Section 1.1: Windows Server 2008
advertisement
Lesson Plans Windows Server 2008 Server Administrator (Exam 70-646) Table of Contents Course Overview ................................................................................................................ 3 Section 1.1: Windows Server 2008 ..................................................................................... 5 Section 1.2: Deployment ..................................................................................................... 7 Section 1.3: Windows Deployment Services (WDS) ......................................................... 9 Section 2.1: DNS .............................................................................................................. 11 Section 2.2: DHCP ............................................................................................................ 13 Section 2.3: Single-label Name Resolution ...................................................................... 14 Section 2.4: Routing and Remote Access ......................................................................... 16 Section 2.5: RADIUS........................................................................................................ 18 Section 2.6: Network Access Protection ........................................................................... 20 Section 2.7: Windows Firewall ......................................................................................... 22 Section 3.1: File Services .................................................................................................. 23 Section 3.2: Storage .......................................................................................................... 25 Section 3.3: DFS ............................................................................................................... 27 Section 3.4: BranchCache ................................................................................................. 29 Section 3.5: FSRM ............................................................................................................ 30 Section 3.6: Offline Files and Indexing ............................................................................ 32 Section 3.7: Encryption ..................................................................................................... 34 Section 3.8: Print Services ................................................................................................ 36 Section 4.1: Remote Desktop Services ............................................................................. 38 Section 4.2: RemoteApp ................................................................................................... 40 Section 4.3: RD Connection Broker ................................................................................. 42 Section 4.4: RD Gateway.................................................................................................. 43 Section 5.1: Application Server ........................................................................................ 45 Section 5.2: Hyper-V ........................................................................................................ 47 Section 6.1: Active Directory ........................................................................................... 49 Section 6.2: RODC ........................................................................................................... 50 Section 6.3: Certificate Services ....................................................................................... 51 Section 6.4: Group Policy ................................................................................................. 53 Section 6.5: Software Distribution.................................................................................... 55 Section 6.6: Password Policies ......................................................................................... 56 Section 7.1: WSUS ........................................................................................................... 57 Section 7.2: Server Performance....................................................................................... 59 Section 7.3: Event Logs .................................................................................................... 61 Section 7.4: Server Management ...................................................................................... 63 Section 7.5: Auditing ........................................................................................................ 65 Section 7.6: Administrative Delegation ............................................................................ 67 Section 7.7: GPO Troubleshooting ................................................................................... 69 Section 7.8: System Center ............................................................................................... 70 Section 8.1: Backup and Restore ...................................................................................... 71 Section 8.2: Active Directory Recovery ........................................................................... 73 Section 8.3: Network Load Balancing .............................................................................. 75 ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 1 Section 8.4: Failover Clustering ....................................................................................... 77 Practice Exams .................................................................................................................. 79 Appendix A: Changes to the 646 Course for 2008 R2 ..................................................... 80 ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 2 Course Overview This course prepares students for Exam 70-646: Pro: Windows Server 2008, Server Administrator. It focuses on deploying, managing, monitoring, and maintaining servers. Module 1 – Deployment This module discusses the roles, features and editions of Windows Server 2008, server deployment, and managing Windows Deployment Services (WDS) images. Module 2 – Network Infrastructure In this module students will learn about DNS solutions, DHCP servers, strategies to provide single-label name resolution, and remote access servers. Also discussed are RADIUS servers, Network Access Protection (NAP), and using the Windows Firewall to protect against unwanted access. Module 3 – File and Print This module covers management and storage of network files, using DFS to organize shared folders on multiple servers, and using BranchCache to quickly access information from a Branch office. Students will learn about using FSRM to control the quantity and type of data stored on servers, accessing offline files, protecting files with EFS, and managing printing services. Module 4 – Remote Desktop Services In Module 4 students will learn how to run applications remotely using Remote Desktop and RemoteApp. RD Connection Broker can be used to optimize connections and RD Gateway can be used to allow users with the Remote Desktop client to connect to computers on an internal network. Module 5 – Application Server Module 5 teaches the students to use the Application Server role to support server-based applications and Hyper-V to manage virtual networks. Module 6 – Active Directory Module 6 discusses using Active Directory roles; using RODC to access read-only partitions of an Active Directory database, adding Certificate Services role services, managing GPOs, managing software distribution, and configuring password policies Module 7 – Management In Module 7 students will learn how to manage the server by implementing a patch management, optimizing server performance, and configuring event logs. They will also learn about using Server Manager to manage server configurations, enforcing auditing, delegating administrative authority, and troubleshooting GPOs. ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 3 Module 8 – Disaster Recovery and Availability This module discusses how to protect the server from disaster through backup and recovery, Group Policy strategies, network load balancing, and failover clustering. Practice Exams In Practice Exams students will have the opportunity to test themselves and verify that they understand the concepts and are ready to take the certification exam. ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 4 Section 1.1: Windows Server 2008 Summary In this section the students will learn about Windows Server 2008 roles, features, and editions. Details include: Common Windows Server 2008 roles: o Active Directory Domain Services (AD DS) o Active Directory Certificate Services (AD CS) o Domain Name System (DNS) o Dynamic Host Configuration Protocol (DHCP) o File Services o Print and Document Services o Windows Sharepoint Foundation 2010 o Network Access Protection o Remote Desktop Services o Internet Information Services (IIS) o Windows Deployment Services (WDS) Common features: o BitLocker o Remote Assistance o SMTP Server o Telnet o Failover Clustering o Network Load Balancing (NLB) o Windows Server Backup o PowerShell Windows Server 2008 editions: o Standard Edition o Enterprise Edition o Datacenter Edition o Web Server Edition o Itanium Edition Server Core Students will learn how to: View server roles and services on a Server Core installation. Add server roles to a Server Core installation. Manage services on a Server Core installation. ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 5 Windows Server 2008 Server Administrator 101. Plan server installations and upgrades. Lecture Focus Questions: What server roles require the Enterprise or Datacenter editions of Windows Server 2008? What are the main differences between the Enterprise and Datacenter editions? How many virtual instances are allowed on each Windows Server 2008 edition? What server roles can run on a Web server edition of Windows Server 2008? What is the difference between a full installation of Windows Server 2008 and a Server Core installation? When can you upgrade from a Server Core installation? Video/Demo Time 1.1.1 Server Roles 3:45 1.1.3 Server Editions 4:32 1.1.4 Server Core 5:28 1.1.6 Configuring Server Core 6:35 Total 20:20 Number of Exam Questions 9 questions Total Time About 40 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 6 Section 1.2: Deployment Summary This section discusses server deployment. Details include: Volume activation methods: o Multiple Activation Key (MAK) o Key Management Services (KMS) Unattended installation Students will learn how to: Use the Windows System Image Manager (Windows SIM) to create and edit answer files. Windows Server 2008 Server Administrator 101. Plan server installations and upgrades. 102. Plan for automated server deployment. Lecture Focus Questions: What are the differences between Multiple Activation Key (MAK) and Key Management Services (KMS)? What benefits come from using a response file during installation? What is the default file name for the unattended answer file? Which Windows Server 2003 editions can be upgraded to Windows Server 2008 Enterprise edition? Which Windows editions cannot be upgraded? How can you move from a 32-bit installation to a 64-bit installation? What should you do if an upgrade fails without completing? Video/Demo Time 1.2.1 2008 Deployment 7:40 1.2.2 Automated Deployment Overview 4:52 1.2.3 Creating an Answer File 8:57 1.2.4 Server Rollback 4:45 Total 26:14 Number of Exam Questions 2 questions ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 7 Total Time About 30 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 8 Section 1.3: Windows Deployment Services (WDS) Summary This section explores managing WDS images. Details include: Types of WDS images: o Install image o Boot image o Capture boot image o Discover boot image WDS server requirements WDS client requirements Prestaging accounts PXE response settings for the WDS server: o Do not respond o Respond only to known computers o Respond to computers Methods for sending images to clients: o Unicast transmission o Multicast transmission Managing images Students will learn how to: Install the Windows Deployment Services (WDS) role. Configure WDS multicast transmissions. Create install, boot, capture, and discover images. Configure WDS server settings. Windows Server 2008 Server Administrator 102. Plan for automated server deployment. Lecture Focus Questions: Which operating systems can be deployed with Windows Deployment Services (WDS)? When would you use a discover boot image? How many install images do you need to deploy Windows Server 2008 to computers that will install the Standard, Enterprise, and Datacenter editions? How many images would you need if you were deploying both 32-bit and 64-bit operating systems? What type of boot image can you use to deploy a 64-bit install image? What is the difference between static and dynamic discovery with a boot image? ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 9 What are the advantages of prestaging computer accounts when using WDS? How does multicasting differ from unicasting? How does auto-cast differ from scheduled-casting? Video/Demo Time 1.3.1 WDS 11:21 1.3.2 Using WDS 13:34 Total 24:55 Number of Exam Questions 6 questions Total Time About 40 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 10 Section 2.1: DNS Summary This section discusses DNS solutions. Details include: DNS namespace goals Methods for accomplishing DNS namespace goals: o Same internal and external domain name o External domain name with a delegated internal subdomain o Different internal and external domain names DNS solutions: o Primary zone o Secondary zone o Reverse lookup zone o Active Directory-integrated zone o Caching-only server o Zone delegation o Forwarders o Conditional forwarding o Stub zone o Root zone o Root hints o Dynamic DNS o WINS-integrated zone o GlobalNames zone o Link-Local Multicast Name Resolution (LLMNR) o HOSTS file New Features for Windows Server 2008 and 2008 R2 o Background zone loading o IPv6 DNS Support o Read-only Domain Controller (RODC) o GlobalNames Zone o Conditional Forwarding o Global Query Block List o Link-Local Multicast Name Resolution (LLMNR) o Domain controller search o DNSSEC Support o Devolution o Cache locking o Socket pool o Auditing ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 11 Students will learn how to: Delegate DNS domains. Configure forwarding and conditional forwarding. Create stub zones. Windows Server 2008 Server Administrator 103. Plan infrastructure services server roles. Lecture Focus Questions: In which situation should you use different internal and external domain names? Which DNS zone has a read-only copy of the zone database? What are the differences between a forwarder and conditional forwarder? What is the name of a root zone? When should you use the HOSTS file for DNS name resolution? Which file is used before querying a DNS server? Which protocol allows computers to resolve names without the use of a DNS server or broadcasts? Video/Demo Time 2.1.1 DNS Planning 5:53 2.1.2 Viewing Namespace Effects 8:05 2.1.4 Configuring Forwarders 5:53 2.1.9 New DNS Features 4:19 Total 24:10 Lab/Activity Delegate Domains Create a Delegated Zone Configure a Stub Zone Number of Exam Questions 7 questions Total Time About 55 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 12 Section 2.2: DHCP Summary In this section students will learn about DHCP. Concepts covered include: Strategies to provide DHCP for multiple subnets: o DHCP server on each subnet o Multihomed DHCP server o BOOTP forwarding o DHCP relay agent Superscope Split Scope (also called distributed scopes) Students will learn how to: Configure split scopes on multiple DHCP servers. Windows Server 2008 Server Administrator 103. Plan infrastructure services server roles. Lecture Focus Questions: What is the difference between placing a DHCP server on each subnet and using a multihomed server? What is the disadvantage of BOOTP forwarding? How many DHCP relay agents should be placed on a single subnet? When should you use a superscope? How is the preferred DHCP server selected? Lab/Activity Add a DHCP Server for Fault Tolerance Number of Exam Questions 2 questions Total Time About 10 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 13 Section 2.3: Single-label Name Resolution Summary This section examines strategies to provide single-label name resolution in a Windows Server 2008 R2 environments: GlobalNames zone Link-Local Multicast Name Resolution (LLMNR) HOSTS file Students will learn how to: Configure the GlobalNames zone to provide single-label name resolution. Windows Server 2008 Server Administrator 103. Plan infrastructure services server roles. Lecture Focus Questions: When would you use the GlobalNames zone? What type of records do you create in the GlobalNames zone? How can you extend the GlobalNames zone across multiple forests? Which strategies can you use to provide single-label name resolution for IPv6 hosts? What is the disadvantage of using the HOSTS file in large networks? When will a Windows client use LLMNR? What are the limitations of relying on LLMNR? Video/Demo Time 2.3.1 GlobalNames Zone 1:41 2.3.2 Configuring the GlobalNames Zone 4:12 Total 5:53 Lab/Activity Configure a GlobalNames Zone Number of Exam Questions 2 questions ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 14 Total Time About 15 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 15 Section 2.4: Routing and Remote Access Summary This section discusses concepts about routing and remote access. Details include: Configuration tasks that must be performed on the server to allow a remote client to connect to a remote access server: o Enable remote access o Configure ports o Configure addressing o Configure network policies Authentication process when a remote access connection is requested VPN protocols that are supported: o Point-to-Point Tunneling Protocol (PPTP) o Layer Two Tunneling Protocol (L2TP) o Secure Socket Tunneling Protocol (SSTP) Client requirements for using SSTP Server requirements for using SSTP Students will learn how to: Add the Routing and Remote Access role services. Configure a remote access server to allow VPN connections. Customize the ports used by a VPN server. Control remote access by configuring network access policies. Windows Server 2008 Server Administrator 103. Plan infrastructure services server roles. 303. Monitor and maintain security and policies. Lecture Focus Questions: Which role service must you add to allow remote clients to access the private network, not just the resources on the remote access server? What are the ways that you can configure a remote access client to get an address for the remote access connection? Which role service do you add to configure network policies on a server? What role do network policies play when you configure the remote access server? How do network policy constraints differ from conditions? Why does the policy application order affect whether or not clients can connect to a remote access server? What advantages does using SSTP have over using either PPTP or L2TP for a VPN connection? ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 16 What ports must you open in a firewall to allow SSTP? Video/Demo Time 2.4.1 Routing and Remote Access 8:43 2.4.2 Configuring a VPN Server 6:25 Total 15:08 Lab/Activity Add Role Services for Remote Access Configure a VPN Server for SSTP Number of Exam Questions 6 questions Total Time About 35 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 17 Section 2.5: RADIUS Summary This section discusses facts about using a RADIUS server. Concepts include: Components of a RADIUS solution: o Remote access clients o RADIUS client o RADIUS server o RADIUS proxy o Remote RADIUS server group o Network policies o Connection request policies o RADIUS Accounting o NPS templates o User account databases o RADIUS messages Centralized logging (accounting) Types of logging for Windows Server 2008: o Event logging o Local file logging o SQL server logging Students will learn how to: Configure a RADIUS server to authenticate users on remote access servers. Configure a RADIUS client for authentication and accounting. Windows Server 2008 Server Administrator 303. Monitor and maintain security and policies. Lecture Focus Questions: When using a RADIUS solution, where are network access policies configured? What is the difference between a RADIUS client and a remote access client? Why would you implement a RADIUS proxy? What is the difference between a RADIUS client and a RADIUS proxy? What is the difference between a connection request policy and a network access policy? How does the RADIUS proxy use the remote RADIUS server group when processing authentication requests? What are the three types of RADIUS accounting events, and which event records actual logon requests by remote users? ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 18 How many types of logging can be enabled at the same time on a RADIUS server? Video/Demo Time 2.5.1 RADIUS Server 7:53 2.5.2 Configuring a RADIUS Solution 3:05 Total 10:58 Lab/Activity Configure a RADIUS Server Configure a RADIUS Client Number of Exam Questions 4 questions Total Time About 25 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 19 Section 2.6: Network Access Protection Summary This section presents information about using Network Access Protection (NAP) to regulate network access. Details include: Features of NAP o Health state validation o Health policy compliance o Limited access network Components that comprise the NAP system: o NAP Client o NAP Server o Enforcement Server (ES) o Remediation Server Configuring NAP Students will learn how to: Add roles and role services to support NAP. Configure a DHCP server and enforcement point for NAP. Windows Server 2008 Server Administrator 103. Plan infrastructure services server roles. 303. Monitor and maintain security and policies. Lecture Focus Questions: What functions are performed by the System Health Validator (SHV)? What does the enforcement server do with State of Health information? How do remediation servers and auto-remediation help clients become compliant? What server role service do you add to configure a server as an enforcement point for NAP? How do you define the quarantine network when using 802.1x enforcement? Which enforcement method uses a Health Registration Authority (HRA)? What type of communication occurs in the boundary network when using IPsec enforcement? ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 20 Video/Demo Time 2.6.1 Network Access Protection (NAP) 3:54 2.6.2 Configuring NAP with DHCP Enforcement 9:37 Total 13:31 Lab/Activity Add Role Services for NAP Number of Exam Questions 3 questions Total Time About 25 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 21 Section 2.7: Windows Firewall Summary This section examines using Windows Firewall with Advanced Security to protect from unwanted access. The following details about Windows Firewall are presented: Features of Windows Firewall with Advanced Security: o Profiles o Firewall rules o Connection Security rules o Monitoring o Policies Students will learn how to: Create a connection security isolation rule. Windows Server 2008 Server Administrator 303. Monitor and maintain security and policies. Lecture Focus Questions: By default, which type of traffic is allowed through the firewall? How can a policy help you maintain security integrity in your network? What is the benefit of using connection security rules? When would an isolation rule be used? Which profile is applied on a server running Windows Server 2008 R2? Video/Demo Time 2.7.1 Windows Firewall 4:10 2.7.2 Creating an Isolation Rule 2:22 Total 6:32 Number of Exam Questions 3 questions Total Time About 10 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 22 Section 3.1: File Services Summary In this section students will explore information about file services. They will learn the following: Role services available when installing the File Services role: o File server o Distributed File System (DFS) o File Server Resource Manager (FSRM) o Services for network File System (NFS) o Windows Search Service o Windows Server 2003 File Services o BranchCache for network files Share permissions and NTFS permissions Students will learn how to: Install the appropriate File Services role services. Implement combined share and NTFS permission strategies. Windows Server 2008 Server Administrator 105. Plan file and print server roles. 402. Provision data. Lecture Focus Questions: When would you install the Services for Network File System (NFS) role service? When is the NFS protocol used instead of the SMB protocol? What share settings can only be configured through the Share and Storage Management console? How does access-based enumeration work with NTFS permissions to restrict access to files and folders in shared folders? What are the differences and similarities between NTFS permissions and share permissions? What strategy can you use to combine NTFS and share permissions? ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 23 Video/Demo Time 3.1.1 File Services Role 6:22 3.1.4 NTFS and Share Permissions 10:40 Total 17:02 Lab/Activity Add Role Services for File Services Configure NTFS and Share Permissions 1 Configure NTFS and Share Permissions 2 Number of Exam Questions 5 questions Total Time About 50 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 24 Section 3.2: Storage Summary This section discusses the following details about storage: Options for Server and Network storage: o Direct Attached Storage (DAS) o Network Attached Storage (NAS) o Storage Area Network (SAN) Methods used to create the SAN fabric: o Fibre Channel (FC) o iSCSI Disk configurations that can be configured for a storage unit: o Simple o Spanned o Striped (RAID 0) o Mirrored (RAID 1) o Striped with parity (RAID 5) Tools for working with disks and managing SANs: o Virtual Disk Service (VDS) o Share and Storage Management o Storage Explorer o iSCSI Initiator o Internet Storage Name Service (iSNS) o Multipath I/O (MPIO) o Storage Manager for SANs (SMfS) o DiskRAID .exe General actions that can be performed with a VHD file: o Create o Attach o Detach o Compact o Expand Windows Server 2008 Server Administrator 105. Plan file and print server roles. 501. Plan storage. Lecture Focus Questions: What are the differences between Storage Area Network (SAN) and Network Attached Storage (NAS)? What methods are used to create the SAN fabric? ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 25 What are the differences between Storage Area Network (SAN) and Network Attached Storage (NAS)? What methods are used to create the SAN fabric? What advantages does iSCSI have over Fibre Channel? What disadvantages does it have? Which types of disk configurations provide fault tolerance? What is the minimum number of disks required for a RAID-1 (mirrored) configuration? RAID-5? How much overhead is there with a RAID-5 implementation with 4 disks? Which disk configuration methods have no overhead? What is the advantage of using Multipath I/O (MPIO)? What hardware is required for this type of configuration? What is the difference between round robin load balancing and weighted paths load balancing? What is VHD native boot? What advantages does it provide? Video/Demo Time 3.2.1 Storage 9:53 3.2.5 Mounting and Booting a VHD 5:31 Total 15:24 Number of Exam Questions 5 questions Total Time About 35 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 26 Section 3.3: DFS Summary This section examines using the Distributed File System (DSF) to logically organize shared folders on multiple servers into a single logical folder hierarchy. Students will become familiar with the following details: Components of DFS Namespaces: o Namespace o Namespace server o Namespace root o Folder Criteria that the namespace type is based on: o Stand-alone o Domain-based Managing DFS Namespaces Components to control DFS replication: o Replication group o Replicated folder o Connection Configuring DFS Students will learn how to: Create a DFS namespace with folders and targets. Add role services as required to support DFS and the appropriate replication method. Configure DFS replication of folder targets. Windows Server 2008 Server Administrator 105. Plan file and print server roles. Lecture Focus Questions: What is the difference between the namespace root and a folder within DFS? If you have multiple namespace servers, which namespace type should you implement? Which namespace type and mode would you choose to support access-based enumeration? If you have a single namespace server and that server fails, what happens to client access for folders within the DFS structure? Why? Which replication topology requires each server to replicate with each other? ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 27 When can you add a failover cluster to a DFS replication group? How can you prevent users from adding or changing files in a replicated folder? Video/Demo Time 3.3.1 DFS 9:43 3.3.2 Configuring DFS Namespaces 10:17 3.3.5 DFS Replication 10:00 3.3.6 Configuring DFS Replication 4:52 3.3.9 New DFS Features 4:51 3.3.10 Configuring DFS Read-Only Replicated Folders and Access Based Enumeration 3:49 Total 43:32 Lab/Activity Create a DFS Structure Add Role Services for Replication Number of Exam Questions 4 questions Total Time About 65 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 28 Section 3.4: BranchCache Summary In this section students will learn about using BranchCache to store content in remote locations so that users in branch offices can access information more quickly. Details include: The role of Branch Cache BranchCache modes: o Hosted Cache o Distributed Cache Windows Server 2008 Server Administrator 105. Plan file and print server roles. Lecture Focus Questions: Under which circumstances should you enable distributed cache mode rather than hosted cache mode? How does BranchCache treat traffic while in transit? Why does a hosted cache server need an enrolled server certificate from a trusted CA? Video/Demo Time 3.4.1 BranchCache 4:56 3.4.2 Configuring BranchCache 2:25 Total 7:21 Number of Exam Questions 3 questions Total Time About 10 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 29 Section 3.5: FSRM Summary In this section students will learn how to use File Server Resource Manager (FSRM) to manage the quantity and type of data stored on their servers. Details include: FSRM features: o Quotas o Notifications o File Screening o Storage Reports o File Classification o File Management Methods for configuring quotas for Windows Server 2008 and Windows Server 2008 R2: o NTFS Disk Quotas o Folder and Volume Quotas Students will learn how to: Create quotas and quota templates. Configure file screens with file groups and file screen exceptions. Configure file classification and management tasks. Windows Server 2008 Server Administrator 105. Plan file and print server roles. Lecture Focus Questions: How does a soft quota differ from a hard quota? How do quota templates facilitate quota management? What is the difference between a quota and a file screen? How is an active file screen more restrictive than a passive file screen? What are the primary differences between disk quotas and quotas implemented through FSRM? How can you automatically assign classification information to files? What can you accomplish with the file expiration task? ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 30 Video/Demo Time 3.5.1 FSRM 5:26 3.5.2 Configuring FSRM Quota and File Screening 8:44 3.5.3 FSRM File Classifications and Management 6:06 3.5.4 Configuring FSRM File Classifications and Management 8:40 Total 28:56 Number of Exam Questions 5 questions Total Time About 40 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 31 Section 3.6: Offline Files and Indexing Summary This section discusses using offline files and indexing. Details include: The role of offline files Settings that control how caching works: o Only the files and programs that users specify are available offline o All files and programs that users open from the share are automatically available offline o No files or programs from the share are available offline Configuring, storing, protecting, and encrypting offline files Synchronization settings Sync conflicts Students will learn how to: Configure caching options for offline files, including automatic caching of files and caching of applications. Configure offline availability on the client. Add role services for indexing. Windows Server 2008 Server Administrator 105. Plan file and print server roles. 402. Provision data. Lecture Focus Questions: How does the offline files feature ease file management for mobile users? What happens to NTFS permissions on cached copies of files? How does synchronization affect files? What steps can you take to reconcile synchronization conflicts? Which types of content are indexed by Windows Search Service? On which volumes and folders should Windows Search Service be enabled? What will you need to do if you want to use both the Windows Search Service and the Indexing Service? ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 32 Video/Demo Time 3.6.1 Offline Files and Indexing 6:24 3.6.2 Using Offline Files 6:26 Total 12:50 Number of Exam Questions 2 questions Total Time About 20 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 33 Section 3.7: Encryption Summary This section provides information about using Encrypting Files System (EFS) to encrypt files and folders. Students will become familiar with the following concepts: Working with EFS Copying and moving encrypted files The role of BitLocker Components of BitLocker o Operating system o BitLocker partition o Trusted Platform Module (TPM) o BIOS Support o Group Policy Configuring BitLocker security components: o TPM owner password o Recovery password and recovery key o PIN o Startup key o Data volume key o Data Recovery Agent Methods to startup a system using BitLocker Facts regarding BitLocker Students will learn how to: Encrypt or decrypt a file or folder. Add authorized users to allow encrypted file access. Prepare a computer for BitLocker. Enable BitLocker. Windows Server 2008 Server Administrator 101. Plan server installations and upgrades. 303. Monitor and maintain security and policies. Lecture Focus Questions: Which permissions allow you to encrypt a file or folder? Who can copy or move encrypted files or folders? What is the result of moving an encrypted file to a non-NTFS partition? Which encryption feature will encrypt system files? ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 34 What functions are performed by the Trusted Platform Module (TPM)? What BitLocker features are only available when using a TPM? When should you disable Bitlocker versus decrypt volumes using BitLocker? How do you enter the recovery key if the computer enters recovery mode? Video/Demo Time 3.7.1 EFS 4:41 3.7.2 Using EFS 6:17 3.7.4 BitLocker 5:52 3.7.5 Using BitLocker 6:03 Total 22:53 Number of Exam Questions 9 questions Total Time About 40 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 35 Section 3.8: Print Services Summary In this section students will learn the basics of print services: Print service terms: o Print server o Printer o Print device o Print driver o Print queue o Print spooler o Printer port Manage printing on a Windows Server 2008 o Control Panel o Print Management snap-in Services and features used to provide printing and document services support: o Print server o LPD Service o Internet Printing o Distributed Scan Server o LPR Port Monitor Managing printing: o Printer permissions o Multiple printer objects and priorities o Printer pooling o List in Active Directory o Deploy with Group Policy o Export/import printer o Manage print drivers o Location-aware printing o Print driver isolation o Client-Side Rendering (CSR) Print and Document Services Students will learn how to: Add the Print and Document Services role with required role services. Use Group Policy objects to deploy printers to computer and user accounts. Windows Server 2008 Server Administrator 105. Plan file and print server roles. ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 36 Lecture Focus Questions: When would you add the LPD Service? When would you need the LPR Port Monitor feature? What is the difference between the Manage Documents permission and the Print permission? Under which circumstances would you configure a printer to use multiple print devices? When would you configure multiple printers for a single print device? What is the difference between listing a printer in Active Directory and deploying a printer with Group Policy? How do client computers get printer drivers? When would you choose to isolate a print driver? What is the advantage of location-aware printing? Video/Demo Time 3.8.1 Print Services 13:41 3.8.2 Installing the Print and Document Services Role 1:49 3.8.3 Using the Print Management Console 4:38 3.8.4 Migrating Print Servers and Configuring Print Driver Isolation 3:04 Total 23:12 Lab/Activity Add The Print and Document Services Role Deploy Printers with Group Policy Number of Exam Questions 6 questions Total Time About 45 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 37 Section 4.1: Remote Desktop Services Summary This section covers using Remote Desktop Services (formerly Terminal Services) to allow remote clients to run applications remotely on a session host server or to access the desktop of the server. Details include: The role of Remote Desktop Services Role services for Remote Desktop Services with Windows Server 2008 R2: o Remote Desktop Session Host o Remote Desktop Virtualization Host o Remote Desktop Licensing o Remote Desktop Connection Broker o Remote Desktop Web Access o Remote Desktop Gateway Remote Desktop Client Access License (RD CAL) RD Web Access Recommendations for the session host Students will learn how to: Add the Remote Desktop Services role and role services. Configure the Remote Desktop Session Host role service. Configure Windows System Resource Manager for allocating resources to session host sessions. Windows Server 2008 Server Administrator 401. Provision applications. Lecture Focus Questions: How does the Remote Desktop Protocol (RDP) work to show the contents of a remote desktop? Which role service enables access through the Internet past most firewalls? What is the difference between a per-user license and a per-device license? When would a per-device license be a better choice? What client requirements are required to connect to a session host through a Web browser? What ports are used by RD Web Access? You want to enable RD Web Access on three session hosts. On which servers should you install the RD Web Access role service? ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 38 What is the difference between the equal per user profile and the equal per session profile? How can a user overcome the restrictions enforced by the equal per session profile? Video/Demo Time 4.1.1 Remote Desktop Services 5:04 4.1.2 Installing RD Session Host 5:55 Total 10:59 Lab/Activity Add Remote Desktop Role Services Number of Exam Questions 3 questions Total Time About 20 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 39 Section 4.2: RemoteApp Summary This section discusses using RemoteApp to allow a user to launch a program on a session host and run that program directly within a window on the client desktop. The following concepts are discussed: The benefits of using RemoteApp Methods to make the application available to end users when configuring the application for RemoteApp: o .rdp Shortcut File o .msi Installer Package o RD Web Access application list o RemoteApp and Desktop Connection Using RemoteApp and Desktop Connection to group and personalize RemoteApp programs or virtual desktops and make them available to end users Remote Desktop Virtualization Host (RD Virtualization Host) o Types of user accounts Personal virtual desktop Virtual desktop pool Students will learn how to: Make applications available through RemoteApp and Desktop Connection. Create .rdp and .msi files for RemoteApp applications. Windows Server 2008 Server Administrator 401. Provision applications. Lecture Focus Questions: How does a user access applications through RemoteApp? How does RemoteApp improve security of session host servers? How many sessions are used if a user launches three applications on the same session host using RemoteApp? How do you add RemoteApp support to a session host? What are the four ways you can make applications visible to remote desktop clients? Which method requires no configuration on the client computer? ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 40 Video/Demo Time 4.2.1 RemoteApp and Desktop Connection 2:41 4.2.2 Configuring RemoteApp 6:09 Total 8:50 Lab/Activity Configure RemoteApp Number of Exam Questions 4 questions Total Time About 20 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 41 Section 4.3: RD Connection Broker Summary In this section students will learn about using the RD Connection Broker role service to create a session host server farm, where multiple session hosts are grouped together to provide load balancing and fault tolerance. Details include: The role of RD Connection Broker (formerly Terminal Services Session Broker) Configuring Remote Desktop Services to use a connection broker Windows Server 2008 Server Administrator 401. Provision applications. Lecture Focus Questions: What advantage does using RD Connection Broker have over using network load balancing? Why might you still use network load balancing when implementing the RD Connection Broker? How can you unevenly distribute client sessions in a Remote Desktop server farm? Which version of Remote Desktop Connection is required on the clients? Video/Demo 4.3.1 RD Connection Broker Time 3:23 Number of Exam Questions 2 questions Total Time About 10 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 42 Section 4.4: RD Gateway Summary This section provides the basics of using the Remote Desktop Gateway (RD Gateway) role service to allow users with the Remote Desktop client and an Internet connection to connect to computers on an internal network. Students will also learn about the following: The role of RD Gateway Policies the RD Gateway server uses to control access to resources on the private network: o Connection Authorization Policy (RD CAP) o Remote Authorization Policy (RD RAP) Configuring access using RD Gateway Using RD Gateway Students will learn how to: Add the RD Gateway role service. Create RD connection authorization policies (RD CAPs) and resource authorization policies (RD RAPs) to control session host access. Windows Server 2008 Server Administrator 201. Plan server management strategies. 401. Provision applications. Lecture Focus Questions: Which ports must be opened in the outer firewall to allow connections to the RD Gateway server? Which servers can you allow access to using RD Gateway? What is the difference between a RD CAP and a RD RAP? Which restricts access to specific computers? Why would you use a RADIUS server with RD Gateway? How does RD Gateway integrate with NAP? ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 43 Video/Demo Time 4.4.1 RD Gateway 6:12 4.4.2 Configuring RD Gateway 14:47 Total 20:59 Lab/Activity Configure RD Gateway Policies Number of Exam Questions 4 questions Total Time About 30 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 44 Section 5.1: Application Server Summary This section discusses using the Application Server role to add support for running server-based applications. The following areas are discussed: Role services that can be installed with the Application Server role: o .NET Framework 3.5.1 o Web Server (IIS) Support o COM+ Network Access o TCP Port Sharing o Windows Process Activation Service Support o Distributed Transactions Role services that can be added to provide support for application development and deployment: o ASP.NET o .NET Extensibility o ASP o CGI o ISAPI Extensions o ISAPI Filters o Server Side Includes (SSI) Students will learn how to: Add application server roles and role services. Verify the operation of IIS. Windows Server 2008 Server Administrator 103. Plan infrastructure services server roles. 104. Plan application servers and services. Lecture Focus Questions: Which role service enables remote invocation of applications that are built on and hosted in COM+ and Enterprise Services components? When might you use the TCP port sharing feature? What are the four methods you can use to start and stop applications remotely when you add the Windows Process Activation Service Support role service? Which IIS role services are server-side scripting technologies? Which role services execute applications on the IIS server? What is the difference between ISAPI extensions and ISAPI filters? When would you use each? ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 45 Which file extensions are associated with a server-side include? Video/Demo Time 5.1.1 Application Server 2:44 5.1.2 Configuring Application Server 2:54 Total 5:38 Number of Exam Questions 4 questions Total Time About 20 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 46 Section 5.2: Hyper-V Summary This section explores using Hyper-V as the virtualization for Windows Server 2008 and 2008 R2. The following concepts are covered: Types of Virtualization o Server virtualization o Network virtualization o Storage virtualization Features supported by Hyper-V Additional features supported by Hyper-V on Windows Server 2008 R2 with SP1: o VM Chimney (also known as TCP Chimney offload) o Live migration o Dynamic virtual machine storage o Dynamic memory Components of the Hyper-V architecture: o Hypervisor o Partition o VMBus o Hyper stack Benefits of Hyper-V Installing Hyper-V Using the Hyper-V Manager to create virtual machines Methods to create hard disk that are used by virtual machines: o Virtual hard disk o Physical disk attached to the virtual machine o iSCSI storage Disk types that can be used to create a virtual disk: o Fixed o Dynamically expanding o Differencing Virtual Networking o Options available when configuring virtual networks: External Internal Private No network o Configuring virtual networking with Hyper-V Hyper-V implementation Considerations when implementing virtual machines with Hyper-V: o Licensing o Migration o Snapshots ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 47 Students will learn how to: Add the Hyper-V role. Create and manage virtual networks. Create and manage virtual machines. Windows Server 2008 Server Administrator 104. Plan application servers and services. 401. Provision applications. Lecture Focus Questions: How is server virtualization different than network virtualization? How many parent partitions can you have on a server running Hyper-V? Which operating system versions and architecture types support Hyper-V? What are the hardware requirements for installing Hyper-V? What is disk pass-through? What does this allow you to do when configuring virtual machines? Which virtual disk type offers the best performance? Which type minimizes disk space use? What is the difference between an internal virtual network and a private virtual network? When would you need to use a legacy virtual network adapter? How many virtual machines can you run on each Windows Server 2008 version without additional server licensing? Video/Demo Time 5.2.1 Hyper-V 8:48 5.2.3 Adding the Hyper-V Role 5:25 5.2.4 Managing Virtual Servers 7:10 5.2.8 Virtualization Planning 8:59 Total 30:22 Number of Exam Questions 9 questions Total Time About 50 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 48 Section 6.1: Active Directory Summary This section examines using the following Active Directory roles: Active Directory Domain Services (AD DS) Active Directory Lightweight Directory Service (AD LDS) Active Directory Certificate Services (AD CS) Active Directory Federation Services (AD FS) Active Directory Rights Management Service (AD RMS) Students will learn how to: Add the Active Directory roles and role services. Windows Server 2008 Server Administrator 103. Plan infrastructure services server roles. Lecture Focus Questions: What is the difference between Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS)? How are they similar? Which role would you implement to safeguard digital information from unauthorized use? Which Active Directory role is required when implementing IPsec and EFS in a domain-wide environment? Which server versions support Active Directory Federation Services (AD FS)? Video/Demo 6.1.2 Installing AD DS Time 7:45 Total Time About 10 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 49 Section 6.2: RODC Summary This section provides information about using a read-only domain controller (RODC) on a domain that hosts read-only partitions of the Active Directory database. Concepts covered include: Features of RODCs: o Administrator role separation o Unidirectional replication o Read-only data o Password replication o DNS Server service Implementing RODC Windows Server 2008 Server Administrator 103. Plan infrastructure services server roles. Lecture Focus Questions: What is the purpose of administrator role separation? How does unidirectional replication protect your network? What are the steps within the RODC authentication process? How does BitLocker increase the security of an RODC? Video/Demo 6.2.1 RODC Time 8:57 Total Time About 15 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 50 Section 6.3: Certificate Services Summary This section provides an overview of certificate services. The following elements are discussed: Role services available when installing AD CS on a server: o Certification Authority o Certification Authority Web Enrollment o Online Responder o Network Device Enrollment Service (NDES) o Certificate Enrollment Web Service and Certificate Enrollment Policy Web Service Additional features available through Active Directory Certificate Services: o Certificate templates o Autoenrollment o Web enrollment o Credential roaming o Certificate enrollment across forests o High-volume CA support o Delta CRLs CA Hierarchy role: o Root o Subordinate CA Type o Enterprise o Standalone o Third-party CA Access o Online o Offline PKI infrastructure designs: o Offline standalone root CA with online enterprise subordinate CAs o Internal PKI for internal certificates and a third-party CA for external certificates Certificate templates version numbers: o Version 1 templates o Version 2 templates o Version 3 templates Safeguarding CAs Students will learn how to: Add Certificate Services role services to meet the network requirements. ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 51 Configure a CA to support an online responder. Windows Server 2008 Server Administrator 103. Plan infrastructure services server roles. Lecture Focus Questions: What are the advantages of using an enterprise CA over a standalone CA? How does Web enrollment differ from autoenrollment? Which role service lets you centralize certificate revocation requests? What advantages does this service provide over clients using CRLs? What does the registration authority do when using NDES? What is the advantage of taking the root CA offline? Why shouldn't you take an enterprise CA offline? How can you use an offline root CA but still use enterprise CAs? Video/Demo Time 6.3.1 AD CS 9:05 6.3.3 Installing Certificate Services 3:11 6.3.6 Configuring an Online Responder 3:11 Total 15:27 Lab/Activity Add Role Services for AD CS 1 Add Role Services for AD CS 2 Number of Exam Questions 6 questions Total Time About 40 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 52 Section 6.4: Group Policy Summary In this section students will learn about managing GPOs. Details include: GPO inheritance Methods to customize how GPO settings are applied: o Block Inheritance o Disabling a GPO link o Disabling a part of the GPO o GPO Permissions o WMI Filtering o Loopback Processing Using OUs to deploy GPOs Methods to use templates when creating new GPOs: o Security Templates o Administrative Templates o Starter GPO o GPO copy or import Students will learn how to: Create, link, and edit GPOs. Block GPO inheritance and enforce GPOs. Control GPO application using permissions, WMI filtering, and loopback processing. Enable the Administrative Template central store and create a starter GPO. Windows Server 2008 Server Administrator 203. Plan and implement group policy strategy. Lecture Focus Questions: How does inheritance affect Group Policy settings? How is the Block Inheritance setting affected by the No Override setting? How can you apply Group Policy settings to specific users or groups? How can you apply Group Policy settings to specific computers? How does loopback processing affect computer settings? What is the difference between deleting a GPO and deleting a GPO link? What is the Administrative Template central store? What advantages do you gain by enabling the central store? What is the difference between using a starter GPO and copying an existing GPO? ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 53 How can you copy a GPO from one domain to another? How can you copy starter GPOs? What is the difference between restore and import when working with GPO backups? Video/Demo Time 6.4.1 Group Policy 9:03 6.4.2 Managing GPOs 5:06 6.4.7 Templates 5:44 Total 19:53 Lab/Activity Modify GPO Links Control GPO Inheritance Configure GPO Permissions Create a Starter GPO Number of Exam Questions 13 questions Total Time About 60 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 54 Section 6.5: Software Distribution Summary This section discusses managing software distribution. Concepts covered include: The steps in software deployment lifecycle: o Plan o Deploy o Manage (Upgrade) o Remove Comparison of configuration options for assigning or publishing software for both users and computers: o Install automatically with file extension activation o Install automatically at logon o Install or uninstall through Add/Remove Programs o Uninstall when out of the scope of management o Add/Remove Programs categories o Use for upgrading existing installations Windows Server 2008 Server Administrator 203. Plan and implement group policy strategy. 301. Implement patch management strategy. 401. Provision applications. Lecture Focus Questions: What is the difference between assigned and published software? Why should you use the UNC path to an installer package rather than the local path? Which distribution method supports installing software during logon? Which option prevents software from being uninstalled by the user? Number of Exam Questions 4 questions Total Time About 10 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 55 Section 6.6: Password Policies Summary This section examines password policies. Details include: Methods of setting password policies: o Account policies o Granular password policy Students will learn how to: Configure password policies for groups of users who need policies different from the domain password policies. Windows Server 2008 Server Administrator 303. Monitor and maintain security and policies. Lecture Focus Questions: What happens when you configure Account Policies settings in a GPO linked to an OU? How can you configure different account policy settings for different users? Which tool would you use to do so? Which object types can you associate with a granular password policy? Which object type should you use in most cases? Video/Demo Time 6.6.1 Fine-grained Password Policies 4:52 6.6.2 Configuring Fine-grained Password Policies 10:08 Total 15:00 Number of Exam Questions 2 questions Total Time About 15 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 56 Section 7.1: WSUS Summary In this section students will learn about using Windows Server Update Services (WSUS) to allow a server on the intranet as a centralized point for updating software. Concepts covered include: Advantages of using WSUS Components that WSUS uses: o Microsoft Update o Windows Server Update Services (WSUS) server o Automatic Updates WSUS servers can be deployed as follows: o Single WSUS server o Multiple independent servers o Multiple synchronized servers o Disconnected WSUS server Implementing a WSUS solution Microsoft Update and WSUS support updating many Microsoft products Targeting Students will learn how to: Install the WSUS role and configure a WSUS server to download updates from Microsoft Update. Synchronize and approve updates. Configure a child server as a replica of an upstream server. Create computer groups for targeting, and manually modify group membership. Configure targeting options on the WSUS server. Control client update behavior through Group Policy. Windows Server 2008 Server Administrator 301. Implement patch management strategy. Lecture Focus Questions: How many WSUS servers within a single organization need to contact the Microsoft Update Web site to get a list of available updates? When should you deploy multiple independent WSUS servers? How is this configuration similar to a single WSUS server? How would you deploy WSUS when an Internet connection is not allowed for an isolated network? ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 57 When using client-side targeting, how do you identify the computer group for a specific computer? How does this differ from server-side targeting? By default, where does a client's Automatic Updates feature look for available updates? How would you change this when using WSUS? Video/Demo Time 7.1.1 Patch Management 5:03 7.1.2 WSUS 12:07 7.1.4 Installing WSUS 7:47 7.1.5 WSUS Management 6:11 7.1.6 Configuring the WSUS Server 6:12 7.1.9 Configuring WSUS Clients 8:28 Total 45:48 Lab/Activity Configure Server-side Targeting Configure a Downstream Server Configure Client-side Targeting Number of Exam Questions 6 questions Total Time About 80 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 58 Section 7.2: Server Performance Summary This section discusses server performance. Details include: Windows Reliability and Performance Monitor combines the functionality of the following components: o Resource Monitor o Reliability Monitor o Performance Monitor o Data Collector Sets Baseline. The role of Windows System Resource Manager (WSRM) Features to configure resource allocation: o Process matching criteria o Resource allocation policies o Exclusion list o Scheduling o Conditional policy application WSRM built-in policies: o Equal_Per_Process o Equal_Per_User o Equal_Per_Session o Equal_Per_IISAppPool o Weighted Remote Sessions Facts about using WSRM Students will learn how to: View system real-time statistical displays. Add specific object counters to Performance Monitor for local or remote machines. Use the System Stability Chart to see historical system information. Add the Windows System Resource Manager feature. Configure resource allocation policies in WSRM. Windows Server 2008 Server Administrator 302. Monitor servers for performance evaluation and optimization. Lecture Focus Questions: What is the relationship between a counter and an object? What kind of data collector allows you to capture software process events? ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 59 What action can you take if you want to know when the CPU in a system runs over 80% more than 15% of the time? What is the purpose of a baseline when monitoring system performance? Which WSRM policy allocates resources evenly between Remote Desktop Services sessions? Video/Demo Time 7.2.1 Server Performance 7:41 7.2.2 Using Reliability and Performance Monitor 8:16 7.2.4 Using Windows System Resource Manager 3:24 Total 19:21 Number of Exam Questions 7 questions Total Time About 35 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 60 Section 7.3: Event Logs Summary This section provides details of features available with event logs: Log Size Save Events File Events Custom Views Event Subscriptions Attach a Task Event Log Online Help Students will learn how to: Create a custom view. Configure event log properties. Configure event subscriptions and view forwarded events. Attach a task to an event or log. Windows Server 2008 Server Administrator 302. Monitor servers for performance evaluation and optimization. Lecture Focus Questions: How does a custom view differ from adding a filter to a log? How can you combine events from multiple logs into a single report? How can you combine events from multiple servers onto a single server? Which tasks can you attach to an event or log? What is the default extension for saved event log files? Which operating systems support event subscriptions? Which log do you view to see events generated on other computers using event subscriptions? ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 61 Video/Demo Time 7.3.1 Events 10:17 7.3.2 Using Events Logs and Subscriptions 6:37 Total 16:54 Number of Exam Questions 3 questions Total Time About 25 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 62 Section 7.4: Server Management Summary This section explores server management. Students will become familiar with: Remote management tools o Server Manager o Scripting Tools o Remote Desktop o Remote Desktop Services Gateway (RD Gateway) o Remote Server Administration Tools (RSAT) o MMC snap-ins o Windows Remote Shell Students will learn how to: Use Server Manager to view and manage roles, role services, and features. Use Server Manager to view and manage the server configuration. Use ServermanagerCMD or Ocsetup to add server roles. Windows Server 2008 Server Administrator 201. Plan server management strategies. Lecture Focus Questions: How do firewall ports affect your ability to remotely manage a server? What firewall port must be opened for Remote Desktop connections? What advantage does using RD Gateway have over using Remote Desktop? What is the effect of enabling the Remote Administration exception in the firewall? What are the operating system requirements for RSAT? Which remote administration tools could you use if the firewall had only ports 80 and 443 open? Video/Demo Time 7.4.1 Server Management 9:12 7.4.2 Using Server Manager 5:10 Total 14:22 Number of Exam Questions 8 questions ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 63 Total Time About 25 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 64 Section 7.5: Auditing Summary This section discusses the following details about auditing: Audit policies configurable through Group Policy: o Account logon o Account management o Directory service access o Logon o Object access o Policy change o Privilege use o Process tracking o System Configuring auditing Event IDs recorded when a change is made to an Active Directory object o 5136 - Modify o 5137 - Create o 5138 - Undelete o 5139 – Move Steps to design an audit policy Guidelines for designing auditing Advanced audit policy configuration Categories of the 53 new auditing settings: o Account Logon o Account Management o Detailed Tracking o DS Access o Logon/Logoff o Object Access o Policy Change o Privilege Use o System o Global Object Access Auditing Students will learn how to: Use Group Policy to enforce auditing. Windows Server 2008 Server Administrator 303. Monitor and maintain security and policies. ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 65 Lecture Focus Questions: What is the difference between auditing for success and auditing for failure? What is the difference between Account Logon and Logon auditing? What additional step must you complete in order to audit NTFS file access? How can you configure auditing to track changes to Active Directory objects? What are the results of excessive auditing? Which event IDs are recorded when a change is made to an Active Directory object? Video/Demo Time 7.5.1 Auditing 6:12 7.5.2 Configuring Active Directory Auditing 3:14 Total 9:36 Lab/Activity Configure Auditing Number of Exam Questions 5 questions Total Time About 30 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 66 Section 7.6: Administrative Delegation Summary This section provides the following information about delegating administrative authority: The process of delegating administrative authority Management roles: o Active Directory object or property manager o DNS administrator o DHCP administrator o WSUS administrator o Certificate Services administrator o GPO administrator o DFS administrator o IIS administrator The role of built-in groups Built-in groups: o Account Operators o Administrators o Backup Operators o Event Log Readers o Network Configuration Operators o Performance Log Users o Performance Monitor Users o Print Operators o Server Operators o Users Students will learn how to: Use the Delegation of Control wizard to delegate administrative tasks for Active Directory objects. Edit the ACL of an Active Directory object to modify or remove delegated permissions. Windows Server 2008 Server Administrator 202. Plan for delegated administration. ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 67 Lecture Focus Questions: How can you modify permissions assigned using the Delegation of Control wizard? How do you reset permissions on Active Directory objects to the default settings? What can a user who is a member of the DnsAdmins group do? How can you allow a user to manage only a single server? How do you allow users to modify content in DFS folders and in IIS virtual directories? Which built-in groups let you allow users to view server performance information and events? When would you use the Server Operators built-in group? Video/Demo Time 7.6.1 Administrative Delegation 6:48 7.6.2 Delegating Control 7:50 Total 14:38 Number of Exam Questions 8 questions Total Time About 40 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 68 Section 7.7: GPO Troubleshooting Summary This section explores troubleshooting GPO. Details include: Facts about troubleshooting GPO settings Tools to analyze Group Policy settings: o Group Policy Results o Group Policy Modeling Intervals when Windows refreshes effective Group Policy settings Manually refresh group policy settings using the Gpupdate command Students will learn how to: Use the Group Policy Management Console to view and verify GPO settings. Run Group Policy Modeling and Group Policy Results to analyze GPO application. Windows Server 2008 Server Administrator 203. Plan and implement group policy strategy. Lecture Focus Questions: Which tool would you use to ask "What if?" questions about GPO design and application? When running Group Policy Results, why does the target computer need to be turned on? When are computer and user GPO settings applied? How do you force the reapplication of GPO settings? Video/Demo Time 7.7.1 GPO Troubleshooting 5:31 7.7.2 Troubleshooting GPOs 5:11 Total 10:42 Number of Exam Questions 2 questions Total Time About 15 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 69 Section 7.8: System Center Summary In this section students will learn about using System Center to simplify enterprise management of multiple computers and servers. Concepts covered include: System Center tools: o Configuration Manager o Data Protection Manager o Operations Manager o Virtual Machine Manager Windows Server 2008 Server Administrator 201. Plan server management strategies. Lecture Focus Questions: How is using System Center Configuration Manager similar to using Group Policy for software distribution? What advantage does using System Center Data Protection Manager have over using Windows Server Backup? What advantage does using System Center Operations Manager have over using Performance Monitor? What advantage does using System Center Virtual Machine Manager have over using Hyper-V Manager? Video/Demo 7.8.1 Microsoft System Center Tools Time 2:42 Number of Exam Questions 4 questions Total Time About 10 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 70 Section 8.1: Backup and Restore Summary This section discusses using Windows Server Backup to perform backup and recovery. Details include: Types of backups that can be performed using Windows Server Backup: o Automatic Backup o Manual Backup o System State Backup Methods to perform a recovery using Windows Server Backup: o Files and folders o Volumes o Applications o Backup catalog o Operating system or full server o System state o Backup created with Ntbackup The role of Volume Shadow Copy Service (VSS) Students will learn how to: Install Windows Server Backup. Create a backup schedule. Perform a Backup Once operation. Windows Server 2008 Server Administrator 503. Plan for backup and recovery. Lecture Focus Questions: Which backup storage type(s) would you choose if you wanted to be able to restore individual folders or files? What volumes are always included in scheduled backups? How can you create a backup to exclude these volumes? How can you create automatic backups with a frequency less than once a day? Which backup methods include a backup of the system state information? Video/Demo Time 8.1.1 Windows Server Backup 3:26 8.1.2 Using Windows Server Backup 7:22 8.1.3 Using Volume Shadow Copies 3:38 ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 71 8.1.6 Recovery 5:16 8.1.7 Performing a Bare Metal Restore 5:42 Total 24:24 Lab/Activity Back Up a Server Number of Exam Questions 7 questions Total Time About 50 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 72 Section 8.2: Active Directory Recovery Summary This section provides the following details about recovering Active Directory data: Methods to restore lost Active Directory data: o Nonauthoritative restore o Authoritative restore o Active Directory Recycle Bin o View snapshots o LostAndFound container Performing a system state backup Methods for performing a domain controller restore: o Dcpromo o Restore system state o Critical volume or full server restore Backing up and restoring only Group Policy data using the Group Policy Management console Methods to create another GPO with the same settings as an already created GPO: o Copy o Backup and import o Starter GPO Migrating domain-specific settings Students will learn how to: Back up and restore GPOs and starter GPOs. Windows Server 2008 Server Administrator 203. Plan and implement group policy strategy. 503. Plan for backup and recovery. Lecture Focus Questions: What is the difference between an authoritative and a nonauthoritative restore? How can snapshots help you preserve Active Directory data? Why are they not as useful as a backup when you need to restore large numbers of objects? Which backup type should you perform if you want to back up the Active Directory database? When would you use a full server restore instead of another method to recover a domain controller? What methods would you use to move a GPO to another domain? What methods could you use to move a starter GPO to another domain? ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 73 What is the difference between import and restore when working with GPO backups? Video/Demo Time 8.2.1 Active Directory Recovery 3:51 8.2.2 Active Directory Recycle Bin 4:57 8.2.5 GPO Backup 1:50 8.2.6 Backing Up GPOs 1:55 Total 12:33 Number of Exam Questions 6 questions Total Time About 25 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 74 Section 8.3: Network Load Balancing Summary This section explores using Network Load Balancing to improve performance by distributing the workload between multiple servers. Students will become familiar with: How servers work together using Network Load Balancing Cluster operating modes: o Unicast o Multicast Port rules o Port rule filtering mode o Client affinity setting o Host priority number Managing and configuring NLB Managing port rules Students will learn how to: Create an NLB cluster. Define port rules to customize how cluster hosts respond. Windows Server 2008 Server Administrator 502. Plan high availability. Lecture Focus Questions: What IP address do clients use to connect to computers running NLB? What is the heartbeat, and how is it used in convergence? When will convergence occur? What should you do on a cluster host to use unicast mode if the host needs to perform peer-to-peer communications with other cluster hosts? How can you prevent a cluster host from responding to traffic sent to a specific port? Which client affinity option should you use when clients connect to a NLB cluster using multiple proxy servers? What happens to traffic not identified by a port rule? How can you control which cluster host responds? What happens if a cluster host has a weight value of 0 when multiple host filtering is used? ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 75 Video/Demo Time 8.3.1 Network Load Balancing (NLB) 7:36 8.3.3 Configuring NLB 2:40 Total 10:16 Lab/Activity Configure an NLB Cluster 1 Configure an NLB Cluster 2 Number of Exam Questions 5 questions Total Time About 35 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 76 Section 8.4: Failover Clustering Summary This section discusses the following details about Failover Clustering: The role of Failover Clustering Ways that services and applications running on cluster members are configured: o Single-instance application o Multiple-instance application Quorum modes: o Node Majority o Node and Disk Majority o Node and File Share Majority o No Majority: Disk Only Cluster Shared Volumes Managing Failover Clustering Students will learn how to: Create a failover cluster. Windows Server 2008 Server Administrator 502. Plan high availability. Lecture Focus Questions: How is Failover Clustering different from NLB? Which application types are best used with NLB and not failover clustering? How does a single-instance application differ from a multiple-instance application? Which quorum mode should be used if you have an even number of cluster hosts? Why? Which quorum mode allows the cluster to continue operating even if only one cluster host is still available? Which methods can you use to assign IP addresses to cluster members? ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 77 Video/Demo Time 8.4.1 Failover Clustering 13:19 8.4.2 Configuring Failover Clustering 3:52 Total 17:11 Number of Exam Questions 6 questions Total Time About 20 minutes ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 78 Practice Exams Summary This section provides information to help prepare students to take the exam and to register for the exam. Students will also have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam. For example, all questions that apply to Objective 100. Server Deployment are grouped together and presented in practice exam 100. Server Deployment, All Questions. Students will typically take about 30-90 minutes (there is no time limit) to complete each of the following practice exams. 100. Server Deployment, All Questions (83 questions) 200. Server Management, All Questions (43 questions) 300. Monitoring and Maintaining Servers, All Questions (31 questions) 400. Application and Data Provisioning, All Questions (26 questions) 500. High Availability, All Questions (29 questions) Case Studies: All Questions (36 questions) The Certification Practice Exam consists of 50 questions that are randomly selected from the above practice exams. Each time the Certification Practice Exam is accessed different questions may be presented. The Certification Practice Exam has a Total Time limit of 160 minutes -- just like the real certification exam. A passing score of 95% should verify that the student has mastered the concepts and is ready to take the real certification exam. ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 79 Appendix A: Changes to the 646 Course for 2008 R2 Instructors who have taught the previous LabSim version of this course may find the following information valuable. This report details all the changes that were made from the previous course such as: Section All 1.1 1.2 1.3 2.1 2.3 2.5 2.6 2.7 3.2 3.3 3.4 3.5 3.6 3.8 A new video, demo or text that has been created A video, demo or text that has been updated New questions that have been added to a section A new section that has been added to a module Changes Videos and demos added closed captioning Simulations updated to Windows Server 2008 R2 and Silverlight Questions updated to Windows Server 2008 R2 1.1.1 Updated Video: Server Roles 1.1.3 Updated Video: Server Editions 1.1.5 Updated Text: Server Edition Facts 1.2.6 New Questions 1.3.2 Updated Demo: Using WDS 2.1.10 Updated Text: New DNS Features Facts 2.3.3 New Sim: Configure a GlobalNames Zone 2.5.3 Updated Text: RADIUS Facts 2.6.1 Updated Video: Network Access Protections (NAP) 2.6.3 Updated Text: NAP Facts 2.7.3 Updated Text: Windows Firewall Facts 3.2.5 New Demo: Mounting and Booting a VHD 3.2.6 New Text: VHD Native Boot Facts 3.3.4 Updated Text: DFS Facts 3.3.7 Updated Text: DFS Replication Facts 3.3.10 New Demo: Configuring DFS Read-Only Replicated Folders and Access Based Enumeration 3.4 New Section: BrancheCache 3.4.1 New Video: BrancheCache 3.4.2 New Demo: Configuring BranchCache 3.4.3 New Text: BranchCache Facts 3.4.4 New Questions 3.5.3 New Video: FSRM File Classifications and Management 3.5.4 New Demo: Configuring FSRM File Classifications and Management 3.5.5 New Text: FSRM Features Facts 3.5.6 New Text: Quota Method Comparison 3.6.2 Updated Demo: Using Offline Files 3.8.2 New Demo: Installing the Print and Document Services Role 3.8.4 New Demo: Migrating Print Servers and Configuring Print Driver Isolation 3.8.7 Updated Text: Print Services Facts ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 80 4.1 4.1.1 New Video: Remote Desktop Services 4.1.2 New Demo: Installing RD Session Host 4.1.3 Updated Text: Remote Desktop Services Facts 4.2 4.2.1 New Video: RemoteApp and Desktop Connection 4.2.2 New Demo: Configuring RemoteApp 4.2.4 Update Text: RemoteApp and Desktop Connection Facts 4.2.5 New Text: RD Virtualization Host Facts 4.2.6 New Questions 4.3 4.3.1 New Video: RD Connection Broker 4.3.2 Update Text: RD Connection Broker Facts 4.4 4.4.1 New Video: RD Gateway 4.4.2 New Demo: Configuring RD Gateway 4.4.4 Updated Text: RD Gateway Facts 4.4.5 New Questions 5.1 5.1.1 Updated Video: Application Server 5.1.2 Updated Demo: Configuring Application Server 5.2 5.2.2 Updated Text: Hyper-V Facts 6.3 6.3.2 Updated Text: AD CS Facts 7.1 7.1.4 Updated Demo: Installing WSUS 7.5 7.5.5 New Text: Advanced Audit Policy Facts 7.8 7.8 New Section: System Center 7.8.1 New Video: Microsoft System Center Tools 7.8.2 New Text: System Center Facts 7.8.3 New Questions 8.1 8.1.1 Updated Video: Windows Server Backup 8.1.2 New Demo: Using Windows Server Backup 8.1.3 Updated Demo: Using Volume Shadow Copies 8.1.5 Updated Text: Backup Facts 8.1.7 New Demo: Performing a Bare Metal Restore 8.1.8 Update Text: Restore Facts 8.2 8.2.2 New Video: Active Directory Recycle Bin 8.2.3 Updated Text: Active Directory Restore Facts Practice New Exam: Case Studies, All Questions Exams New Questions: Case Study Questions in Certification Practice Exam ©2011 TestOut Corporation (Rev 12/11) Windows Server 2008 Server Administrator (70-646) 81
