WIM, VHD(VHDX), unattended installs, and multicast or boot deployments.

Install the WDS deployment and transport server in standalone mode without active directory. Ensure DHC, Pixi boot to grab an IP address, and DNS with an NTFS image store.

Install and configure Windows Deployment Services through the server manager wizard, meeting prerequisites like Active Directory, DHCP, DNS, and NTFS, and choose deployment server or transport server.

Install Windows features with PowerShell, including management tools, run as administrator, and enable remote management to install the WTS deployment and transport server modules.

Verify clients can boot via pixie boot, meet Pixi operating system ram requirements of at least 512 megabytes, and ensure a local user account on the WDF server enables installation.

Learn to create and use a Discover image to install operating system on non Pixi enabled computers, save the image to CD, DVD, or USB, and deploy from WTS server.

Create your unattended installation file, copy it to a subdirectory of the remote install folder, and enable unattended installation by selecting properties and browsing to your file.

demonstrates creating and configuring multicast transmissions for Windows Server 2012 images, assigning image groups, and choosing auto cast or scheduled cast to control deployment timing.

Configure update management with patch management, group policies, and client side targeting for servers and workstations. Set synchronization, approve or remove updates, and manage deployments by WSUS groups.

Organize computers into groups like workstations, servers, departments, and a test group to manage and test wsus updates before release, and assign machines to groups via registry or gpo.

Learn to manage WSUS with PowerShell, performing tasks like adding computers, approving or denying updates, querying classifications and products, cleaning up old updates, and configuring synchronization schedules.

Identify and use a suite of server monitoring tools, including PowerShell commands, Event Viewer, log files, event subscriptions, and network monitoring to supervise servers and virtual machines.

Learn to monitor virtual machines with Hyper-V by enabling VM resource metering, collect statistics such as average megahertz and RAM, monitor networking, and reset or disable metering in PowerShell.

Explore event viewer to filter and analyze Windows Server logs, including application, security, and system logs; learn to filter by source, event IDs, users, and create custom views.

Explore storage report types to identify duplicate and large files, categorize by owner and folders, and optimize placement to reduce network traffic while monitoring quota usage.

Schedule and manage storage reports to monitor quota usage, identify large and duplicate files, and audit by owner, with email delivery and weekly scheduling.

Explore new and changed functionality in Windows Server 2012 R2, including reevaluation and clearing of outdated classification property values, and configuring maximum files per search report and storage reports parameters.

Explore DFS replication on Windows Server 2012 R2, using WMI for management, enable initial sync by cloning, apply remote differential compression, and tune staging sizes while restoring from conflicts.

Explain how the Encrypting File System relies on NTFS permissions to encrypt and decrypt files on NTFS volumes, and how to disable it via Group Policy.

See how encryption preserves file confidentiality by using efs on a marketing share, tying access to the user’s certificate and profile across logins.

Configure advanced audit policies using group policy or the auditpol command to implement expression-based auditing and create policies such as removable device audit policy.

Explore using the dns command (dnsCmd) to manage dns servers, add zones (primary or Active Directory integrated), configure records, perform zone transfers, and script exports or imports.

Install DNS as a server role, create a primary zone and reverse lookup, and configure a conditional forwarder to direct queries to a master server for a custom zone.

Compare internal and external namespaces, and see how firewalls and DNS resolve internal resources like file servers while external DNS handles web, VPN, and mail with A and MX records.

Troubleshoot dns name resolution by pinging a machine by name to verify resolution and ip address, and use powershell to query domain records, start of authority, and reverse lookup zones.

Learn how zone scavenging removes stale DNS records through aging and TTL settings, and how dynamic updates from DHCP interact with DNS to keep records current.

DNS caching stores recent resolutions in a local cache for about one hour, speeding lookups for multiple clients; servers act as forwarders and add results to the cache.

Explore how network policy servers manage remote access for telecommuters, including vpn and direct access, with integrated features and network access protection to secure remote work.

Explore vpn access into remote infrastructure, covering site-to-site and remote user connections, using pptp and l2tp, plus ipsec with ike for encrypted, authenticated traffic.

Describe vpn connection properties, including encapsulation with a header for routing, computer-level authentication via ipsec/ike and certificates, user and mutual authentication, and data origin authentication via checksums.

Explore behind the scenes in the remote access server via the remote access management console, configuring VPN, routing, and IP settings including IPv4/IPv6, logging, ports, and interfaces.

Install CMAK as a feature and create VPN profiles and dial-up entries. Configure profile naming, PBK files, and optional phone book updates for deployment.

Explore the flow of network policy processing: default rejection when no policies exist, match-and-deny logic across policies, and final allow only after a policy permits the user and profile.

Explore direct access features in Windows Server 2012, enabling clients to connect to internal resources over the internet with end-to-end authentication and encryption, supporting multiple protocols, most used being ttp.

Explore the deployment phases of direct access, configuring remote access infrastructure, routing, firewalls, certificates, and DNS, then managing with Group Policy and network location service.

Set up a domain-joined Windows 2012 server to accept direct access connections, route clients to internet resources, and use an IP-tunneled mode with a wizard-based setup.

Explore required infrastructure: active directory domain, group policy, and dns, with a minimum 2003 domain functional level, multiple domains in the forest, and direct access wizard-generated settings.

Define the DNS namespace and client configuration through the name resolution policy table, applying rules to resolve names and fall back to local or ISP DNS when unmatched.

Learn to diagnose common error codes for Windows server 2012 administration, including error 800 indicating unreachable servers, firewall port issues, and encryption mismatches that prevent VPN handshakes.

Master network policy and access services by enforcing health policies that verify clients before network access, centralizing policy management with radius, and securing wireless access.

Learn how Network Policy Server centralizes the RADIUS server, RADIUS proxy, and health policy to manage authentication, authorization, accounting, and remediation for wireless, dial-up, and VPN access.

Explore how a radius proxy aids authentication and authorization for outsourced services like VPN, dial-up, and NAS. Learn how it handles non-Windows databases and scales to high connection request volumes.

Treat certificates as digital identities used for authentication, trusted by location. Rely on a source such as a domain administrator or VeriSign, and support EAP, PEAP over TLS, and MS-CHAPv2.

Identify the default AD DS containers: domain container root for users and groups, users container for new user accounts, computers container for new computer accounts, and domain controllers organizational unit.

Organizational units group users, groups, computers, and other objects to apply group policies and manage security and configurations, while enabling delegated administrative rights for department managers.

Clone a virtual domain controller by exporting from Hyper-V and importing as a new VM, provided the PDC emulator role is on a Windows Server 2012 DC.

Cover DcCloneConfig.xml parameters such as WINS server, clone computer name, IP v4 address, DNS resolver, and default gateway; show creating a config file with a 15-character enterprise name via PowerShell.

Safely back up and restore domain controllers with virtual machine snapshots in Windows Server 2012; inbound replication synchronizes AD deltas and full container, preventing replication halts when restoring multiple DCs.

Explore common LDAP attributes in Active Directory for user information, including given name, surname, user principal name, and display name, with precise case sensitivity.

Demonstrates importing accounts via ldif using a text file, with change type modify versus add, validating organizational units, and editing the file to correct domain and attributes.

Create a payroll managers security group in Active Directory using PowerShell, set the global scope and display name, then move it to the accounting OU and explore bulk object operations.

Explore how to create a new fine grained password policy using the password settings container, configure precedence, and apply policies to the help desk group within Windows Server 2012.

Demonstrates restoring a deleted Active Directory object by locating it in the deleted objects container, adjusting the isDeleted attribute, and applying an authoritative restore across domain controllers.

Master Active Directory database maintenance, including offline defragmentation and integrity checks, and manage AD snapshots with PowerShell and the AD DS module, scheduling tasks via Task Scheduler.

Demonstrates installing and configuring a read-only domain controller (RODC) in a Windows Server 2012 domain, including domain prep, pre-staging the RODC account, and managing password replication policies.

Configure rodc caching via the password replication policy and populate domain local groups for allowed and denied caching; admins are denied by default.

Explore group policy usage examples, including rolling out applications with specific settings and Internet Explorer configuration, preventing registry editing, folder redirection, hiding control panel items, and login dialog prompts.

Assign startup, shutdown, logon, and logoff scripts via group policy, with a 10-minute adjustable timeout; scripts run top to bottom and support vbscript, javascript, perl, bat, and command files.

Replicate the group policy container across domain controllers using the KCC topology, and propagate the group policy template via the file replication service, with DFS replication available for newer systems.

Manage security templates with the security configuration and analysis tool, import and apply templates, migrate old Adium files to the new format, and configure administrative template property filters.

Apply group policy in a defined order: local first, then site, domain, and organizational units, processing synchronously by preference. Higher-level OUs apply before child OUs.

Explore configuring local policies with the group policy management console, distinguishing domain-wide vs small-scope policies, and applying auditing, user rights, and interactive logon settings to secure Windows Server 2012.

Master group policy options, including force link, block inheritance, and security filtering, plus WMI filters to target machines by disk space, memory, preexisting applications, and OS versions.

Power group policy to manage Active Directory with granular control, deploying settings across desktops via linked policies, using security filtering, delegation, and WMI filters to tailor scope.