Exam prep: 70-411 & 70-417 MCSA: Administering Windows Server 2012 (R2) alojukwu@microsoft.com http://thedevicepros.com http://www.facebook.com/thedeviceprofessionals Session Objective(s): Identify areas that may require extra studying Action plan for exam preparation and success Relevance Broader Skill Set Recertification Rigor Certification Requirement s Deeper Skill Set Cannot move between case studies 700 is not 70% All questions have a consistent anatomy Business Problem Goal Statement Questions are not intended to trick you One or Multiple Correct Answers Multiple Distracters Deploy and manage server images Implement patch management Monitor servers Install using Roles and Features Configuration Options Using WDS Install-WindowsFeature –Name WDS -ComputerName Server01 – IncludeManagementTools (Servermanagercmd.exe deprecated) Boot, capture, install, discover images Install WSUS role DISM /Online /Enable-Feature /FeatureName: (dism /online /get-features) Install-WindowsFeature -Name UpdateServices -IncludeManagementTools GPOs, client side targeting Synchronization and WSUS groups Concepts to know… ImageX, Package Manager and OCSetup – Deprecated Automatic Approvals for WSUS Boot, capture, install, discover images Know your WDS Options with DHCP PXE is a driving factor for deployments Deploy & Capture Images Update images - patches/hotfixes/drivers/features Installing Features for Offline Images Deploy, manage, and maintain server Tasks currently measured Task changed\added sinc January 2014 Configure driver groups and packages Deploy and manage server images Install the Windows Deployment Services (WDS) role; configure and manage boot, install, and discover images; update images with patches, hotfixes, and drivers; install features for offline images Manage patch management in mixed environments Implement patch management Install and configure the Windows Server Update Services (WSUS) role; configure group policies for updates; configure client-side targeting; configure WSUS synchronization; configure WSUS groups Monitor servers Schedule performance monitoring Configure Data Collector Sets (DCS); configure alerts; monitor real-time performance; monitor virtual machines (VMs); monitor events; configure event subscriptions; configure network monitoring Your network contains a Microsoft Windows Deployment Services (WDS) server. You have added a custom image named CustomWin8.wim to the server. After creating and adding the custom image to the WDS server, you decide that the image is missing a feature. You mount the image to the c:\mount folder. You need to add the Telnet Client feature the CustomWin8.wim image. What should you do? A. B. C. D. Run the command imagex /apply C:\mount\CustomWin8.wim 1 D:\ Run the command dism /Image:C:\mount /Enable-Feature /FeatureName:TelnetClient Run the command dism /Image:CustomWin8.wim /Enable-Feature /FeatureName:TelnetClient Run the command imagex /image:C:\mount /Enable-Features /FeatureName:TelnetClient Configure Distributed File System (DFS) Configure File Server Resource Manager (FSRM) Configure file and disk encryption Configure advanced audit policies Overview DFS Replication and DFS Namespaces are role services (rolling up to File and Storage Services role) Know what’s new: PowerShell module, WMI mgmt., site awareness for DirectAccess, dedupe Know what’s deprecated: dfscmd, FRS Install and configure DFS Namespaces Domain-based namespace Stand-alone namespace Get familiar with DFSnRoot & DfsnFolder for powershell Requires the management of referrals Configure DFS Replication Targets Configure Replication Scheduling 1. 2. 3. 4. Install FSRM Configure Quotas Configure File Screens Configure Reports New Features Configure BitLocker encryption Configure the Network Unlock feature (new) Configure BitLocker policies (Win8 or Win2012) Configure the EFS recovery agent Manage EFS and BitLocker certificates including backup and restore Implement auditing using Group Policy and AuditPol.exe Create expression-based audit policies Create removable device audit policies Configure File and Print Services Tasks currently measured Task changed\added since January 2014 Configure File Server Resource Manager (FSRM) Install the FSRM role; configure quotas; configure file screens; configure reports Configure file management tasks Configure Distributed File System (DFS) Install and configure DFS namespaces; configure DFS Replication Targets; configure Replication Scheduling; configure Remote Differential Compression settings; configure staging; configure fault tolerance Clone a DFS database; recover DFS databases; optimize DFS replication You are the system administrator for Contoso, Ltd. You manage an Active Directory Domain Services (AD DS) domain. All servers run Windows Server 2008 R2. The forest functional level is set to Windows Server 2003. The domain functional level is set to Windows Server 2008. You are preparing to deploy DFS. The deployment must meet the following requirements. Users must not be able to see folders that they do not have access to Users must be able to create 3,000 total folders Minimize changes to the environment You need to deploy DFS to meet the requirements. What should you do? A. B. C. D. Deploy a domain-based DFS namespace with Windows Server 2008 mode enabled. Configure DNS zones Configure DNS records Configure VPN and routing Configure DirectAccess Configure primary and secondary zones Configure stub zones Configure conditional forwarders Deploy and Configure Network Services IPv4 & IPv6 addressing DHCP – failover, name protection DNS – zones, records, DNSSEC IPAM VPN & routing DirectAccess Install and configure the Remote Access role 1. 2. Implement Network Address Translation (NAT) Configure VPN settings Configure remote dial-in settings for users Configure routing Implement server requirements Implement client configuration Configure DNS for DirectAccess Configure certificates for DirectAccess Configure Network Services and Access Tasks currently measured Task changed\added since January 2014 Configure Web Application proxy in pass-through mode Configure VPN and routing Install and configure the Remote Access role; implement Network Address Translation (NAT); configure VPN settings; configure remote dial-in settings for users; configure routing You are the system administrator for Tailspin Toys. You administer the Active Directory Domain Services (AD DS) environment along with DNS. Recently, another administrator added a new DNS Address (A) record for www2.tailspintoy.com. The record points to 10.10.5.254. Forward name resolution is fully functional. However, the web administrators are reporting that 10.10.5.254 is not resolving to www2.tailspintoys.com. You need to ensure that 10.10.5.254 resolves to www2.tailspintoys.com. What should you do? A. B. Add a PTR record for 10.10.5.254 and point it to www2.tailspintoys.com. C. D. Configure Network Policy Server (NPS) Configure NPS policies Configure Network Access Protection (NAP) Configure multiple RADIUS server infrastructures Configure RADIUS clients Manage RADIUS templates Configure RADIUS accounting Configure certificates Configure connection request policies Configure network policies for VPN clients (multilink and bandwidth allocation, IP filters, encryption, IP addressing) Manage NPS templates Import and export NPS policies Configure System Health Validators (SHVs) Configure health policies Configure NAP enforcement using DHCP and VPN Configure a Network Policy Server Infrastructure Tasks currently measured Configure Network Policy Server (NPS) Configure multiple RADIUS server infrastructures; configure RADIUS clients; manage RADIUS templates; configure RADIUS accounting; configure certificates Task changed\added since January 2014 Configure a RADIUS server, including RADIUS proxy; manage configure RADIUS NPS templates Configure isolation and remediation of non-compliant computers using DHCP and VPN Configure NAP client settings By default, NAP enforcement clients are disabled Configure service authentication Configure Domain Controllers Maintain Active Directory Configure account policies Create and configure Service Accounts Create/configure Group Managed Service Accounts Create and configure Managed Service Accounts Configure Kerberos delegation Manage Service Principal Names (SPNs) Configure Universal Group Membership Caching Transfer and seize operations masters Install and configure an RODC Configure Domain Controller cloning 1. 2. 3. 4. http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/10/new-features-in-activedirectory-domain-services-in-windows-server-2012-part-13-domain-controller-cloning.aspx Back up Active Directory and SYSVOL Manage Active Directory offline Optimize an Active Directory database Clean up metadata Configure Active Directory snapshots Perform object- and container-level recovery Perform Active Directory restore Configure domain user password policy Configure and apply Password Settings Objects Delegate password settings management Configure local user password policy Configure account lockout settings Configure and manage Active Directory Tasks currently measured Task changed\added since January 2014 Maintain Active Directory Active Directory Recycle Bin Configure service authentication Create and configure Service Accounts; create and configure Group Managed Service Accounts; create and configure Managed Service Accounts; configure Kerberos delegation; manage Service Principal Names (SPNs) Configure virtual accounts Back up Active Directory and SYSVOL; manage Active Directory offline; optimize an Active Directory database; clean up metadata; configure Active Directory snapshots; perform object- and container level recovery; perform Active Directory restore Configure account policies Configure Kerberos Policy settings Configure domain user password policy; configure and apply Password Settings Objects (PSOs); delegate password settings management; configure local user password policy; configure account lockout settings Configure Group Policy processing Configure Group Policy settings Manage Group Policy objects (GPOs) Configure Group Policy preferences Create and Manage Group Policy Create and Manage Group Policy Configure processing order and precedence Configure blocking of inheritance Configure enforced policies Configure security filtering and WMI filtering Configure loopback processing Configure and manage slow-link processing Configure client-side extension (CSE) behavior Configure settings including software installation folder redirection, scripts, and administrative template settings Import security templates Import custom administrative template file Convert admin templates using ADMX Migrator Configure property filters for admin templates Backup, import, copy and restore GPOs Create and configure Migration Table Reset default GPOs Delegate Group Policy Management Group Policy Settings Group Policy Preferences Strictly enforce policy settings by writing the settings to areas of the registry that standard users cannot modify Are written to the normal locations in the registry that the application or operating system feature uses to store the setting Typically disable the user interface for settings that Group Policy is managing Do not cause the application or operating system feature to disable the user interface for the settings they configure Refresh policy settings at a regular interval Refresh preferences by using the same interval as Group Policy settings by default Configure and Manage Group Policy Tasks currently measured Task changed\added since January 2014 Configure Group Policy processing Force Group Policy update; configure and manage slow-link Configure processing order and precedence; configure processing and Group Policy caching blocking of inheritance; configure enforced policies; configure security filtering and WMI filtering; configure loopback processing; configure and manage slow-link processing; configure client-side extension (CSE) behavior You are the system administrator for Woodgrove Bank. An existing GPO named GPO1 is linked to an OU named Corp. The Corp OU contains all user objects. You need to ensure that a GPO named GPO2 applies to all users in the Corp OU while also ensuring that settings in GPO2 take precedence over the same settings in GPO1. What should you do? A. B. C. D. Link GPO2 to the domain. Link GPO2 to the site. Migrate GPO2 to a local GPO. Configure GPO2 to be enforced. Session Objective(s): Identify areas that may require extra studying Action plan for exam preparation and success Addition Exam Prep Sessions Tuesday, May 13 5:00 PM - 6:15 PM Room: Hilton L2 Ballrm F (Alfred Ojukwu) Monday, May 12 3:00 PM - 4:15 PM Room: Hilton L2 Ballrm F (Alfred Ojukwu) Monday, May 12 4:45 PM - 6:00 PM Room: Hilton L2 Ballrm F (Peter De Tender) Wednesday, May 14 10:15 AM - 11:30 AM Room: Hilton L2 Ballrm F (Ryan Sokolowski) Hands-on Labs XX http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn