What's New in Windows Server 2012

What's New in AD CS and PKI? Active Directory Certificate Services (AD CS) in Windows Server 2012 provides multiple new features and capabilities over previous versions. This document describes new deployment, manageability, and capabilities added to AD CS in Windows Server 2012. What's New in Active Directory Domain Services (AD DS) Active Directory Domain Services (AD DS) in Windows Server 2012 includes new features that make it simpler and faster to deploy domain controllers (both on-premises and in the cloud), more flexible and easier to both audit and authorize access to files with Dynamic Access Control, and easier to perform administrative tasks at scale, either locally or remotely, through consistent graphical and scripted management experiences. What's New in Active Directory Rights Management Services (AD RMS)? Active Directory Rights Management Services (AD RMS) is the server role that provides you with management and development tools that work with industry security technologiesincluding encryption, certificates, and authenticationto help organizations create reliable information protection solutions. What's New in BitLocker for Windows 8 and Windows Server 2012 BitLocker encrypts the hard drives on your computer to provide enhanced protection against data theft or exposure on computers and removable drives that are lost or stolen. What's New in BranchCache BranchCache in Windows Server 2012 and Windows 8 provides substantial performance, manageability, scalability, and availability improvements. What's New in DFS Namespaces and DFS Replication in Windows Server 2012 DFS Namespaces and DFS Replication in Windows Server 2012 provide new management functionality as well as interoperability with DirectAccess and Data Deduplication. What's New in DHCP in Windows Server 2012 Dynamic Host Configuration Protocol (DHCP) is an Internet Engineering Task Force (IETF) standard designed to reduce the administration burden and complexity of configuring hosts on a TCP/IP-based network, such as a private intranet. What's New in DNS Domain Name System (DNS) services in Windows Server 2012 and Windows 8 are used in TCP/IP networks for naming computers and network services. DNS naming locates computers and services through user-friendly names. New and changed functionality in File and Storage Services File and Storage Services provides a number of new management, scalability, and functionality improvements in Windows Server 2012.

What's New in Failover Clustering Failover clusters provide high availability and scalability to many server workloads. These include file share storage for server applications such as Hyper-V and Microsoft SQL Server, and server applications that run on physical servers or virtual machines. What's New in File Server Resource Manager File Server Resource Manager provides a set of features that allow you to manage and classify data that is stored on file servers. What's New in Group Policy in Windows Server 2012 Group Policy is an infrastructure that enables you to specify managed configurations for users and computers through Group Policy settings and Group Policy Preferences What's New in Hyper-V The Hyper-V role enables you to create and manage a virtualized computing environment by using virtualization technology that is built in to Windows Server 2012. Hyper-V virtualizes hardware to provide an environment in which you can run multiple operating systems at the same time on one physical computer, by running each operating system in its own virtual machine. What's New in IPAM in Windows Server 2012 IP Address Management (IPAM) is an entirely new feature in Windows Server 2012 that provides highly customizable administrative and monitoring capabilities for the IP address infrastructure on a corporate network. What's New in Kerberos Authentication The Microsoft Windows Server operating systems implement the Kerberos version 5 authentication protocol and extensions for public key and password-based authentication. The Kerberos authentication client is implemented as a security support provider (SSP) and can be accessed through the Security Support Provider Interface (SSPI). What's New for Managed Service Accounts Standalone Managed Service Accounts, which were introduced in Windows Server 2008 R2 and Windows 7, are managed domain accounts that provide automatic password management and simplified SPN management, including delegation of management to other administrators. What's New in Networking in Windows Server 2012 Discover new networking technologies and new features for existing technologies in Windows Server 2012. Technologies covered include BranchCache, Data Center Bridging, NIC Teaming, and more. What's New in Remote Desktop Services in Windows Server 2012 The Remote Desktop Services server role in Windows Server 2012 provides technologies that enable users to connect to virtual desktops, RemoteApp programs, and session-based desktops. With Remote Desktop Services, users can access remote connections from within a corporate network or from the Internet.

What's new in Security Auditing Security auditing is one of the most powerful tools to help maintain the security of an enterprise. One of the key goals of security audits is to verify regulatory compliance. Whats new in Server Manager In this blog post, senior Server Manager program manager Wale Martins describes the innovations and value of the new Server Manager. Server Manager in Windows Server 2012 lets administrators manage multiple, remote servers that are running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003. What's New in Smart Cards Smart cards and their associated personal identification numbers (PINs) are an increasingly popular, reliable, and cost-effective form of two-factor authentication. With the right controls in place, a user must have the smart card and know the PIN to gain access to network resources. What's New in TLS/SSL (Schannel SSP) Schannel is a Security Support Provider (SSP) that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. The Security Support Provider Interface (SSPI) is an API used by Windows systems to perform security-related functions including authentication. What's New for Windows Deployment Services for Windows Server 2012 Windows Deployment Services is a server role that enables you to remotely deploy Windows operating systems. You can use it to set up new computers by using a network-based installation. Whats new in Windows PowerShell 3.0 Windows PowerShell 3.0 includes many new features and improvements in the scripting and automation experience, such as Windows PowerShell Workflow, multiple new features in Windows PowerShell ISE to help make scripting and debugging faster and easier, updatable Help, Windows PowerShell Web Access, and over 2,200 new cmdlets and functions.

Difference between Windows Server 2008 and Windows Server 2008 R2

Posted by Prakhar Chand Lall

Windows Server 2008 It is based on kernal version 6.0 ( the same of Windows Vista) It use the same GUI introduced with Windows Vista Is for both 32 bit & 64-bit platforms

Windows Server 2008 R2 It is based on kernal version 6.1 ( the same of Windows 7) It use the same new GUI introduced with Windows 7 Is only for 64-bit platforms

Its Hyper V does not have that feature

Hyper-V provides a dynamic, reliable, and scalable virtualization platform combined with a single set of integrated management tools to manage both physical and virtual resources

Not available in Windows server 2008, It is only having Basic Remote desktop Services.

Microsoft RemoteFX, introduces a new set of remote userexperience capabilities that enable a media-rich user environment for virtual and session-based desktops.

Normal Power Management Service Normal Data managemnet server

Enhanced Power Management services which save up to 18 % more power than previous verison. Enhanced Data Management server using File ClassificationInfrastructure (FCI)

The 10 best Windows Server 2012 features

Opinion Microsoft's Windows Server 2012 is out. For many systems administrators, the question about this latest iteration of Microsoft's server family is not "What's new?" but "Why care?" Server 2008 R2 is a great operating system, while Server 2012 bears the stigma of Metro and the Windows 8 controversy. But the answer to "why care" is simple: Server 2012 is as big a leap over 2008 R2 as 2008 R2 was over 2003. Server 2012 comes with some great new features. It also refines previous versions of Server to bring it past the "never use version 1.0" stage and up to parity, in features and stability, with competing offerings. In short Windows Server 2012 kicks ass. Here are the top 10 reasons why.

10. IIS 8
IIS 8 brings Internet Information Services up to feature parity with the rest of the world, and surpasses it in places. More than a decade's worth of "you use Windows as your web server" jokes officially end here. IIS 8 sports script precompilation, granular process throttling, SNI support and centralised certificate management. Add in a FTP server that finally, mercifully, doesn't suck (it even has functional login restrictions) and IIS 8 becomes worth the cost of the operating system on its own.

9. PowerShell
PowerShell 3.0 is an evolution rather than a revolution. Having more PowerShell scriptlets is not normally something I would care about. That said, the 2012 line of products marks a revolution in Microsoft's approach to server management.

Every element of the operating system and virtually every other companion server, such as SQL, Exchange or Lync, are completely manageable through PowerShell. This is so ingrained that the GUIs are just buttons that call PowerShell scripts underneath. PowerShell should be tops on this list but to make proper use of it, your Google-fu has to be strong. The official documentation is incomplete, Bing is still worthless for searching Microsoft's web estate and the golden examples for making use of PowerShell lie in the blogs maintained by Microsoft's staff. Once you have assembled the list of scriptlets you need printed, laminated and guarded by a fire elemental as in days of old you can make the 2012 stack of Microsoft software sing. Thanks to PowerShell, Microsoft is ready to take on all comers at any scale.

8. DirectAccess
DirectAccess was a neat idea but it was poorly implemented in previous versions of Windows. Server 2012 makes it easier to use, with SSL as the default configuration and IPSec as an option. The rigid dependence on IPv6 has also been removed. DirectAccess has evolved into a reasonable, reliable and easy-to-use replacement for virtual private networks.

7. Cluster Shared Volumes

With Server 2012 Cluster Shared Volumes are officially supported for use beyond hosting virtual hard disks for Hyper-V. You may now roll your own highly available multi-node replicated storage cluster and do so with a proper fistful of best-practice documentation.

6. Deduplication
For years now, storage demand has been growing faster than hard drive density. Meeting our voracious appetite for data storage has meant more and more spindles, and more controllers, chassis, power supplies, electricity and cooling to keep those spindles spinning. Deduplication has moved from nice to have to absolute must in recent years and Microsoft has taken notice. Server 2012 supports deduplication on NTFS volumes though tragically it does not work with CSV and deeply integrates it with BranchCache to save on WAN bandwidth.

5. Hyper-V 3.0
Server 2012 sees Hyper-V catch up with VMware's mainstream. While objectively I would have to say that VMware retains the feature lead at the top end, when combined with System Center 2012, Hyper-V 3.0 will cheerfully handle two-sigma worth of use cases. Microsoft is no longer an also-ran in the virtualisation space; it is a capable and voracious predator stalking the wilds of the data centre for new prey. Microsoft's Hyper-V Server a free Windows Core version of Hyper-V is feature complete. If you have a yen to dive into PowerShell then you can run a complete 64-node, 8,000 virtual machine Hyper-V cluster without paying Microsoft a dime. It takes a very special kind of masochist to do so Microsoft is betting you will spend the money on System Center 2012 and it is probably right. System Center 2012 is amazing, even more so with the newly launched Service Pack 1. Microsoft's focus on PowerShell and its decision to put price pressure on VMware with Hyper-V server has opened up a market for third-party management tools such as 5Nine. These are not

nearly as capable as System Center, but offer a great mid-point between free and impossible to manage and awesome but too expensive. This emerging ecosystem should see Hyper-V's market share explode.

4. Hyper-V Replica
Hyper-V Replica is a storage technology designed to continuously replicate your virtual machines across to a backup cluster. It ensures that snapshots no more than 15 minutes old of your critical virtual machines are available over any network link, including the internet. It replicates the initial snapshot in full after that it sends only change blocks and it fully supports versioning of your virtual machines.

3. iSCSI
With Windows Storage Server 2008, Microsoft first made an iSCSI target available. It eventually became an optional download from Microsoft's website for Server 2008 R2 and is now finally integrated into Server 2012 as a core component.

2. NFS 4.1
Microsoft's NFS 4.1 server is good code. Designed from the ground up it is is fast, stable and reliable. It makes a great storage system for heterogenous environments and a wonderful network storage point for VMware servers.

1. SMB 3.0
SMB 3.0 is the crown jewel of Server 2012. It is far removed from its laughingstock predecessor CIFS. It supports multiple simultaneous network interfaces including the ability to hot-plug new interfaces on the fly to increase bandwidth for large or complex transfers and supports MPIO, thin provisioning of volumes and deduplication (assuming the underlying storage is NTFS). SMB 3.0 also supports SMB Direct and remote direct memory access, the ability for appropriately kitted systems to move SMB data directly from one system's memory to the other, bypassing the SMB stack. This has enabled Microsoft to hit 16GBps transfer rates for SMB 3.0, a weighty gauntlet for any potential challenger to raise. I have found Server 2012 to be worth the cost of the upgrade, even where I have the excellent Server 2008 R2 deployed. Given that I work with very limited IT budgets, that is a strong endorsement.

10 Key Windows Server 2012 Features for IT Pros

Windows Server 2008 R2 brings some powerful tools and features that may be good news for your budget, your service levels, and the flexibility of your IT department. Here are some of the most significant changes and enhancements. Note: This article is also available as a PDF download.

1: Better support for the latest server hardware

Windows Server 2008 R2 is the first version of Windows Server to completely abandon the 32-bit architecture. Along with the move to a 64-bit only architecture, Microsoft has designed Windows Server 2008 R2 to support up to 256 logical processors. Similarly, Microsoft has redesigned Hyper-V so that it can support up to 32 logical processors. The original version of Hyper-V was limited to using 16 logical processors. Windows Server 2008 R2 has also been designed to manage memory better than its predecessor did. Microsoft has accomplished this by providing support for the enhanced page tables features found in the latest processors. Specifically, this means that Windows now supports Second Level Translation (AMD) and Nested Page Tables (Intel).

2: Improved power management

These days, everyone is on a budget, and one way of improving the bottom line is to reduce your organization's electric bill. Windows Server 2008 R2 makes this possible in a couple of ways. First, there are some new group policy settings that allow for more granular power management on computers that are running Windows 7 or Windows Server 2008 R2. More important, Windows Server 2008 R2 can manage a computer's power consumption at the logical CPU core level. This means that logical CPU cores that are being underutilized can be dynamically put to sleep until they are needed, thereby decreasing the server's overall power consumption.

3: IIS 7.5
Windows Server 2008 R2 includes the latest edition of Internet Information Services (IIS). While IIS 7.5 isn't an earth-shattering release, it does have some nice new security features. For instance, URLscan 3.0 -- renamed Request Filter Module -- has been included in IIS. Microsoft has also provided IIS with its own dedicated copy of the Best Practices Analyzer.

4: PowerShell 2.0
Windows Server 2008 R2 has been bundled with PowerShell 2.0. This new version of PowerShell, which can also be downloaded for the original Windows Server 2008, offers a couple of hundred new prebuilt cmdlets. The ironic thing about PowerShell 2.0 is that even though it's a command-line environment, Microsoft offers a GUI interface you can use for developing new cmdlets. This interface provides various debugging and testing tools, in addition to syntax highlighting.

5: Direct Access
Anyone who has ever had to support remote users knows what a hassle it can be, and yet today almost everyone expects to be able to work remotely. Thankfully, Microsoft has simplified the process by adopting a new remote access philosophy. In Windows Server 2008 R2, there is no longer a distinction between a local connection and a remote connection. Essentially, all connections are treated the same, and Windows handles the logistics behind the scenes. The feature that makes this possible is known as Direct Access.

6: Virtual Desktop Integration

The Terminal Services feature has been available in Windows Server for many years now, but Windows Server 2008 R2 offers an enhanced Virtual Desktop Integration (VDI). There are two main advantages to this. First, hosted applications now appear on the Start menu, alongside applications that are installed locally. A user would be hard-pressed to tell the difference between a local and a hosted application. The second advantage is that graphics functions (and some other I/O functions, such as keyboard and mouse) are now handled by the user's desktop. This means that each session consumes fewer server resources, thus allowing those resources to be used more efficiently.

7: Branch Cache
One of the best new features in Windows Server 2008 R2 is called Branch Cache. The idea behind this feature is that users who work in branch offices must often access files that are stored on remote file servers. These files must traverse the WAN link each time they're accessed. Since many organizations have to pay for the WAN bandwidth they use, remote file access can become expensive. The Branch Cache feature caches files on a local server. That way, files do not have to be remotely accessed unless the file has changed since the cached copy was last updated. This can help reduce the cost of bandwidth, and it can improve performance for the users of the branch office, since many file read operations will now occur locally. Even remote file reads should be more efficient because the WAN link is less congested.

8: Windows Server Backup

Most large organizations have traditionally relied on third-party backup applications. However, many smaller organizations have been stuck using Windows Server Backup (previously known as NTBACKUP). When Microsoft released the first version of Windows Server 2008, it made the decision to completely rebuild Windows Server Backup. Unfortunately, the end result was less than stellar. In R2, Microsoft has done a lot of work to Windows Server Backup to make up for the shortcomings.

9: The Best Practices Analyzer

Earlier, I mentioned that IIS now has its own dedicated copy of the Best Practices Analyzer -- and it seems as though the Best Practices Analyzer has finally come of age. Microsoft has extended it so that it can now analyze each of the available server roles.

10: Hyper-V
I already noted that Hyper-V has been redesigned to take advantage of up to 32 logical processors, but there are other notable improvements as well. The one that has received the most press is a feature called Live Migration, which allows you to move virtual machines between hosts with no downtime. A lesser known, but equally impressive new feature is the ability to add a virtual hard drive to a virtual machine without having to reboot the virtual machine.

What are some of the new tools and features provided by Windows Server 2008? Windows Server 2008 now provides a desktop environment similar to Microsoft Windows Vista and includes tools also found in Vista, such as the new backup snap-in and the BitLocker drive encryption feature. Windows Server 2008 also provides the new IIS7 web server and the Windows Deployment Service.

What are the different editions of Windows Server 2008?

The entry-level version of Windows Server 2008 is the Standard Edition. The Enterprise Edition provides a platform for large enterprisewide networks. The Datacenter Edition provides support for unlimited Hyper-V virtualization and advanced clustering services. The Web Edition is a scaled-down version of Windows Server 2008 intended for use as a dedicated web server. The Standard, Enterprise, and Datacenter Editions can be purchased with or without the Hyper-V virtualization technology.

What two hardware considerations should be an important part of the planning process for a Windows Server 2008 deployment?
Any server on which you will install Windows Server 2008 should have at least the minimum hardware requirement for running the network operating system. Server hardware should also be on the Windows Server 2008 Hardware Compatibility List to avoid the possibility of hardware and network operating system incompatibility.

How does the activation process differ on Windows Server 2008 as compared to Windows Server 2003?
You can select to have activation happen automatically when the Windows Server 2008 installation is complete. Make sure that the Automatically Activate Windows When Im Online check box is selected on the Product Key page.

What are the options for installing Windows Server 2008?

You can install Windows Server 2008 on a server not currently configured with NOS, or you can upgrade existing servers running Windows 2000 Server and Windows Server 2003.

How do you configure and manage a Windows Server 2008 core installation?
This stripped-down version of Windows Server 2008 is managed from the command line.

Which Control Panel tool enables you to automate the running of server utilities and other applications?
The Task Scheduler enables you to schedule the launching of tools such as Windows Backup and Disk Defragmenter.

What are some of the items that can be accessed via the System Properties dialog box?
You can access virtual memory settings and the Device Manager via the System Properties dialog box.

Which Windows Server utility provides a common interface for tools and utilities and provides access to server roles, services, and monitoring and drive utilities?
The Server Manager provides both the interface and access to a large number of the utilities and tools that you will use as you manage your Windows server.

How are local user accounts and groups created?

Local user accounts and groups are managed in the Local Users and Groups node in the Server Manager. Local user accounts and groups are used to provide local access to a server.

When a child domain is created in the domain tree, what type of trust relationship exists between the new child domain and the trees root domain?
Child domains and the root domain of a tree are assigned transitive trusts. This means that the root domain and child domain trust each other and allow resources in any domain in the tree to be accessed by users in any domain in the tree.

What is the primary function of domain controllers?

The primary function of domain controllers is to validate users to the network. However, domain controllers also provide the catalog of Active Directory objects to users on the network.

What are some of the other roles that a server running Windows Server 2008 could fill on the network?
A server running Windows Server 2008 can be configured as a domain controller, a file server, a print server, a web server, or an application server. Windows servers can also have roles and features that provide services such as DNS, DHCP, and Routing and Remote Access.

Which Windows Server 2008 tools make it easy to manage and configure a servers roles and features?
The Server Manager window enables you to view the roles and features installed on a server and also to quickly access the tools used to manage these various roles and features. The Server Manager can be used to add and remove roles and features as needed.

What Windows Server 2008 service is used to install client operating systems over the network?
Windows Deployment Services (WDS) enables you to install client and server operating systems over the network to any computer with a PXE-enabled network interface.

What domain services are necessary for you to deploy the Windows Deployment Services on your network?
Windows Deployment Services requires that a DHCP server and a DNS server be installed in the domain.

How is WDS configured and managed on a server running Windows Server 2008?The Windows Deployment
Services snap-in enables you to configure the WDS server and add boot and install images to the server.

What utility is provided by Windows Server 2008 for managing disk drives, partitions, and volumes?
The Disk Manager provides all the tools for formatting, creating, and managing drive volumes and partitions.

What is the difference between a basic and dynamic drive in the Windows Server 2008 environment?
A basic disk embraces the MS-DOS disk structure; a basic disk can be divided into partitions (simple volumes). Dynamic disks consist of a single partition that can be divided into any number of volumes. Dynamic disks also support Windows Server 2008 RAID implementations.

What is RAID in Windows Server 2008?

RAID, or Redundant Array of Independent Disks, is a strategy for building fault tolerance into your file servers. RAID enables you to combine one or more volumes on separate drives so that they are accessed by a single drive letter. Windows Server 2008 enables you to configure RAID 0 (a striped set), RAID 1 (a mirror set), and RAID 5 (disk striping with parity).

What is the most foolproof strategy for protecting data on the network?
Regular backups of network data provides the best method of protecting you from data loss.

What conceptual model helps provide an understanding of how network protocol stacks such as TCP/IP work?
The OSI model, consisting of the application, presentation, session, transport, network, data link, and physical layers, helps describe how data is sent and received on the network by protocol stacks.

What protocol stack is installed by default when you install Windows Server 2008 on a network server?
TCP/IP (v4 and v6) is the default protocol for Windows Server 2008. It is required for Active Directory implementations and provides for connectivity on heterogeneous networks.

When TCP/IP is configured on a Windows server (or domain client), what information is required?
You must provide at least the IP address and the subnet mask to configure a TCP/IP client for an IPv4 client, unless that client obtains this information from a DHCP server. For IPv6 clients, the interface ID is generated automatically from the MAC hardware address on the network adapter. IPv6 can also use DHCP as a method to configure IP clients on the network.

What are two command-line utilities that can be used to check TCP/IP configurations and IP connectivity, respectively?
The ipconfig command can be used to check a computers IP configuration and also renew the clients IP address if it is provided by a DHCP server. ping can be used to check the connection between the local computer and any computer on the network, using the destination computers IP address.

What term is used to refer to the first domain created in a new Active Directory tree?
The first domain created in a tree is referred to as the root domain. Child domains created in the tree share the same namespace as the root domain.

How is a server running Windows Server 2008 configured as a domain controller, such as the domain controller for the root domain or a child domain?
Installing the Active Directory on a server running Windows Server 2008 provides you with the option of creating a root domain for a domain tree or of creating child domains in an existing tree. Installing Active Directory on the server makes the server a domain controller.

What are some of the tools used to manage Active Directory objects in a Windows Server 2008 domain?
When the Active Directory is installed on a server (making it a domain controller), a set of Active Directory snap-ins is provided. The Active Directory Users and Computers snap-in is used to manage Active Directory objects such as user accounts, computers, and groups. The Active Directory Domains and Trusts snap-in enables you to manage the trusts that are defined between domains. The Active Directory Sites and Services snap-in provides for the management of domain sites and subnets.

How are domain user accounts created and managed?

The Active Directory Users and Computers snap-in provides the tools necessary for creating user accounts and managing account properties. Properties for user accounts include settings related to logon hours, the computers to which a user can log on, and the settings related to the users password.

What type of Active Directory objects can be contained in a group?

A group can contain users, computers, contacts, and other nested groups.

What type of group is not available in a domain that is running at the mixed-mode functional level?
Universal groups are not available in a mixed-mode domain. The functional level must be raised to Windows 2003 or Windows 2008 to make these groups available.

What types of Active Directory objects can be contained in an Organizational Unit?

Organizational Units can hold users, groups, computers, contacts, and other OUs. The Organizational Unit provides you with a container directly below the domain level that enables you to refine the logical hierarchy of how your users and other resources are arranged in the Active Directory.

What are Active Directory sites in Windows Server 2008?

Active Directory sites are physical locations on the networks physical topology. Each regional domain that you create is assigned to a site. Sites typically represent one or more IP subnets that are connected by IP routers. Because sites are separated from each other by a router, the domain controllers on each site periodically replicate the Active Directory to update the Global Catalog on each site segment.

How can client computer accounts be added to the Active Directory?

Client computer accounts can be added through the Active Directory Users and Computers snap-in. You can also create client computer accounts via the client computer by joining it to the domain via the System Properties dialog box. This requires a user account that has administrative privileges, such as members of the Domain Administrator or Enterprise Administrator groups.

What firewall setting is required to manage client computers such as Vista clients and Windows 2008 member servers?
The Windows Firewall must allow remote administration for a computer to be managed remotely.

Can servers running Windows Server 2008 provide services to clients when they are not part of a domain?
Servers running Windows Server 2008 can be configured to participate in a workgroup. The server can provide some services to the workgroup peers but does not provide the security and management tools provided to domain controllers.

What does the use of Group Policy provide you as a network administrator?
Group Policy provides a method of controlling user and computer configuration settings for Active Directory containers such as sites, domains, and OUs. GPOs are linked to a particular container, and then individual policies and administrative templates are enabled to control the environment for the users or computers within that particular container.

What tools are involved in managing and deploying Group Policy?

GPOs and their settings, links, and other information such as permissions can be viewed in the Group Policy Management snap-in.

How do you deal with Group Policy inheritance issues?

GPOs are inherited down through the Active Directory tree by default. You can block the inheritance of settings from upline GPOs (for a particular container such as an OU or a local computer) by selecting Block Inheritance for that particular object. If you want to enforce a higher-level GPO so that it overrides directly linked GPOs, you can use the Enforce command on the inherited (or upline) GPO.

How can you make sure that network clients have the most recent Windows updates installed and have other important security features such as the Windows Firewall enabled before they can gain full network access?
You can configure a Network Policy Server (a service available in the Network Policy and Access Services role). The Network Policy Server can be configured to compare desktop client settings with health validators to determine the level of network access afforded to the client.

What is the purpose of deploying local DNS servers?

A domain DNS server provides for the local mapping of fully qualified domain names to IP addresses. Because the DNS is a distributed database, the local DNS servers can provide record information to remote DNS servers to help resolve remote requests related to fully qualified domain names on your network.

What types of zones would you want to create on your DNS server so that both queries to resolve hostnames to IP addresses and queries to resolve IP addresses to hostnames are handled successfully?
You would create both a forward lookup zone and a reverse lookup zone on your Windows Server 2008 DNS server.

What tool enables you to manage your Windows Server 2008 DNS server?
The DNS snap-in enables you to add or remove zones and to view the records in your DNS zones. You can also use the snap-in to create records such as a DNS resource record.

In terms of DNS, what is a caching-only server?

A caching-only DNS server supplies information related to queries based on the data it contains in its DNS cache. Caching-only servers are often used as DNS forwarders. Because they are not configured with any zones, they do not generate network traffic related to zone transfers.

How is the range of IP addresses defined for a Windows Server 2008 DHCP server?
The IP addresses supplied by the DHCP server are held in a scope. A scope that contains more than one subnet of IP addresses is called a superscope. IP addresses in a scope that you do not want to lease can be included in an exclusion range.

What TCP/IP configuration parameters can be provided to a DHCP client?

The DHCP server can supply a DHCP client an IP address and subnet mask. It also can optionally include the default gateway address, the DNS server address, and the WINS server address to the client.

How can you configure the DHCP server so that it provides certain devices with the same IP address each time the address is renewed?
You can create a reservation for the device (or create reservations for a number of devices). To create a reservation, you need to know the MAC hardware address of the device. You can use the ipconfig or nbstat command-line utilities to determine the MAC address for a network device such as a computer or printer.

To negate rogue DHCP servers from running with a domain, what is required for your DHCP server to function?
The DHCP server must be authorized in the Active Directory before it can function in the domain.

To negate rogue DHCP servers from running with a domain, what is required for your DHCP server to function? The DHCP server must be authorized in the Active Directory before it can function in the domain. How can you configure the DHCP server so that it provides certain devices with the same IP address each time the address is renewed? You can create a reservation for the device (or create reservations for a number of devices). To create a reservation, you need to know the MAC hardware address of the device. You can use the ipconfig or nbstat command-line utilities to determine the MAC address for a network device such as a computer or printer.