Course Overview
Windows Server Enterprise Administration teaches the student how to maintain the Windows Server
2008 R2 environment. Students will learn about such topics as planning for active directory, network
infrastructure, active directory issues, active directory administration, deploying windows 2008 to the
small and medium sized offices, using remote desktop services and application setup. Students will then
learn about securing the network, how to support PKI, discuss various virtualization solutions, windows
updates and how to protect the environment by making data secure yet still available to the user.
Course Outline
Course Introduction 7m
Course Introduction
Chapter 01 – Planning for Active Directory 2h 4m
Lesson 1: Logical Design
The Forest
How Will AD DS be Used?
Requirements
How Many Forests are Needed?
Forest Model
Domains
Requirements (Cont.)
The Domain Model
How Many Domains?
Upgrade or Create New Domains
The First Domain
Functional Levels
Domain Functional Level Features
Functional Levels (Cont.)
Forest Functional Level Features
Schema
Working with Trusts
Demo – Creating a New Forest
Demo – Creating a New Tree
Lesson 2: Physical Topology
Physical Networks
Review of Domain Controller Replication
Site Design Options
Site Replication Design
Site Links
Site Link Bridging
Site Replication Example
Domain Controller Placement
Printer Location Policies
Demo – Creating Sites and IP Subnets
Demo – Creating Site Link Bridges
Chapter 01 Review
Chapter 02 – Network Infrastructure 1h 51m
Lesson 1: DNS
DNS Considerations
DNS Record Types
Using DNS with Windows 2008 Server
The Stub Zone
DNS Options
Managing DNS
New DNS Features with Windows 2008 Server
Replacing WINS
IPv6 Support
Background Zone Loading
RODC
Designing the DNS Infrastructure
Choosing a Zone Type
Miscellaneous DNS Options
Demo – Exploring DNS
Demo – Creating GlobalNames Zone
Lesson 2: Planning IP Distribution
Introducing IPv6
Examples of IPv6 Abbreviation
Introducing IPv6 (Cont.)
The IPv6 Multicast
Advantages of IPv6
IPv4 to IPv6 Compatibility
Transitioning to IPv6
IPv6 Tools
Configure IPv6
Verifying IPv6
Troubleshooting
Designing an IPv6 Network
Demo – Configuring IPv6
Demo – Testing IPv6
Chapter 02 Review
Chapter 03 – Advanced Active Directory Issues 32m
Lesson 1: Migration Strategies
Planning and Preparing to Move to Windows 2008 Server
Domain Upgrade
Preparing for the Upgrade
Domain Restructure
Upgrade then Restructure
Cross Forest Trust
Demo – Raising Domain Functional Level
Lesson 2: Working with Other Forests
One Solution: AD FS
What is AD FS?
AD FS Roles
AD FS Example
MS Identity Lifecycle Manager 2007 FP1
Working with UNIX
Imitating UNIX
Migration of UNIX NIS to Windows NIS
Imitating UNIX Continued
Working with NFS
Chapter 03 Review
Chapter 04 – Active Directory Administration 1h 46m
Lesson 1: Active Directory Administration
Delegation of Control
Delegating Active Directory
Data Management
Service Management
Scope of Delegated Administration
Administration Models
Using Groups for Delegation
Management Roles
Service Management (Cont.)
Data Roles
Types of Trusts
Delegation of Data Management
Starter GPOs
Group Policy Modeling
Auditing AD DS
AD Auditing
Looking at the Organizational Structure
Demo – Delegation of Control
Demo – AD Auditing
Lesson 2: Using Group Policies
Understanding the Group Policy Infrastructure
Guidelines for Planning GPOs
GPOs and Active Directory
Understanding Domains
Domain Services Store
Controlling Hardware Installation with GPOs
Which GPO Settings Control Hardware Installation?
AAA
Stronger Authentication
Fine-Grained Password Policies
How to Use PSOs
Demo – Creating PSO
Chapter 04 Review
Chapter 05 – Deploying Windows 2008 to the Small/Medium Office 1h 28m
Lesson 1: Small/Medium Office
Services Needed in the Small/Medium Office
The DSMGMT Service
Components Often Needed in the ROBO
Optional Components Used for the ROBO
More on the Server Core
Should You Install a Domain Controller?
Other DC Options
Services to Consider at the ROBO
Communication Options
WAN Connections
Securing Traffic
Tunnel Diagram Example
Lesson 2: Small/Medium Server Security
Overview of Security
Security Training
Security at the Branch
Server Hardening
Secure Options for the ROBO
RODC
RODC Password Replication Policy
RODC Operation
Securing Data
EFS
BitLocker
NAP
Demo – Creating an RODC
Demo – Using SCW
Chapter 05 Review
Chapter 06 – Using Remote Desktop Services and Application Setup 1h 3m
Lesson 1: Planning for Remote Desktop Services
Planning and Deploying Remote Desktop Services
RDS Components
Demo – Installing Remote Desktop Services
Lesson 2: License Server
Licensing
Types of Licenses
Maintaining the License Server
License Server Deployment
Lesson 3: Deploying Applications
RDS Web Access
RemoteApp
RemoteApp Deployment
RDS Load Balancing
Planning RDS Gateway Servers
RDS Gateway Server Connection
Using GPO to Deploy Applications
Publishing Software
Assigning Software with GPOs
Installing Software by GPO
Deploying Software with SC Essentials
SCCM 2007
SCCM 2007 Architecture
SCCM 2007 Client
SCCM 2007 Application Deployment
Demo – Accessing RDS Web Access
Chapter 06 Review
Chapter 07 – Securing the Network 1h 34m
Lesson 1: Designing a Secure Perimeter
Designing the Perimeter
The Border Network
Perimeter Network
Internal Network
Perimeter Firewall
Firewall Options
ISA Server
ISA Server Deployment
What Else Can Be Found in the Perimeter?
Web Servers in the Perimeter
Setting Up Remote Access
VPN Tunneling Protocols
PPTP
L2TP
SSTP
Authenticating Connections
Securing VPN Servers
Authentication using RADIUS
Microsoft RADIUS
RADIUS Security
RADIUS Proxy Options
Lesson 2: Introducing NAP
Network Access Protection
Where Do You Find NAP?
NAP Considerations
NAP Provides Another Layer of Security With IPSec
Disadvantages of NAP
NAP IPSec Enforcement
More NAP Component Needs
NAP VPN Enforcement
802.1X NAP Enforcement
802.1X Enforcement
NAP and DHCP
DHCP/NAP Considerations
NAP Illustrated
Lesson 3: Domain and Server Isolation
Isolation
Domain Isolation
Comparing Server and Domain Isolation
Chapter 07 Review
Chapter 08 – Supporting PKI 1h 24m
Lesson 1: What is PKI?
Concepts
Applications Use of PKI
Certificate Use Illustration
Who is Issued a Certificate
PKI Security
Security Policies
Business Requirements
External Needs
AD Needs
Lesson 2: The CA Hierarchy
The CA Infrastructure
CA Hierarchy Illustration
When to Use an Internal CA
When to Use an External CA
MS ADCS
Enterprise vs. Standalone
How Many CAs are Needed
Demo – Installing CA
Lesson 3: Managing Certificates
Enrollment Methods
Enrollment Policies
Improving Control over Certificate Issuance
Automatic vs. Manual Certificate Approval
How to Do Enrollment
Certificate Renewal Strategies
Certificate Revocation Policy
Issues with CRLs
Publication Points
Demo – Working with Certificates
Chapter 08 Review
Chapter 09 – Virtualization Solutions 51m
Lesson 1: Using Virtualization
Benefits to Virtualization
Virtualization Solutions
Choosing What to Virtualize
Managing Virtualized Servers
What Can Be Virtualized
Migrating P2V
The Power of SCVMM
SCVMM Components
SCVMM Illustrated
Managing VMs at the Branch Office
Demo – Working With Hyper-V
Demo – Creating a Virtual Windows 2008 Server
Lesson 2: Planning Virtualization for Applications
Microsoft SoftGrid
When Should You Use SoftGrid
Designing Application Virtualization
Branch Office Deployments
Chapter 09 Review
Chapter 10 – Windows Updates 1h 2m
Lesson 1: WSUS
The Windows Server Update Services Infrastructure
Consider WSUS
Managing WSUS
WSUS Design
WSUS Administration
Update Deployment
WSUS Hierarchy Illustrated
Policies for Updates
Planning Automatic Approvals
SC Essentials
SCCM 2007
Demo – Installing WSUS
Demo – Exploring WSUS
Lesson 2: Software Update Compliance
MBSA
WSUS Reports
SCCM 2007 Compliance and Reporting
SCW
SCWCMD
Best Practices of Role Based Security Policies
Demo – Using MBSA
Chapter 10 Review
Chapter 11 – Making Data Secure and Available 1h 38m
Lesson 1: Sharing and Collaborating Your Data
DFS
Advanced DFS
DFS Replication, Settings, and Features
DFS Design Checklist
Collaboration
WSS Feature Set
WSS Deployment
MOSS 2007
Demo – Installing WSS
Demo – Exploring WSS
Lesson 2: Protecting Data at Rest
BitLocker
BitLocker Authentication
BitLocker Design Thoughts
EFS
EFS Best Practices
AD RMS
Using RMS
RMS Policy Elements
RMS Illustrated
Demo – Using EFS
Lesson 3: System Recoverability and Availability
AD DS Backup
AD DS Backup Utilities
AD DS Recovery
Authoritative Restore
Authoritative Restore Illustrated
AD DS Service
Working with FSMOs
Scalability
NLB
NLB Illustrated
Failover Clustering
Cluster Prerequisites
Demo – AD DS Backup
Chapter 11 Review
Course Closure
Total Duration: 15hrs 19m