Looking for:
Installing and configuring windows server 2012 r2 pdf free download freeInstalling and configuring windows server 2012 r2 pdf free download free
To browse Academia. Skip to main content. By using our site, you agree to our collection of information through the use of cookies. To learn more, view our Privacy Policy. Log In Sign Up. Download Free PDF. Khaled Ben Hammouda. Download PDF. A short summary of this paper. Like the Mi- crosoft certification exam, this book takes a high-level approach, building on your existing knowledge of lower-level Microsoft Windows system administration and extend- ing it into higher-level server concepts needed for Windows Server R2.
The exam is the first in a series of three exams that validate the skills and knowledge necessary to implement a core Windows Serv- er R2 Infrastructure into an existing en- terprise environment. This book covers the initial implementation and configuration of the Windows Server R2 core services, such as Active Directory and the networking services. This book, along with the Exam Re- ference books covering the and exams, will collectively illustrate the skills and knowledge necessary for implementing, man- aging, maintaining and provisioning services and infrastructure in a Windows Server R2 environment.
This book covers every exam objective, but it does not cover every exam question. You should consider this book a supplement to your relevant real-world experience and other study materials. Microsoft certifications Microsoft certifications distinguish you by proving your command of a broad set of skills and experience with current Microsoft products and technologies.
Certification brings a variety of benefits to the individual and to employers and organizations. If you need additional support, email Mi- crosoft Press Book Support at mspinput mi- crosoft.
Please note that product support for Microsoft software is not offered through the addresses above. We want to hear from you At Microsoft Press, your satisfaction is our top priority, and your feedback our most valuable asset.
Thanks in advance for your input! Preparing for the exam Microsoft certification exams are a great way to build your resume and let the world know about your level of expertise. Certification ex- ams validate your on-the-job experience and product knowledge. While there is no substi- tution for on-the-job experience, preparation through study and hands-on practice can help you prepare for the exam.
We recommend that you round out your exam preparation plan by using a combination of available study materi- als and courses.
Choose the combina- tion that you think works best for you. Chapter 1. Installin and configuring servers Installing new Windows servers on your net- work is not something to be done casu- ally—you must plan the installation well in ad- vance.
Among other things, you must decide what edition of the operating system to install, whether you are installing the full graphical user interface GUI or the Server Core option, what your virtualization strategy will be, if any, and what roles you intend to implement on the server.
It contains valuable information re- garding the skills you need to pass the exam. This chapter discusses the process of installing Windows Server R2 using either a clean install or a server upgrade and the server con- figuration tasks you must perform immedi- ately following the installation.
Finally, it con- siders the configuration of various types of hard disk technologies used for local storage and the deployment of roles to servers all over the network. When exams are authored, the question writer has to provide logical reasons as to why one answer is correct as well as valid reasons as to why the other answers are incorrect. The exam is no different. This ob- jective discusses planning a Windows Server R2 installation. It looks at the preinstall- ation requirements and how you can prepare your installation hardware.
It also considers the server roles you can implement during installation. To review the topics in this objective, this sec- tion takes you through a clean installation of Windows Server R2 using the Server Core option and describes how the Features on Demand function enables you to optimize resources by removing all the files associated with a deleted server role or feature. You had to decide from the outset what edition of the operating system to install, whether to install the bit or bit version, and whether you should per- form a Server Core installation or whether you should use the full GUI.
All of these decisions affected the server hardware requirements and all of these decisions were irrevocable. To change the edition, the platform, or the inter- face, you had to reinstall the server from the beginning.
With Windows Server , you have far few- er options to choose from and far fewer in- stallation decisions to make. There are only four Windows Server R2 editions from which to choose, two fewer than the six editions in Windows Server R2. However, it is now possible to switch between these options without reinstalling the operating system each time. Selecting a Windows Server R2 edition Microsoft releases all of its operating systems in multiple editions, which provides con- sumers with varying price points and feature sets.
All of the bit versions have been eliminated, and there is no build that supports Itanium processors. The Datacenter edition is designed for large and powerful servers with up to 64 processors and include fault-tolerance fea- tures such as hot-add processor support.
The Standard edition includes the full set of Windows Server R2 features and differs from the Datacenter edition only in the number of virtual machine VM instances permitted by the license. The Essentials edition is limited to one physical or virtual server instance and a maximum of 25 users.
The Foundation edition is a scaled- down version of the operating system; it is designed for small businesses that require only basic server features, such as file and print services and application support. The Foundation edition comes pre-installed with server hardware, includes no virtual- ization rights, and is limited to 15 users.
The price of each edition is commensurate with its respective capabilities. Obviously, the goal of administrators planning server deploy- ments is to purchase the most cost-effective edition that meets their needs. The following sections examine the primary differences among the Windows Server R2 editions. Supporting server roles Windows Server R2 includes predefined combinations of services, called roles, which implement common server functions.
After you install the Windows Server R2 operating system, you can use Server Manager or Windows PowerShell to install one or more roles on that computer. Some of the Windows Server R2 editions include all of the available roles, whereas oth- ers include only some of them. Selecting the appropriate edition of Windows Server has al- ways been a matter of anticipating the roles that the computer must perform.
At one time, this was a relatively simple process. You planned your server deployments by deciding which ones would be domain controllers, which ones would be certificate servers, which ones would use failover clustering, and so forth. With the increased focus on virtualization in Windows Server R2, however, more ad- ministrators are forced to consider not only what roles a server must perform at the time of the deployment but what roles a server might perform in the future. Therefore, the process of anticip- ating the roles a server will perform must ac- count for the potential expansion of your busi- ness and possible emergency needs.
The number of VOSE installations permitted by your license depends on the edition you purchased, as shown in Table You can, for example, create more than two VMs on a copy of Win- dows Server R2 Standard, but you must purchase additional licenses to do so. Server licensing Microsoft provides several different sales channels for Windows Server R2 li- censes, and not all of the editions are available through all of the channels.
Licensing Win- dows Server R2 includes purchasing li- censes for both servers and clients, and there are many options for each one. If you are not aware, however, you should investigate the licensing options available to you before you select a server edition. Table lists the sales channels through which you can purchase each of the Windows Server R2 editions. The system partition will need extra space if you install the system over a network or if your computer has more than 16 GB of RAM installed.
The addi- tional disk space is required for paging, hi- bernation, and dump files. If you do, free more disk space or invest in addi- tional storage hardware. These maximums are listed in Table Table When a server is performing a single role, it does not make sense to have so many other processes running on the server that contribute little or nothing to that role.
Windows Server R2 provides installation options that enable ad- ministrators to keep the unnecessary re- sources installed on a server to a minimum. Using Server Core Windows Server R2 includes an installa- tion option that minimizes the user interface on a server. When you select the Windows Server Core installation option, you will install a stripped-down version of the operating sys- tem. Server Core is not a separate product or edition.
Server Core eliminates some of the most memory-intensive and processor-in- tensive elements of the Windows Server R2 operating system, thus devoting more of the system hardware to running essential services. The graph- ical elements of Windows Server R2 are among the most frequently updated, so running Server Core reduces the number of updates that administrators must apply. The less soft- ware there is running on the computer, the fewer entrance points for attackers to ex- ploit.
Server Core reduces the potential openings presented by the operating sys- tem, increasing its overall security. When Microsoft first introduced the Server Core installation option in Windows Server , it was an intriguing idea, but few ad- ministrators took advantage of it. The main reason for this was that most server adminis- trators were not sufficiently conversant with the command-line interface that is used to manage a Windows server without a GUI.
In Windows Server and Windows Server R2, the decision to install the operating system using the Server Core option was irre- vocable. Server Core Defaults In Windows Server R2, Server Core is the default installation option for reasons oth- er than simply providing administrators with the ability to switch options after installing. In Windows Server R2, Microsoft is at- tempting to fundamentally modify the way that administrators work with their servers.
Server Core is now the default installation op- tion because in the new way of managing serv- ers, administrators should rarely, if ever, have to work at the server console, either physically or remotely. Windows Server has long been capable of re- mote administration, but this capability has been piecemeal.
The new Server Manager application in Win- dows Server R2 enables administrators to add servers from all over the enterprise and create server groups to facilitate the simultan- eous configuration of multiple systems. The new Windows PowerShell 4. With tools like these, you can install your serv- ers using the Server Core option, execute a few commands to join each server to an Active Directory Domain Services domain, and then never touch the server console again.
Server Core Capabilities In addition to omitting most of the graphical interface, a Server Core installation omits some of the server roles found in a Server with a GUI installation.
Table lists the roles and features that are available and not available in a Windows Serv- er R2 Server Core installation. The Minimal Server Interface is a setting that removes some of the most hardware-intensive elements from the graphical interface.
These elements include Internet Explorer and the components of the Windows shell, including the desktop, File Explorer, and the Windows 8 desktop apps. This provides administrators with most of the tools they need to manage local and remote servers. This enables you to activate any of the features included with Windows Server R2 without having to supply an installation medium. The only drawback of this arrangement is that the WinSxS directory permanently occupies approximately 5 GB of disk space, much of which is, in many cases, devoted to data that will never be used after the initial server deployment.
Installing and configuring windows server 2012 r2 pdf free download free
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime. Upcoming SlideShare. Like this presentation? Why not share! Embed Size px. Start on. Show related SlideShares at end. WordPress Shortcode. Like Liked. Type the name of or search for the security principal to which you want to assign share permissions and click OK.
The Permission Entry dialog box displays the security principal you speciied. Select the type of permissions you want to assign Allow or Deny. Select the check boxes for the permissions you want to assign and click OK.
The Advanced Security Settings dialog box displays the new access control entry you just created. When assigning share permissions, you must be aware that they do not combine like NTFS permissions. The Advanced Security Settings dialog box for the share appears, displaying the Permissions tab, as shown in Figure This dialog box is as close as the Windows graphical interface can come to displaying the contents of an ACL.
If the entry is used to assign multiple advanced permissions, the word Special appears in this ield. From the Type drop-down list, select the type of permissions you want to assign Allow or Deny. From the Applies to drop-down list, specify which subfolders and iles should inherit the permissions you are assigning. Select the check boxes for the basic permissions you want to assign and click OK. Click OK to close the Properties sheet. You can implement shadow copies only for an entire volume; you cannot select specific shares, folders, or files.
Click the File Explorer icon on the taskbar to display the File Explorer window. In the Folders list, expand the Computer container, right-click a volume and, from the context menu, select Conigure Shadow Copies. The Shadow Copies dialog box appears, as shown in Figure In the Select a Volume box, choose the volume for which you want to enable shadow copies.
To modify the default parameters, click Settings. The Settings dialog box appears. In the Storage Area box, specify the volume where you want to store the shadow copies. However, some third-party backup utilities require shadow copies to be stored on the same volume as the data. Specify the Maximum Size for the storage area or choose the No Limit option.
If the storage area ills up, the system begins deleting the oldest shadow copies, so if many large iles are stored on the volume, increasing the size of the storage area can be beneicial. However, no matter how much space you allocate to the storage area, Windows Server R2 supports a maximum of 64 shadow copies for each volume, after which the system begins deleting the oldest copies. Click Schedule. The Schedule dialog box appears. Scheduling shadow copies to occur too frequently can degrade server performance and cause copies to be aged out too quickly, whereas scheduling them to occur too infrequently can cause users to lose work because the most recent copy is too old.
Click OK twice to close the Schedule and Settings dialog boxes. Click Enable. The system enables the Shadow Copies feature for the selected volume and creates the irst copy in the designated storage area. Windows Server R2 supports two types of storage quotas. The more elaborate of the two is implemented as part of File Server Resource Manager.
The second, simpler option is NTFS quotas. NTFS quotas enable you to set a storage limit for users of a particular volume. NTFS quotas are relatively limited in that you can set only a single limit for all users of a volume. The feature is also limited in the actions it can take in response to a user exceeding the limit. The quotas in File Server Resource Manager, by contrast, are much more flexible in the nature of the limits you can set and the responses of the program, which can send e-mail notifications, execute commands, and generate reports, as well as log events.
Click the File Explorer icon in the taskbar. The File Explorer window appears. In the Folders list, expand the Computer container, right-click a volume and, from the context menu, select Properties. The Properties sheet for the volume appears. Click the Quota tab to display the interface shown in Figure Select the Enable quota management check box to activate the rest of the controls.
If you want to prevent users from consuming more than their quota of disk space, select the Deny disk space to users exceeding quota limit check box.
Select the Limit disk space to radio button and specify amounts for the quota limit and the warning level.
Select the Log event check boxes to control whether users exceeding the speciied limits should trigger log entries. Click OK to create the quota and close the Properties sheet. You then create a new type of share called a sync share. The system also creates a system folder called Work Folders, which appears in File Explorer and in file management dialogs.
Users can configure as many Work Folders clients as they need on different computers or other devices. After saving files to their Work Folders on their office workstations, for example, users can go home and find those files already synchronized to their home computers. Arriving home and connecting to the Internet, the device synchronizes the files back to the server , so that the user finds the latest versions on the office computer the next day.
Work Folders is not designed to be a collaborative tool; it is just a means synchronizing folders between multiple devices, while enabling administrators to retain control over them.
It is possible to specify that Work Folders files remain encrypted during synchronization, and administrators can impose secuity policies that force the use of lock screens and mandatory data wipes for lost machines. The Trinity files are stored in a shared folder on a Windows Server R2 workgroup file server, which is locked in a secured underground data storage facility in New Mexico. What is the most likely cause of the problem?
Scenario Accessing Orphaned Files Libby, a new hire in the IT department, approaches you, her supervisor, ashen-faced. A few minutes earlier, the president of the company called the help desk and asked Libby to give his new assistant the permissions needed to access his personal budget spreadsheet.
Now, no one can access the spreadsheet file, not even the president or the Administrator account. Is there any way to gain access to the file, and if so, how? Installing, sharing, monitoring, and managing a single network print device is relatively simple, but when you are responsible for dozens or even hundreds of print devices on a large enterprise network, these tasks can be overwhelming.
Understanding the Windows Print Architecture You need to understand the terms that Microsoft uses when referring to the various components of the network printing architecture. Windows Server R2 supports both local print devices directly attached to computer ports and network interface print devices connected to the network, either directly or through another computer.
Obviously, many sources use printer to refer to the printing hardware. However, in Windows, printer and print device are not equivalents. The computer can then host the printer, print server, and printer driver. These three components enable the computer to process the print jobs and store them in a print queue until the print device is available. Figure The Windows print architecture Before you can print documents in Windows, you must install at least one printer.
When you print a document in an application, you select the destination printer for the print job. PCLs can be standardized, like the PostScript language, or they can be proprietary languages developed by the print device manufacturer. For example, your word-processing application does not know if your print device is color, monochrome, or supports duplex printing; the printer driver provides support for print device features such as these.
After the printer processes a print job, it stores the job in a print queue, known as a spooler. Depending on the arrangement of the printing components, the spooled jobs might be in a PCL format, ready to go to the print device, or in an interim format, in which case the printer driver must process the spooled jobs into the PCL format before sending them to the device.
If other jobs are waiting to be printed, a new job might wait in the spooler for some time. Sharing a Printer Using Windows Server R2 as a print server can be simple or complex, depending on how many clients the server has to support and how much printing they do. Configuring Print and Document Services 65 For a home or small business network, in which a handful of users need occasional access to the printer, no special preparation is necessary. If you plan to run heavy print traffic through a Windows Server R2 server, in addition to other roles or applications, make sure that the computer has sufficient memory to support all its functions.
Depending on the amount of print traffic and the types of print jobs, the print server might require a substantial amount of temporary storage for this purpose. On a server handling heavy print traffic, other roles and applications are likely to experience substantial performance degradation.
If you need a print server to handle heavy traffic, consider dedicating the computer to print server tasks only and deploying other roles and applications elsewhere. On a Windows Server R2 computer, you can share a printer as you are installing it or at any time afterward.
On older printers, initiate the installation process by launching the Add Printer Wizard from the Devices and Printers control panel. However, most of the print devices on the market today use either a USB connection to a computer or an Ethernet or wireless connection to a network. In the case of a USB-connected printer, you plug the print device into a USB port on the computer and turn on the device to initiate the installation process.
Manual intervention is only required when Windows Server R2 does not have a driver for the print device. After you install the printer on the Windows Server R2 computer that functions as your print server, you can share it with your network clients. Managing Printer Drivers Printer driver components enable your computers to manage the capabilities of your print devices.
When you install a printer on a server running Windows Server R2, you install a driver that other Windows computers also can use. As a bit platform, Windows Server R2 uses bit device drivers, which are suitable for other computers running bit versions of Windows. If you have bit Windows systems on your network, however, you must install a bit driver on the server for those systems to use.
However, you must install those drivers from a computer running on the alternative platform. You can do this by accessing the printer directly through the network using Windows Explorer, or by running the Print Management snap-in on the bit system and using it to manage your Windows Server R2 print server. However, if that client wants to print a document from one of those applications, it wants the print job to go to the print device connected to the client computer.
Remote Desktop Easy Print is the component that enables Remote Desktop clients to print to their local print devices. Easy Print takes the form of a printer driver installed on the server, along with the Remote Desktop Session Host role service. Instead, the driver functions as a redirector, enabling the server to access the printers on the connected clients.
However, as soon as it is operational, it provides the server administrator with additional access to the printers on the Remote Desktop clients. When a Remote Desktop client connects to a server via the Remote Desktop Connection program or the RD Web Access site, the printers installed on the client system are redirected to the server and appear in the Print Management snap-in as redirected server printers, as Figure shown in Figure You can also open the Properties sheet for the redirected printer in the usual manner and manipulate its settings.
Configuring Printer Security Like folder shares, clients must have the proper permissions to access a shared printer. Printer permissions are much simpler than NTFS permissions; they dictate whether users are allowed to use the printer, manage documents submitted to the printer, or manage the properties of the printer itself. To assign permissions for a printer, use the following procedure. Log on to Windows Server R2 using a domain account with Administrator privileges.
The Devices and Printers window appears. Right-click one of the printer icons in the window and, from the context menu, select Printer Properties.
Click the Security tab, as shown in Figure The top half of the display lists all the security principals now possessing permissions to the selected printer.
The bottom half lists the permissions held by the selected security principal. This procedure assumes that the Windows Server R2 computer is a member of an Active Directory domain. In the Enter the object names to select text box, type a user or group name, and then click OK.
Select the security principal you added, and then select or clear the check boxes in the bottom half of the properties sheet to Allow or Deny the user any of the basic permissions.
CLOSE the control panel. Like NTFS permissions, printer permissions come in two types: basic and advanced. Each of the three basic permissions consists of a combination of advanced permissions, as listed in Table Day-to-day printer management is more likely to involve physical maintenance, such as clearing print jams, reloading paper, and changing toner or ink cartridges. To do this, you must create multiple printers, associate them with the same print device, and then modify their priorities, as described in the following procedure.
Right-click one of the printer icons and then, from the context menu, select Printer Properties. The Properties sheet for the printer appears. On the Advanced tab set the Priority spin box to a number representing the highest priority you want to set for the printer.
Higher numbers represent higher priorities. The highest possible priority is On the Security tab, add the users or groups that you want to provide with high- priority access to the printer and assign the Allow Print permission to them. Revoke the Allow Print permission from the Everyone special identity. Create an identical printer, using the same printer driver and pointing to the same print device. Leave the Priority setting to its default value of 1 and leave the default permissions in place.
Rename the printers, specifying the priority assigned to each one. Inform the privileged users that they should send their jobs to the high-priority printer. All jobs sent to that printer are processed before those sent to the other, lower-priority printer. To do this, you associate multiple printers with a single print device, much as you did to set different printer priorities.
When the logon process is completed, close the Initial Configuration Tasks window and any other windows that open. On the Advanced tab, select the Available from radio button and then, in the two spin boxes provided, select the range of hours you want the printer to be available. On the Security tab, add the users or groups that you want to provide with access to the printer during the hours you selected and grant them the Allow Print permission. When you create a printer pool, the print server sends each incoming job to the first print device it finds that is not busy.
This effectively distributes the jobs among the available print devices, as shown in Figure , providing users with more rapid service. On the Ports tab, select all ports to which the print devices are connected see Figure Select the Enable printer pooling check box, and then click OK.
To create a printer pool, you must have at least two identical print devices, or at least print devices that use the same printer driver. You must also connect all print devices in the pool to the same print server.
If the print server is a Windows Server R2 computer, you can connect the print devices to any viable ports. However, installing the Print and Document Services role on the computer provides additional tools that are particularly useful to administrators involved with network printing on an enterprise scale. As always, Windows Server R2 adds a new icon to the Server Manager navigation pane when you install a role. With this tool, you can access the print queues and Properties sheets for all network printers in the enterprise, deploy printers to client computers via Group Policy, and create custom views that simplify the process of detecting print devices that need attention due to errors or depleted consumables.
Windows Server installs the Print Management console when you add the Print and Document Services role to the computer. When you launch the Print Management console, the default display includes in the scope left pane the nodes listed in Table Each print server has four nodes beneath it, listing the drivers, forms, ports, and printers associated with that server.
The Print Management console appears. In the Specify Print Server section, click Browse. The Select Print Server dialog box appears. Select the print server you want to add to the console and click Select Server. Click Add to List. The server you selected appears in the Print Servers list.
The server appears under the Print Servers node. You can now manage the printers associated with the server you have added to the console. Whether the maintenance required is a major repair, replenishing ink or toner, or just filling the paper trays, print devices cannot get the attention they need until an administrator is aware of the problem.
You can manipulate the queued jobs just as you would from the print queue window on the print server console. Right-clicking a printer or print server anywhere in the console interface, and selecting Properties from the context menu, displays the same Properties sheet that you would see on the print server computer itself.
However, when you have to configure hundreds or thousands of print clients, the task becomes more complicated. AD DS helps simplify the process of deploying printers to large numbers of clients. To create a printer object in the AD DS database, you can either select the List in the directory check box while sharing the printer, or right-click a printer in the Print Management console and, from the context menu, select List in Directory.
The secretaries use a single, shared, high- speed laser printer connected to a dedicated Windows Server R2 print server. They regularly print multiple copies of large documents, and although the laser printer is fast, it runs constantly. Sometimes, the secretaries have to wait 20 minutes or more after submitting a print job for their documents to reach the top of the queue. The office manager has offered to purchase additional printers for the department. What can you do to provide the department with a printing solution that will enable the secretaries to utilize additional printers most efficiently?
Scenario Troubleshooting Printer Delays One of your small business clients has a print device connected to a server running Windows Server R2. He has shared the printer so that the other network users can access it.
Often, the other users print large documents that take a long time to print, but sometimes your client and other users have important documents that need to be printed before any long documents that are waiting in the printer queue.
What would you suggest to this user? This capability conserves server resources that can be devoted to applications. Selecting an icon displays a homepage in the right pane, which contains tiles with information about the resource. After you add servers to the interface, you can create groups containing collections of servers, such as the servers at a particular location or those performing a particular function. To add servers in Server Manager, use the following procedure. In the navigation pane, click the All Servers icon.
The All Servers homepage appears, as shown in Figure From the Manage menu, select Add Servers. The Add Servers dialog box appears. Initiate a search or upload a text ile to display a list of available servers. Select the servers you want to add and click the right arrow button to add them to the Selected list.
The servers you selected are added to the All Servers homepage. After you add remote servers to the Server Manager interface, they appear on the All Servers homepage.
You can access them in various ways, depending on the Windows version the remote server is running. Configuring Servers for Remote Management 81 Why is that? Essentially, the remote server tries to log on to the workgroup server and fails.
After creating the server entries, you must right-click each one and select Manage As from the context menu. Domain membership automatically establishes a trust relationship among the computers in the domain.
To manage computers that are not in the same domain, you must establish that trust yourself by adding the computers you want to manage to the TrustedHosts list on the computer running Server Manager. WinRM is a Windows feature that enables administrators to execute management commands and scripts on remote computers, using a communications protocol called WS-Management Protocol.
Clearing the Enable remote management of this server from other computers check box disables WinRM, and selecting the check box enables it. For remote management solutions, the Group Policy method provides distinct advantages. Right-click Inbound Rules and, from the context menu, select New Rule. The Predeined Rules page appears. The Action page appears, as shown in Figure Leave the Allow the connection option selected and click Finish.
The rule appears in the Group Policy Management Editor console. Open the New Inbound Rule Wizard again. Leave the three rules selected and click Next. The page appears. The three rules appear in the Group Policy Management Editor console. Close the Group Policy Management Editor. Managing Down-Level Servers he Windows Firewall rules to enable for remote servers running Windows Server R2 are also disabled by default on computers running earlier versions of Windows Server, so you need to enable them there as well.
NET Framework 4. After installing the previous updates, you still have limitations to the management tasks you can perform on down-level servers from a remote location. For example, you cannot use the Add Roles and Features Wizard in Server Manager to install roles and features on down-level servers.
However, you can use Windows PowerShell to install roles and features on servers running Windows Server and Windows Server R2 remotely, as in the following procedure. Open a Windows PowerShell session with administrative privileges. Type the password associated with the user name you speciied and press Enter.
Display a list of the roles and features on the remote server by using the following command: Get-WindowsFeature 5. Others launch tools on the local system and direct them at the remote server, such as Microsoft Management Console snap-ins and the Install Roles and Features Wizard. Still others modify Server Manager itself, by removing servers from the interface.
Other contextual tasks sometimes appear in the Tasks menus for specific panes. Ralph wants to use Server Manager on his Windows 8 workstation to manage those servers and monitor the events that occur on them. How can Ralph use Group Policy to deploy the required Windows Firewall rule settings to his 24 servers, and only those servers?
Scenario Installing Windows PowerShell Web Access You need a method to remotely manage a few servers from any client within the enterprise. You want to avoid any method that requires additional client software except a web browser. What will you use? Give an outline of tasks. Windows Server R2 includes the Hyper-V role, which enables you to create virtual machines, each of which runs in its own isolated environment.
Virtual machine VMs are self-contained units that you can easily move from one physical computer to another, greatly simplifying the process of deploying network applications and services.
Server virtualization in Windows Server R2 is based on a module called a hypervisor. By using the Type II hypervisor, you create a virtual hardware environment for each virtual machine.
Type II virtualization can provide adequate virtual machine performance, particularly in classroom and laboratory environments, but it does not provide performance equivalent to separate physical computers. Unlike Type II virtualization, no host operating system shares processor time with the hypervisor.
Figure A Type 1 VMM, with the hypervisor providing all hardware access he parent partition accesses the system hardware through the hypervisor, just as the child partitions do.
Adding the Hyper-V role installs the hypervisor software, and, in the case of a full GUI installation, the management tools.
Windows PowerShell also includes a set of Hyper-V cmdlets that enable you to exercise complete control over VMs using that interface. Microsoft recommends that you do not install other roles with Hyper-V. You also might want to consider installing Hyper-V on a computer using the Server Core installation option to minimize the overhead expended on the partition. As with other roles, installing Hyper-V on Server Core excludes the management tools, which you must install separately as a feature.
CPUs use this technology to segregate areas of memory for either storage of processor instructions or for storage of data.
As with most of the Windows Server R2 management tools, including Server Manager itself, you can use the Hyper-V Manager console to create and manage virtual machines on multiple servers, enabling administrators to exercise full control over their servers from a central location.
After you install and launch the Hyper-V Manager console, you can add servers to the display by right-clicking the Hyper-V Manager node in the left pane and selecting Connect to Server from the shortcut menu. In the Select Computer dialog box that appears, you can type or browse to the name of a Hyper-V server. By using Hyper-V Manager, you can create new virtual machines and define the hardware resources that the system should allocate to them.
In the settings for a particular virtual machine, depending on the physical hardware available in the computer and the limitations of the guest operating system, you can specify the number of processors and the amount of memory a virtual machine should use, install virtual network adapters, and create virtual disks using various technologies, including storage area networks SANs.
When you create a new virtual machine in the Hyper-V manager, the New Virtual Machine Wizard includes a new page on which you specify whether you want to create a Generation 1 or Generation 2 VM. Hyper-V, therefore, includes a software package called guest integration services, which you can install on your virtual machines for compatibility purposes. A failure of a child partition to respond indicates that the guest OS has frozen or malfunctioned.
Earlier versions of Windows, however, have previous versions of the guest integration services package that need to be upgraded, and some Windows versions do not include the package at all.
To upgrade the guest integration services on a Windows guest OS, use the following procedure. The Hyper-V Manager console appears.
In the left pane, select a Hyper-V server. In the Actions pane, start the virtual machine on which you want to install the guest integration services and click Connect. A Virtual Machine Connection window appears. Hyper-V mounts an image of the guest integration services disk to a virtual disk drive and displays an Autoplay window.
A message box appears, asking you to upgrade the existing installation. The system installs the package and prompts you to restart the computer. Click Yes to restart the computer. After you install or upgrade the guest integration services, you can enable or disable each individual function by opening the Settings dialog box for the virtual machine and selecting the Integration Services page, as shown in Figure To obtain any further access, such as audio or print functionality, you could establish a Remote Desktop Services connection to the VM, but this requires the computers to be connected to the same network, which is not always possible.
VMBus is a high-speed conduit between the various partitions running on a Hyper-V server. Enhanced session mode is enabled by default in Windows 8. Allocating Memory Dynamic memory enables Hyper-V to adjust the amount of RAM allocated to virtual machines, depending on their ongoing requirements.
Some computer components can be virtualized. You can also create virtual network interface adapters and other components, which appear like the real thing in a VM. Obviously, the amount of memory available for use is based on the physical memory installed in the computer.
After you create the virtual machine, you can modify the amount of memory allocated to it by shutting down the VM, opening its Settings dialog box, and changing the Startup RAM setting on the Memory page, as shown in Figure In the Windows Server R2 version, however, you can use a feature called dynamic memory to reallocate memory automatically to the VM from a shared memory pool as its demands change. If a virtualized server starts to experience larger amounts of client traffic, for example, Hyper-V can increase the memory allocated to the system, and then reduce it when the traffic subsides.
When you are using dynamic memory, this value can be the minimum amount of memory needed to boot the system. Operating systems can conceivably require more memory to start up than they do to run, so this value can be smaller than the Startup RAM value. When the physical memory in the computer is insufficient to allocate the full buffered amount specified for each VM, the VMs with the highest memory weight settings receive priority. This enables Hyper-V to reduce the memory used by a virtual machine to a level lower than that needed to start the system, reclaiming that memory for other uses.
If this occurs, a VM that has to restart might be unable to do so because not enough free memory is available to increase its memory allocation from its minimum RAM value to its startup RAM value. To address this possibility, Hyper-V includes a feature called smart paging.
Creating and Configuring Virtual Machine Settings 97 Disk-access rates are far slower than memory-access rates, of course, so smart paging incurs a severe performance penalty, but the paging occurs only for as long as it takes to restart the VM and return it to its minimum RAM allocation. Selecting the fastest possible hard drive is recommended. Organizations might want to track the use of virtual machines for various reasons.
For large corporations, it might be a matter of internal accounting and controlling ongoing expenses, such as wide area network WAN bandwidth. For service providers, it might be necessary to bill customers based on the VM resources they use. By rendering graphics on a high-performance adapter installed on the host server and sending the resulting bitmaps to the client in a highly-compressed format, RemoteFX conserves resources on the client system, as well as network bandwidth.
The systems can select different codecs, depending on the data type. Setting up the host side of RemoteFX consists of the following basic steps. Install the Hyper-V role on the host server. To set up the client side of RemoteFX, complete the following basic steps. Install Windows 8 Enterprise or Windows 8. Enable Remote Desktop on the virtual machine. Install Hyper-V Integration Services on the virtual machine.
Both of these applications must be kept totally isolated from each other and from all other applica- tions. Both applications will access a centralized database server. What server configuration solution do you recommend? What settings can she modify to resolve the problem without changing the startup RAM value? The same is true with hard disk space. Hyper-V uses a specialized virtual hard disk VHD format to package part of the space on a physical disk and make it appear to the virtual machine as though it is physical hard disk drive.
As with their physical equivalents, each IDE controller can host two devices, so you can create two additional virtual drives and add them to the system. By creating multiple drives and controllers, Hyper-V makes it possible to construct virtual storage subsystems that emulate almost any physical storage solution you might devise.
Microsoft later acquired the product and used the VHD format for all its subsequent virtualization products, including Hyper-V. Fixed disk images can be considered wasteful in terms of storage, because they can contain large amounts of empty space, but they are also efficient from a processing standpoint, because there is no overhead due to dynamic expansion. The system writes all changes made to the data on the parent image file to the child image, to facilitate a rollback at a later time.
You can create them as part of a virtual machine, or create them later and add them to a VM. The assumption is that you will manually add a disk later, before you start the virtual machine. To create a new virtual disk, use the following procedure.
The Choose Disk Format page appears. Creating and Configuring Virtual Machine Storage 5. Select one of the following disk format options and click Next. The Choose Disk Type page appears. Select one of the following disk type options and click Next. The Specify Name and Location page appears.
Specify a ilename for the disk image in the Name text box and, if desired, specify a location for the ile other than the server default. The wizard closes and the new disk opens in the Virtual Disks tile, as shown in Figure The new disk is shown in the Virtual Disks tile in Server Manager By default, the New Volume Wizard launches when you create a new virtual disk.
It contains noth- ing but unallocated space, and you must create at least one volume before you can store data on it. Creating a simple volume Technically speaking, you create partitions on basic disks and volumes on dynamic disks. This is not just an arbitrary difference in no- menclature.
Converting a basic disk to a dy- namic disk actually creates one big partition, occupying all the space on the disk. The volumes you create on the dynamic disk are logical divisions within that single partition. Windows versions prior to use the cor- rect terminology in the Disk Management snap-in. The menus enable you to create parti- tions on basic disks and volumes on dynamic disks.
If the volume type you select is not supported on a basic disk, the wizard converts it to a dynamic disk as part of the volume creation process. Despite the menus that refer to basic parti- tions as volumes, the traditional rules for basic disks remain in effect. The New Simple Volume menu option on a basic disk creates up to three primary partitions.
When you cre- ate a fourth volume, the wizard actually cre- ates an extended partition and a logical drive of the size you specify. If there is any remain- ing space on the disk, you can create addition- al logical drives in the extended partition. The DiskPart. In other words, DiskPart can do everything Disk Management can do and more. However, whereas the Disk Management snap-in prevents you from unintentionally performing ac- tions that might result in data loss, DiskPart has no safeties and thus does not prohibit you from performing such actions.
To create a new simple volume on a basic or dynamic disk by using the Disk Management snap-in, use the following procedure.
Click Disk Management to launch the Disk Management snap-in. In the Graphical View, right-click an un- allocated area in the disk on which you want to create a volume and, from the shortcut menu, select New Simple Volume. The New Simple Volume Wiz- ard starts. Click Next to bypass the Welcome page.
The Specify Volume Size page opens, as shown in Figure Configuring the Specify Volume Size page 5. If you select this option, click the associated drop-down list for a list of available drive letters and select the letter you want to as- sign to the drive. If you select this op- tion, either type the path to an exist- ing NTFS folder or click Browse to search for or create a new folder.
The entire contents of the new drive will appear in the folder you specify. Select this option if you want to create the partition but are not yet ready to use it. When you want to mount the drive for use, assign a drive letter or path to it. Click Next to open the Format Partition page, as shown in Figure Configuring the Format Partition page 8. Specify whether the wizard should format the volume and if so, how.
Select the desired file system. The cluster size signifies the basic unit of bytes in which the system allocates disk space.
The system calculates the de- fault allocation unit size based on the size of the volume. You can over- ride this value by clicking the associated drop-down list and then selecting one of the values. Specify a name for the partition or volume. The default name is New Volume, but you can change the name to anything you want. When this check box is selected, Windows formats the disk without checking for errors.
This is a faster method to format the drive, but Microsoft does not recommend it. When you check for errors, the system looks for and marks bad sectors on the disk so that your clients will not use those portions of the disk.
This option is available only for volumes being formatted with the NTFS file system. Review the settings to confirm your op- tions and then click Finish. The wizard creates the volume according to your specifications.
Close the console containing the Disk Management snap-in. This procedure can create volumes on physical or virtual disks. You can also create simple volumes by using a similar wizard in Server Manager. The primary difference is that, like all Server Manager wizards, the New Volume Wizard in- cludes a page that enables you to select the server and the disk on which you want to cre- ate the volume, as shown in Figure You can therefore use this wizard to create volumes on any disk on any of your servers.
To create a striped, spanned, mirrored, or RAID-5 volume, use the following procedure. Right-click an unallocated area on a disk and then, from the shortcut menu, select the command for the type of volume you want to create. A New Volume Wizard starts, named for your selected volume type.
The Select Disks page opens, as shown in Figure On the Select Disks page, select the disks you want to use for the new volume from the Available list box and then click Add. The disks you chose are moved to the Selected list box, joining the original disk you selected when launching the wizard.
For a striped, spanned, or mirrored volume, you must have at least two disks in the Selected list; for a RAID-5 volume, you must have at least three. Specify the amount of space you want to use on each disk by using the Select the Amount of Space in MB spin box. Then click Next.
The Assign Drive Letter or Path page opens. If you are creating a spanned volume, you must click each disk in the Selected list and specify the amount of space to use on that disk. If you are creating a striped, mirrored, or RAID-5 volume, you specify only one value because these volumes require the same amount of space on each disk. The default value is the size of the unalloc- ated space on the disk with the least free space. Specify whether you want to assign a drive letter or path and then click Next.
The Format Partition page opens. Specify if or how you want to format the volume and then click Next. Click Yes. Close the Disk Management snap-in. For example, at least two disks with unallocated space must be available to create a striped, spanned, or mirrored volume, and at least three disks must be avail- able to create a RAID-5 volume.
On a new server running Windows Server R2, Morris created a storage pool that consists of two physical drives holding 1 TB each.
Then he created three simple virtual disks out of the space in the storage pool. Why will adding a third disk to the stor- age pool fail to improve the fault toler- ance of the storage plan? How can Morris modify the storage plan to make it fault tolerant? Once you have created a storage pool, you can use the space to create as many virtual disks as you need. You can find the answers to these questions and explanations of why each answer choice is correct or incorrect in the Answers section at the end of this chapter.
Which of the following statements are true of striped volumes? Striped volumes provide en- hanced performance over simple volumes. Striped volumes provide greater fault tolerance than simple volumes.
You can extend striped volumes after creation. Which of the following statements best describes the requirements for extend- ing a volume on a dynamic disk?
The volume must have a file sys- tem a raw volume before you can extend a simple or spanned volume. You can extend a simple volume across additional disks if it is not a system volume or a boot volume. Which of the following volume types supported by Windows Server R2 provide fault tolerance? Striped b. Spanned c. Mirrored d.
RAID-5 4. A JBOD drive array is an alternative to which of the following storage technologies? SAN b. SCSI c. RAID d. Correct answer: B a. Incorrect: Windows Server R2 cannot run on a bit processor. Correct: Windows Server R2 can run only on a bit processor. Incorrect: Windows Server R2 cannot run on an Itani- um processor. Correct answer: A a. Incorrect: MMC is one of the graphical applications available in the Minimal Server Installa- tion, but you do not install it individually.
Correct answer: D a. Incorrect: The Windows direct- ory contains live operating sys- tem files, not the installation files.
Incorrect: The System32 direct- ory contains live operating sys- tem files, not the installation files. Incorrect: There is no bin dir- ectory associated with the Win- dows operating system.
Correct: Windows stores all the operating system installation modules in the WinSxS directory. Correct answers: A, C a. Incorrect: The inclusion of ad- ditional cmdlets in Windows PowerShell 3. Correct: Server Manager incor- porates a server selection inter- face into many of its wizards.
Install-WindowsFeature 2. Get-WindowsFeature 3. Correct answers: B, D a. You do not have to remove it to convert to a Server Core installation. Correct: Server Graphical Shell provides support for the Win- dows graphical interface, includ- ing the desktop and File Explorer.
You must remove it to convert to a Server Core installation. Correct: In Switch Independent Mode, the NICs in the team are connected to different switches, providing alternate paths through the network. Incorrect: In Switch Dependent Mode, the NICs in the team are connected to the same switches, providing link aggregation but no fault tolerance.
Correct answer: C a. Incorrect: Net. Incorrect: Netsh. Correct: Netdom. Incorrect: Ipconfig. Correct: Server Manager cannot deploy roles to multiple servers at the same time. Incorrect: Server Manager com- bines the role and feature install- ation processes into a single wizard. Correct answers: C, D a. Incorrect: You can stop a run- ning service by using Server Manager. Incorrect: You can start a stopped service by using Server Manager. Correct: You cannot disable a service by using Server Manager.
Correct: You cannot configure a service to start when the com- puter starts by using Server Manager. Morris has created a RAID-5 volume out of virtual disks created out of a stor- age pool that has only two physical disks in it.
A RAID-5 volume can only provide fault tolerance by storing data on three physical disks. Adding a third disk will not guarantee fault tolerance because there is no as- surance that each of the three virtual disks exists on a separate individual disk. To make the plan fault-tolerant, Morris should delete the three simple virtual disks and create one new virtual disk by using either the mirror or parity layout option.
Correct answers: A, D a. Correct: Striping provides im- proved performance because each disk drive in the array has time to seek the location of its next stripe while the other drives are writing. Incorrect: Striped volumes do not contain redundant data and therefore do not provide fault tolerance. Incorrect: Striped volumes can- not be extended after creation without destroying the data stored on them in the process.
Correct: If a single physical disk in the striped volume fails, all the data in the entire volume is lost. Correct: When extending a simple volume, you can use only the available space on the same disk. If you extend the volume to another disk, it is no longer simple. Incorrect: You can extend a simple or spanned volume, even if it does not have a file system a raw volume. Incorrect: A striped volume spreads data among multiple disks, but it writes the data only once. Therefore, it does not provide fault tolerance.
Incorrect: A spanned volume uses space on multiple drives, but it writes the data only once. Correct: A mirrored volume writes duplicate copies of all data to two disks, thereby providing fault tolerance.
Correct: A RAID-5 volume writes data and parity informa- tion on multiple disks, thereby providing fault tolerance. Incorrect: SCSI is disk inter- face, not a type of drive array. Chapter 2. Configu server roles and features This chapter covers some of the fundamental services that most Windows servers perform.
In the business world, file and printer sharing were the reasons computers were networked in the first place, and with Windows Server R2, remote management has become a critical element of server administration.
After you have configured the disks on a file server, you must create shares to enable network users to access those disks. As noted in the planning discussions in Chapter 1 you should have a sharing strategy in place by the time you are ready to create your shares. The File Sharing dialog box This method of creating shares provides a sim- plified interface that contains only limited control over elements such as share permis- sions.
Clicking the Share button launches the same File Sharing dialog box. Clicking the Advanced Sharing button displays the Ad- vanced Sharing dialog box, shown in Fig- ure , which provides greater control over share permissions.
To take control of the shares on all your disks on all your servers and exercise granular con- trol over their properties, you can use the File and Storage Services home page in Server Manager.
SMB is the standard file sharing protocol used by all versions of Windows. When you install Windows Server R2, the setup program installs the Storage Services role service in the File and Storage Services role by default.
To create a folder share by using Server Man- ager, use the following procedure. The Shares home page appears. From the Tasks menu, select New Share. Select the server on which you want to create the share and either select a volume on the server or specify a path to the folder you want to share. The Specify Share Name page appears. Each page provides access to functions implemented by the Server for NFS role service, as covered in Objective 2.
In the Share Name text box, specify the name you want to assign to the share and click Next. The Configure Share Settings page appears, as shown in Fig- ure Simply put, users who cannot access a par- ticular shared resource are un- able to see that resource on the network.
This feature prevents users from seeing files and folders they cannot access. When a client selects the Always Available Offline option for a server-based file, folder, or share, the client system copies the selected data to the local drive and updates it regularly so the client user can always access it, even if the server is offline.
To enable clients to use the Off- line Files feature, the share must have the Allow Caching Of Share check box selected. Win- dows Server R2 and Win- dows 8. To implement this mode, you must set the Configure slow-link mode Group Policy setting on the cli- ent to a value of 1 millisecond. The Confirm Selections page appears. Each page provides access to functions of the File Server Resource Manager application, as covered in Objective 2.
The View Results page ap- pears as the wizard creates the share. Close the New Share Wizard. After you create a share by using the wizard, the new share appears in the Shares tile on the Shares home page in Server Manager.
You can now use the tile to manage a share by right- clicking it and opening its Properties sheet or by clicking Stop Sharing. Assigning permissions Using Windows Server R2, you can con- trol access to a file server to provide network users the access they need while protecting other files against possible intrusion and dam- age, whether deliberate or not. To implement this access control, Windows Server R2 uses permissions. Permissions are privileges granted to specific system entities, such as users, groups, or com- puters, enabling them to perform a task or ac- cess a resource.
Windows Server R2 has several sets of permissions, which operate independently of each other. Control access to folders over a network. To access a file over a network, a user must have appropriate share permissions and appropriate NTFS permissions if the shared folder is on an NTFS volume.
Control access to the files and folders stored on disk volumes formatted with the NTFS file sys- tem. To access a file, either on the local system or over a network, a user must have the appropriate NTFS permissions. As you saw earlier, you can grant these permissions as part of the share creation process, but you can also modify the permissions at any time afterward.
Understanding the Windows permission architecture To store permissions, Windows elements have an access control list ACL. Each ACE consists of a security principal that is, the name of the user, group, or computer granted the permissions and the specific permissions assigned to that security principal. All the Windows permission systems use the same basic interface, although the per- missions themselves differ.
Server Manager also provides access to NTFS and share per- missions by using a slightly different interface. Permissions are designed to be granular, enabling you to grant specific degrees of ac- cess to security principals.
To provide this granularity, each Windows permission system has an assortment of per- missions you can assign to a security principal in any combination. Depending on the permis- sion system with which you are working, you might have dozens of different permissions available for a single system element. Windows provides preconfigured permission combinations suitable for most common ac- cess control tasks.
When you open the Proper- ties sheet for a system element and look at its Security tab, the NTFS permissions you see are called basic permissions. Candidates for certification exams should be aware of these alternative terms. For example, the NTFS permission system has 14 advanced permissions you can assign to a folder or file.
However, there are also six basic permissions, which are various combinations of the 14 advanced permissions. In most cases, however, administrators work only with basic permissions. Many administrators rarely, if ever, have reason to work directly with ad- vanced permissions. If you find it necessary to work directly with advanced permissions, Windows makes it pos- sible.
When you click the Advanced button on the Security tab of any Properties sheet, an Advanced Security Settings dialog box ap- pears, as shown in Figure , which enables you to access directly the ACEs for the selected system element.
The default settings of the Ad- vanced Security Settings dialog box. Start with no permissions and then grant Allow permissions to individual security principals to give them the access they need. Most administrators prefer the additive ap- proach, because Windows, by default, at- tempts to limit access to important system ele- ments.
In a properly designed permission hierarchy, the use of Deny permissions is often unnecessary. Inheriting permissions The most important principle in permission management is that permissions tend to run downward through a hierarchy. This is called permission inheritance. Permission inherit- ance means that parent elements pass their permissions down to their subordinate ele- ments. For example, when you grant Alice Al- low permissions to access the root of the D drive, all the folders and subfolders on the D drive inherit those permissions, which means Alice can access them.
The principle of inheritance greatly simplifies the permission assignment process. Without it, you would have to grant individual Allow permissions to security principals for every file, folder, share, object, and key they need to access. In most cases, whether consciously or not, sys- tem administrators take inheritance into ac- count when they design their file systems and their Active Directory Domain Services OU structures.
The location of a system element in a hierarchy is often based on how the adminis- trators plan to assign and delegate permissions. In some situations, an administrator might want to prevent subordinate elements from in- heriting permissions from their parents. When you assign advanced permissions, you can configure an ACE not to pass its permissions down to its subordinate elements. This effectively blocks the inheritance process.
When you assign a Deny permission to a system element, it overrides any Allow permissions that the element might have inherited from its par- ent objects. Understanding effective access A security principal can receive permissions in many ways, and it is important for an admin- istrator to understand how these permissions combine. The combination of Allow permis- sions and Deny permissions a security princip- al receives for a given system element—wheth- er explicitly assigned, inherited, or received through a group membership—is called the ef- fective access for that element.
Because a se- curity principal can receive permissions from so many sources, it is not unusual for those permissions to overlap. The following rules define how the permissions combine to form the effective access.
When a security principal receives Al- low permissions from more than one source, the permissions are combined to form the effective access permissions.
When a security principal receives Allow permissions—whether ex- plicitly, by inheritance, or from a group—you can override those permissions by granting the principal Deny permissions of the same type.
When a security principal receives permissions by inheriting them from a par- ent or from group memberships, you can override those permissions by explicitly as- signing contradicting permissions to the security principal itself.
On this tab, you can select a user, group, or device and view its effective access, without accounting for group membership or while ac- counting for group membership. Setting share permissions In Windows Server R2, shared folders have their own permission system, which is in- dependent from the other Windows permis- sion systems.
For network users to access shares on a file server, you must grant them the appropriate share permissions. By default, the Everyone special identity receives the Al- low Read Full Control share permission to any new shares you create using File Explorer. To modify the share permissions for an exist- ing share by using File Explorer, you open the Properties sheet for the shared folder, select the Sharing tab, click Advanced Sharing, and then click Permissions to open the Share Per- missions tab, as shown in Figure The Share Permissions tab for a shared folder By using this interface, you can add security principals and allow or deny them the three share permissions.
In Server Manager, click the File and St- orage Services icon and, in the submenu that appears, click Shares to open the Shares home page. In the Shares tile, right-click a share and, from the shortcut menu, select Properties. The Properties sheet for the share opens. Click Permissions. The Permissions page opens. Click Customize Permissions. The Ad- vanced Security Settings dialog box for the share opens.
Click the Share tab to display the inter- face shown in Figure Click Add to open a Permission Entry dialog box for the share. Type the name of or search for the se- curity principal to whom you want to assign share permissions and click OK. The security principal you specified ap- pears in the Permission Entry dialog box. Select the type of permissions you want to assign Allow or Deny. Select the check boxes for the permis- sions you want to assign and click OK.
NTFS permissions control access by both local and remote users, rendering share permis- sions redundant. As described earlier in this chapter, every file and folder on an NTFS drive has an ACL that consists of ACEs, each of which con- tains a security principal and the permissions assigned to that principal.
This process is called authorization. Assigning basic NTFS permissions Most file server administrators work almost exclusively with basic NTFS permissions be- cause there is no need to work directly with advanced permissions for most common ac- cess control tasks. To assign basic NTFS permissions to a shared folder, the options are essentially the same as with share permissions. In Server Manager, open the Shares home page.
Every file and folder on an NTFS volume has permissions. Although this procedure describes the process of assigning permissions to a shared folder, you can open the Properties sheet for any folder in a File Explorer window, click the Security tab, and work with its NTFS permissions in the same way.
Open the Properties sheet for a share and click Permissions to open the Per- missions page. The rest of this procedure applies equally well to that page and its sub- sequent dialog boxes. Click Customize Permissions to open the Advanced Security Settings dialog box for the share, displaying the Per- missions tab, as shown in Figure This dialog box is as close as the Win- dows graphical interface can come to displaying the contents of an ACL.
Click Add. This opens the Permission Entry dialog box for the share. In the Type drop-down list, select the type of permissions you want to assign Allow or Deny. In the Applies To drop-down list, spe- cify which subfolders and files should inherit the permissions you are assigning.
Select the check boxes for the basic per- missions you want to assign and click OK. Assigning advanced NTFS permissions In Windows Server R2, the ability to manage advanced permissions is integrated into the interface you use to manage basic permissions. In the Permission Entry dialog box, clicking the Show Advanced Permissions link changes the list of basic permissions to a list of ad- vanced permissions. You can then assign ad- vanced permissions in any combination, just as you would basic permissions.
The share and NTFS permissions assigned to a file or folder can conflict. For example, if a user has the NTFS Write and Modify permis- sions for a folder but lacks the Change share permission, that user will not be able to modi- fy a file in that folder. The share permission system is the simplest of the Windows permission systems and it provides only basic protection for shared net- work resources.
Generally, network administrat- ors prefer to use either NTFS or share permis- sions, not both. Share permissions provide limited protection, but this might be sufficient on some small net- works. Share permissions might also be the only option on a computer with FAT32 drives because the FAT file system does not have its own permission system.
On networks already possessing a well- planned system of NTFS permissions, share permissions are not really necessary. Adding share permissions would complicate the ad- ministration process without providing any additional protection. You can implement Volume Shadow Copies only for an entire volume; you cannot select specific shares, folders, or files. Open File Explorer. The File Explorer window appears. In the Folders list, expand the Com- puter container, right-click a volume and, from the shortcut menu, select Configure Shadow Copies.
To modify the default parameters, click Settings to open the Settings dialog box. In the Storage Area box, specify the volume where you want to store the shadow copies. Specify the Maximum Size for the stor- age area or choose the No Limit option.
If the storage area becomes filled, the system begins deleting the oldest shad- ow copies. However, no matter how much space you allocate to the storage area, Windows Server R2 supports a maximum of 64 shadow copies for each volume. Click Schedule to open the Schedule dialog box. By using the controls provided, you can modify the existing Shadow Copies tasks, delete them, or create new ones, based on the needs of your users. Click OK twice to close the Schedule and Settings dialog boxes.
Click Enable. Close File Explorer. Configuring NTFS quotas Managing disk space is a constant concern for server administrators, and one way to prevent users from monopolizing storage is to imple- ment quotas. Windows Server R2 sup- ports two types of storage quotas. The more elaborate of the two is implemented as part of File Server Resource Manager. The second, simpler option is NTFS quotas. Candidates should be careful to distinguish between the two types of quotas. NTFS quotas enable administrators to set a storage limit for users of a particular volume.
Depending on how you configure the quota, users exceeding the limit can either be denied disk space or just receive a warning. The space consumed by individual users is measured by the size of the files they own or create.
NTFS quotas are relatively limited in that you can only set limits at the volume level. The quotas in File Server Resource Manager, by contrast, are much more flexible in the limits you can set and the responses of the program which can send email notifications, execute commands, generate reports, or create log events. To configure NTFS quotas for a volume, use the following procedure. In the Folders list, expand the Com- puter container, right-click a volume and, from the shortcut menu, select Properties.
The Properties sheet for the volume appears. Click the Quota tab to display the inter- face shown in Figure Select the Enable Quota Management check box to activate the rest of the controls. If you want to prevent users from con- suming more than their quota of disk space, select the Deny Disk Space To Users Exceeding Quota Limit check box. Select the Limit Disk Space To option and specify amounts for the quota limit and the warning level. Select the Log Event check boxes to con- trol whether users exceeding the spe- cified limits should trigger log entries.
Click OK to create the quota and close the Properties sheet. Candid- ates for the revised exam should be fa- miliar with the process of creating and configuring Work Folders on a server, though they need not dwell on the Win- dows 8. To set up the Work Folders environment, you install the Work Folders role service in the File and Storage Services role on a server running Windows Server R2 and create a new type of share called a sync share. The sys- tem also creates a system folder called Work Folders, which appears in File Explorer and in file management dialogs.
Users can create as many Work Folders clients as they need on different computers or other devices. After saving files to their Work Folders on their office workstations, for ex- ample, users can go home and find those files already synchronized to their home com- puters.
Exam Installing and Configuring Windows Server - Learn | Microsoft Docs.Installing and configuring windows server 2012 r2 pdf free download free
Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy. See our Privacy Policy and User Agreement for details. SlideShare Explore Search You. Submit Search. Home Explore.
Successfully reported this slideshow. We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare. Like this presentation? Why not share! Embed Size px. Start on. Show related SlideShares at end.
WordPress Shortcode. Like Liked. Full Name Comment goes here. Are you sure you want to Yes No. Be the first to like this. No Downloads. Views Total views. Actions Shares. No notes for slide. The Installing and 3. Configuring Windows Server textbook prepares certification students for the first of a series of three exams which validate the skills and knowledge necessary to implement a core Windows Server Infrastructure into an existing enterprise environment..
You just clipped your first slide! Clipping is a handy way to collect important slides you want to go back to later. Now customize the name of a clipboard to store your clips. Visibility Others can see my Clipboard. Cancel Save.
No comments:
Post a Comment