MCITP Windows Server 2008 Server Administrator Study Guide phần 1 ppt

He’s been a Microsoft Certified Trainer MCT since 1999 and holds many other certifications, includ-ing MCSE NT 4.0, 2000, 2003, MCDBA SQL Server 7.0 and 2000, MCTS Vista, Server 2008 Act

Server Administrator

Study Guide

Acquisitions Editor: Jeff Kellum

Development Editor: Candace English

Technical Editor: Stuart Ami

Production Editor: Eric Charbonneau

Copy Editor: Kim Wimpsett

Production Manager: Tim Tate

Vice President and Executive Group Publisher: Richard Swadley

Vice President and Executive Publisher: Joseph B Wikert

Vice President and Publisher: Neil Edde

Media Project Supervisor: Laura Moss

Media Development Specialist: Shawn Patrick

Media Quality Assurance: Josh Frank

Book Designer: Judy Fung

Compositor: Craig Woods, Happenstance Type-O-Rama

Proofreaders: Nancy Bell and Robert Shimonski

Indexer: Nancy Guenther

Cover Designer: Ryan Sneed

Copyright © 2008 by Wiley Publishing, Inc., Indianapolis, Indiana

Published simultaneously in Canada

ISBN: 978-0-470-29315-7

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any

means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections

107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or

authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood

Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600 Requests to the Publisher for permission should be

addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317)

572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with

respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including

without limitation warranties of fitness for a particular purpose No warranty may be created or extended by sales or

promotional materials The advice and strategies contained herein may not be suitable for every situation This work

is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional

services If professional assistance is required, the services of a competent professional person should be sought

Neither the publisher nor the author shall be liable for damages arising herefrom The fact that an organization or

Website is referred to in this work as a citation and/or a potential source of further information does not mean that

the author or the publisher endorses the information the organization or Website may provide or recommendations

it may make Further, readers should be aware that Internet Websites listed in this work may have changed or

disap-peared between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact

our Customer Care Department within the U.S at (800) 762-2974, outside the U.S at (317) 572-3993 or fax

(317) 572-4002.

Wiley also publishes its books in a variety of electronic formats Some content that appears in print may not be

available in electronic books.

Library of Congress Cataloging-in-Publication Data:

Gibson, Darril.

MCITP : Windows server 2008 server administrator study guide (Exam 70-646) / Darril Gibson — 1st ed.

p cm.

ISBN 978-0-470-29315-7 (paper/cd-rom)

1 Electronic data processing personnel—Certification 2 Microsoft software—Examinations—Study guides

3 Microsoft Windows server I Title

QA76.3.G5263 2008

005.4'476—dc22

2008027402

TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley

& Sons, Inc and/or its affiliates, in the United States and other countries, and may not be used without written

per-mission Windows Server is a registered trademark of Microsoft Corporation in the United States and/or other

coun-tries All other trademarks are the property of their respective owners Wiley Publishing, Inc., is not associated with

any product or vendor mentioned in this book.

10 9 8 7 6 5 4 3 2 1

Dear Reader,

Thank you for choosing MCITP: Windows Server 2008 Server Administrator Study

Guide (70-646) This book is part of a family of premium quality Sybex books, all written

by outstanding authors who combine practical experience with a gift for teaching

Sybex was founded in 1976 More than thirty years later, we’re still committed to producing consistently exceptional books With each of our titles we’re working hard to

set a new standard for the industry From the paper we print on, to the authors we work

with, our goal is to bring you the best books available

I hope you see all that reflected in these pages I’d be very interested to hear your ments and get your feedback on how we’re doing Feel free to let me know what you think

com-about this or any other Sybex book by sending me an email at nedde@wiley.com, or if you

think you’ve found a technical error in this book, please visit http://sybex.custhelp.com

Customer feedback is critical to our efforts at Sybex

Best regards,

Neil EddeVice President and PublisherSybex, an Imprint of Wiley

To my loving wife of more than 16 years, who continues to provide me love and encouragement even when I don’t deserve it.

No book is written alone Instead, there is a wealth of people working behind the scenes to help make a book the best possible I’m grateful for the hard work put in behind the scenes

by several people Stuart Ami, the technical editor; Candace English, the development editor;

Eric Charbonneau, the production editor; and Kim Wimpsett, the copy editor, all provided a significant amount of work that helped produce this book I’m grateful to each of them

I’m also grateful to my agent, Carole McClendon, for helping open up so many tunities for me, including this one, and to Jeff Kellum, the acquisitions editor, for having the faith in me to take on this project

oppor-About the Author

Darril Gibson has been teaching Microsoft networking concepts since the NT 4.0 days

and has been teaching a myriad of other topics since many years before then He’s been a

Microsoft Certified Trainer (MCT) since 1999 and holds many other certifications,

includ-ing MCSE (NT 4.0, 2000, 2003), MCDBA (SQL Server 7.0 and 2000), MCTS (Vista,

Server 2008 Active Directory, Server 2008 Applications Infrastructure, Server 2008

Net-work Infrastructure and SQL Server 2005), MCITP (Server 2008 Server Administrator,

Vista Enterprise Support Technician, SQL Server 2005 Database Administrator and SQL

Server 2005 Database Developer), MCAD (.NET), and MCSD (VB 6, NET)

Darril has developed several video training courses for KeyStone Learning Systems and has written and co-authored several other technical books He has a passion for teaching

and enjoys sharing knowledge in the classroom as much as he does through books

He currently works full-time on a government contract providing a wide array of nical training to military and government personnel in support of a network operations

tech-support center (NOSC) The NOSC tech-supports over 100,000 users and provides a great

envi-ronment to see current technologies in action He moonlights as an adjunct professor at a

local college (ECPI College of Technology) teaching system engineer courses

Darril lives with his wife and two dogs in Virginia Beach, Virginia, but on most weekends they can be found playing on about 24 acres of land in Halifax County He’s been learning

the power of water as he’s tried to create a pond on this land He’s found that configuring

networks is a piece of cake compared to building a good pond, but he hasn’t given up yet

Contents at a Glance

Chapter 3 Using Windows Server 2008 Management Tools 95

Chapter 4 Monitoring and Maintaining Network Infrastructure Servers 157

Chapter 5 Monitoring and Maintaining Active Directory 207

Chapter 6 Monitoring and Maintaining Print and File Servers 275

Chapter 9 Planning Business Continuity and High Availability 413

Windows Server 2008 Editions 2Key Benefits of Windows Server 2008 5IIS 7 and the NET Framework 5Virtualization 6

Interaction with Vista 9New Features of Windows Server 2008 10Server Manager 10Server Core 12PowerShell 12Windows Deployment Services 13New Functionality in Terminal Services 14Network Access Protection 15Read-Only Domain Controllers 15Improvements in Failover Clustering 16Installing Windows Server 2008 18Hardware Requirements 18Running Windows Server 2008 on Your System 18Using Virtual PC 2007 19Activating Windows Server 2008 24Review of Active Directory 25Active Directory Elements 26Promoting a Server to a Domain Controller 29Active Directory Domain Services Tools 33

Exam Essentials 35Review Questions 36Answers to Review Questions 40

Introducing Windows Deployment Services 44The Big Picture of WDS 45WDS Requirements 49

Installing Windows Deployment Services 52Creating a Standard Server Image 57Configuring Windows Deployment Services 61

xiv Contents

Deploying a Computer Image 65Multicast Transmissions 68Introducing Server Core 70Managing Server Core Remotely 72Server Core Registry Editor 75Creating a Rollback Plan 78Creating Backups 79Enabling Another Server 80Utilizing Virtualization 80Virtual Server Uses 82Virtual Server Licensing 85

Exam Essentials 86Review Questions 87Answers to Review Questions 92

Chapter 3 Using Windows Server 2008 Management Tools 95

Server-Monitoring Tools 96Reliability and Performance Monitor 97Event Viewer 111Windows System Resource Manager 123Remote Management 125Accessing the Desktop Remotely 125Remote Desktop Connection 128Remote Desktops 130Remote Server Administration Tools 132Server Core 133Using Terminal Services Gateway Servers 133Windows Server Update Services 134WSUS Prerequisites 137Downloading and Deploying Updates 137WSUS in a Distributed Environment 138Configuring Clients 138WSUS 3.0 Remote Management 145System Center Configuration Manager 145

Exam Essentials 148Review Questions 149Answers to Review Questions 154

Chapter 4 Monitoring and Maintaining Network

Dynamic Host Configuration Protocol 159Overview 159

Dynamic Update 187DNS and RODCs 189Windows Internet Naming Service 191WINS Is a Feature 192DNS and WINS 192Network Access Protection 192VPN Enforcement 195IPSec Enforcement 196802.1x Enforcement 196DHCP Enforcement 197Summary 198Exam Essentials 199Review Questions 200Answers to Review Questions 204

Chapter 5 Monitoring and Maintaining Active Directory 207

Active Directory Roles 208Active Directory Domain Services 209Read-Only Domain Controller 213Active Directory Certificate Services 217Types of Certification Authorities 221Active Directory Lightweight Directory Services 224Active Directory Rights Management Services 224Active Directory Federation Services 225Active Directory Rights and Permissions 225Active Directory Backup and Recovery 230Windows Server 2008 Backup 231Backing Up Active Directory 232Restoring Active Directory 235Group Policy 240Understanding How Group Policy Is Applied 242When Group Policy Is Applied 247Loopback Processing 248Group Policy Management Console 249Exploring a Few Specific Group Policy Settings 257Language Specific Administrative Templates 264

xvi Contents

Exam Essentials 264Review Questions 266Answers to Review Questions 271

Chapter 6 Monitoring and Maintaining Print and

File Servers 276File Server Resource Manager 277

Permissions 286Offline Data Access 292Disk Quotas 297Indexing and Searching 302Print Servers 303Understanding Shared Printers 304The Print Process 305Installing a Printer 306Printer Pooling 308Printer Publishing 308Distributed File System 310Using DFS Namespaces to Organize Content 311DFS Replication 313Domain-Based vs Stand-Alone Namespaces 316Replication Topology 317Creating a DFS Replication Group 318SharePoint Services 322Application Pools 323SharePoint and WSRM 323

Exam Essentials 324Review Questions 325Answers to Review Questions 330

Terminal Services Servers 334Terminal Services Role 336

TS RemoteApp 343Terminal Services Gateway 346Terminal Services Session Broker 350Terminal Services Web Access 351Terminal Services Licensing 352

Contents xvii

Internet Information Services 354IIS and ASP.NET 355IIS and the Windows Process Activation Service 356IIS and WSRM 356URL Authorization Rules 356Installing IIS 357Ports Used by IIS 358

Exam Essentials 359Review Questions 361Answers to Review Questions 366

Disk-Level Security with BitLocker 370BitLocker Requirements 371Adding the BitLocker Feature 371Configuring the Partitions 373Enabling BitLocker on Non-TPM Systems 376Starting a System with BitLocker 377Multifactor Authentication with BitLocker 377BitLocker Recovery 378Encrypting File System 378EFS and BitLocker 379Encrypting Files and Folders 379EFS Certificates and Keys 380Recovering EFS-Encrypted Files 382Auditing for Server Security 387Auditing Detailed Active Directory Events 388Enabling Directory Service Access Auditing 389Enabling Object Access 391Network Security 392Firewalls 392Remote Access 397Network Policy and Access Services 400

Network Encryption with IPSec 402

Exam Essentials 404Review Questions 405Answers to Review Questions 410

Using Windows Server Backup 435Windows Recovery Environment 436Entering WinRE 437

Exam Essentials 439Review Questions 441Answers to Review Questions 446

What You’ll Find on the CD 450Sybex Test Engine 450PDF of the Book 450Adobe Reader 450Electronic Flashcards 451System Requirements 451Using the CD 451Troubleshooting 451Customer Care 452

Table of Exercises

Exercise 1.1 Installing Virtual PC 2007 20

Exercise 1.2 Installing Windows Server 2008 22

Exercise 1.3 Adding the Active Directory Domain Services Role 31

Exercise 1.4 Installing Active Directory Domain Services 32

Exercise 2.1 Installing Windows Deployment Services 52

Exercise 2.2 Configuring Windows Deployment Services 53

Exercise 2.3 Adding Image Groups and Images to WDS 56

Exercise 2.4 Creating and Capturing a Custom Image 59

Exercise 2.5 Changing Permissions for Image Groups 62

Exercise 2.6 Deploying an Image 67

Exercise 3.1 Configuring Your System to Remotely Monitor a Server Using Reliability Monitor 102

Exercise 3.2 Running a Data Collector Set 104

Exercise 3.3 Creating a Data Collector Set from a Template 106

Exercise 3.4 Configuring Subscriptions 115

Exercise 3.5 Configuring an Event Task to Respond to an Event 119

Exercise 3.6 Configuring a WSUS GPO 141

Exercise 4.1 Installing DHCP 161

Exercise 4.2 Creating a DHCP Scope 165

Exercise 4.3 Modifying a DHCP Scope 167

Exercise 4.4 Creating a Forward Lookup Zone 184

Exercise 4.5 Creating Records within a Forward Lookup Zone 184

Exercise 5.1 Delegating Control to an OU 211

Exercise 5.2 Adding the Backup Feature 231

Exercise 5.3 Backing Up Critical Volumes 233

Exercise 5.4 Nonauthoritatively Restoring Active Directory 239

Exercise 5.5 Creating and Linking GPOs in the GPMC 250

Exercise 5.6 Delegating Permissions on a GPO 254

Exercise 5.7 Adding a User to the Group Policy Creator Owners Group 256

Exercise 5.8 Backing Up and Restoring GPOs 263

Exercise 6.1 Installing the File Services Role 277

Exercise 6.2 Creating a Share with the Provision Share Wizard 281

xx Table of Exercises

Exercise 6.3 Creating Shares with Computer Management and

Windows Explorer 282

Exercise 6.4 Enabling Offline Files 294

Exercise 6.5 Enabling Quotas 298

Exercise 6.6 Add the Print Services Role and Install a Printer 307

Exercise 6.7 Replicating Data with DFS 318

Exercise 7.1 Installing the Terminal Services Role 339

Exercise 7.2 Installing a RemoteApp Program 343

Exercise 7.3 Installing the IIS Role 357

Exercise 8.1 Adding the BitLocker Feature 372

Exercise 8.2 Configuring Partitions for BitLocker 374

Exercise 8.3 Enabling BitLocker on Non-TPM Systems 376

Exercise 8.4 Exporting Your EFS Certificate 382

Exercise 8.5 Importing Your EFS Certificate 384

Exercise 8.6 Adding the Network Policy and Access Services Role 400

Exercise 9.1 Enabling Shadow Copies 415

Exercise 9.2 Running Windows Server Backup 435

Exercise 9.3 Launching WinRE 437

Microsoft has recently changed its certification program to contain three primary series:

Technology, Professional, and Architect The Technology Series of certifications are intended to allow candidates to target specific technologies and are the basis for obtaining the Professional Series and Architect Series of certifications The certifications contained within the Technology Series consist of one to three exams, focus on a specific technol-ogy, and do not include job-role skills By contrast, the Professional Series of certifications focus on a job role and are not necessarily focused on a single technology but rather a comprehensive set of skills for performing the job role being tested The Architect Series of certifications offered by Microsoft are premier certifications that consist of passing a review board consisting of previously certified architects To apply for the Architect Series of certi-fications, you must have a minimum of 10 years of industry experience

When obtaining a Technology Series certification, you are recognized as a Microsoft Certified Technology Specialist (MCTS) on the specific technology or technologies that you have been tested on The Professional Series certifications include Microsoft Certified

IT Professional (MCITP) and Microsoft Certified Professional Developer (MCPD) Passing the review board for an Architect Series certification will allow you to become a Microsoft Certified Architect (MCA)

This book has been developed to give you the critical skills and knowledge you need to prepare for the PRO: Windows Server 2008 Server Administrator exam (exam 70-646)

The Microsoft Certified Professional Program

Since the inception of its certification program, Microsoft has certified more than 2 million people As the computer network industry continues to increase in both size and complexity,

this number is sure to grow—and the need for proven ability will also increase Certifications

can help companies verify the skills of prospective employees and contractors

Microsoft has developed its Microsoft Certified Professional (MCP) program to give you credentials that verify your ability to work with Microsoft products effectively and professionally Several levels of certification are available based on specific suites of exams

Microsoft has recently created a new generation of certification programs:

Microsoft Certified Technology Specialist (MCTS) The MCTS can be considered the

entry-level certification for the new generation of Microsoft certifications The MCTS tification program targets specific technologies instead of specific job roles You must take and pass one to three exams

cer-Microsoft Certified IT Professional (MCITP) The MCITP certification is a Professional

Series certification that tests network and systems administrators on job roles, rather than only on a specific technology The MCITP generally consists of passing one to three exams,

in addition to obtaining an MCTS-level certification

xxii Introduction

Microsoft Certified Master The Microsoft Certified Master certification is a step above

the Professional Series certification and is currently offered for Windows Server 2008, SQL

Server 2008, and Exchange Server 2007 Qualified MCITPs attend advanced training specific

to the certification track, must successfully complete in-class written and lab exams, and then

complete a separate qualification lab exam

Microsoft Certified Professional Developer (MCPD) The MCPD certification is a

Profes-sional Series certification for application developers Similar to the MCITP, the MCPD is

focused on a job role rather than on a single technology The MCPD generally consists of

passing one to three exams, in addition to obtaining an MCTS-level certification

Microsoft Certified Architect (MCA) The MCA is Microsoft’s premier certification series

Obtaining the MCA requires a minimum of 10 years of experience and requires the candidate

to pass a review board consisting of peer architects

How Do You Become Certified as a Windows Server 2008

Server Administrator?

Attaining a Microsoft certification has always been a challenge In the past, students have

been able to acquire detailed exam information—even most of the exam questions—from

online “brain dumps” and third-party “cram” books or software products For the new

generation of exams, this is simply not the case

Microsoft has taken strong steps to protect the security and integrity of its new cation tracks Now prospective candidates must complete a course of study that develops

certifi-detailed knowledge about a wide range of topics It supplies them with the true skills needed,

derived from working with the technology being tested

The new generations of Microsoft certification programs are heavily weighted toward hands-on skills and experience It is recommended that candidates have troubleshooting

skills acquired through hands-on experience and working knowledge

Fortunately, if you are willing to dedicate the time and effort to learn Windows Server

2008 Active Directory, you can prepare yourself well for the exam by using the proper

tools By working through this book, you can successfully meet the exam requirements to

pass the Windows Server 2008 Active Directory exam

This book is part of a complete series of Microsoft certification study guides, published

by Sybex Inc., that together cover the new MCTS, MCITP, and MCPD exams, as well as

the core MCSA and MCSE operating system requirements Please visit the Sybex website at

www.sybex.com for complete program and product details

MCITP Requirements

Candidates for MCITP Server Administrator certification on Windows Server 2008 must

pass three Windows Server 2008 exams: 70-640 (Windows Server 2008 Active Directory

Configuration), 70-642 (Windows Server 2008 Network Infrastructure Configuration),

and 70-646 (Windows Server 2008 Server Administrator) For a more detailed description

of the Microsoft certification programs, including a list of all the exams, visit the Microsoft

Learning website at www.microsoft.com/learning/mcp

Introduction xxiii

The Windows Server 2008 Server Administrator Exam

The Windows Server 2008 Server Administrator exam covers concepts and skills related to planning, configuring, troubleshooting, and managing Windows Server 2008 servers

Microsoft provides exam objectives to give you a general overview of sible areas of coverage on the Microsoft exams Keep in mind, however, that exam objectives are subject to change at any time without prior notice and at Microsoft’s sole discretion Please visit the Microsoft Learning web- site (www.microsoft.com/learning/mcp) for the most current listing of exam objectives

pos-Types of Exam Questions

In an effort to both refine the testing process and protect the quality of its certifications, Microsoft has focused its newer certification exams on real experience and hands-on profi-ciency There is a greater emphasis on your past working environments and responsibilities and less emphasis on how well you can memorize In fact, Microsoft says that certification candi-dates should have hands-on experience before attempting to pass any certification exams

Microsoft will accomplish its goal of protecting the exams’ integrity by regularly adding and removing exam questions, limiting the number of questions that any individual sees in a beta exam, limiting the number

of questions delivered to an individual by using adaptive testing, and adding new exam elements

Exam questions may be in a variety of formats: depending on which exam you take, you’ll see multiple-choice questions, as well as select-and-place and prioritize-a-list ques-tions Simulations and case study–based formats are included as well You may also find

yourself taking what’s called an adaptive format exam Let’s take a look at the types of

exam questions and examine the adaptive testing technique, so you’ll be prepared for all the possibilities

With the release of Windows 2000, Microsoft stopped providing a detailed score breakdown This is mostly because of the various and complex ques- tion formats Previously, each question focused on one objective Recent exams, such as the Windows Server 2008 Active Directory exam, however, contain questions that may be tied to one or more objectives from one or more objective sets Therefore, grading by objective is almost impossible Also, Microsoft no longer offers a score Now you will be told only whether you pass or fail

xxiv Introduction

Multiple-Choice Questions

Multiple-choice questions come in two main forms One is a straightforward question

followed by several possible answers, of which one or more is correct The other type of

multiple-choice question is more complex and based on a specific scenario The scenario

may focus on several areas or objectives

Select-and-Place Questions

Select-and-place exam questions involve graphical elements that you must manipulate to

successfully answer the question For example, you might see a diagram of a computer

net-work, as shown in the following graphic taken from the select-and-place demo downloaded

from Microsoft’s website:

A typical diagram will show computers and other components next to boxes that tain the text “Place here.” The labels for the boxes represent various computer roles on a

con-network, such as a print server and a file server Based on information given for each

com-puter, you are asked to select each label and place it in the correct box You need to place

all of the labels correctly No credit is given for the question if you correctly label only some

of the boxes

In another select-and-place problem, you might be asked to put a series of steps in order

by dragging items from boxes on the left to boxes on the right and placing them in the

cor-rect order One other type requires that you drag an item from the left and place it under an

item in a column on the right