6430B
Planning for Windows Server
2008 Servers
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by
calling +1 800-785-3448.
ii Planning for Windows Server 2008 Servers
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part
of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted
in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for
any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory,
regarding these manufacturers or the use of the products with any Microsoft technologies. The
inclusion of a manufacturer or product does not imply endorsement of Microsoft of the
manufacturer or product. Links may be provided to third party sites. Such sites are not under the
control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link
contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for
webcasting or any other form of transmission received from any linked site. Microsoft is providing
these links to you only as a convenience, and the inclusion of any link does not imply endorsement
of Microsoft of the site or the products contained therein.
2009 Microsoft Corporation. All rights reserved.
Microsoft, Microsoft Press, Access, Active Directory, ActiveSync, ActiveX, BitLocker, Excel, Forefront,
Hyper-V, Internet Explorer, MS, MSDN, MS-DOS, Outlook, PowerPoint, SharePoint, Silverlight,
SQ Server, Visio, Visual Basic, Visual Studio, Win32, Windows, Windows Live, Windows Media,
Windows NT, Windows PowerShell, Windows Server and Windows Vista are either registered
trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
All other trademarks are property of their respective owners.
Product Number: 6430B
Part Number: X16-25882
Released: 11/2009
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by
calling +1 800-785-3448.
MICROSOFT LICENSE TERMS
OFFICIAL MICROSOFT LEARNING PRODUCTS COURSEWARE
BLENDED LEARNING COURSE - STUDENT EDITION
These license terms are an agreement between Microsoft Corporation and you. Please read them. They
apply to the licensed content named above, which includes the media on which you received it, if any. The
terms also apply to any Microsoft
updates,
supplements,
Internet-based services, and
support services
for this licensed content, unless other terms accompany those items. If so, those terms apply.
By using the licensed content, you accept these terms. If you do not accept them, do not use
the licensed content.
If you comply with these license terms, you have the rights below.
1. OVERVIEW.
Licensed Content. The licensed content includes software, printed materials, academic materials
(online and electronic), and associated media.
License Model. The licensed content is licensed on a per copy per device basis.
2. INSTALLATION AND USE RIGHTS.
a. Licensed Device. The licensed device is the device on which you use the licensed content. You
may install and use one copy of the licensed content on the licensed device.
b. Portable Device. You may install another copy on a portable device for use by the single
primary user of the licensed device.
c. Separation of Components. The components of the licensed content are licensed as a single
unit. You may not separate the components and install them on different devices.
d. Third Party Programs. The licensed content may contain third party programs. These license
terms will apply to your use of those third party programs, unless other terms accompany those
programs.
3. ADDITIONAL LICENSING REQUIREMENTS AND/OR USE RIGHTS.
a. Media Elements and Templates. You may use images, clip art, animations, sounds, music,
shapes, video clips and templates provided with the licensed content solely for your personal
training use. If you wish to use these media elements or templates for any other purpose, go to
www.microsoft.com/permission to learn whether that use is allowed.
b. Academic Materials. If the licensed content contains academic materials (such as white papers,
labs, tests, datasheets and FAQs), you may copy and use the academic materials. You may not
make any modifications to the academic materials and you may not print any book (either
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by
calling +1 800-785-3448.
electronic or print version) in its entirety. If you reproduce any academic materials, you agree
that:
The use of the academic materials will be only for your personal reference or training use
You will not republish or post the academic materials on any network computer or broadcast in
any media;
You will include the academic materials original copyright notice, or a copyright notice to
Microsofts benefit in the format provided below:
Form of Notice:
2009 Reprinted for personal reference use only with permission by
Microsoft Corporation. All rights reserved.
Microsoft and Windows are either registered trademarks or trademarks of
Microsoft Corporation in the US and/or other countries. Other product and
company names mentioned herein may be the trademarks of their respective
owners.
c. Distributable Code. The licensed content may contain code that you are permitted to distribute
in programs you develop if you comply with the terms below.
i. Right to Use and Distribute. The code and text files listed below are Distributable Code.
REDIST.TXT Files. You may copy and distribute the object code form of code listed in
REDIST.TXT files.
Sample Code. You may modify, copy, and distribute the source and object code form of
code marked as sample.
Third Party Distribution. You may permit distributors of your programs to copy and
distribute the Distributable Code as part of those programs.
ii. Distribution Requirements. For any Distributable Code you distribute, you must
add significant primary functionality to it in your programs;
require distributors and external end users to agree to terms that protect it at least as
much as this agreement;
display your valid copyright notice on your programs; and
indemnify, defend, and hold harmless Microsoft from any claims, including attorneys fees,
related to the distribution or use of your programs.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by
calling +1 800-785-3448.
iii. Distribution Restrictions. You may not
alter any copyright, trademark or patent notice in the Distributable Code;
use Microsofts trademarks in your programs names or in a way that suggests your
programs come from or are endorsed by Microsoft;
distribute Distributable Code to run on a platform other than the Windows platform;
include Distributable Code in malicious, deceptive or unlawful programs; or
modify or distribute the source code of any Distributable Code so that any part of it
becomes subject to an Excluded License. An Excluded License is one that requires, as a
condition of use, modification or distribution, that
the code be disclosed or distributed in source code form; or
others have the right to modify it.
4. INTERNET-BASED SERVICES. Microsoft may provide Internet-based services with the licensed
content. It may change or cancel them at any time. You may not use these services in any way that
could harm them or impair anyone elses use of them. You may not use the services to try to gain
unauthorized access to any service, data, account or network by any means.
5. SCOPE OF LICENSE. The licensed content is licensed, not sold. This agreement only gives you some
rights to use the licensed content. Microsoft reserves all other rights. Unless applicable law gives you
more rights despite this limitation, you may use the licensed content only as expressly permitted in this
agreement. In doing so, you must comply with any technical limitations in the licensed content that
only allow you to use it in certain ways. You may not
disclose the results of any benchmark tests of the licensed content to any third party without
Microsofts prior written approval;
work around any technical limitations in the licensed content;
reverse engineer, decompile or disassemble the licensed content, except and only to the extent
that applicable law expressly permits, despite this limitation;
make more copies of the licensed content than specified in this agreement or allowed by
applicable law, despite this limitation;
publish the licensed content for others to copy;
rent, lease or lend the licensed content; or
use the licensed content for commercial licensed content hosting services.
Rights to access the server software that may be included with the Licensed Content, including the
Virtual Hard Disks does not give you any right to implement Microsoft patents or other Microsoft
intellectual property in software or devices that may access the server.
6. BACKUP COPY. You may make one backup copy of the licensed content. You may use it only to
reinstall the licensed content.
7. TRANSFER TO ANOTHER DEVICE. You may uninstall the licensed content and install it on another
device for your use. You may not do so to share this license between devices.
8. TRANSFER TO A THIRD PARTY. The first user of the licensed content may transfer it and this
agreement directly to a third party. Before the transfer, that party must agree that this agreement
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by
calling +1 800-785-3448.
applies to the transfer and use of the licensed content. The first user must uninstall the licensed
content before transferring it separately from the device. The first user may not retain any copies.
9. EXPORT RESTRICTIONS. The licensed content is subject to United States export laws and
regulations. You must comply with all domestic and international export laws and regulations that
apply to the licensed content. These laws include restrictions on destinations, end users and end use.
For additional information, see www.microsoft.com/exporting.
10. NOT FOR RESALE SOFTWARE/LICENSED CONTENT. You may not sell software or licensed
content marked as NFR or Not for Resale.
11. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if
you fail to comply with the terms and conditions of these license terms. Upon any termination of this
agreement, you must destroy all copies of the licensed content and all of its component parts.
12. ENTIRE AGREEMENT. This agreement, and the terms for supplements, updates, Internet-based
services and support services that you use, are the entire agreement for the licensed content and
support services.
13. APPLICABLE LAW.
a. United States. If you acquired the licensed content in the United States, Washington state law
governs the interpretation of this agreement and applies to claims for breach of it, regardless of
conflict of laws principles. The laws of the state where you live govern all other claims, including
claims under state consumer protection laws, unfair competition laws, and in tort.
b. Outside the United States. If you acquired the licensed content in any other country, the laws
of that country apply.
14. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the
laws of your country. You may also have rights with respect to the party from whom you acquired the
licensed content. This agreement does not change your rights under the laws of your country if the
laws of your country do not permit it to do so.
15. DISCLAIMER OF WARRANTY. THE LICENSED CONTENT IS LICENSED AS-IS. YOU BEAR
THE RISK OF USING IT. MICROSOFT GIVES NO EXPRESS WARRANTIES, GUARANTEES OR
CONDITIONS. YOU MAY HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL
LAWS WHICH THIS AGREEMENT CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER
YOUR LOCAL LAWS, MICROSOFT EXCLUDES THE IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by
calling +1 800-785-3448.
16. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER
FROM MICROSOFT AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO U.S. $5.00. YOU
CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS,
SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.
This limitation applies to
anything related to the licensed content, software, services, content (including code) on third party
Internet sites, or third party programs; and
claims for breach of contract, breach of warranty, guarantee or condition, strict liability,
negligence, or other tort to the extent permitted by applicable law.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The
above limitation or exclusion may not apply to you because your country may not allow the exclusion
or limitation of incidental, consequential or other damages.
Please note: As this licensed content is distributed in Quebec, Canada, some of the clauses in
this agreement are provided below in French.
Remarque : Ce le contenu sous licence tant distribu au Qubec, Canada, certaines des
clauses dans ce contrat sont fournies ci-dessous en franais.
EXONRATION DE GARANTIE. Le contenu sous licence vis par une licence est offert tel quel .
Toute utilisation de ce contenu sous licence est votre seule risque et pril. Microsoft naccorde aucune
autre garantie expresse. Vous pouvez bnficier de droits additionnels en vertu du droit local sur la
protection dues consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit
locale, les garanties implicites de qualit marchande, dadquation un usage particulier et dabsence de
contrefaon sont exclues.
LIMITATION DES DOMMAGES-INTRTS ET EXCLUSION DE RESPONSABILIT POUR LES
DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de
dommages directs uniquement hauteur de 5,00 $ US. Vous ne pouvez prtendre aucune indemnisation
pour les autres dommages, y compris les dommages spciaux, indirects ou accessoires et pertes de
bnfices.
Cette limitation concerne:
tout ce qui est reli au le contenu sous licence , aux services ou au contenu (y compris le code)
figurant sur des sites Internet tiers ou dans des programmes tiers ; et
les rclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilit
stricte, de ngligence ou dune autre faute dans la limite autorise par la loi en vigueur.
Elle sapplique galement, mme si Microsoft connaissait ou devrait connatre lventualit dun tel
dommage. Si votre pays nautorise pas lexclusion ou la limitation de responsabilit pour les dommages
indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou lexclusion ci-dessus
ne sappliquera pas votre gard.
EFFET JURIDIQUE. Le prsent contrat dcrit certains droits juridiques. Vous pourriez avoir dautres
droits prvus par les lois de votre pays. Le prsent contrat ne modifie pas les droits que vous confrent les
lois de votre pays si celles-ci ne le permettent pas.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by
calling +1 800-785-3448.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by
calling +1 800-785-3448.
Thank you for taking our training! Weve worked together with our Microsoft Certied Partners
for Learning Solutions and our Microsoft IT Academies to bring you a world-class learning
experiencewhether youre a professional looking to advance your skills or a
student preparing for a career in IT.
2008 Deployment
Contents:
Lesson 1: Overview of Change Management 1-3
Lesson 2: Planning a Single-Server Installation 1-23
Lesson 3: Performing a Single-Server Installation 1-38
Lesson 4: Automating Windows Server Deployment 1-49
Lab: Planning Windows Server 2008 Deployment 1-60
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by
calling +1 800-785-3448.
1-2 Planning for Windows Server 2008 Servers
Module Overview
The deployment of Windows Server 2008 must be carefully planned before it is
performed. This includes identifying the change management process to be used,
identifying the appropriate edition of Windows Server 2008, and evaluating
hardware considerations and applications considerations. Automating the
deployment of Windows Server 2008 with answer files or other technologies
should be evaluated. Failure to properly plan the deployment of Windows Server
2008 could result in downtime to critical business systems.
Objectives
After completing this module, you will be able to:
Describe how change management affects a deployment project.
Plan the deployment of a single computer running Windows Server 2008.
Describe how to perform a single-server installation.
Determine how to automatically deploy Windows Server 2008.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by
calling +1 800-785-3448.
Planning Windows Server 2008 Deployment 1-3
Lesson 1
Overview of Change Management
Change management is an essential part of information technology management
for any organization. Using a change management process consistently results in
greater uptime for systems and faster troubleshooting processes. Two common
frameworks for managing change are the Information Technology Infrastructure
Library (ITIL) and Microsoft
Filter in
Microsoft
Internet
Explorer
8
Host
Portable storage
Operating system flaws
Portable computers
Prevent the use of portable
storage devices for
computers
Ensure that Windows
updates are being applied
Use real-time scanning in
Windows Defender
Use NAP to prevent
unhealthy computers from
connecting to the network
Run antivirus software that
can be centrally monitored
with daily updates
Internal network
Portable computers Use intrusion detection to
monitor for unusual
network traffic
Perimeter
Web pages Implement malware
scanning on a Web proxy
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L7-76 Lab: Planning Server and Network Security
(continued)
Layer Risk Mitigation
Physical security
Policies, procedures,
and awareness
Staff may try to
circumvent security
policies with portable
storage.
Create an acceptable use
policy and ensure that staff
are educated about its
contents
Results: After this exercise, you should have a completed security plan for the new
finance application and a plan for preventing malware on the network.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning Server and Network Security L7-77
Exercise 2: Implementing Windows Firewall Rules
Task 1: Start the virtual machines and log on
1. On your host machine, click Start, point to All Programs, point to Microsoft
Learning, and then click 6430B. The Lab Launcher starts.
2. In the Lab Launcher, next to 6430B-SEA-DC1, click Launch.
3. Log on to 6430B-SEA-DC1 as ADATUM\Administrator with the password
Pa$$w0rd.
4. In the Lab Launcher, next to 6430B-SEA-CL1, click Launch.
5. Log on to 6430B-SEA-CL1 as ADATUM\Administrator with the password
Pa$$w0rd.
6. Minimize the Lab Launcher window.
Task 2: Create a group for the finance computers
1. On SEA-DC1, click Start, point to Administrative Tools, and click Active
Directory Users and Computers.
2. In the Active Directory Users and Computers window, if necessary, expand
Adatum.com and then click Computers.
3. Right-click Computers, point to New, and then click Group.
4. In the Group name box, type Finance Computers and then click OK.
5. Right-click SEA-CL1 and click Add to a group.
6. In the Enter the object names to select box, type Finance Computers and
then click OK.
7. Click OK to clear the message about successful completion.
8. Close Active Directory Users and Computers.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L7-78 Lab: Planning Server and Network Security
Task 3: Create a connection security rule for authentication to the
finance server
1. On SEA-DC1, click Start, point to Administrative Tools, and click Group
Policy Management.
2. In Group Policy Management, expand Forest: Adatum.com, expand
Domains, and click Adatum.com.
3. Right-click Adatum.com and click Create a GPO in this domain, and Link it
here.
4. In the New GPO window, in the Name box, type Secure Financial
Application and click OK.
5. Right-click Secure Financial Application, and click Edit.
6. In the Group Policy Management Editor window, under Computer
Configuration, expand Policies, expand Windows Settings, expand Security
Settings, expand Windows Firewall with Advanced Security, expand
Windows Firewall with Advanced Security, and click Connection Security
Rules.
7. Right-click Connection Security Rules and click New Rule.
8. In the New Connection Security Rule Wizard window, on the Rule Type page,
click Server-to-server, and then click Next.
9. On the Endpoints page, in the Endpoint 1 area, click These IP addresses, and
then click Add.
10. In the IP Address window, in the This IP address or subnet box, type
10.10.0.10, and then click OK.
11. On the Endpoints page, click Next.
12. On the Requirements page, click Request authentication for inbound and
outbound connections, and then click Next.
13. On the Authentication Method page, click Advanced and then click
Customize.
14. In the Customize Advanced Authentication Methods window, in the First
authentication area, click Add, click Computer (Kerberos V5), and click OK.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning Server and Network Security L7-79
15. In the Customize Advanced Authentication Methods window, click OK and
then click Next.
16. On the Profile page, click Next.
17. On the Name page, in the Name box, type Enable Authentication and then
click Finish.
18. Close all open windows.
Task 4: Create a firewall rule to restrict access to the finance
application
1. On SEA-DC1, click Start, point to Administrative Tools, and click Windows
Firewall with Advanced Security.
2. In the left pane, click Inbound Rules.
3. Right-click Inbound Rules and then click New Rule.
4. In the New Inbound Rule Wizard window, on the Rule Type page, click Port
and then click Next.
5. On the Protocol and Ports page, click TCP.
6. In the Specific local ports box, type 80,443 and then click Next.
7. On the Action page, click Allow the connection if it is secure, select the
Require the connections to be encrypted check box, and then click Next.
8. On the Users and Computers page, select the Only allow connections from
these computers check box and then click Add.
9. In the Enter the object names to select box, type Finance Computers and
then click OK.
10. Click Next to continue.
11. On the Profile page, click Next.
12. On the Name page, in the Name box, type Restrict Access to Finance
Application and then click Finish.
13. Close all open windows.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L7-80 Lab: Planning Server and Network Security
Task 5: Force Group Policy updates
1. On SEA-DC1, click Start, click Run, type gpupdate, and press ENTER.
2. On SEA-CL1, click Start, click Run, type gpupdate, and press ENTER.
3. Restart SEA-CL1 and log on as Adatum\Administrator with a password of
Pa$$w0rd.
Task 6: Test the application of rules
1. On SEA-CL1, click Start and click Internet.
2. In Internet Explorer, in the address bar, type http://10.10.0.10 and then
press ENTER.
3. Click Start, type Firewall, and then click Windows Firewall with Advanced
Security.
4. Expand Monitoring, expand Security Associations, and then click Main
Mode. Notice that there is a connection between 10.10.0.50 and 10.10.0.10.
5. Close all open windows.
Note: Negotiation of IPsec policies may be slow in the virtualized environment. A wait of
2 or 3 minutes is possible before the negotiation is complete and you are able to access
the Web site at 10.10.0.10.
Results: After this exercise, you should have successfully implemented firewall rules.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning Server and Network Security L7-81
Exercise 3: Implementing a VPN Server
Task 1: Install Active Directory Certificate Services
1. On SEA-DC1, click Start and click Server Manager.
2. In the left pane, click Roles and then click Add Roles.
3. Click Next to begin the Add Roles Wizard.
4. Select the Active Directory Certificate Services check box and click Next.
5. Click Next on the Introduction to Active Directory Certificate Services page.
6. Ensure that the Certification Authority check box is selected.
7. Select the Certification Authority Web Enrollment check box, click Add
Required Role Services, and click Next.
8. Ensure that Enterprise is selected, and click Next.
9. Ensure that Root CA is selected, and click Next.
10. Ensure that Create a new private key is selected, and click Next.
11. Click Next to accept the default cryptography settings.
12. Click Next to accept the default CA name of Adatum-SEA-DC1-CA.
13. Click Next to accept the default validity period of 5 years.
14. Click Next to accept the default database and log locations.
15. Click Next on the Web Server (IIS) page.
16. Click Next on the Select Role Services page.
17. Click Install on the Confirm Installation Selections page.
18. After installation is complete, click Close and close Server Manager.
Task 2: Create an SSL certificate
1. On SEA-DC1, click Start, point to Administrative Tools, and click Internet
Information Services (IIS) Manager.
2. In the left pane, click SEA-DC1 (Adatum\Administrator) and double-click
Server Certificates.
3. In the actions pane, click Create Domain Certificate.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L7-82 Lab: Planning Server and Network Security
4. Enter the following and then click Next:
a. Common name: SEA-DC1.Adatum.com
b. Organization: A. Datum
c. Organizational unit: IT
d. City/locality: Seattle
e. State/province: Washington
f. Country/region: US
5. In the Specify Online Certification Authority box, type Adatum-SEA-DC1-
CA\SEA-DC1.Adatum.com.
6. In the Friendly name box, type WebSSL and click Finish.
7. Close Internet Information Services (IIS) Manager.
Task 3: Configure RRAS
1. On SEA-DC1, click Start, point to Administrative Tools, and click Routing
and Remote Access.
2. Right-click SEA-DC1 (local) and click Configure and Enable Routing and
Remote Access.
3. Click Next to start the Routing And Remote Access Server Setup Wizard.
4. Click Custom configuration and click Next.
Note: A custom configuration is required because this server has only a single network
card. In most cases, you could use the Remote Access (Dial-Up Or VPN) configuration.
5. Select the VPN access check box and click Next.
6. Click Finish.
7. Click Start Service.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning Server and Network Security L7-83
Task 4: Create a network policy to allow VPN access
1. On SEA-DC1, click Start, point to Administrative Tools, and click Network
Policy Server.
2. In the left pane, expand Policies and click Network Policies.
3. Right-click Network Policies and click New.
4. In the Policy name box, type Allow Domain Admins, and then click Next.
5. In the Specify Conditions window, click Add.
6. Click Windows Groups and click Add.
7. Click Add Groups, type Domain Admins, and click OK.
8. Click OK, and then click Next.
9. Click Access granted and then click Next.
10. Click Next to accept the default authentication types.
11. Click Next to accept the default constraints.
12. Click Next to accept the default settings.
13. Click Finish and close Network Policy Server.
Task 5: Configure the client with a trusted root certificate
1. On SEA-CL1, click Start and click Internet.
2. In the address bar, type http://SEA-DC1.Adatum.com/certsrv and press
ENTER.
3. Log on as Adatum\Administrator with a password of Pa$$w0rd.
4. Click Download a CA certificate, certificate chain, or CRL.
5. If necessary, click Close to clear the information about the information bar.
6. Click Download CA certificate and click Open.
7. When the Certificate window opens, click Install Certificate.
8. Click Next to start the Certificate Import Wizard.
9. Select Automatically select the certificate store based on the type of
certificate and click Next.
10. Click Finish.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L7-84 Lab: Planning Server and Network Security
11. Click OK to close the Certificate Import Wizard dialog box.
12. Click OK to close the Certificate window.
13. Close Internet Explorer.
14. Click Start, and in the Start Search box, type mmc, then press ENTER.
15. Click File and click Add/Remove Snap-in.
16. Double-click Certificates, click My user account and click Finish.
17. Double-click Certificates, click Computer account, and click Next.
18. Click Local computer: (the computer this console is running on) and click
Finish.
19. Click OK.
20. In the left pane, expand Certificates Current User, expand Intermediate
Certification Authorities, and click Certificates.
21. Right-click Adatum-SEA-DC1-CA and click Copy.
22. In the left pane, expand Certificates (Local Computer), expand Trusted Root
Certification Authorities, and then click Certificates.
23. Right-click Certificates and click Paste.
24. Close the MMC window.
25. Click No when prompted to save settings.
Task 6: Configure and test an SSTP VPN connection
1. On SEA-CL1, click Start and click Connect To.
2. Click Set up a connection or network.
3. Click Connect to a workplace and click Next.
4. Click Use my Internet connection (VPN).
5. Click Ill set up an Internet connection later.
6. In the Internet address box, type SEA-DC1.Adatum.com.
7. In the Destination name box, type Adatum VPN and then click Next.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning Server and Network Security L7-85
8. Click Create without entering a username and password.
9. Click Close.
10. Click Start and click Connect To.
11. Right-click Adatum VPN and click Properties.
12. Click the Networking tab.
13. In the Type of VPN box, select Secure Socket Tunneling Protocol (SSTP)
and then click OK.
14. Click Connect.
15. Log on as Adatum\Administrator with a password of Pa$$w0rd.
16. Click Close to close the Connect To A Network window.
17. Click Start and click Connect To.
Verify that the status of the connection is connected.
18. Click Disconnect.
19. Close all open windows.
Note: If you experience an error during your connection attempt, review the
configuration of your SSTP listener by using the instructions from Setting Up
The SSTP Listener And Verifying It in the Routing and Remote Access Blog at
http://blogs.technet.com/rrasblog/archive/2007/03/07/configuration-of-sstp-listener-
and-verification.aspx. In particular, you must manually remove and replace the certificate
used by SSTP if you want to change it.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L7-86 Lab: Planning Server and Network Security
Exercise 4: Implementing NAP with DHCP Enforcement
Task 1: Install Network Policy Server
1. On SEA-DC1, click Start and click Server Manager.
2. In the left pane, expand Roles and then click Network Policy and Access
Services.
3. If necessary, scroll down, and then click Add Role Services.
4. On the Select Role Services page, select the Network Policy Server check
box, and then click Next.
5. On the Confirm Installation Selections page, click Install.
6. When installation is complete, click Close.
7. Close Server Manager.
Task 2: Configure NPS
1. On SEA-DC1, click Start, point to Administrative Tools, and then click
Network Policy Server.
2. If necessary, in the left pane, click NPS (Local).
3. In the Standard Configuration area, select Network Access Protection
(NAP) and click Configure NAP.
4. In the drop-down list box, select Dynamic Host Configuration Protocol
(DHCP) as the connection method.
5. Accept NAP DHCP as the policy name, and click Next.
6. Click Next to skip the configuration of RADIUS clients. This is not necessary
because DHCP is running on the NPS server.
7. On the Specify DHCP Scopes page, click Next.
8. On the Configure User Group and Machine Groups page, click Next.
9. On the Specify a NAP Remediation Server Group and URL page, click Next.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning Server and Network Security L7-87
10. On the Define NAP Health Policy page, ensure that the following are selected,
and then click Next.
a. Windows Security Health Validator
b. Enable auto-remediation of client computers
c. Deny full network access to NAP-ineligible client computers. Allow access
to a restricted network only.
11. Review the settings and click Finish.
12. Expand Policies and click Connection Request Policies. Notice that a NAP
DHCP policy has been created by the wizard.
13. Click Network Policies. Notice that several policies for NAP have been created
by the wizard.
14. Click Health Policies. Notice that two policies for NAP have been created by
the wizard.
15. Close Network Policy Server.
Task 3: Configure DHCP
1. Click Start, point to Administrative Tools, and then click DHCP.
2. Expand SEA-DC1.adatum.com, expand IPv4, and then click Scope
[10.10.0.0] Adatum.
3. Right-click Scope [10.10.0.0] Adatum, and click Properties.
4. Click the Network Access Protection tab, click Enable for this scope, click
Use default Network Access Protection profile, and then click OK.
5. Expand Scope [10.10.0.10] Adatum, click Scope Options, right-click Scope
Options, and click Configure Options.
6. Click the Advanced tab, and in the User class box, select Default Network
Access Protection Class.
7. Select the 006 DNS Servers check box. In the IP Address box, type
10.10.0.10, and then click Add.
8. Select the 015 DNS Domain Name check box. In the String value box, type
restricted.adatum.com, and click OK.
9. Close DHCP.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L7-88 Lab: Planning Server and Network Security
Task 4: Configure NAP Client by using Group Policy
1. On SEA-DC1, click Start, point to Administrative Tools, and then click Active
Directory Users and Computers.
2. In the left pane, right-click Adatum.com, point to New, and click
Organizational Unit.
3. In the Name box, type NAP Clients, and then click OK.
4. In the left pane, click Computers.
5. Right-click SEA-CL1 and click Move.
6. Click NAP Clients, and click OK.
7. Close Active Directory Users and Computers.
8. Click Start, point to Administrative Tools, and click Group Policy
Management.
9. Under Forest: Adatum.com, under Domains, expand Adatum.com, and then
click NAP Clients.
10. Right-click NAP Clients and click Create a GPO in this domain, and Link it
here.
11. In the Name box, type DHCP NAP Client and click OK.
12. Right-click DHCP NAP Client and click Edit.
13. In the left pane, browse to Computer Configuration\Policies\Administrative
Templates\Windows Components\Security Center.
14. Double-click Turn on Security Center (Domain PCs only), click Enabled,
and then click OK.
15. Browse to Computer Configuration\Policies\Windows Settings\Security
Settings\System Services and double-click Network Access Protection
Agent.
16. Select the Define this policy setting check box, click Automatic, and click
OK.
17. In the left pane, in Security Settings, expand Network Access Protection,
expand NAP Client Configuration, and then click Enforcement Clients.
18. Right-click DHCP Quarantine Enforcement Client and click Enable.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning Server and Network Security L7-89
19. In the left pane, right-click NAP Client Configuration and click Apply.
20. Close the Group Policy Management Editor.
21. Close Group Policy Management.
Task 5: Configure networking on the client
1. Restart SEA-CL1, and log on as Adatum\Administrator with a password of
Pa$$w0rd.
2. Click Start, in the Start Search box, type cmd, and then press ENTER.
3. Type gpupdate and press ENTER.
If an error occurs, wait a few moments and try again. The error is the
result of the authentication negotiation for the connection security rule in
a previous exercise.
To verify connectivity to SEA-DC1, you can use Internet Explorer to access
the http://10.10.0.10 Web site.
4. Close the command prompt.
5. Click Start, right-click Network, and click Properties.
6. Under Tasks, click Manage network connections.
7. Right-click Local Area Connection and click Properties.
8. Click Internet Protocol Version 4 (TCP/IPv4) and click the Properties
button.
9. Click Obtain an IP address automatically, click Obtain DNS server address
automatically, and then click OK.
10. Click Close and close all open windows.
Wait a few moments, and in most cases a warning about limited network
access will appear in the system tray. If this warning does not appear after a
few moments, continue with the next step. You will verify that the client
computer is on the restricted network in step 12.
11. Click Start, in the Start Search box, type cmd, and then press ENTER.
12. At the command prompt, type ipconfig /all and press ENTER. Notice that an
IPv4 address has been configured, but the subnet mask is 255.255.255.255
and the Connection-specific DNS suffix is restricted.adatum.com.
13. Close the command prompt.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L7-90 Lab: Planning Server and Network Security
Task 6: Configure the SHV
1. On SEA-DC1, click Start, point to Administrative Tools, and then click
Network Policy Server.
2. In the left pane, expand Network Access Protection and click System Health
Validators.
3. Right-click Windows Security Health Validator, and click Properties.
4. Click the Configure button.
5. On the Windows Vista tab, deselect all check boxes except A firewall is
enabled for all network connections, and then click OK.
6. Click OK to close the Windows Security Health Validator Properties window.
7. Close Network Policy Server.
Task 7: Test compliance and auto-remediation on the client
1. On SEA-CL1, click Start, type cmd, and press ENTER.
2. Type ipconfig /renew and press ENTER. Notice that SEA-CL1 now has a
default gateway, a subnet mask of 255.255.0.0, and the Connection-specific
DNS suffix is Adatum.com.
3. Close the command prompt.
4. Click Start, and click Control Panel.
5. Click Security, and click Windows Firewall.
6. Click Change settings.
7. Click Off and click OK. Notice that Windows Firewall status is off only briefly
before being turned back on by the NAP client.
8. Close all open windows.
To prepare for the next module
1. For each running virtual machine, close the Virtual Machine Remote Control
(VMRC) window.
2. In the Close box, select Turn off machine and discard changes. Click OK.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning Server Administration L8-91
Module 8: Planning Server Administration
Lab: Planning Server
Administration
Exercise 1: Planning for Branch Office Administration
Task 1: Read the supporting documentation
Read the supporting documentation.
Task 2: Update the Branch Office Delegation document with your
proposals
Answer the questions in the Branch Office Delegation document.
Branch Office Delegation
Document Reference Number: GW0511/1
Document Author
Date
Gregory Weber
5th November
Requirement Overview
Determine which tasks can be delegated to Joe Healy in Sales.
Specify how this delegation will be achieved.
Additional Information
None
Proposals
1. Which features will you need to install on a recently deployed departmental
server to support administrative delegation?
Answer: Answers will vary, but in order to support the Windows PowerShell
scripts, the server will require Windows PowerShell. Because client computers
are not allowed to host management and administration tools, the local server
must have the Remote Server Administration Tools feature installed.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L8-92 Lab: Planning Server Administration
(continued)
Branch Office Delegation
Proposals (continued)
2. How will you manage the requirement that Joe needs to be able to manage
which GPOs apply to the Sales OU without giving him the ability to edit the
GPO settings?
Answer: Assign a group to which Joe belongs, the Manage Group Policy links
Active Directory permission on the Sales OU.
3. What delegated permissions will you give to Joe in Active Directory?
Answer: Aside from the Manage Group Policy links permission, these
additional permissions are required on the Sales OU in order to administer
Users, Groups, and Computers:
Create, delete, and manage user accounts
Reset user passwords and force password change at next logon
Read all user information
Create, delete, and manage groups
Modify the membership of a group
Create and delete computer objects
4. How will you achieve this?
Answer: The Delegate Control wizard will enable you to establish most of
these permissions as common tasks. However, the computer administration
permissions need to be assigned manually, or as custom tasks.
5. Because you are not permitted to grant Joe any delegated permissions
directly, how will you achieve the required delegation?
Answer: Create a global group and add Joe to the group; grant that group
permissions.
Results: After this exercise, you should have a completed Branch Office Delegation
proposal document.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning Server Administration L8-93
Exercise 2: Delegating Administration to Branch Office
Personnel
Task 1: Start the virtual machines, and then log on
1. On your host machine, click Start, point to All Programs, point to Microsoft
Learning, and then click 6430B. The Lab Launcher starts.
2. In the Lab Launcher, next to 6430B-SEA-DC1, click Launch.
3. In the Lab Launcher, next to 6430B-SEA-SVR1, click Launch.
4. In the Lab Launcher, next to 6430B-SEA-CL1, click Launch.
5. Log on to 6430B-SEA-DC1 as ADATUM\Administrator with the password
Pa$$w0rd.
6. Log on to 6430B-SEA-SVR1 as ADATUM\Administrator with the password
Pa$$w0rd.
7. Minimize the Lab Launcher window.
Task 2: Create the necessary security group
1. Switch to the SEA-DC1 computer.
2. Click Start, point to Administrative Tools, and then click Active Directory
Users and Computers.
3. In Active Directory Users and Computers, expand Adatum.com, and then
click the Sales organizational unit.
4. Right-click Sales, click New, and then click Group.
5. In the New Object Group dialog box, in the Group name box, type Sales-
Admins, and then click OK.
6. In the results pane, double-click Sales-Admins.
7. In the Sales-Admins Properties dialog box, click the Members tab, and then
click Add.
8. In the Select Users, Contacts, Computers, or Groups dialog box, in the Enter
the object names to select (examples) box, type Joe, click Check Names, and
then click OK.
9. In the Sales-Admins Properties dialog box, click OK.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L8-94 Lab: Planning Server Administration
Task 3: Delegate control of the Sales organizational unit
1. In the navigation pane, right-click Sales, and then click Delegate Control.
2. In the Delegation of Control Wizard, click Next.
3. On the Users or Groups page, click Add.
4. In the Select Users, Computers, or Groups dialog box, in the Enter the
object names to select (examples) box, type Sales-admins, click Check
Names, and then click OK.
5. On the Users or Groups page, click Next.
6. On the Tasks to Delegate page, in the Delegate the following common tasks
list, select the following check boxes, and then click Next:
Create, delete, and manage user accounts
Reset user passwords and force password change at next logon
Read all user information
Create, delete, and manage groups
Modify the membership of a group
Manage Group Policy links
7. On the Completing the Delegation of Control Wizard page, click Finish.
8. In Active Directory Users and Computers, click View, and then click
Advanced Features.
9. Right-click Sales, and then click Properties.
10. In the Sales Properties dialog box, click the Security tab, and then click
Advanced.
11. In the Advanced Security Settings for Sales dialog box, click Add.
12. In the Select User, Computer, or Group dialog box, in the Enter the object
name to select (examples) box, type Sales-admins, click Check Names, and
then click OK.
13. In the Permission Entry for Sales dialog box, in the Permissions list, select
the following check boxes, and then click OK:
Create Computer objects/Allow
Delete Computer objects/Allow
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning Server Administration L8-95
14. In the Advanced Security Settings for Sales dialog box, click Add.
15. In the Select User, Computer, or Group dialog box, in the Enter the object
name to select (examples) box, type Sales-admins, click Check Names, and
then click OK.
16. In the Permission Entry for Sales dialog box, in the Apply to list, click
Descendant Computer objects.
17. In the Permissions list, click Full control/Allow, and then click OK.
18. In the Advanced Security Settings for Sales dialog box, click OK.
19. In the Sales Properties dialog box, click OK.
20. Close Active Directory Users and Computers.
Task 4: Configure group membership on the SEA-SVR1 server
1. Switch to the SEA-SVR1 computer.
2. Click Start, and then click Server Manager.
3. In Server Manager, in the navigation tree, expand Configuration, expand
Local Users and Groups, and then click Groups.
4. In the Groups list, double-click Administrators.
5. In the Administrators Properties dialog box, click Add, and in the Select
Users, Computers, or Groups dialog box, in the Enter the object names to
select (examples) box, type Sales-admins, click Check Names, and then click
OK.
6. In the Administrators Properties dialog box, click OK.
Task 5: Enable remote desktop on SEA-SVR1
1. Click Start, right-click Computer, and then click Properties.
2. In the Tasks list, click Remote settings.
3. In the System Properties dialog box, click Allow connections only from
computers running Remote Desktop with Network Level Authentication
(more secure).
4. In the Remote Desktop dialog box, click OK.
5. In the System Properties dialog box, click Select Users.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L8-96 Lab: Planning Server Administration
6. In the Remote Desktop Users dialog box, click Add.
7. In the Select Users or Groups dialog box, in the Enter the object name to
select (examples) box, type Sales-admins, click Check Names, and then click
OK.
8. In the Remote Desktop Users dialog box, click OK.
9. In the System Properties dialog box, click OK.
10. Close System.
Task 6: Install Windows PowerShell and RSAT on SEA-SVR1
1. Click Start, and then click Server Manager.
2. In Server Manager, in the navigation tree, click Features.
3. In the results pane, under Features Summary, click Add Features.
4. In the Add Features Wizard, on the Select Features page, expand Remote
Server Administration Tools.
5. Expand Role Administration Tools, and then select the Active Directory
Domain Services Tools check box.
6. Select the Windows PowerShell check box, and then click Next.
7. On the Confirm Installation Selections page, click Install, and then when
prompted, click Close, and in the Add Features Wizard dialog box, click Yes.
8. Log on to 6430B-SEA-SVR1 as ADATUM\Administrator with the password
Pa$$w0rd.
9. In the Resume Configuration Wizard, click Close.
10. Close Server Manager.
Task 7: Perform branch administration
1. Switch to the SEA-CL1 computer.
Note: if you are already logged on as Joe, please log off and then proceed with the lab.
2. Log on as ADATUM\Joe with the password Pa$$w0rd.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning Server Administration L8-97
3. Click Start, and in the Start Search box, type mstsc.exe, and then press
ENTER.
4. In the Remote Desktop Connection dialog box, in the Computer list, type
10.10.0.100, and then click Connect.
5. In the Windows Security dialog box, in the User name box, type
adatum\Joe.
6. In the Password box, type Pa$$w0rd, and then click OK.
7. Click Start, point to Administrative Tools, and then click Active Directory
Users and Computers.
8. In the User Account Control dialog box, click Continue.
9. In Active Directory Users and Computers, expand Adatum.com, and then
click the Sales organizational unit.
10. In the results pane, right-click Tom Higginbotham, and then click Delete.
11. In the Active Directory Domain Services dialog box, click Yes.
12. Right-click Sales, click New, and then click Computer.
13. In the New Object Computer dialog box, in the Computer name box, type
Sales-1 and then click OK.
Task 8: Create and run a Windows PowerShell script
1. Click Start, point to All Programs, click Windows PowerShell 1.0, right-click
Windows PowerShell, and then click Run as administrator.
2. In the User Account Control dialog box, click Continue.
3. At the Windows PowerShell Command Prompt, type notepad user.ps1 and
then press ENTER.
4. In the Notepad dialog box, click Yes.
5. In Notepad, type the following lines of code:
$objOU = [ADSI]"LDAP://OU=sales,DC=Adatum,DC=com"
$objUSR = $objOU.Create("User","cn=Tom Higginbotham")
$objUSR.Put("SAMACCOUNTNAME","Tom")
$objUSR.SetInfo()
6. Click File, click Save, and then close Notepad.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L8-98 Lab: Planning Server Administration
7. At the Windows PowerShell Command Prompt, type set-executionpolicy
remotesigned, and then press ENTER.
8. At the Windows PowerShell Command Prompt, type ./user.ps1 and then
press ENTER.
9. Switch to Active Directory Users and Computers.
10. Refresh the view.
11. Right-click Tom Higginbotham, and then click Enable Account.
12. Close all open windows.
To prepare for the next module
1. For each running virtual machine, close the Virtual Machine Remote Control
(VMRC) window.
2. In the Close box, select Turn off machine and discard changes. Click OK.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning and Implementing Monitoring and Maintenance L9-99
Module 9: Planning and Implementing
Monitoring and Maintenance
Lab: Planning and Implementing
Monitoring and Maintenance
Exercise 1: Evaluating Performance Metrics
Task 1: Start the virtual machines, and then log on
1. On your host machine, click Start, point to All Programs, point to Microsoft
Learning, and then click 6430B. The Lab Launcher starts.
2. In the Lab Launcher, next to 6430B-SEA-DC1, click Launch.
3. In the Lab Launcher, next to 6430B-SEA-SVR1, click Launch.
4. Log on to 6430B-SEA-DC1 as ADATUM\Administrator with the password
Pa$$w0rd.
5. Log on to 6430B-SEA-SVR1 as ADATUM\Administrator with the password
Pa$$w0rd.
6. Minimize the Lab Launcher window.
Task 2: Identify performance problems with Windows Server 2008 -
Part A
You know that the server 6430A-NYC-SVR1 experiences low network traffic and
has limited disk activity, but the help desk is receiving many reports that the server
is slow.
1. Switch to the SEA-SVR1 computer.
2. Click Start, point to Administrative Tools, and then click Reliability and
Performance Monitor.
3. Expand Monitoring Tools, and then click Performance Monitor.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L9-100 Lab: Planning and Implementing Monitoring and Maintenance
4. In Performance Monitor, click the View Log Data button (CTRL+L).
5. In the Performance Monitor Properties dialog box, on the Source tab, click
Log Files, and then click Add.
6. In the Select Log File dialog box, in the File name box, type
D:\Labfiles\Mod09\Ex1A\EX1A.blg, and then click Open.
7. In the Performance Monitor Properties dialog box, click OK.
8. In Performance Monitor, click Add (CTRL+I).
9. In the Add Counters dialog box, under Available counters, expand
Processor, and then click % Processor Time.
10. Under Instances of selected object, click 0, and then click Add.
11. In the Add Counters dialog box, under Available counters, expand System,
click Processor Queue Length, click Add, and then click OK.
12. View the graph of the CPU usage on 6430A-NYC-SVR1:
a. The maximum value is 100 percent.
b. The average value is 82.58 percent.
13. In Performance Monitor, click Add (CTRL+I).
14. In the Add Counters dialog box, under Available counters, expand Process,
and then click % Processor Time.
15. Under Instances of selected object, select <All Instances>, click Add, and
then click OK.
16. Review the % Processor Time used by each process. It is useful to use the
Highlight button (CTRL+ H) to view each instance. Identify the process that is
consuming the CPU.
Answer: The cpustres process is consuming most of the CPU time.
17. Close Reliability and Performance Monitor.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning and Implementing Monitoring and Maintenance L9-101
Task 3: Identify performance problems with Windows Server 2008
Part B
You know that the server 6430A-NYC-SVR1 is not running processor-intensive
applications, but the help desk is receiving many reports that the server is slow.
1. Click Start, point to Administrative Tools, and then click Reliability and
Performance Monitor.
2. Under Monitoring Tools, and then click Performance Monitor.
3. In Performance Monitor, click View Log Data (CTRL+L).
4. In the Performance Monitor Properties dialog box, on the Source tab, click
Log files, and then click Add.
5. In the Select Log File dialog box, in the File name box, type
D:\Labfiles\Mod09\Ex1B\EX1B.blg, and then click Open.
6. In the Performance Monitor Properties dialog box, click OK.
7. In Performance Monitor, click Add (CTRL+I).
8. In the Add Counters dialog box, under Available counters, expand Physical
Disk, and then click Avg. Disk Queue Length.
9. Under Instances of selected object, click 0 C:, and then click Add.
10. Under Available counters, click Current Disk Queue Length.
11. Under Instances of selected object, click 0 C:, and then click Add.
12. Under Available counters, click Disk Transfers/sec.
13. Under Instances of selected object, click 0 C:, and then click Add.
14. Under Available counters, expand Process, and then click IO Data Bytes/sec.
15. Under Instances of selected object, click <All Instances>, click Add, and then
click OK.
16. Review the IO Data Bytes/sec values for each process. It is useful to use the
Highlight button (Ctrl+H) to view each instance. Identify the process that is
consuming the disk transfer capacity.
Answer: The explorer process is consuming the disk resources.
17. Close the Reliability and Performance Monitor.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L9-102 Lab: Planning and Implementing Monitoring and Maintenance
Task 4: Identify performance problems with Windows Server 2008
Part C
You know that the server 6430A-NYC-SVR1 experiences low network traffic and is
not running processor-intensive applications, but the help desk is receiving many
reports that the server is slow.
1. Click Start, point to Administrative Tools, and then click Reliability and
Performance Monitor.
2. Under Monitoring Tools, and then click Performance Monitor.
3. In Performance Monitor, click View Log Data (CTRL+L).
4. In the Performance Monitor Properties dialog box, on the Source tab, click
Log files, and then click Add.
5. In the Select Log File dialog box, in the File name box, type
D:\Labfiles\Mod09\Ex1C\EX1C.blg, and then click Open.
6. In the Performance Monitor Properties dialog box, click OK.
7. In Performance Monitor, click Add (CTRL+I).
8. In the Add Counters dialog box, under Available counters, expand Process,
and then click Working Set -Private.
9. Under Instances of selected object, click <All Instances>, and then click Add.
10. Under Available counters, expand Paging File, click % Usage, hold down
CTRL, and then click % Usage Peak.
11. Under Instances of selected object, click \??\C:\pagefile.sys, and then click
Add.
12. Under Available counters, expand Memory, click % Committed Bytes In
Use, hold down CTRL and click Available MBytes, Committed Bytes, Page
Faults/sec, Pages/sec, Pool Nonpaged Bytes, Pool Paged Bytes, click Add,
and then click OK.
13. View the graph of the memory and process usage on 6430A-NYC-SVR1.
Review the minimum and maximum values for each process to locate the
problem. (The value for Available Mbytes drops to 4 MB.). Review the
Working Set - Private value for each process. It is useful to use the highlight
button (CTRL+H) to view each instance. Determine which process is
consuming memory.
Answer: The leakyapp processes are consuming memory.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning and Implementing Monitoring and Maintenance L9-103
Exercise 2: Monitoring Performance Metrics
Task 1: Create a data collector set to measure server requirements
1. In Reliability and Performance Monitor, expand Data Collector Sets, and then
click User Defined.
2. On the Action menu, point to New, and then click Data Collector Set.
3. In the Create new Data Collector Set dialog box, in the Name box, type File-
Server-Monitoring, and then click Next.
4. On the Which template would you like to use? page, ensure that System
Performance is selected, and then click Next.
5. On the Where would you like the data to be saved? page, accept the default
location, and then click Next.
6. On the Create the data collector set? page, click Finish.
7. In Reliability and Performance Monitor, double-click File-Server-Monitoring,
and then double-click Performance Counter. Review the properties and add
any additional objects and counters that are required. In the Performance
Counter Properties dialog box, click OK.
8. Right-click File-Server-Monitoring, and then click Properties.
9. In the File-Server-Monitoring Properties dialog box, on the Stop Condition
tab, in the Overall duration box, type 2, and then click OK.
10. In Reliability and Performance Monitor, right-click File-Server-Monitoring,
and then click Start.
11. In Reliability and Performance Monitor, on the Action menu, click Latest
Report.
12. Review the collected data. (After approximately two minutes, the report should
show the results of the data collector.)
13. Close the Reliability and Performance Monitor.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L9-104 Lab: Planning and Implementing Monitoring and Maintenance
Exercise 3: Configuring Data Collector Sets
Task 1: Generate an alert by using a data collector set
Create a user-defined data collector set and configure an alert to trigger when the
CPU reaches a critical state.
1. Click Start, point to All Programs, point to Administrative Tools, and then
click Reliability and Performance Monitor.
2. Select Data Collector Sets, and then double-click User Defined.
3. On the Action menu, point to New, and then click Data Collector Set.
4. In the Create new Data Collector Set dialog box, in the Name box, type High-
CPU-Monitoring
5. Click Create manually (Advanced), and then click Next.
6. On the What type of data do you want to include? page, click Performance
Counter Alert, and then click Next.
7. On the Which performance counters would you like to monitor? page, click
Add.
8. Under Available counters, expand Processor, and then click %Processor
Time.
9. Under Instances of selected object, click 0, click Add, and then click OK.
10. On the Which performance counters would you like to monitor? page, in
the Limit box, type 95 and then click Next.
11. On the Create the data collector set? page, click Finish.
12. In Reliability and Performance Monitor, double-click High-CPU-Monitoring,
and then double-click DataCollector01. (You may need to adjust the sample
interval time to trigger the alert.)
13. In the DataCollector01 Properties dialog box, on the Alert Action tab, select
the Log an entry in the application event log check box, and then click OK.
14. Close Reliability and Performance Monitor.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning and Implementing Monitoring and Maintenance L9-105
Exercise 4: Evaluating Trends
Scenario
In this exercise, you will compare your answers to the previous exercises with the
rest of the class, share your answers with other students, and learn alternative
methods to identify performance issues.
The main task for this exercise is to discuss your solutions with the class.
You should compare the performance counters that have been used and explain
why you have used specific counters to make your decision. You should also
consider other counters that other students have used.
To prepare for the next module
1. For each running virtual machine, close the Virtual Machine Remote Control
(VMRC) window.
2. In the Close box, select Turn off machine and discard changes. Click OK.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L9-106 Lab: Planning and Implementing Monitoring and Maintenance
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning High Availability and Disaster Recovery L10-107
Module 10: Planning High Availability and
Disaster Recovery
Lab: Planning High Availability and
Disaster Recovery
Exercise 1: Planning for Branch Office High Availability and
Data Recovery
Task 1: Read the supporting documentation
Read the supporting documentation.
Task 2: Update the High Availability for Sales Database document with
your proposals
Answer the questions in the High Availability for Sales Database document.
High Availability for Sales Database
Document Reference Number: GW1602/1
Document Author
Date
Gregory Weber
16th February
Requirement Overview
To provide a high-availability solution that ensures that the failure of any single
component will not cause the Sales database to become unavailable.
To ensure that the database is recoverable in the event of multiple disk failures.
Additional Information
All servers are installed with Windows Server2008 Enterprise Edition.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L10-108 Lab: Planning High Availability and Disaster Recovery
(continued)
High Availability for Sales Database
Proposals (continued)
1. In the current system, what component(s) is a point of failure?
Answer: The back-end database; the front-end Web servers; the storage that
hosts the database; the supply of power to all systems.
2. For each element, how would you propose to prevent a system failure
resulting from a component failure?
Answer: The back-end database. Implement Failover Clustering; this is
required because the database is statefulthat is, it contains data that
changes, and each client computers view of the system is different at a point
in time.
The front-end Web servers. Implement Network Load Balancing; the front end
is stateless, and contains no changing data. Client computers are indifferent as
to which Web server they connect through.
The storage that hosts the database. Consider implementing a RAID solution
for the storage that hosts the database.
The supply of power to all systems. An uninterruptable power supply (UPS)
does provide some uptime during a power failure, and often enough to
properly shut down a database to avoid corruption.
3. What Windows Server 2008 role or feature could help provide for each of
these proposals?
Answer: Windows Server 2008 provides the Network Load Balancing and
Failover Clustering features. Although disk fault tolerance can be provided
through the software, it is usually more appropriate to implement a fault-
tolerant array through hardware.
4. After implementing the roles or features proposed, is there any remaining
component that represents a single point of failure?
Answer: Loss or unavailability of a datacenter.
5. Have you any recommendations regarding this component(s)?
Answer: Alan Steiner mentioned that the database is to be replicated among
the branches. This will provide a contingency in the event of link-failure.
Results: After this exercise, you should have a completed High Availability for Sales
Database proposal document.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning High Availability and Disaster Recovery L10-109
Exercise 2: Implementing the High Availability and Disaster
Recovery Plan
Task 1: Start the virtual machines, and then log on
1. On your host machine, click Start, point to All Programs, point to Microsoft
Learning, and then click 6430B. The Lab Launcher starts.
2. In the Lab Launcher, next to 6430B-SEA-DC1, click Launch.
3. In the Lab Launcher, next to 6430B-SEA-SVR1, click Launch.
4. In the Lab Launcher, next to 6430B-SEA-SVR2, click Launch.
5. Log on to 6430B-SEA-DC1 as ADATUM\Administrator with the password
Pa$$w0rd.
6. Log on to 6430B-SEA-SVR1 as ADATUM\Administrator with the password
Pa$$w0rd.
7. Log on to 6430B-SEA-SVR2 as ADATUM\Administrator with the password
Pa$$w0rd.
8. Minimize the Lab Launcher window.
Task 2: Install NLB on SEA-SVR1
1. Switch to the SEA-SVR1 computer.
2. Click Start, and then click Server Manager.
3. In the navigation tree, click Features.
4. In the results pane, click Add Features.
5. In the Add Features Wizard, select the Network Load Balancing check box,
and then click Next.
6. On the Confirm Installation Selections page, click Install.
7. On the Installation Results page, click Close.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L10-110 Lab: Planning High Availability and Disaster Recovery
Task 3: Install IIS on SEA-SVR1
1. In Server Manager, in the navigation tree, click Roles.
2. In the results pane, click Add Roles.
3. In the Add Roles Wizard, click Next.
4. In the Roles list, select the Web Server (IIS) check box. Then in the Add
Roles Wizard dialog box, click Add Required Features, and click Next.
5. On the Web Server (IIS) page, click Next.
6. On the Select Role Services page, click Next.
7. On the Confirm Installation Selections page, click Install.
8. On the Installation Results page, click Close.
9. Close Server Manager.
Task 4: Create a Web site on SEA-SVR1
1. Click Start, and then click Command Prompt.
2. Type the following commands at the command prompt, and press ENTER
after each command:
Cd\inetpub\wwwroot
Xcopy \\sea-dc1\c$\inetpub\wwwroot\intranet\*.* /s
Exit
Task 5: Install NLB on SEA-SVR2
1. Switch to the SEA-SVR2 computer.
2. Click Start, and then click Server Manager.
3. In the navigation tree, click Features.
4. In the results pane, click Add Features.
5. In the Add Features Wizard, select the Network Load Balancing check box,
and then click Next.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning High Availability and Disaster Recovery L10-111
6. On the Confirm Installation Selections page, click Install.
7. On the Installation Results page, click Close.
Task 6: Install IIS on SEA-SVR2
1. In Server Manager, in the navigation tree, click Roles.
2. In the results pane, click Add Roles.
3. In the Add Roles Wizard, click Next.
4. In the Roles list, select the Web Server (IIS) check box. Then in the Add
Roles Wizard dialog box, click Add Required Features, and click Next.
5. On the Web Server (IIS) page, click Next.
6. On the Select Role Services page, click Next.
7. On the Confirm Installation Selections page, click Install.
8. On the Installation Results page, click Close.
9. Close Server Manager.
Task 7: Create a Web site on SEA-SVR2
1. Click Start, and then click Command Prompt.
2. Type the following commands at the command prompt, and press ENTER
after each command:
Cd\inetpub\wwwroot
Xcopy \\sea-dc1\c$\inetpub\wwwroot\intranet\*.* /s
Exit
Task 8: Create the NLB cluster
1. Switch to the SEA-DC1 computer.
2. Click Start, and then click Server Manager.
3. In the navigation tree, click Features.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L10-112 Lab: Planning High Availability and Disaster Recovery
4. In the results pane, click Add Features.
5. In the Features list, expand Remote Server Administration Tools, expand
Feature Administration Tools, select the Network Load Balancing Tools
check box, and then click Next.
6. Click Install, and then click Close.
7. Close Server Manager.
8. Click Start, point to Administrative Tools, and then click Network Load
Balancing Manager.
9. When the Network Load Balancing Manager window opens, maximize the
window.
10. In the navigation tree, right-click Network Load Balancing Clusters, and then
click New Cluster.
11. In the New Cluster: Connect dialog box, in the Host field, type SEA-SVR1,
and then click Connect.
12. Click Next.
13. Click Next on the Host Parameters page.
14. On the Cluster IP Addresses page, click Add.
15. In the Add IP Address dialog box, in the IPv4 address field, type 10.10.10.10,
and press TAB. Then in the Subnet mask field, type 255.255.0.0.
16. Click OK, and then click Next.
17. On the Cluster Parameters page, in the Full Internet name field, type
webfarm.adatum.com.
18. Click Multicast, and then click Next.
19. On the Port Rules page, click Edit.
20. In the Add/Edit Port Rule dialog box, in the From field, type 80, and in the
To field, type 80.
21. Under Protocols, click TCP.
22. For Affinity, click None.
23. Click OK, and then click Finish.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning High Availability and Disaster Recovery L10-113
24. In the console tree, right-click webfarm.adatum.com, and then click Add Host
To Cluster.
25. In the Add Host to Cluster: Connect dialog box, in the Host field, type
SEA-SVR2, and then click Connect.
26. Click Next.
27. On the Host Parameters page, click Next.
28. On the Port Rules page, click Finish.
Task 9: Configure DNS records
1. Click Start, point to Administrative Tools, and then click DNS.
2. In DNS Manager, expand SEA-DC1, expand Forward Lookup Zones, expand
Adatum.com, and then right-click Adatum.com.
3. Click New Host (A or AAAA).
4. In the New Host dialog box, in the Name box, type webfarm.
5. In the IP address box, type 10.10.10.10, and then click Add Host.
6. In the DNS dialog box, click OK.
7. In the New Host dialog box, click Done.
8. Close DNS Manager.
Note: You will test the cluster at the end of the exercise.
Task 10: Install the Windows Server Backup features
1. Switch to the SEA-SVR1 computer.
2. Click Start, and then click Server Manager
3. In Server Manager, in the navigation tree, click Features.
4. In the results pane, click Add Features.
5. In the Features list, select the Windows Server Backup Features check box,
and then click Next.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L10-114 Lab: Planning High Availability and Disaster Recovery
6. On the Confirm Installation Selections page, click Install.
7. On the Installation Results page, click Close, and then close Server Manager.
Task 11: Enable shadow copies
1. Click Start, click Computer, right-click Local Disk (C:), and then click
Configure Shadow Copies.
2. In the Shadow Copies dialog box, click Enable.
3. In the Enable Shadow Copies dialog box, click Yes.
4. In the Shadow Copies dialog box, click Settings.
5. In the Settings dialog box, click Schedule.
6. In the C:\ dialog box, select both the Sat and Sun check boxes, and then click
OK.
7. In the Settings dialog box, click OK.
8. In the Shadow Copies dialog box, click Create Now, and then click OK.
Task 12: Verify the presence of previous versions of the Web site
1. In Windows Explorer, double-click Local Disk (C:), double-click inetpub,
right-click wwwroot, and then click Properties.
2. In the wwwroot Properties dialog box, click the Previous Versions tab.
3. Verify that there are previous versions listed, and then click OK.
Task 13: Establish groups to secure the backup process
1. Click Start, and then click Server Manager.
2. In Server Manager, expand Configuration, expand Local Users and Groups,
and then click Groups.
3. In the Groups list, double-click Backup Operators.
4. In the Backup Operators Properties dialog box, click Add.
5. In the Select Users, Computers, or Groups dialog box, in the Enter the
object names to select (examples) box, type Joe, click Check Names, and
then click OK.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning High Availability and Disaster Recovery L10-115
6. In the Backup Operators Properties dialog box, click OK.
7. Log off.
Task 14: Perform a backup of the branch server
1. Log on to 6430B-SEA-SVR1 as ADATUM\Joe with the password Pa$$w0rd.
2. Click Start, point to Administrative Tools, and then click Windows Server
Backup.
3. In the User Account Control dialog box, in the Password box, type
Pa$$w0rd, and then click OK.
4. In Windows Server Backup (Local), in the actions pane, click Backup Once.
5. In the Backup Once Wizard, on the Backup options page, click Next.
6. On the Select backup configuration page, click Custom, and then click Next.
7. On the Select backup items page, click Next.
8. On the Specify destination type, click Remote shared folder, and then click
Next.
9. On the Specify remote folder page, in the Type the path to the remote
shared folder box, type \\sea-dc1\public, and then click Next.
10. On the Specify advanced option page, click Vss copy backup
(recommended), and then click Next.
11. On the Confirmation page, click Backup.
12. After the backup has started, click Close.
13. Close Windows Server Backup.
Task 15: Test the NLB cluster
1. Switch to the SEA-DC1 computer.
2. Click Start, point to All Programs, and then click Internet Explorer.
3. In the Microsoft Internet Explorer address bar, type
http://webfarm.adatum.com, and then press ENTER.
The A Datum Intranet appears.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L10-116 Lab: Planning High Availability and Disaster Recovery
4. Turn off the SEA-SVR1 computer. In the Close box, select Turn off machine
and discard changes. Click OK.
5. On SEA-DC1, in the Internet Explorer address bar, type
http://webfarm.Adatum.com, and then press ENTER.
Note: Even though an NLB Cluster member is unavailable, the Web site is still available.
Results: After this exercise, you should have successfully implemented your high-
availability and recovery plan.
To prepare for the next module
1. For each running virtual machine, close the Virtual Machine Remote Control
(VMRC) window.
2. In the Close box, select Turn off machine and discard changes. Click OK.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning Virtualization L11-117
Module 11: Planning Virtualization
Lab: Planning Virtualization
Exercise 1: Creating a Virtualization Plan
Task 1: Read the supporting documentation
Read the supporting documentation.
Determine if you need any more information and ask your instructor to clarify
if required.
Task 2: Create a plan for a virtualization pilot project
Note: Your answers may vary from the lab answer key in this plan. There are several
acceptable combinations of servers to virtualize. This is only one example.
Which servers will be virtualized?
Answer: The first servers to be virtualized are SQLTest and PServer.
Why were those servers selected?
Answer: Those servers were selected because there were relatively low
utilization for memory, older hardware, and relatively low risk. If they were
unavailable for a few hours it would not impact production too much.
How will those servers be virtualized?
Answer: A physical-to-virtual conversion will be performed to convert the
servers. This is faster and more reliable than just backing up and restoring the
servers.
Do we need any additional tools besides Hyper-V?
Answer: Yes, System Center Virtual Machine Manager is required to perform
the physical-to-virtual migrations. This tool will also be beneficial for
centralized management as our virtualization environment grows.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L11-118 Lab: Planning Virtualization
What are the hardware specifications for the server?
Answer: The requirements for virtualizing these servers are relatively light, but
we should buy sufficient hardware that we can use for additional virtual
machines down the road. I suggest the following specifications:
Dual processor, quad core
24 GB of RAM
6 hot swap SCSI drives, two disks mirrored for the host operating system,
and 3 disks in a RAID 5 array with a hot spare for the virtual machines
Which operating system should be used on the host?
Answer: To run Hyper-V, we need a 64-bit version of Windows Server 2008.
Standard edition supports up to 32 GB of RAM, which is more than adequate
for our needs. Standard edition also supports up to 4 processors, which also
meets our needs.
We already own licenses for the virtual machines we will be creating, so
licensing is not a concern. However, in the long run we may want to consider
Enterprise or Datacenter editions because they include multiple virtualization
licenses.
Results: After this exercise, you should have a completed plan for a virtualization pilot
project.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning Virtualization L11-119
Exercise 2: Implementing Virtualization (Optional)
Task 1: Configure the computer BIOS for Hyper-V
Note: The first set of BIOS configuration steps in this exercise are correct for a Dell
Optiplex 755 with an Intel processor. Also included are steps for a HP DC5850 machine.
The steps will vary depending on the model of the computer you are using, BIOS
revision, and the processor type. For example, the name of specific settings may be
different or already enabled. Ask your instructor for help if required.
1. Start your computer.
2. Press F2 to enter the BIOS setup.
3. Use the down arrow key to select Performance, and then press ENTER to
expand Performance.
4. Use the down arrow key to select Virtualization, and then press ENTER.
5. Select On, and then press ENTER.
6. Use the down arrow key to select VT for Direct I/O, and then press ENTER.
7. Select On, and then press ENTER.
8. Use the down arrow key to select Trusted Execution, and then press ENTER.
9. Select Off, and then press ENTER.
10. Use the down arrow key to select Security, and then press ENTER to expand
Security.
11. Use the down arrow key to select Execute Disable, and then press ENTER.
12. Select On, and then press ENTER.
13. Press ESC.
14. Select Save/Exit, and then and press ENTER.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L11-120 Lab: Planning Virtualization
The following are BIOS setting steps are based on an HP DC5850.
Configure the computer BIOS for Hyper-V:
1. Start your computer.
2. Press F10 to enter the BIOS setup.
3. Select English, and then press ENTER.
4. Use the right arrow key to select the Security menu, press the down arrow key
to select System Security, and then press ENTER.
5. Press the down arrow key once, and then press the right arrow key once to
enable the Virtualization Technology. Press ENTER.
6. Press F10 to accept the changes.
7. Press the left arrow key to select the File menu.
8. Use the down arrow key to select Save Changes and Exit, and then press
ENTER.
Task 2: Install Windows Server 2008 on the host
1. Place the Windows Server 2008 DVD in the DVD drive, and then restart your
computer.
Note: You will be provided with the software required to complete the lab installation
from your Instructor. It may or may not be a DVD.
2. To access the boot menu of a Dell Optiplex 755 computer, press F12. Read the
POST screen of your computer to determine the appropriate key for your
computer.
3. Select the DVD-ROM drive, and then press ENTER.
4. If prompted, press a key to start the computer from DVD.
5. To accept the default language as US English, click Next.
6. Click Install now.
7. Clear the Automatically activate Windows when Im online check box, and
then click Next.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning Virtualization L11-121
8. To clear the warning, click No.
9. Click Windows Server 2008 Enterprise (Full Installation) x64, select the
I have selected the version of Windows that I purchased check box, and
then click Next.
10. Select the I accept the license terms check box, and then click Next.
11. Click Custom (advanced).
12. Click Drive options (advanced).
13. To delete all existing partitions, click an existing partition.
14. Click Delete.
15. Click OK to confirm.
16. Repeat steps 13-15 to delete all partitions.
17. Click Disk 0, and then click Next.
18. After the computer restarts, click OK.
19. In the New password and Confirm password boxes, type Pa$$w0rd, and
then press ENTER.
20. To clear the password change confirmation message, click OK.
21. In the Initial Configuration Tasks window, click Provide computer name
and domain.
22. In the System Properties window, on the Computer Name tab, click Change.
23. In the Computer name box, type SEA-HOSTx, where x is number assigned by
your instructor, and then click OK.
24. To close the message about restarting to apply changes, click OK.
25. In the System Properties window, click Close.
26. Click Restart Now.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L11-122 Lab: Planning Virtualization
Task 3: Install the Hyper-V role update
1. Log on as Administrator with the password Pa$$w0rd.
2. Obtain the Hyper-V update, Windows6.0-KB950050-x64.msu, by going to
http://go.microsoft.com/fwlink/?LinkId=152668.
3. Place the update on the desktop of SEA-HOSTx.
4. To begin installation, double-click Windows6.0-KB950050-x64.msu, and
then click OK.
5. When installation is complete, click Restart Now.
Task 4: Install the Hyper-V role
1. Log on as Administrator with a password of Pa$$w0rd.
2. Click Start, and then click Server Manager.
3. In the left pane of Server Manager, click Roles.
4. In the right pane of the console, click Add Roles, and then click Next.
5. Select the Hyper-V check box, and then click Next.
6. Read the Introduction to Hyper-V page, and then click Next.
7. Select the Local Area Connection check box, and then click Next.
8. Click Install.
9. When the role installation is complete, click Close.
10. When prompted to restart, click Yes.
11. Log on as Administrator with the password Pa$$w0rd.
12. Wait for the installation of the Hyper-V role to complete, and then click Close.
13. Close Server Manager.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
Lab: Planning Virtualization L11-123
Task 5: Create a new virtual machine
1. Click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In the left pane of the Hyper-V Manager console, click SEA-HOST1.
3. In the actions pane, click New, and then click Virtual Machine.
4. On the Before You Begin page, click Next.
5. In the Name box, type SEA-VMx, where x is a number assigned by your
instructor, and then click Next.
6. In the Memory box, type 1024, and then click Next.
7. In the Network list, select your network adapter, and then click Next.
8. To accept the default virtual hard disk settings, click Next.
9. On the Installation Options page, click Next.
10. Click Finish.
Task 6: Install Windows Server 2008 on the virtual machine
1. Place the Windows Server 2008 installation DVD in your DVD drive.
2. In the Virtual Machines area of the Hyper-V Manager console, right-click
SEA-VMx, and then click Settings.
3. In the Hardware area, click DVD Drive.
4. In the right pane, click Physical CD/DVD drive, and then click OK.
5. In the Virtual Machines area, right-click SEA-VMx, and then click Start.
6. In the Virtual Machines area, right-click SEA-VMx, and then click Connect.
This opens a new window for viewing the SEA-VMx virtual machine.
7. In the SEA-VMx On Localhost Virtual Machine Connection window, click
Next to install using the default language of US English, and then click Install
Now.
8. Clear the Automatically activate Windows when Im online check box, and
then click Next.
9. To clear the warning, click No.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.
L11-124 Lab: Planning Virtualization
10. Click Windows Server 2008 Enterprise (Full Installation) x64, select the
I have selected the version of Windows that I purchased check box, and
then click Next.
11. Select the I accept the license terms check box, and then click Next.
12. Click Custom (advanced).
13. Click Disk 0 Unallocated Space, and then click Next.
14. After the computer restarts, click OK.
15. In the New password and Confirm password boxes, type Pa$$w0rd, and
then press ENTER.
16. To clear the password change confirmation message, click OK.
17. In the SEA-VMx On Localhost Virtual Machine Connection window, click
Action, and then click Insert Integration Services Setup Disk.
18. In the Autoplay window, click Install Hyper-V Integration Services.
19. To upgrade or repair the installation, click OK.
20. To restart, click Yes.
Results: After this exercise, you should have successfully implemented a Hyper-V host
and created a virtual machine.
NETMIND
Apr 9 2010 7:45AM 80cdcdce-b134-4e21-b0f2-cb4572be11c5 Telefonica Netmind ittrainning.purchase@netmind.es
Warning: This is Telefonica Netmind's unique copy. It is illegal to reprint, redistribute, or resell this content. The Licensed
Content is licensed as-is. Microsoft does not support this Licensed Content in any way and Microsoft gives no express
warranties, guarantees or conditions. Please report any unauthorized use of this content to piracy@microsoft.com or by calling
+1 800-785-3448.