Module 1 Lab Exercise Answer Key

Exercise 1: Reviewing the Existing Server Environment

In this exercise, you will analyze an existing environment to determine appropriate future use of the Windows Server 2008 operating system.
Task: Identify Windows Server 2008 technologies that meet business requirements 1. You should outline and list the technologies that Windows Server 2008 provides to identify where technology can help to meet the business requirements. Answers include failover clustering, Windows Server virtualization (WSv), 64-bit computing, Windows Deployment Services (WDS), the Active Directory directory service, Windows System Resource Monitor, and the Microsoft SQL Server database software. 2. You may require additional information to complete the exercise. You should identify the appropriate business unit and compose an e-mail message to obtain the necessary data. 3. It may be useful to compile your solutions in a table format or to use other tools as appropriate (such as the Microsoft Office Excel spreadsheet software or the Microsoft Office Visio drawing and diagramming software).

Exercise 2: Reviewing Business Requirements and SLAs

In this exercise, you will determine how Windows Server 2008 can help a business to meet business objectives and IT service-level agreements (SLAs). Task: Identify where Windows Server 2008 meets business requirements 1. You need to identify where Windows Server 2008 can provide business solutions for Woodgrove Bank. 2. You should outline and list the technologies that Windows Server 2008 provides to identify where these technologies can help to meet the business requirements. 3. It is likely that you will need to identify additional information that is required before you make a decision; you should add this information to your documentation. 4. It may be useful to compile your solutions in a table format or to use other tools as appropriate (such as Microsoft Office Word, Office Excel, or Office Visio). 5. It may be useful to compare your solution with others to ensure that you have identified all of the available technologies.

Answers include: Active Directory, the NTFS file system (NTFS) and share permissions, event monitoring, WSv, System Center Operations Manager 2007, and failover clustering.

Exercise 3: Creating a Deployment Plan

In this exercise, you will determine the impact of deploying Windows Server 2008. Task: Identify where deployment issues may exist for Windows Server 2008 1. You should identify deployment issues for Windows Server 2008. 2. You may need to obtain additional data to complete your solution. You should note the additional information that is required and consider who would hold this data within Woodgrove Bank. 3. It may be useful to compile your solutions in a table format or to use other tools as appropriate (such as Office Excel or Office Visio). Answers include WDS, Business Desktop Deployment (BDD) best practice, Virtualization, System Center Configuration Manager 2007, and System Center Virtual Machine Manager.

Module 2 Lab Exercise Answer Key

Exercise 1: Reviewing the Existing Server Environment

In this exercise, you will review an existing server configuration and produce a template to record security settings. The main tasks for this exercise are: Identify security settings to migrate from a Windows Server 2003 server. Identify steps to take when you decommission server hardware. Review licensing requirements for the migration.

Task 1: Identify security settings to migrate from a Windows Server 2003 server Create a template to record security settings. This could be in the form of a spreadsheet, an XML file, or a series of scripts to record the required data. The list should include: NTFS file system (NTFS), share permissions, and registry settings these could be stored in an XML file if the security configuration and analysis tool is used. Scripts might be run by using the Microsoft Baseline Security Analyzer tool, Windows Management Instrumentation (WMI), or Microsoft Visual Basic, Scripting Edition (VBScript). Task 2: Identify steps to take when you decommission server hardware A list of steps might include: Risk assessment for the decommissioning process. Updating documentation. Reviewing current services and applications (Dynamic Host Configuration Protocol (DHCP), DNS, backup, and antivirus). Meeting regulatory requirements for the safe disposal of hardware. Meeting regulatory requirements for the safe disposal of data. You may wish to use a spreadsheet, word-processing program, or a piece of paper to record your answers.

Task 3: Review licensing requirements for the migration 1. What do you intend to do with your licenses for Windows Server 2003? 2. List as many alternative options as possible.

Exercise 2: Planning for a Windows Server 2008 Server

In this exercise, you will plan for a Windows Server 2008 server and produce a template to record commissioning steps.

The main task for this exercise is to create a list of the steps that are required when you commission a server. Task: Identify steps to take when you commission a new server A list of steps might include: Estimate storage requirements. Identify any high-availability requirements. Review the hardware compatibility list (HCL). Provision new hardware. Install Windows Server 2008. Add server role(s) and features. Install additional applications or tools, such as antivirus software.

Exercise 3: Reviewing Deployment Plans

The main task for this exercise is to share your answers with others in the class and to identify areas for consideration that you have not included in your answers to Exercises 1 and 2. Your answers may include the following suggestions: Select appropriate hardware to cater for expected capacity. Define maximum limits for expansion. Set expectations for hardware life expectancy. Consider high-availability requirements (including failover clustering and redundant array of independent disks (RAID)). Define settings for Windows Server 2008 servers through scripts and group policy. Plan for and implement a secure system. Ensure that your server is currently in a healthy state by reviewing disk space usage and event logs. Back up your server prior to migration. Create rollback plans. Plan for staff to implement the migration. Define tests to check for a successful migration. Develop a backup strategy for the server. Install additional applications such as antivirus, management, and monitoring software tools. Determine a server baseline for performance monitoring.

Exercise 4: Deploying a Windows Server 2008 DNS Server

In this exercise, you will install Windows Server 2008, add the DNS server role, and perform a migration of a DNS zone from a Windows Server 2003 DNS server. The main tasks for this exercise are as follows:
1. Install Windows Server 2008 on 6430A-NYC-DNS-02. 2. Complete the initial configuration tasks. 3. Install and configure the DNS server role. Task 1: Install Windows Server 2008 on 6430A-NYC-DNS-02 1. Start the 6430A-NYC-DNS-02 virtual machine. 2. In the Install Windows dialog box, click Next. 3. In the Install Windows dialog box, click Install now. 4. On the Type your product key for activation page, clear the Automatically activate Windows when I'm online check box, and then click Next. 5. In the Install Windows dialog box, click No. 6. On the Select the edition of Windows that you purchased page, click Windows Server 2008 Enterprise (Full Installation), select the I have selected the edition of Windows that I purchased check box, and then click Next. 7. On the Please read the license terms page, select the I accept the license terms check box, and then click Next. 8. On the Which type of installation do you want? page, click Custom (advanced). 9. On the Where do you want to install Windows? page, click Next. Wait for the installation to complete; this may take 1520 minutes. Task 2: Complete the initial configuration tasks 1. 2. 3. 4. 5. 6. 7. After Windows restarts, at the message about the user's password being changed, click OK. On the Administrator screen, in the New password and Confirm password boxes, type Pa$$w0rd and then press ENTER. On the Your password has been changed screen, click OK. In the Initial Configuration Tasks dialog box, click Configure networking. In Network Connections, right-click Local Area Connection, and then click Properties. In the Local Area Connection Properties dialog box, click Internet Protocol Version 4 (TCP/IPv4), and then click Properties. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, click Use the following IP address, type the following information, and then click OK: o IP address: 10.10.0.30 o Subnet mask: 255.255.0.0 o Preferred DNS server: 10.10.0.10 In the Local Area Connection Properties dialog box, click Close. Close Network Connections.

8. 9.

10. In the Initial Configuration Tasks dialog box, click Provide computer name and domain. 11. In the System Properties dialog box, on the Computer Name tab, click Change. 12. In the Computer Name/Domain Changes dialog box, click Domain. In the Domain box, type woodgrovebank.com and then click OK. 13. In the Windows Security dialog box, type the following information, and then click OK: o User name: Administrator o Password: Pa$$w0rd 14. In the Computer Name/Domain Changes dialog box, click OK. 15. In the Computer Name/Domain Changes dialog box, click OK. 16. In the System Properties dialog box, on the Computer Name tab, click Change. 17. In the Computer Name/Domain Changes dialog box, in the Computer name box, type NYC-DNS and then click OK. 18. In the Windows Security dialog box, type the following information, and then click OK: o User name: Administrator o Password: Pa$$w0rd 19. In the Computer Name/Domain Changes dialog box, click OK. 20. In the System Properties dialog box, click Close. 21. In the Microsoft Windows dialog box, click Restart Now. Task 3: Install and configure the DNS server role Log on to 6430A-NYC-DNS-02 by using the following information: o Username: Woodgrovebank\Administrator o Password: Pa$$w0rd 2. In the Initial Configuration Tasks window, click Add roles. 3. In the Add Roles Wizard, on the Before You Begin page, click Next. 4. On the Select Server Roles page, select the DNS Server check box, and then click Next. 5. On the DNS Server page, click Next. 6. On the Confirm Installation Selections page, click Install. 7. On the Installation Results page, click Close. 8. In the Initial Configuration Tasks window, click Close. 9. Close Server Manager. 10. Click Start, and then click Run. 11. In the Run dialog box, in the Open box, type \\NYCFILE\C$\Windows\System32\dns\ and then press ENTER. 12. In Windows Explorer, right-click test.woodgrovebank.com.dns, and then click Copy. 13. In Windows Explorer, in the address bar, type C:\Windows\System32\dns\ and then press ENTER. 14. In Windows Explorer, on the Edit menu, click Paste. 15. Close Windows Explorer. 16. Click Start, point to Administrative Tools, and then click DNS. 17. In DNS Manager, expand NYC-DNS, and then click Forward Lookup Zones. 18. Right-click Forward Lookup Zones, and then click New Zone. 19. In the New Zone Wizard, on the Welcome to the New Zone Wizard page, click Next. 1.

20. On the Zone Type page, click Next. 21. On the Zone Name page, in the Zone name box, type test.woodgrovebank.com and then click Next. 22. On the Zone File page, click Use this existing file, and then click Next. 23. On the Dynamic Update page, click Allow both nonsecure and secure dynamic updates, and then click Next. 24. On the Completing the New Zone Wizard page, click Finish. 25. In DNS Manager, double-click test.woodgrovebank.com. Ensure that there are Host records in the zone file. 26. Close DNS Manager. Lab Shutdown On the host computer, click Start, point to All Programs, point to Microsoft Virtual Server, and then click Virtual Server Administration Website. 2. Under Navigation, click Master Status. For each virtual machine that is running, click the virtual machine name, and, in the shortcut menu, click Turn off Virtual Machine and Discard Undo Disks. Click OK. 1.

Module 3

Exercise 1: Planning a Windows Server 2008 Server Configuration

In this exercise, you will plan configurations to meet the requirements of a range of business requirements. The main task for this exercise is to plan for Windows Server 2008 file servers. Task: Plan for Windows Server 2008 file servers 1. List the Windows Server 2008 hardware requirements to meet business requirements for Woodgrove Bank. Record your results in a report that you could submit as part of a request for capital budget for server purchase. 2. Determine how you will configure your Windows Server 2008 file servers to meet the requirements of the business. 3. Record your answers in a format that you consider suitable for the outline of a plan for a team of technical specialists to follow. 4. How will you roll out the new servers in a consistent state? Which Windows Server 2008 role services and features will you implement? 5. List as many alternative options as possible. Answers may include using the following tools: Windows System Resource Manager (WSRM) 64-bit servers Windows Reliability and Performance Monitor (WRPM Task Manager Hardware redundancy such as RAID, error correction code (ECC) RAM, NIC teaming Server roles Server Core File Server Resource Manager (FSRM) Distributed File System (DFS) Storage area network (SAN) Windows Deployment Services (WDS) Encrypting File System (EFS) Clustering Windows Server virtualization (WSv) System Center Configuration Manager (SCCM) 2007

Exercise 2: Planning a Windows Server 2008 File Server

In this exercise, you will plan a file server to meet the performance, resilience, and capacity requirements for Woodgrove Bank. The main task for this exercise is to outline the plan to meet capacity requirements for file servers. Task: Plan capacity requirements for file servers List the areas where you need to increase capacity. As a minimum, you should include the following: o o o o o o The number of file servers required The SAN capacity required Resilience planning File recovery planning and options Performance measuring to identify where issues exist Per-user measurements for disk consumption

Exercise 3: Deploying a Windows Server 2008 File Server

In this exercise, you will install the file server role onto a Windows Server 2008 server and perform a test migration of a share from a Windows Server 2003 file server./span> The main tasks for this exercise are as follows:
Install the file server role to 6430A-NYC-SVR1-03. Examine the source files and folders. Migrate the source folder and files to the new file server. Check the results of the migration. Share the destination folder.

Task 1: Install the file server role to 6430A-NYC-SVR1-03 1. Log on to 6430A-NYC-SVR1-03 by using the following information: o Username: Woodgrovebank\Administrator o Password: Pa$$w0rd 2. Click Start, and then click Command Prompt. 3. At the command prompt, type ServerManagerCmd -install FSFileServer FS-DFS FS-Search-Service Backup-Features and then press ENTER. 4. Close the command prompt.

Task 2: Examine the source files and folders 1. 2. Log on to 6430A-NYC-FILE-02 by using the following information: o Username: Woodgrovebank\Administrator o Password: Pa$$w0rd Click Start, and then click Windows Explorer.

In Windows Explorer, expand Allfiles (E:), expand Labfiles, expand Mod02, right-click Technical Library, and then click Properties. 4. In the Technical Library Properties dialog box, on the Sharing tab, click Permissions. 5. Record the share permissions for the Technical Library share. 6. In the Permissions for Technical Library dialog box, click OK. 7. In the Technical Library Properties dialog box, on the Security tab, click Advanced. 8. Record the NTFS file system (NTFS) permissions for the Technical Library folder. 9. In the Advanced Security Settings for Technical Library dialog box, click OK. 10. In the Technical Library Properties dialog box, click OK. 11. In Windows Explorer, click the Technical Library folder, and then on the View menu, click Choose Details. 12. In the Choose Details dialog box, select the Owner check box, and then click OK. 13. Record the owners of the files in the Technical Library folder. 14. Close Windows Explorer. Task 3: Migrate the source folder and files to the new file server Click Start, and then click Command Prompt. At the command prompt, type net use z: \\NYC-SVR1\C$ and then press ENTER. 3. Type xcopy "E:\Labfiles\Mod02\Technical Library" "Z:\Technical Library" /E /I /K /O /X and then press ENTER. 4. Close the command prompt. 1. 2. Task 4: Check the results of the migration 1. 2. 3. Switch to 6430A-NYC-SVR1-03. Click Start, and then click Computer. In Windows Explorer, double-click Local Disk (C:), right-click Technical Library, and then click Properties. 4. In the Technical Library Properties dialog box, on the Security tab, click Advanced. 5. Review the NTFS permissions. Do the permissions match the source folder? 6. In the Advanced Security Settings for Technical Library dialog box, click OK. 7. In the Technical Library Properties dialog box, click OK. 8. In Windows Explorer, double-click the Technical Library folder. 9. In Windows Explorer, on the View menu, click Choose Details. 10. In the Choose Details dialog box, select the Owner check box, and then click OK. 11. Review the file owner information. Does the file ownership match the source file owners?

3.

Task 5: Share the destination folder 1. In Windows Explorer, right-click Technical Library, and then click Share.

2. 3. 4. 5. 6. 7. 8. 9.

In the Technical Library Properties dialog box, on the Sharing tab, click Advanced Sharing. In the Advanced Sharing dialog box, select the Share this folder check box, and then click Permissions. In the Permissions for Technical Library dialog box, click Remove, and then click Add. In the Select Users, Computers, or Groups dialog box, type Authenticated Users and click Check Names, and then click OK. In the Permissions for Technical Library dialog box, under Allow, select the Full Control check box, and then click OK. In the Advanced Sharing dialog box, click OK. In the Technical Library Properties dialog box, click Close. Close Windows Explorer.

Lab Shutdown On the host computer, click Start, point to All Programs, point to Microsoft Virtual Server, and then click Virtual Server Administration Website. 2. Under Navigation, click Master Status. For each virtual machine that is running, click the virtual machine name, and, in the shortcut menu, click Turn off Virtual Machine and Discard Undo Disks. Click OK. 1.

Module 4

Exercise 1: Complete a Change Request

A senior manager in the Graphics department at the New York office of Woodgrove Bank has requested that the graphics print server, which is currently a print server that is running the Windows Server 2003 operating system, be upgraded to the Windows Server 2008 operating system. The aim is for the print server to be able to take advantage of new features such as the XML paper specification (XPS) printer drivers and the new print subsystem. Implementing the new features will improve the throughput of print jobs on the server and enable additional printing capabilities. In this exercise, you must complete a change request form for the requested upgrade, including a high-level description of the deployment method, a preliminary risk analysis, and change categorization. Use the supporting job aids to help you complete this exercise. The main tasks for this exercise are as follows: 1. Create a high-level description of the server upgrade method. 2. Complete a preliminary risk analysis by using the risk identification job aid. 3. Complete the change request categorization. 4. Complete a high-level rollback plan. Task 1: Create a high-level description of the server upgrade method Complete the following sections on the change request form: o o o Description of change Reason for change Method for change

Task 2: Complete a preliminary risk analysis by using the risk identification job aid Add potential risks to the risk assessment job aid. Use the risk identification job aid to help where necessary. Complete all columns on the risk assessment job aid.

Task 3: Complete the change request categorization Complete the following sections on the change request form: o o Change priority Change scope

Task 4: Complete a high-level rollback plan

Complete the following section on the change request form: o Rollback plan

Results: After this exercise, you should have completed the change request form.

Exercise 2: Sharing Best Practice

Scenario

In this exercise, you will share your ideas for the change request form with the rest of the class.

Exercise 3: Implementing a New Print Server

In this exercise, you will implement and configure the print server role on a computer that is running Windows Server 2008 Server Core as part of the upgrade to the Graphics department's printing capabilities. The main tasks for this exercise are as follows: Install the print server role on 6430A-NYC-SVR2-04. Install the Print Management console on 6430A-NYC-DC1-02. Use the Print Management console to add a shared printer to NYC-SVR2. Install the new printer to the Graphics department users.

Task 1: Install the print server role on 6430A-NYC-SVR2-04 1. 2. 3. 4. 5. 6. Log on to 6430A-NYC-SVR2-04 by using the following information: o User name: Woodgrovebank\Administrator o Password: Pa$$w0rd At the command prompt, type Start /w ocsetup Printing-ServerCore-Role and then press ENTER. In the Windows Package Manager dialog box, click Yes. Log on to 6430A-NYC-SVR2-04 by using the following information: o User name: Woodgrovebank\Administrator o Password: Pa$$w0rd At the command prompt, type netsh firewall set service fileandprint enable and then press ENTER. Type netsh advfirewall firewall set rule group="remote administration" new enable=yes and then press ENTER.

Task 2: Install the Print Management console on 6430A-NYC-DC1-02 1. 2. Switch to 6430A-NYC-DC1-02. Log on to 6430A-NYC-DC1-02 by using the following information: o User name: Woodgrovebank\Administrator o Password: Pa$$w0rd

3. 4. 5.

Click Start, and then click Server Manager. In Server Manager, click Features, and then click Add Features. In the Add Features Wizard, on the Select Features page, expand Remote Server Administration Tools, expand Role Administration Tools, select the Print Services Tools check box, and then click Next. 6. On the Confirm Installation Selections page, click Install. 7. On the Installation Results page, click Close. 8. Close Server Management.

Task 3: Use the Print Management console to add a shared printer to NYCSVR2 Click Start, point to Administrative Tools, and then click Print Management. In Print Management, right-click Print Servers, and then click Add/Remove Servers. 3. In the Add/Remove Servers dialog box, in the Add servers box, type NYC-SVR2 and click Add to List, and then click OK. 4. In Print Management, expand Print Servers, expand NYC-SVR2, right-click Drivers, and then click Add Driver. 5. In the Add Printer Driver Wizard on NYC-SVR2 Wizard, click Next. 6. On the Processor and Operating System Selection page, click Next. 7. On the Printer Driver Selection page, under Manufacturer, click HP. Under Printers, click HP Color LaserJet 5550 PCL 5, and then click Next. 8. On the Completing the Add Printer Driver Wizard page, click Finish. 9. In Print Management, under NYC-SVR2, click Drivers. Ensure that the printer driver that you added is listed in the details pane. 10. Right-click Printers, and then click Add Printer. 11. In the Network Printer Installation Wizard on nyc-svr2 Wizard, click Next. 12. On the Printer Address page, in the Type of Device list, click TCP/IP Device. In the Printer name or IP address box, type 10.10.0.252 and clear the Auto detect the printer driver to use check box, and then click Next. 13. On the Additional Port Information Required page, in the Standard list, click Hewlett Packard Jet Direct, and then click Next. 14. On the Printer Driver page, click Use an existing printer driver on the computer, and then click Next. 15. On the Printer Name and Sharing Settings pages, click Next. 16. On the Printer Found page, click Next. 17. On the Completing the Network Printer Installation Wizard page, click Finish. 18. In Print Management, click Printers, right-click HP Color LaserJet 5550 PCL 5, and then click Manage Sharing. 19. In the HP Color LaserJet 5550 PCL 5 on NYC-SVR2 Properties dialog box, on the Sharing tab, select the List in the directory check box, and then click OK. 20. Close Print Management. Task 4: Install the new printer to the Graphics department users 1. Click Start, point to Administrative Tools, and then click Group Policy Management. 2. In Group Policy Management, expand Forest: WoodgroveBank.com, expand Domains, expand WoodgroveBank.com, expand NYC, right-click NYC, and then click New Organizational Unit. 1. 2.

In the New Organizational Unit dialog box, in the Name box, type Graphics and then click OK. 4. Right-click Graphics, and then click Create a GPO in this domain, and Link it here. 5. In the New GPO dialog box, in the Name box, type Graphics Printers and then click OK. 6. In Group Policy Management, expand Graphics, right-click Graphics Printers, and then click Edit. 7. In Group Policy Management Editor, under User Configuration, expand Preferences, expand Control Panel Settings, and then click Printers. 8. Right-click Printers, point to New, and then click Shared Printer. 9. In the New Shared Printer Properties dialog box, next to the Share path box, click the ellipsis button (). 10. In the Find Custom Search dialog box, in the Search results box, click NYCSVR2-HP Color LaserJet 5550 PCL 5, and then click OK. 11. In the New Shared Printer Properties dialog box, select the Set this printer as the default printer check box, and then click OK. 12. Close Group Policy Management Editor. 13. Close Group Policy Management. Lab Shutdown 1. On the host computer, click Start, point to All Programs, point to Microsoft Virtual Server, and then click Virtual Server Administration Website. 2. Under Navigation, click Master Status. For each virtual machine that is running, click the virtual machine name, and, in the shortcut menu, click Turn off Virtual Machine and Discard Undo Disks. Click OK.

3.

Module 5

Exercise 1: Planning a Windows Server 2008 Security Configuration

The Finance department of Woodgrove Bank uses three file and print servers, which you are upgrading to Windows Server 2008.In line with the upgrade, the management has asked you to ensure that these servers are highly secure after the upgrade is complete. The management has asked that the servers meet the following criteria:
Finance server file shares should only be accessible to Finance users from desktop computers in the Finance office. Finance servers should allow remote administration from any computer in the New York office. The management wants to be able to identify who made changes to files or deleted files on the Finance servers. The management also wants to know when someone changes the security policy, and if there are any attempts to connect by unauthorized users.

Supporting information:
Computers in the Finance department have an IP address that is between 10.10.0.0 and 10.10.0.127. Computers in the New York office have an IP address that is between 10.10.0.0 and 10.10.255.255.

In this exercise, you will plan the firewall rules and audit policy settings that the new security policy requires. The main tasks for this exercise are as follows:
Plan firewall rules. Plan audit policy.

Task 1: Plan firewall rules

In the following table, complete the firewall rules that are required to allow necessary traffic to the file servers.
Inbound Local or outbound Protocol port Inbound Inbound TCP TCP 445 3389

Remote Local IP port address All All Any Any

Remote IP address 10.10.0.0/25 10.10.0.0/16

Inbound Local or outbound Protocol port

Remote Local IP port address

Remote IP address

Task 2: Plan audit policy

In the following table, specify the audit settings that are required to meet the corporate strategy.
Audit success (Y/N)

Setting Audit account logon events Audit account management Audit directory service access Audit logon events Audit object access Audit policy change Audit privilege use Audit process tracking Audit system events

Audit failure (Y/N)

Y Y Y

Exercise 2: Implementing File Server Security

The following additional security requirements have been suggested for the file servers, which you should include in your security policy:
The servers should only allow connections with other domain members. The servers should not run any unnecessary services.

Supporting information:
The servers will be domain members. All authorized computers on the network run the following operating systems: Windows XP, Windows Vista, Windows Server 2003, or Windows Server 2008. The servers have static IP addresses.

In this exercise, you will create a security policy by using the SCW, convert the policy into a GPO, and link this to an organizational unit (OU) for the file servers. The main tasks for this exercise are as follows:

Create a security policy for the file and print servers. Convert the security policy to a security template. Create an OU for the Finance file servers. Link the FinanceServerSecurity GPO to the Finance File Servers OU.

Task 1: Create a security policy for the file and print servers 1. Log on to 6430A-NYC-DC1-05 by using the following information: o User name: Woodgrovebank\Administrator o Password: Pa$$w0rd 2. Click Start, point to Administrative Tools, and then click Security Configuration Wizard. 3. On the first page of the Security Configuration Wizard, click Next. 4. On the Configuration Action page, ensure that Create a new security policy is selected, and then click Next. 5. On the Select Server page, in the Server box, type NYC-SVR1 and then click Next. 6. On the Processing Security Configuration Database page, click Next. 7. On the Role-Based Service Configuration page, click Next. 8. On the Select Server Roles page, clear the DFS Namespace and DFS Replication check boxes, ensure that the File server check box is selected, and then click Next. 9. On the Select Client Features page, clear the Background Intelligent Transfer Service (BITS) check box, and then click Next. 10. On the Select Administration and Other Options page, select the IPsec Policy Agent check box, and then click Next. 11. On the Select Additional Services page, clear the check boxes for the following services, and then click Next: o Virtual Machine Additions Services Application o Virtual Machine Additions Shared Folder Service 12. On the Handling Unspecified Services page, click Disable the service, and then click Next. 13. On the Confirm Service Changes page, review the changes that you will set in the policy, and then click Next. 14. On the Network Security page, click Next. 15. On the Network Security Rules page, clear the File and Printer Sharing (NB-Session-In) check box, clear the File and Printer Sharing (SMB-In) check box, and then click Add. 16. In the Add Rule () dialog box, on the General tab, in the Name box, type Finance File Sharing and then under Action, click Allow all connections. 17. On the Protocols and Ports tab, in the Protocol Type list, click TCP, in the Local Port list, click Specific Ports, and in the text box, type 445. 18. On the Scope tab, under Remote IP Addresses, click These IP Addresses, and then click Add. 19. In the IP Address dialog box, in the This IP address or subnet box, type 10.10.0.0/25 and then click OK. 20. In the Add Rule (Finance File Sharing) dialog box, click OK. 21. On the Network Security Rules page, click Add. 22. In the Add Rule () dialog box, on the General tab, in the Name box, type Finance Remote Administration and then under Action, click Allow all connections.

23. On the Protocols and Ports tab, in the Protocol Type list, click TCP, in the Local Port list, click Specific Ports, and in the text box, type 3389. 24. On the Scope tab, under Remote IP Addresses, click These IP Addresses, and then click Add. 25. In the IP Address dialog box, in the This IP address or subnet box, type 10.10.0.0/16 and then click OK. 26. In the Add Rule (Finance Remote Administration) dialog box, click OK. 27. On the Network Security Rules page, ensure that the Finance File Sharing and Finance Remote Administration check boxes are selected, and then click Next. 28. On the Registry Settings page, click Next. 29. On the Require SMB Security Signatures page, click Next. 30. On the Outbound Authentication Methods page, ensure that the Domain Accounts check box is selected, and then click Next. 31. On the Outbound Authentication using Domain Accounts page, select the Clocks that are synchronized with the selected servers clock check box, and then click Next. 32. On the Inbound Authentication Methods page, clear the Computers that require LAN Manager authentication check box, clear the Computers that have not been configured to use NTLMv2 authentication check box, and then click Next. 33. On the Registry Settings Summary page, click Next. 34. On the Audit Policy page, click Next. 35. On the System Audit Policy page, make sure that Audit successful activities is selected, and then click Next. 36. On the Audit Policy Summary page, click Next. 37. On the Save Security Policy page, click Next. 38. On the Security Policy File Name page, in the Security policy file name box, type C:\Windows\security\msscw\Policies\FinanceFileServers and then click Next. 39. On the Apply Security Policy page, make sure that Apply later is selected, and then click Next. 40. On the Completing the Security Configuration Wizard page, click Finish. Task 2: Convert the security policy to a security template 1. Click Start, and then click Command Prompt. 2. At the command prompt, type cd \windows\security\msscw\policies and then press ENTER. 3. Type scwcmd transform /p:FinanceFileServers.xml /g:FinanceServerSecurity and then press ENTER. 4. Close the Command Prompt window. Task 3: Create an OU for the Finance file servers 1. Click Start, point to Administrative Tools, and then click Group Policy Management. 2. In Group Policy Management, expand Forest: WoodgroveBank.com, expand Domains, right-click WoodegroveBank.com, and then click New Organizational Unit.

3. In the New Organizational Unit dialog box, type Finance File Servers and then click OK. Task 4: Link the FinanceServerSecurity GPO to the Finance File Servers OU 1. In Group Policy Management, expand WoodgroveBank.com, right-click Finance File Servers, and then click Link an Existing GPO. 2. In the Select GPO dialog box, click FinanceServerSecurity, and then click OK. 3. Close Group Policy Management.

Lab Shutdown On the host computer, click Start, point to All Programs, point to Microsoft Virtual Server, and then click Virtual Server Administration Website. 2. Under Navigation, click Master Status. For each virtual machine that is running, click the virtual machine name, and, in the shortcut menu, click Turn off Virtual Machine and Discard Undo Disks. Click OK. 1.

Module 6

Exercise 1: Identifying the Application Server Role Services That Are Required to Support the Application
Scenario

In this exercise, you will analyze the requirements of the customer relations application and list which Application Server role services are required. The main tasks for this exercise are as follows:
List the available functionality. List the application requirements. Identify which additional functionality is required.

Task 1: List the available functionality 1. List the role services that Application Server Foundation provides and the functionality that the role services provide. The following table shows some possible answers. Service Windows Communication Foundation (WCF) Windows Workflow Foundation (WF) Windows Presentation Foundation (WPF) Functionality Enables components of applications to communicate Enables you to build processes and workflows into applications Graphical framework that is seldom used in server-based applications

2. List the additional role services and the functionality that they provide. The following table shows some possible answers. Service Web server COM+ Network Access Windows Activation Service (WAS) Functionality Provides Hypertext Transfer Protocol (HTTP) access Provides remote invocation capabilities to Enterprise Services components (WCF has superseded this technology) Process activation model

Service Net.TCP Port Sharing Distributed Transaction Coordinator (DTC)

Functionality Enables applications to share port numbers Provides transactional support

Task 2: List the application requirements List the application requirements.

The following table shows some possible answers. Application Customer relations Requirements Contact information updated simultaneously; intranet application connectivity; updates sales database

Sales Windows Create workflows to model sales processes SharePoint Services 3.0 site Sales application Finance HR Nothing prevents sales users from searching or updating data High security; robust validation; limited port numbers Web-based and Windows-based; cannot be redeveloped

Task 3: Identify which additional functionality is required 1. List the application requirements and the features that provide this functionality.

The following table shows some possible answers. Requirement Create workflows Transactional support Intranet connectivity Web front end Feature WF (the .NET Framework 3.0) DTC WCF (the .NET Framework 3.0) Web server

2. Identify the additional role services that are required.

The following table shows some possible answers. Requirement Transactional support Web front end Feature DTC Web server

Exercise 2: Determining Whether There Are Any Compatibility Issues with Existing Applications on the Server
In this exercise, you will list the requirements of all of the applications, including the new customer relations application, and determine whether there are any compatibility issues. Note that, if a requirement is not listed for a particular application, it can be considered compatible in this regard. The main tasks for this exercise are as follows:
List the requirements for each application. List application compatibility issues. Resolve compatibility issues.

Task 1: List the requirements for each application 1. List the security requirements of each application. 2. List the networking requirements of each application. 3. List the .NET Framework requirements of each application. The following table shows some possible answers. Application Customer relations Sales application Finance HR Requirements Contact information updated simultaneously; intranet application connectivity; updates sales database Nothing prevents sales users from searching or updating data High security; robust validation; limited port numbers Web-based and Windows-based; cannot be redeveloped; compatible with the .NET Framework 2.0

Task 2: List application compatibility issues 1. List compatibility issues between applications. 2. List compatibility issues between applications and the server.

Answers should include: The customer relations application could prevent sales users from updating information. It may not be possible to run other Web applications with Windows SharePoint Services on the same server. Web applications that run on earlier versions of Internet Information Services (IIS) may be incompatible with the IIS 7.0 integrated pipeline. Too many port numbers may be in use. The applications may require the .NET Framework 2.0.

Task 3: Resolve compatibility issues If there are compatibility issues from the previous task, determine the best course of action to resolve them.

Answers should include: The customer relations application is updating contact information, but the sales application is updating sales information. Good application design should prevent any conflicts. When Windows SharePoint Services 3.0 is installed, users can still create and request other Web sites and Web content. If Web applications are incompatible with the IIS 7.0 integrated pipeline, you can create application pools to run in classic mode side-byside with applications that can use integrated mode. You can use Net.TCP Port Sharing to reduce port numbers. The .NET Framework 3.0 is compatible with the .NET Framework 2.0.

Exercise 3: Configuring the Application Server

In this exercise, you will add the Application Server role and install Windows SharePoint Services 3.0. The main tasks for this exercise are as follows:
Add the Application Server role to 6430A-NYC-SVR1-03. Install Windows SharePoint Services 3.0. Check workflow availability in Windows SharePoint Services 3.0.

Task 1: Add the Application Server role to 6430A-NYC-SVR1-03 1. 2. 3. 4. 5. Log on to 6430A-NYC-SVR1-03 by using the following information: o User name: Woodgrovebank\Administrator o Password: Pa$$w0rd Click Start, and then click Server Manager. In Server Manager, click Roles, and under Roles Summary, click Add Roles. In the Add Roles Wizard, on the Before You Begin page, click Next. On the Select Server Roles page, select the Application Server check box. In the Add Roles Wizard dialog box, click Add Required Features.

6. On the Select Server Roles page, click Next. 7. On the Application Server page, click Next. 8. On the Select Role Services page, select the Web Server (IIS) Support check box. In the Add Roles Wizard dialog box, click Add Required Role Services. 9. On the Select Role Services page, select the TCP Port Sharing check box, select the Distributed Transactions check box, and then click Next. 10. On the Choose a Server Authentication Certificate for SSL Encryption page, click Choose a certificate for SSL encryption later, and then click Next. 11. On the Web Server (IIS) page, click Next. 12. On the Select Role Services page, click Next. 13. On the Confirm Installation Selections page, click Install. 14. On the Installation Results page, click Close. 15. Close Server Manager. Task 2: Install Windows SharePoint Services 3.0 1. Click Start, and then click Run. 2. In the Run dialog box, in the Open box, type E:\Labfiles\Mod06\SharePoint.exe and then press ENTER. 3. On the Read the Microsoft Software License Terms page, select the I accept the terms of the agreement check box, and then click Continue. 4. On the Choose the installation you want page, click Basic. 5. In the Microsoft Windows SharePoint Services 3.0 dialog box, click Close. 6. In the SharePoint Products and Technologies Configuration Wizard, on the Welcome to SharePoint Products and Technologies page, click Next. 7. In the SharePoint Products and Technologies Configuration Wizard dialog box, click Yes. Wait for the SharePoint Products and Technologies Configuration Wizard; this may take up to 10 minutes. 8. On the Configuration Successful page, click Finish. Task 3: Check workflow availability in Windows SharePoint Services 3.0 1. 2. 3. 4. 5. 6. 7. 8. 9. In the Connect to NYC-SVR1.woodgrovebank.com dialog box, in the User name box, type woodgrovebank\administrator In the Password box, type Pa$$w0rd and then click OK. In the Internet Explorer dialog box, click Add. In the Trusted Sites dialog box, click Add, and then click Close. In the Microsoft Internet Explorer Internet browser, on the Team Site page, click Shared Documents. On the Shared Documents page, click Settings, and then click Document Library Settings. On the Customize Shared Documents page, click Workflow settings. On the Add a Workflow: Shared Documents page, click Cancel. Close Internet Explorer.

Lab Shutdown 1. On the host computer, click Start, point to All Programs, point to Microsoft Virtual Server, and then click Virtual Server Administration Website. 2. Under Navigation, click Master Status. For each virtual machine that is running, click the virtual machine name, and, in the shortcut menu, click Turn off Virtual Machine and Discard Undo Disks. Click OK.

Module 7

Exercise 1: Planning Hardware Requirements for Windows Server 2008

In this exercise, you will identify the hardware that is required to support line-of-business (LOB) applications. This should list a standard configuration without high availability. The main tasks for this exercise are as follows:
List the hardware that is required for the Web servers. List the hardware that is required for the customer records database.

Task 1: List the hardware that is required for the Web servers List the hardware that is required for the Web servers.

Answers should include: One Windows Server. A firewall.

Task 2: List the hardware that is required for the customer records database List the hardware that is required for the customer records database.

Answers should include: One Windows Server with a database application.

Exercise 2: Planning for Network Load Balancing

Scenario

The Internet banking interface has the current configuration:

One Windows Server 2003 server. Minimal data storage because all data is stored on the banking mainframe system.

You must upgrade the Internet banking Web servers to meet the following requirements:
Increase throughput by 300 percent. Increase availability. The service must be available in case of application failure, server failure, or routine maintenance.

In this exercise, you will plan to upgrade the Woodgrove Bank Web servers.

The main tasks for this exercise are as follows:

Assess whether NLB provides the optimum solution. Assess whether existing hardware meets requirements. List any new hardware or hardware upgrades that are required.

Task 1: Assess whether NLB provides the optimum solution Assess whether NLB provides the optimum solution.

Answers should include: Network load balancing provides a superior solution because it will increase the throughput and meet the availability requirements. A failover cluster with each node having increased throughput could meet the requirements, but would have a much higher cost.

Task 2: Assess whether existing hardware meets requirements Assess whether existing hardware meets requirements.

Answers should include: The existing hardware does not meet requirements.

Task 3: List any new hardware or hardware upgrades that are required List any new hardware or hardware upgrades that are required.

Answers should include: Three more servers are required. Assessment of firewalls for the increased throughput.

Exercise 3: Planning for a High-Availability LOB Application

The customer records system has the current configuration:
One Windows Server 2003 server with the Microsoft SQL Server 2005 database software. 500 GB of database storage. Approximately 3 percent of records are updated each day.

You must upgrade the customer records system to meet the following requirements:
Increase availability. The service must be available in case of application failure, server failure, or routine maintenance. Provide availability even if there is a whole-site failure.

In this exercise, you will plan to upgrade the Woodgrove Bank customer records system. The main tasks for this exercise are as follows:
Assess whether failover clustering provides the optimum solution. Assess whether existing hardware meets requirements. List any new hardware or hardware upgrades that are required. List the specific configuration for this system with a network schematic, type of quorum, and so on.

Task 1: Assess whether failover clustering provides the optimum solution Assess whether failover clustering provides the optimum solution.

Answers should include: Failover clustering provides the optimum solution because it supports geographically dispersed clusters.

Task 2: Assess whether existing hardware meets requirements Assess whether existing hardware meets requirements.

Answers should include: The existing hardware does not meet requirements.

Task 3: List any new hardware or hardware upgrades that are required List any new hardware or hardware upgrades that are required.

Answers should include: The whole solution must have a duplicate copy at the second site.

Task 4: List the specific configuration for this system with a network schematic, type of quorum, and so on List the specific configuration for this system with a network schematic, type of quorum, and so on.

Answers should include: There should be considerations for keeping the data transactionally upto-date at both sites. A geographically dispersed cluster is required when you use a majority node set (MNS) quorum model. There should be considerations for data security between sites because previously this data was not accessible from the Internet.

Exercise 4: Implementing Network Load Balancing

Scenario

In this exercise, you will create the new NLB cluster configuration for the Woodgrove Bank Web servers. The main tasks for this exercise are as follows:
Install the Web Server role on 6430A-NYC-NLB2-07. Copy the Web site content to 6430A-NYC-NLB2-07. Configure the cluster network adapter. Install the NLB feature. Configure the cluster network adapter on 6430A-NYC-NLB1-07. Install the NLB feature on 6430A-NYC-NLB1-07. Create the NLB cluster. Add a DNS host record.

Task 1: Install the Web Server role on 6430A-NYC-NLB2-07 1. Log on to 6430A-NYC-NLB2-07 by using the following information: o User name: Woodgrovebank\Administrator o Password: Pa$$w0rd 2. On 6430A-NYC-NLB2-07, click Start, and then click Server Manager. 3. In Server Manager, click Roles, and then under Roles Summary, click Add Roles. 4. In the Add Roles Wizard, on the Before You Begin page, click Next. 5. On the Select Server Roles page, select the Web Server (IIS) check box. 6. In the Add Roles Wizard dialog box, click Add Required Features. 7. On the Select Server Roles page, click Next. 8. On the Web Server (IIS) page, click Next. 9. On the Select Role Services page, select the ISAPI Filters, ISAPI Extensions, and ASP check boxes, and then click Next. 10. On the Confirm Installation Selections page, click Install. 11. On the Installation Results page, click Close. 12. Close Server Manager. Task 2: Copy the Web site content to 6430A-NYC-NLB2-07 1. Click Start, and then click Run. 2. In the Run dialog box, in the Open box, type \\NYCNLB1\C$\inetpub\wwwroot and then press ENTER. 3. In Windows Explorer, on the Edit menu, click Select All, and then on the Edit menu, click Copy. 4. In the address bar, type C:\inetpub\wwwroot and then press ENTER. 5. In Windows Explorer, on the Edit menu, click Paste. 6. In the Copy File dialog box, select the Do this for the next 1 conflicts check box, and then click Copy and Replace. 7. Close Windows Explorer.

Task 3: Configure the cluster network adapter 1. Click Start, right-click Network, and then click Properties. 2. In Network and Sharing Center, click Manage network connections. 3. Right-click Local Area Connection 2, and then click Rename. In the Local Area Connection 2 box, type Cluster and then press ENTER. 4. Right-click Cluster and then click Properties. 5. In the Cluster Properties dialog box, click Internet Protocol Version 4 (TCP/IPv4), and then click Properties. 6. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, click Use the following IP address. Type in the following information, and then click OK: o IP address: 192.168.1.2 o Subnet mask: 255.255.255.0 7. In the Cluster Properties dialog box, click Close. 8. Close Network Connections. 9. Close Network and Sharing Center. Task 4: Install the NLB feature 1. Click Start, and then click Server Manager. 2. In Server Manager, click Features, and then under Features Summary, click Add Features. 3. In the Add Features Wizard, on the Select Features page, select the Network Load Balancing check box, and then click Next. 4. On the Confirm Installation Selections page, click Install. 5. On the Installation Results page, click Close. 6. Close Server Manager. Task 5: Configure the cluster network adapter on 6430A-NYC-NLB1-07 Log on to 6430A-NYC-NLB1-07 by using the following information: o User name: Woodgrovebank\Administrator o Password: Pa$$w0rd 2. Switch to 6430A-NYC-NLB1-07. Click Start, right-click Network, and then click Properties. 3. In Network and Sharing Center, click Manage network connections. 4. Right-click Local Area Connection 2, and then click Rename. In the Local Area Connection 2 box, type Cluster and then press ENTER. 5. Right-click Cluster and then click Properties. 6. In the Cluster Properties dialog box, click Internet Protocol Version 4 (TCP/IPv4), and then click Properties. 7. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, click Use the following IP address. Type in the following information, and then click OK: o IP address: 192.168.1.1 o Subnet mask: 255.255.255.0 8. In the Cluster Properties dialog box, click Close. 9. Close Network Connections. 10. Close Network and Sharing Center. 1.

Task 6: Install the NLB feature on 6430A-NYC-NLB1-07 1. Click Start and then click Server Manager. 2. In Server Manager, click Features, and then under Features Summary, click Add Features. 3. In the Add Features Wizard, on the Select Features page, select the Network Load Balancing check box, and then click Next. 4. On the Confirm Installation Selections page, click Install. 5. On the Installation Results page, click Close. 6. Close Server Manager. Task 7: Create the NLB cluster 1. Click Start, point to Administrative Tools, and then click Network Load Balancing Manager. 2. In Network Load Balancing Manager, right-click Network Load Balancing Clusters, and then click New Cluster. 3. In the New Cluster: Connect dialog box, in the Host box, type NYCNLB1 and then click Connect. 4. Under Interfaces available for configuring a new cluster, click Local Area Connection, and then click Next. 5. In the New Cluster: Host Parameters dialog box, click Next. 6. In the New Cluster: Cluster IP Addresses dialog box, click Add. 7. In the Add IP Address dialog box, type the following information and then click OK: o IPv4 address: 10.10.0.90 o Subnet mask: 255.255.0.0 8. In the New Cluster: Cluster IP Addresses dialog box, click Next. 9. In the New Cluster: Cluster Parameters dialog box, in the Full Internet name box, type web.woodgrovebank.com and then click Next. 10. In the New Cluster: Port Rules dialog box, click Finish. Wait for the configuration change to complete before you proceed to the next step. 11. In Network Load Balancing Manager, right-click web.woodgrovebank.com (10.10.0.90), and then click Add Host To Cluster. 12. In the Add Host to Cluster: Connect dialog box, in the Host box, type NYC-NLB2 and then click Connect. 13. Under Interfaces available for configuring a new cluster, click Local Area Connection, and then click Next. 14. In the Add Host to Cluster: Host Parameters dialog box, ensure that 10.10.0.92 is selected, and then click Next. 15. In the Add Host to Cluster: Port Rules dialog box, click Finish. Wait for the configuration change to complete before you proceed to the next step.

Task 8: Add a DNS host record Log on to 6430A-NYC-DC1-02 by using the following information: o User name: Woodgrovebank\Administrator o Password: Pa$$w0rd 2. Switch to 6430A-NYC-DC1-02. Click Start, point to Administrative Tools, and then click DNS. 1.

3. In DNS Manager, expand NYC-DC1, expand Forward Lookup Zones, and then click WoodgroveBank.com. 4. Right-click WoodgroveBank.com, and then click New Host (A or AAAA). 5. In the New Host dialog box, in the Name box, type web 6. In the IP address box, type 10.10.0.90 and then click Add Host. 7. In the DNS dialog box, click OK. 8. In the New Host dialog box, click Done. 9. Close DNS Manager. 10. Click Start, point to All Programs, and then click Internet Explorer. 11. In Internet Explorer, in the address bar, type http://web.woodgrovebank.com and then press ENTER. 12. Ensure that the Woodgrove Bank test site appears correctly. 13. Close Internet Explorer. Lab Shutdown On the host computer, click Start, point to All Programs, point to Microsoft Virtual Server, and then click Virtual Server Administration Website. 2. Under Navigation, click Master Status. For each virtual machine that is running, click the virtual machine name, and, in the shortcut menu, click Turn off Virtual Machine and Discard Undo Disks. Click OK. 1.

Module 8

Exercise 1: Evaluating Log Files and Reports

In this exercise, you will review the System and Directory Service event logs on the 6430A-NYC-DC1-08 domain controller. The main tasks for this exercise are as follows:
Review the System event log. Review the Directory Service event log.

Task 1: Review the System event log 1. Log on to 6430A-NYC-DC1-08 by using the following information: o User name: woodgrovebank\administrator o Password: Pa$$w0rd 2. Click Start, point to Administrative Tools, and then click Event Viewer. 3. In Event Viewer, under Event Viewer (Local), expand Windows Logs, and then click System. 4. Review the contents of the System event log. Are there any warning or error messages that cause concern? There are Event ID 5719 errors, which indicate trusted domain availability problems. There may also be other errors or warnings. Task 2: Review the Directory Service event log 1. In Event Viewer, expand Applications and Services Logs, and then click Directory Service. 2. Review the contents of the Directory Service event log. Are there any warning or error messages that cause concern?

There are Event ID 1308 warnings, which indicate that domain controller replication has failed. There may also be Event ID 1864 errors, which indicate serious failures with AD replication. In addition, there will typically be other errors and warnings. 3. Close Event Viewer.

Exercise 2: Planning the Maintenance Schedule

You are concerned about the replication errors on the Active Directory directory service that were previously identified for the Woodgrove Bank domain controllers. You want to closely monitor the replication status to ensure that the problem is fixed and replication is consistent. You also want to monitor disk space on the domain controllers to ensure that this factor is not causing any problems with Active Directory.

In this exercise, you will specify the frequency of maintenance tasks for the domain controllers in Woodgrove Bank. The main task for this exercise is to plan the maintenance schedule.
Task: Plan the maintenance schedule In the following table, identify the frequency for the tasks that are identified. Frequency Weekly Daily Weekly Daily

Task Review System event log Review Directory Service event log Check free disk space Check backup completed successfully

Exercise 3: Automating Maintenance Tasks

You decide that it will be easier to review the Directory Service log information from a single, central location. You also want to produce a simple report about disk space across several servers at the same time. In this exercise, you will configure event forwarding for Directory Service events. The main tasks for this exercise are as follows:
Forward Directory Service replication error messages to a central location. Run a script to review disk space.

Task 1: Forward Directory Service replication error messages to a central location 1. 2. 3. 4. 5. On 6430A-NYC-DC1-08, click Start, point to Administrative Tools, and then click Active Directory Users and Computers. In Active Directory Users and Computers, expand WoodgroveBank.com, and then click Builtin. Right-click Administrators, and then click Properties. In the Administrators Properties dialog box, on the Members tab, click Add. In the Select Users, Contacts, Computers, or Groups dialog box, click Object Types.

6. In the Object Types dialog box, select the Computers check box, and then click OK. 7. In the Select Users, Contacts, Computers, or Groups dialog box, in the Enter the object names to select box, type NYC-SVR1 and then click OK. 8. In the Administrators Properties dialog box, click OK. 9. Close Active Directory Users and Computers. 10. Log on to 6430A-NYC-SVR1-08 by using the following information: o User name: woodgrovebank\administrator o Password: Pa$$w0rd 11. Click Start, point to Administrative Tools, and then click Event Viewer. 12. In Event Viewer, under Event Viewer (Local), click Subscriptions. 13. In the Event Viewer dialog box, click Yes. 14. In Event Viewer, right-click Subscriptions, and then click Create Subscription. 15. In the Subscription Properties dialog box, in the Subscription name box, type Replication Errors 16. Ensure that Forwarded Events is selected in the Destination log list, and then click Select Computers. 17. In the Computers dialog box, click Add Domain Computers. 18. In the Select Computer dialog box, in the Enter the object name to select box, type NYC-DC1 and then click OK. 19. In the Computers dialog box, click OK. 20. In the Subscription Properties dialog box, click Select Events. 21. In the Query Filter dialog box, on the XML tab, select the Edit query manually check box. 22. In the Event Viewer dialog box, click Yes. 23. In the Query Filter dialog box, type the following code example, and then click OK. <QueryList> <Query Id="0" Path="Directory Service"> <Select Path="Directory Service">*[System[(Level=2 or Level=3) and (EventID=1308 or EventID=1864)]]</Select> </Query> </QueryList> 24. In the Subscription Properties dialog box, click OK. 25. Close Event Viewer. Task 2: Run a script to review disk space On 6430A-NYC-SVR1-08, click Start, point to All Programs, click Accessories, and then click Notepad. 2. Type the following code example into Notepad. 1. $aryComputers = "NYC-DC1","NYC-SVR1" Set-Variable -name intDriveType -value 3 -option constant foreach ($strComputer in $aryComputers) {"Hard drives on: " + $strComputer Get-WmiObject -class win32_logicaldisk -computername $strComputer | Where {$_.drivetype -eq $intDriveType} | Format-table}

3. On the File menu, click Save As. 4. In the Save As dialog box, in the Save as type box, select All Files, in the File name box, type DriveReport.ps1 and then click Save. 5. Close Notepad. 6. Click Start, point to All Programs, click Windows PowerShell 1.0, and then click Windows PowerShell. 7. At the prompt in the Windows PowerShell command-line interface, type Set-ExecutionPolicy unrestricted and then press ENTER. 8. Type C:\Users\Administrator.Woodgrovebank\Documents\DriveReport. ps1 and then press ENTER. 9. Review the results of the script. 10. Close Windows PowerShell. Lab Shutdown On the host computer, click Start, point to All Programs, point to Microsoft Virtual Server, and then click Virtual Server Administration Website. 2. Under Navigation, click Master Status. For each virtual machine that is running, click the virtual machine name, and, in the shortcut menu, click Turn off Virtual Machine and Discard Undo Disks. Click OK. 1.

Module 9

Exercise 1: Evaluating the Existing Server Environment

Woodgrove Bank has many servers that host file shares throughout several locations in the company. The management team has decided that these shares must be unified into a few distinct hierarchies to make it easier for users to navigate and find the data that they require. The following table shows the number of shares across various locations within the WoodgroveBank.com domain.
Number of servers with file shares 350 300 18 16 30 3 2 Number of file shares 2,500 2,000 250 250 350 20 15

Location New York Washington Dallas Seattle San Francisco Boston Miami

The management team has asked you to create five namespaces, two of which will include 20 folder targets, another will include 25 folder targets, the fourth will include 50 folder targets, and all other folder targets should be unified under a common root. Each namespace will include folders from all locations. In this exercise, you will list the requirements for deploying the Distributed File System (DFS) to meet the requirements that are stated in the scenario. The main task for this exercise is to identify DFS requirements.
Task: Identify DFS requirements List the DFS requirements for Woodgrove Bank in the following table.

Requirements The DFS implementation requires one of the following: The domain upgraded to the Windows Server 2008 operating system mode A stand-alone DFS namespace

This is to support more than 5,000 folders with targets in the

Requirements largest hierarchy. You may also choose to specify DFS namespace servers at each location if you decide on a domain-based namespace.

Exercise 2: Deployment Considerations for DFS

Woodgrove Bank has started a project to upgrade all domain controllers in the WoodgroveBank.com domain to Windows Server 2008; this project will be completed in six months. The management team has also decided that staff in the Miami or Boston offices should not perform file server backupsstaff at the New York office should perform these backups. There is a public data store that contains corporate policy documents and information that should be available to every employee. These folders should be replicated to every office. There is also a projects folder that is currently hosted on a server in the New York office. This folder contains files for collaboration purposes, which users across all offices change and update when they work on projects. Users often update files in this folder several times a day for current projects. The following diagram shows the wide area network (WAN) topology for the WoodgroveBank.com domain, where each office is configured as an Active Directory directory service site and there is at least one domain controller in every office.

In this exercise, you will make decisions and answer questions regarding the deployment of DFS for Woodgrove Bank.

The main task for this exercise is to identify deployment solutions.

Task: Identify deployment solutions 1. How soon can you implement your proposed DFS solution in the WoodgroveBank.com domain? This will depend on the answer for the previous exercise. If you decided to implement a stand-alone DFS namespace, you could do this immediately. If you decided to implement a domain-based namespace, you may be able to start implementing some of the DFS solution immediately, such as the smaller namespaces and the DFS servers, but you must complete the domain controller upgrade project and upgrade the domain to Windows Server 2008 mode before you can complete the largest DFS namespace. 2. How can you enable administrators in the New York office to perform backup tasks for data in the Miami and Boston offices? You can create a replication group by using DFS and replicate the Miami and Boston data with a server in New York. Administrators at New York can then back up data from the replicated copy of the data. 3. What replication topology would you specify as a starting point for the public data folders? Use the following table to record your answer. Topology Hub and spoke Full mesh No topology (create all connectors manually) 4. What solution would you propose for the projects folder that is currently hosted only in the New York office? This folder could stay as it is, or it could use a collaborative storage mechanism such as Windows SharePoint Services. This highly collaborative data is not well suited for DFS Replication because the frequent updates can cause replication conflicts. Selection Y

Exercise 3: Designing a High-Availability DFS Solution

Scenario

The DFS implementation project is underway in the WoodgroveBank.com domain and the management team has decided that it is essential that the DFS implementation is highly available.

These are the updated DFS requirements:

All DFS namepsaces must be highly available. 200 folders in the New York office and 180 folders in the Washington office must be available if a single server that is hosting the share fails.

In this exercise, you must identify high-availability DFS solutions for the WoodgroveBank.com domain. The main tasks for this exercise are as follows:
Propose a high-availability solution for the DFS namespaces. Propose a high-availability solution for the stored data.

Task 1: Propose a high-availability solution for the DFS namespaces How can you ensure that the DFS namespaces from the previous exercise are highly available? o If you decided on stand-alone DFS namespaces, you should implement the namespace as a cluster resource on a server cluster to provide high availability. o If you decided on domain-based namespaces, you should implement additional DFS namespace servers in the same domain.

Task 2: Propose a high-availability solution for the stored data How can you ensure that the data that is stored on the file servers is highly available? o You could use DFS Replication to ensure that more than one server has a copy of the data and use multiple folder targets to provide seamless client access. Both stand-alone and domain-based namespaces support DFS Replication. o You could also create the file shares as a cluster resource on a server cluster to provide high availability for your data. In this case, you would require only one folder target.

Exercise 4: Implementing a High-Availability DFS Solution

In this exercise, you will implement a high-availability DFS solution for the New York office by using two file servers. The main tasks for this exercise are as follows:
Add the DFS Replication server role to 6430A-NYC-SVR2-04. Add the File Server role to 6430A-NYC-SVR1-03. Create the DFS namespace. Add folder targets to the DFS namespace and configure replication. Test the replication and availability of the DFS target folder.

Task 1: Add the DFS Replication server role to 6430A-NYC-SVR2-04 1. Log on to 6430A-NYC-SVR2-04 by using the following information: o User name: Woodgrovebank\Administrator o Password: Pa$$w0rd 2. At the command prompt, type Start /w ocsetup DFSR-InfrastructureServerEdition and then press ENTER. 3. At the command prompt, type netsh firewall set service fileandprint enable and then press ENTER. 4. Type netsh advfirewall firewall set rule group="remote administration" new enable=yes and then press ENTER.

Task 2: Add the File Server role to 6430A-NYC-SVR1-03 1. Log on to 6430A-NYC-SVR1-03 by using the following information: o User name: Woodgrovebank\Administrator o Password: Pa$$w0rd 2. Switch to 6430A-NYC-SVR1-03. Click Start, and then click Command Prompt. 3. At the command prompt, type ServerManagerCmd -install FSFileServer FS-DFS FS-Search-Service Backup-Features and then press ENTER. 4. Close the Command Prompt window.

Task 3: Create the DFS namespace Click Start, point to Administrative Tools, and then click DFS Management. 2. In DFS Management, under Actions, click New Namespace. 3. In the New Namespace Wizard, on the Namespace Server page, in the Server box, type NYC-DC1 and then click Next. 4. On the Namespace Name and Settings page, in the Name box, type NYC and then click Next. 5. On the Namespace Type page, clear the Enable Windows Server 2008 mode check box, and then click Next. 6. On the Review Settings and Create Namespace page, click Create. 7. On the Confirmation page, click Close. 8. In DFS Management, expand Namespaces, right-click \\WoodgroveBank.com\NYC, and then click Add Namespace Server. 9. In the Add Namespace Server dialog box, in the Namespace server box, type NYC-SVR1 and then click OK. 10. In the Warning dialog box, click Yes. 1. Task 4: Add folder targets to the DFS namespace and configure replication 1. 2. 3. 4. 5. In DFS Management, right-click \\WoodgroveBank.com\NYC, and then click New Folder. In the New Folder dialog box, in the Name box, type Marketing and then click Add. In the Add Folder Target dialog box, click Browse. In the Browse for Shared Folders dialog box, click New Shared Folder. In the Create Share dialog box, click Browse.

6. In the Browse For Folder dialog box, click c$, and then click Make New Folder. 7. In the New Folder box, type Marketing and press ENTER, and then click OK. 8. In the Create Share dialog box, in the Share name box, type Marketing and click All users have read and write permissions, and then click OK. 9. In the Browse for Shared Folders dialog box, click OK. 10. In the Add Folder Target dialog box, click OK. 11. In the New Folder dialog box, click Add. 12. In the Add Folder Target dialog box, click Browse. 13. In the Browse for Shared Folders dialog box, in the Server box, type NYC-SVR2 and click Show Shared Folders, and then click New Shared Folder. 14. In the Create Share dialog box, click Browse. 15. In the Browse For Folder dialog box, click c$, and then click Make New Folder. 16. In the New Folder box, type Marketing and press ENTER, and then click OK. 17. In the Create Share dialog box, in the Share name box, type Marketing and click All users have read and write permissions, and then click OK. 18. In the Browse for Shared Folders dialog box, click OK. 19. In the Add Folder Target dialog box, click OK. 20. In the New Folder dialog box, click OK. 21. In the Replication dialog box, click Yes. 22. In the Replicate Folder Wizard, on the Replication Group and Replicated Folder Name page, in the Replication group name box, type NYC Marketing Folder and then click Next. 23. On the Replication Eligibility page, click Next. 24. On the Primary Member page, in the Primary member box, click NYCSVR1, and then click Next. 25. On the Topology Selection page, click Next. 26. On the Replication Group Schedule and Bandwidth page, click Next. 27. On the Review Settings and Create Replication Group page, click Create. 28. On the Confirmation page, click Close. 29. In the Replication Delay dialog box, read the message, and then click OK. 30. Close DFS Management. Task 5: Test the replication and availability of the DFS target folder 1. 2. 3. 4. 5. 6. 7. 8. Log on to 6430A-NYC-DC1-02 by using the following information: o User name: Woodgrovebank\Administrator o Password: Pa$$w0rd Switch to 6430A-NYC-DC1-02. Click Start, and then click Run. In the Run dialog box, in the Open box, type \\woodgrovebank.com\NYC\Marketing and then click OK. In Windows Explorer, on the File menu, point to New, and then click Rich Text Document. In the New Rich Text Document box, type Replication Test and then press ENTER. Double-click Replication Test.rtf. In Wordpad, type some text, and then on the File menu, click Exit.

9. In the Wordpad dialog box, click Save. 10. In Windows Explorer, in the address bar, then press ENTER. 11. Ensure that the Replication Test.rtf file is 12. In Windows Explorer, in the address bar, then press ENTER. 13. Ensure that the Replication Test.rtf file is 14. Close Windows Explorer. Lab Shutdown

type \\NYC-SVR1\Marketing and present in the shared folder. type \\NYC-SVR2\Marketing and present in the shared folder.

On the host computer, click Start, point to All Programs, point to Microsoft Virtual Server, and then click Virtual Server Administration Website. 2. Under Navigation, click Master Status. For each virtual machine that is running, click the virtual machine name, and, in the shortcut menu, click Turn off Virtual Machine and Discard Undo Disks. Click OK. 1.

Module 10 Exercise 1: Evaluating the Existing Backup Plan

Scenario

At Woodgrove Bank, data for several departments is stored across servers on the network. In the New York office, several file servers are part of a domain-based Distributed File System (DFS) namespace and host the following shares:
Sales. This share holds the shared data for the Sales department. The Sales department updates it regularly with budgets, forecasts, and sales figures. Finance. This share holds important data for the Finance department that supplements the Finance application database. The Finance database should not form part of your backup plan. Human Resources. This share holds highly confidential data for the Human Resources department. You have encrypted some of this data by using Encrypting File System (EFS). Technical Library. This share holds technical information, such as white papers and guidance documents, for the IT department. The IT department updates this information infrequently. Projects. This share holds documents that relate to any projects that are running at the New York office and changes frequently.

In addition to the file servers, you are responsible for ensuring that four intranet Web servers and two domain controllers can have the data or server restored in the event of a disaster. Web pages on the intranet Web sites do not change frequently. Currently, there is a scheduled weekly backup of the volumes that contain the shares on the file servers and the volumes that contain the Web page content on the Web servers. In this exercise, you must review the existing backup plan against requirements that the management team at Woodgrove Bank have specified. The main tasks for this exercise are as follows:
Review the existing backup plan. Propose changes to the backup plan.

Task 1: Review the existing backup plan 1. You have agreed that no more than one day's data should be lost in the event of a disaster. Critical data includes the Sales, Finance, and Projects data. Does the current backup plan meet this requirement? No. The current weekly backup plan means that, if data is lost, the data that is restored could be up to a week old.

2. Currently, you copy the Human Resources confidential data onto a removable hard disk that is attached to a computer in the Human Resources office. This task is performed weekly by using a script to preserve the encryption on the files. What are the consequences of this process and how would you address them? The issue is that the confidential files are on an easily removable device in an unsecured office. You could provide a secure data storage device, or you could place the removable hard disk in a secure area after the backup job is complete. 3. You have also agreed that, if a server fails, you should be able to restore that server, including all installed roles, features, applications, and security identity, in six hours. Does the current backup plan enable you to restore the servers in this way? No. No system state backups are being performed on the servers, so the servers must be rebuilt in the event of a failure. This would make restoring the original configuration very difficult. Task 2: Propose changes to the backup plan 1. Propose an appropriate backup frequency for the shares in the following table. Frequency Daily Daily Daily Weekly Daily, or perhaps more frequently

Backup Sales Finance Human Resources Technical Library Projects

2. How would you address the requirement to restore the servers and how frequently would you back up the servers? Back up the system state data on the servers so that you can restore them later. The backup should be at an appropriate frequency, so this will depend on how often the server configuration is changed. Typical schedules may be weekly or monthly.

Exercise 2: Updating the Backup Policy

The management team at Woodgrove Bank has decided that a service-level agreement (SLA) should be put in place for the mission-critical data that is stored on the intranet file servers and Web servers. The SLA will specify availability for data and the recovery of deleted items. In addition, Woodgrove Bank must also comply with legal regulations that state how long the bank must keep customer and financial data. Failure to comply with these

requirements entails heavy fines and penalties for the company. You must keep Human Resources and financial information for a minimum of seven years. In the event of an audit, you must provide access to this data within three working days. In this exercise, you will examine the SLA and legal requirements and propose solutions to ensure compliance. The main tasks for this exercise are as follows:
Create a backup strategy to comply with the SLA. Create a backup strategy to comply with legal requirements.

Task 1: Create a backup strategy to comply with the SLA 1. You should be able to restore critical data, which includes the Sales, Finance, and Projects shares, as quickly as possible in the event of a disaster. What factors affect how quickly you can restore data?

The size of the backed-up data and the backup hardware and media both affect how quickly you can restore data. 2. Given that you have a limited budget to meet the SLA requirements, how could you maximize your budget while providing backup for all of the network data for which you are responsible? Consider using a tiered approach to back up and restore: use faster backup hardware and media for critical data, which costs more, but use slower backup hardware and media for noncritical data to reduce costs. Task 2: Create a backup strategy to comply with legal requirements How will you ensure that the required data is stored for the minimum legal requirement period and that the data is available for audit purposes when it is required?

Various approaches are valid, such as: Create separate archive backups for legal compliance purposes. Include only the required data in these archives. A user who has restore privilege is required to access the data if an audit is performed. You must also consider the storage lifetime of the mediaa tape may not retain seven-yearold data if it is not refreshed. Store the legal compliance data on a separate network device such as another server or archive device. This device may offer policies to help you control retention requirements.

Exercise 3: Reviewing Backup Policy and Plans

In this exercise, you will share your solutions with the class in an instructor-led discussion. Be prepared to add solutions from your own experience at work to the discussion.
The main task for this exercise is to discuss your solutions with the class.

Exercise 4: Implementing the Backup Policy

In this exercise, you will implement a Backup policy for the NYC-SVR1 file server. The main tasks for this exercise are as follows:
Initialize the backup storage volume. Create the new backup schedule.

Task 1: Initialize the backup storage volume 1. Log on to 6430A-NYC-SVR1-10 by using the following information: o User name: Woodgrovebank\Administrator o Password: Pa$$w0rd 2. Click Start, point to Administrative Tools, and then click Computer Management. 3. In Computer Management, click Disk Management. 4. In the Initialize Disk dialog box, click OK. 5. In Computer Management, next to Disk 2, right-click Unallocated, and then click New Simple Volume. 6. In the New Simple Volume Wizard, on the Welcome to the New Simple Volume Wizard page, click Next. 7. On the Specify Volume Size page, click Next. 8. On the Assign Drive Letter or Path page, click Next. 9. On the Format Partition page, in the Volume label box, type Backup and select the Perform a quick format check box, and then click Next. 10. On the Completing the New Simple Volume Wizard page, click Finish. 11. Close Computer Management.

Task 2: Create the new backup schedule 1. 2. 3. 4. 5. 6. 7. 8. Click Start, point to Administrative Tools, and then click Windows Server Backup. In Windows Server Backup, under Actions, click Backup Schedule. In the Backup Schedule Wizard, on the Getting started page, click Next. On the Select backup configuration page, click Custom, and then click Next. On the Select backup items page, click Next. On the Specify backup time page, click More than once a day, under Available time, click 12:30 PM, click Add, and then click Next. On the Select destination disk page, click Show All Available Disks. In the Show All Available Disks dialog box, select the Disk 2 check box, and then click OK.

9. On the Select destination disk page, select the Disk 2 check box, and then click Next. 10. In the Windows Server Backup dialog box, click Yes. 11. On the Label destination disk page, click Next. 12. On the Confirmation page, click Finish. 13. On the Summary page, click Close. 14. Close Windows Server Backup. Lab Shutdown On the host computer, click Start, point to All Programs, point to Microsoft Virtual Server, and then click Virtual Server Administration Website. 2. Under Navigation, click Master Status. For each virtual machine that is running, click the virtual machine name, and, in the shortcut menu, click Turn off Virtual Machine and Discard Undo Disks. Click OK. 1.

Module 11

Exercise 1: Evaluating Backup Data

Scenario

Woodgrove Bank has file servers that store shared data for several departments. The server NYC-FS1 has file shares, including the Human Resources (HR) share, on a redundant array of independent disks (RAID) 5 volume that is labeled E:. At present, a member of the backup team performs a manual full backup of the E: volume by using Windows Server Backup on a Friday evening. The backup takes 20 hours to complete because of the volume of data to back up. After the backup completes, the backup team sends a copy of the backup to secure off-site storage. Previous versions are not enabled on the E: volume. In this exercise, you will analyze the backup data against restore requirements. The main tasks for this exercise are as follows:
Evaluate file restoration. Restore Encrypting File System (EFS) files. Evaluate server restore.

Task 1: Evaluate file restoration

On Thursday, a member of the HR department asks you to restore an important file, which he created two days ago but but someone subsequently deleted.
1. Why can you not restore the file? The file was created after the last backup was performed, so the file cannot be restored. 2. How could you change the backup strategy so that it is possible to restore files that have changed more recently? You could perform daily backups to enable you to restore files that are more recent. However, because a full backup takes 20 hours, you must perform incremental backups to reduce the backup time. You can configure this by creating a schedule in Windows Server Backup. 3. What other effects would a change in backup strategy cause? Backup time would be significantly reduced after the first backup. Backup storage requirements would be reduced because subsequent backups store only changes instead of all the data.

Task 2: Restore EFS files Members of the HR department have encrypted some of the files that are stored on the HR share by using EFS. The HR director asks you to restore some encrypted confidential files that were originally written by Tommy Hartono, who has since left the company. After you have restored the files, how can you provide access to the files for the HR director?

To provide access to the restored encrypted files, you require either the key of the authorized user who encrypted the file (Tommy Hartono) or the key of a designated data recovery agent (DRA). Task 3: Evaluate server restore

On Wednesday, the server, NYC-FS1, suffers a hardware failure. Both the C: and E: volumes are lost.
1. How can you restore the server and data? To restore the server, you must perform the following tasks: Reinstall the Windows Server 2008 operating system. Reinstall any required Windows Server 2008 roles and features such as the file server role and the Windows Server Backup feature. c. Reinstall any previously installed applications such as management tools or antivirus software. d. Reconfigure the E: volume. e. Restore the data to the E: volume. 2. How could you make the restore process easier? Regularly backing up the C: volume, including the system state data, would make the server restore easier because you could restore the server from the Windows Recovery Environment (Windows RE). a. b.

Exercise 2: Planning a Restore

In this exercise, you will plan for trial restore operations to test your backups. The main task for this exercise is to plan a trial restore.
Task: Plan a trial restore 1. In the following table, list the hardware and software requirements for performing a trial restore.

Requirements Additional server (physical or virtual)

Requirements Backup hardware; for example, tape drive, connection to network, or connection to storage area network (SAN) Access to backup media; for example, tapes Windows Server 2008 source (DVD) Backup software such as third-party backup software 2. What additional consideration must you make for performing a trial restore of the HR data on NYC-FS1? You must retrieve the off-site backup media for testing. 3. With what types of backup data should you perform a trial restore? You should perform trial restores on all types of backup, including volume backups, complete server backups, and database backups.

Exercise 3: Investigating a Failed Restore

Users have reported that some files in the Technical Library share on 6430A-NYCSVR1-11 appear to be the wrong version. In this exercise, you will investigate the files and resolve the problem. The main tasks for this exercise are as follows:
Determine the reason for the wrong file version. Create a Restore Operators group. Separate the Backup and Restore roles.

Task 1: Determine the reason for the wrong file version 1. Log on to 6430A-NYC-SVR1-11 by using the following information: o Username: Woodgrovebank\Administrator o Password: Pa$$w0rd 2. Click Start, and then click Server Manager. 3. In the Server Manager console, expand Diagnostics, expand Event Viewer, expand Applications and Services Logs, expand Microsoft, expand Windows, expand Backup, and then click Operational. 4. What is the last operation that was performed? A restore operation was performed last. Task 2: Create a Restore Operators group 1. In the Server Manager console, expand Configuration, expand Local Users and Groups, and then click Groups.

2. Right-click Groups, and then click New Group. 3. In the New Group dialog box, in the Group name box, type Restore Operators and then click Create. 4. In the New Group dialog box, click Close. 5. Close Server Manager. Task 3: Separate the Backup and Restore roles 1. Click Start, point to Administrative Tools, and then click Local Security Policy. 2. In the Local Security Policy console, expand Local Policies, and then click User Rights Assignment. 3. Under Policy, double-click Restore files and directories. 4. In the Restore files and directories Properties dialog box, on the Local Security Setting tab, click Backup Operators, and then click Remove. 5. In the Restore files and directories Properties dialog box, on the Local Security Setting tab, click Add User or Group. 6. In the Select Users, Computers, or Groups dialog box, click Locations. 7. In the Locations dialog box, click NYC-SVR1, and then click OK. 8. In the Select Users or Groups dialog box, click Object Types. 9. In the Object Types dialog box, select the Groups check box, and then click OK. 10. In the Select Users or Groups dialog box, under Enter the object names to select, type Restore Operators and then click OK. 11. In the Restore files and directories Properties dialog box, click OK. 12. Close Local Security Policy.

Exercise 4: Restoring System State Data

The infrastructure team at Woodgrove Bank has escalated a problem with Dynamic Host Configuration Protocol (DHCP). The DHCP service on 6430A-NYC-INF-11 cannot start and the server reports a general error. In this exercise, you will perform a system state restore to repair the server. The main tasks for this exercise are as follows:
Check the state of the DHCP service. Perform a system state restore. Check the state of the DHCP service.

Task 1: Check the state of the DHCP service 1. Log on to 6430A-NYC-INF-11 by using the following information: o Username: Woodgrovebank\Administrator o Password: Pa$$w0rd 2. Click Start, point to Administrative Tools, and then click Server Manager. 3. In Server Manager, expand Configuration, and then click Services.

4. Is the DHCPServer service running? No, the DHCPServer service is not running. A general error occurred. 5. Close Server Manager. Task 2: Perform a system state restore 1. Click Start, and then click Command Prompt. 2. At the command prompt, type wbadmin get versions -backuptarget:e: and then press ENTER. Write down the version identifier. 3. At the command prompt, type wbadmin start systemstaterecovery version:<version identifier> -backuptarget:e: and then press ENTER. 4. At the command prompt, type Y and then press ENTER. 5. After the restore operation is complete, at the command prompt, type Shutdown /r and then press ENTER. 6. Log on to 6430A-NYC-INF-11 by using the following information: o Username: Woodgrovebank\Administrator o Password: Pa$$w0rd 7. At the command prompt, press ENTER. Task 3: Check the state of the DHCP service 1. Click Start, point to Administrative Tools, and then click Server Manager. 2. In Server Manager, expand Configuration, and then click Services. 3. Is the DHCP service running?

Yes, the DHCP service is running. Lab Shutdown 1. On the host computer, click Start, point to All Programs, point to Microsoft Virtual Server, and then click Virtual Server Administration Website. 2. Under Navigation, click Master Status. For each virtual machine that is running, click the virtual machine name, and, in the shortcut menu, click Turn off Virtual Machine and Discard Undo Disks. Click OK.

Module 12

Exercise 1: Evaluating Performance Metrics

In this exercise, you will review data collector sets to locate problems and provide troubleshooting advice to technical specialists. The main tasks for this exercise are as follows:
Identify performance problems with Windows Server 2008 - Part A. Identify performance problems with Windows Server 2008 - Part B. Identify performance problems with Windows Server 2008 - Part C.

Task 1: Identify performance problems with Windows Server 2008 - Part A

You know that the server 6430A-NYC-SVR1-12 experiences low network traffic and has limited disk activity, but the help desk is receiving many reports that the server is slow.
1. Log on to 6430A-NYC-SVR1-12 by using the following information: o Username: Woodgrovebank\Administrator o Password: Pa$$w0rd 2. Click Start, point to Administrative Tools, and then click Reliability and Performance Monitor. 3. Expand Monitoring Tools, and then click Performance Monitor. 4. In Performance Monitor, click the View Log Data button (CTRL+L). 5. In the Performance Monitor Properties dialog box, on the Source tab, click Log Files, and then click Add. 6. In the Select Log File dialog box, in the File name box, type E:\Labfiles\Mod12\Ex1A\6430A-NYC-SVR1-LAB12-EX1A.blg and then click Open. 7. In the Performance Monitor Properties dialog box, click OK. 8. In Performance Monitor, click Add (CTRL+I). 9. In the Add Counters dialog box, under Available counters, expand Processor, and then click % Processor Time. 10. Under Instances of selected object, click 0, and then click Add. 11. In the Add Counters dialog box, under Available counters, expand System, click Processor Queue Length, click Add, and then click OK. 12. View the graph of the CPU usage on NYC-SVR1: o The maximum value is 100 percent. o The average value is 82.58 percent. 13. In Performance Monitor, click Add (CTRL+I). 14. In the Add Counters dialog box, under Available counters, expand Process, and then click % Processor Time. 15. Under Instances of selected object, select <All Instances>, click Add, and then click OK. 16. Review the % Processor Time used by each process. It is useful to use the Highlight button (CTRL+ H) to view each instance. Identify the process that is consuming the CPU. The cpustres process is consuming most of the CPU time.

17. Close Reliability and Performance Monitor. Task 2: Identify performance problems with Windows Server 2008 Part B

You know that the server 6430A-NYC-SVR1-12 is not running processor-intensive applications, but the help desk is receiving many reports that the server is slow.
Click Start, point to Administrative Tools, and then click Reliability and Performance Monitor. 2. Expand Monitoring Tools, and then click Performance Monitor. 3. In Performance Monitor, click View Log Data (CTRL+L). 4. In the Performance Monitor Properties dialog box, on the Source tab, click Log files, and then click Add. 5. In the Select Log File dialog box, in the File name box, type E:\Labfiles\Mod12\Ex1B\6430A-NYC-SVR1-LAB12-EX1B.blg and then click Open. 6. In the Performance Monitor Properties dialog box, click OK. 7. In Performance Monitor, click Add (CTRL+I). 8. In the Add Counters dialog box, under Available counters, expand Physical Disk, and then click Avg. Disk Queue Length. 9. Under Instances of selected object, click 0 C:, and then click Add. 10. Under Available counters, click Current Disk Queue Length. 11. Under Instances of selected object, click 0 C:, and then click Add. 12. Under Available counters, click Disk Transfers/sec. 13. Under Instances of selected object, click 0 C:, and then click Add. 14. Under Available counters, expand Process, and then click IO Data Bytes/sec. 15. Under Instances of selected object, click <All Instances>, click Add, and then click OK. 16. Review the IO Data Bytes/sec values for each process. It is useful to use the Highlight button (Ctrl+H) to view each instance. Identify the process that is consuming the disk transfer capacity. The explorer process is consuming the disk resources. 17. Close the Reliability and Performance Monitor. Task 3: Identify performance problems with Windows Server 2008 Part C 1.

You know that the server 6430A-NYC-SVR1-12 experiences low network traffic and is not running processor-intensive applications, but the help desk is receiving many reports that the server is slow.
1. Click Start, point to Administrative Tools, and then click Reliability and Performance Monitor. 2. Expand Monitoring Tools, and then click Performance Monitor. 3. In Performance Monitor, click View Log Data (CTRL+L). 4. In the Performance Monitor Properties dialog box, on the Source tab, click Log files, and then click Add.

5. In the Select Log File dialog box, in the File name box, type E:\Labfiles\Mod12\Ex1C\6430A-NYC-SVR1-LAB12-EX1C.blg and then click Open. 6. In the Performance Monitor Properties dialog box, click OK. 7. In Performance Monitor, click Add (CTRL+I). 8. In the Add Counters dialog box, under Available counters, expand Process, and then click Working Set -Private. 9. Under Instances of selected object, click <All Instances>, and then click Add. 10. Under Available counters, expand Paging File, click % Usage, hold down CTRL, and then click % Usage Peak. 11. Under Instances of selected object, click \??\C:\pagefile.sys, and then click Add. 12. Under Available counters, expand Memory, click % Committed Bytes In Use, hold down CTRL and click Available MBytes, Committed Bytes, Page Faults/sec, Pages/sec, Pool Nonpaged Bytes, Pool Paged Bytes, click Add, and then click OK. 13. View the graph of the memory and process usage on NYC-SVR1-12. Review the minimum and maximum values for each process to locate the problem. (The value for Available Mbytes drops to 4 MB.). Review the Working Set - Private value for each process. It is useful to use the Highlight button (CTRL+H) to view each instance. Determine which process is consuming memory. The leakyapp processes are consuming memory.

Exercise 2: Monitoring Performance Metrics

In this exercise, you will plan the performance metrics that are required to measure the scalability of a server. The main task for this exercise is to create a data collector set to measure server requirements.
Task: Create a data collector set to measure server requirements

Create a data collector set to measure the performance requirements of a file server (this will form the base performance metrics for measuring the capacity of this server).
1. 2. 3. 4. 5. 6. 7. In Reliability and Performance Monitor, expand Data Collector Sets, and then click User Defined. On the Action menu, point to New, and then click Data Collector Set. In the Create new Data Collector Set dialog box, in the Name box, type File-Server-Monitoring and then click Next. On the Which template would you like to use? page, ensure that System Performance is selected, and then click Next. On the Where would you like the data to be saved? page, accept the default location, and then click Next. On the Create the data collector set? page, click Finish. In Reliability and Performance Monitor, double-click File-ServerMonitoring, and then double-click Performance Counter. Review the

properties and add any additional objects and counters that are required. In the Performance Counter Properties dialog box, click OK. 8. Right-click File-Server-Monitoring, and then click Properties. 9. In the File-Server-Monitoring Properties dialog box, on the Stop Condition tab, in the Overall duration box, type 2 and then click OK. 10. In Reliability and Performance Monitor, right-click File-Server-Monitoring, and then click Start. 11. In Reliability and Performance Monitor, on the Action menu, click Latest Report. 12. Review the collected data (after approximately two minutes, the report should show the results of the data collector). 13. Close the Reliability and Performance Monitor.

Exercise 3: Configuring Data Collector Sets

In this exercise, you will configure data collector sets to generate an alert. The main task for this exercise is to generate an alert by using a data collector set.
Task: Generate an alert by using a data collector set

Create a user-defined data collector set and configure an alert to trigger when the CPU reaches a critical state.
1. Click Start, point to All Programs, point to Administrative Tools, and then click Reliability and Performance Monitor. 2. Select Data Collector Sets, and then double-click User Defined. 3. On the Action menu, point to New, and then click Data Collector Set. 4. In the Create new Data Collector Set dialog box, in the Name box, type High-CPU-Monitoring. 5. Click Create manually (Advanced), and then click Next. 6. On the What type of data do you want to include? page, click Performance Counter Alert, and then click Next. 7. On the Which performance counters would you like to monitor? page, click Add. 8. Under Available counters, expand Processor, and then click %Processor Time. 9. Under Instances of selected object, click 0, click Add, and then click OK. 10.On the Which performance counters would you like to monitor? page, in the Limit box, type 95 and then click Next. 11. On the Create the data collector set? page, click Finish. 12. In Reliability and Performance Monitor, double-click High-CPUMonitoring, and then double-click DataCollector01 (you may need to adjust the sample interval time to trigger the alert). 13. In the DataCollector01 Properties dialog box, on the Alert Action tab, select the Log an entry in the application event log check box, and then click OK. 14. Close Reliability and Performance Monitor.

Exercise 4: Evaluating Trends

In this exercise, you will compare your answers to the previous exercises with the rest of the class, share your answers with other students, and learn alternative methods to identify performance issues. The main task for this exercise is to discuss your solutions with the class. You should compare the performance counters that have been used and explain why you have used specific counters to make your decision. You should also consider other counters that other students have used.

Exercise 5: Monitoring Extension Exercise

Scenario

In this exercise, you will create a data collector set to monitor a server that you currently administer. The main task for this exercise is to create a tailored data collector set.
Task: Create a tailored data collector set Use the Reliability and Performance Monitor to create a data collector set for a server in your organization.

Lab Shutdown 1. On the host computer, click Start, point to All Programs, point to Microsoft Virtual Server, and then click Virtual Server Administration Website. 2. Under Navigation, click Master Status. For each virtual machine that is running, click the virtual machine name, and, in the shortcut menu, click Turn off Virtual Machine and Discard Undo Disks. Click OK.

Module 13

Exercise 1: Troubleshooting Network Connectivity

Users on the network are reporting problems when they try to access the NYC-SVR1 server. This server contains several shares for various departments in the New York office. You have been asked to troubleshoot the problem. The main tasks for this exercise are to troubleshoot the network connection problem.
Task: Troubleshoot the network connection problem 1. Log on to 6430A-NYC-SVR1-13 by using the following information: o User name: Woodgrovebank\Administrator o Password: Pa$$w0rd 2. Click Start, and then click Command Prompt. 3. At the command prompt, type ping 10.10.0.10 and then press ENTER. 4. At the command prompt, type ping 127.0.0.1 and then press ENTER. 5. At the command prompt, type ipconfig /all and then press ENTER. 6. Close the Command Prompt window. 7. Click Start, right-click Network, and then click Properties. 8. In Network and Sharing Center, click Diagnose and repair. 9. In the Windows Network Diagnostics dialog box, click Cancel. 10. Close Network and Sharing Center. 11. Click Start, point to Administrative Tools, and then click Computer Management. 12. In Computer Management, click Device Manager. 13. Right-click Intel 21140-Based PCI Fast Ethernet Adapter (Emulated), and then click Properties. 14. In the Intel 21140-Based PCI Fast Ethernet Adapter (Emulated) Properties dialog box, on the General tab, read the Device status message. 15. In the Intel 21140-Based PCI Fast Ethernet Adapter (Emulated) Properties dialog box, on the Driver tab, click Uninstall. 16. In the Confirm Device Uninstall dialog box, click OK. 17. Click Start, point to the shutdown menu, and then click Restart. 18. In the Shut Down Windows dialog box, in the Option list, click Hardware Maintenance (Planned), and then click OK. 19. Log on to 6430A-NYC-SVR1-13 by using the following information. o Username: WoodgroveBank\Administrator o Password: Pa$$w0rd 20. Click Start, right-click Network, and then click Properties. 21. In Network and Sharing Center, click Manage network connections. 22. Right-click Local Area Connection, and then click Properties. 23. In the Local Area Connection Properties dialog box, click Internet Protocol Version 4 (TCP/IPv4), and then click Properties. 24. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, click Use the following IP address, type in the following information, and then click OK: o IP address: 10.10.0.24 o Subnet mask: 255.255.0.0

o Default gateway 10.10.0.1 o Preferred DNS server: 10.10.0.10 25. In the Local Area Connection Properties dialog box, click Close. 26. Close Network Connections. 27. Close Network and Sharing Center.

Exercise 2: Troubleshooting Disk Problems

Network users can now access the file shares on 6430A-NYC-SVR1-13, but they are complaining that access to the shares is slow. You have been asked to investigate and troubleshoot the problem. The main tasks for this exercise are as follows:
Create a data collector set to measure disk performance. Run a simple disk performance test. Compare performance test results with a previous baseline. Examine and repair the disk problem.

Task 1: Create a data collector set to measure disk performance 1. Click Start, point to Administrative Tools, and then click Reliability and Performance Monitor. 2. In Reliability and Performance Monitor, expand Data Collector Sets, right-click User Defined, point to New, and then click Data Collector Set. 3. In the Create new Data Collector Set Wizard, on the How would you like to create this new data collector set? page, in the Name box, type Performance Test and click Create manually (Advanced), and then click Next. 4. On the What type of data do you want to include? page, select the Performance counter check box, and then click Next. 5. On the Which performance counters would you like to log? page, click Add. 6. Under Available counters, expand Processor, select % Processor Time, under Instances of selected object, select _Total, and then click Add. 7. Under Available counters, expand LogicalDisk, select Disk Read Bytes/sec, under Instances of selected object, select _Total, and then click Add. 8. Under Available counters, expand LogicalDisk, select Disk Write Bytes/sec, under Instances of selected object, select _Total, click Add, and then click OK. 9. On the Which performance counters would you like to log? page, click Next. 10. On the Where would you like the data to be saved? page, click Next. 11. On the Create the data collector set? page, click Finish.

Task 2: Run a simple disk performance test In Reliability and Performance Monitor, right-click Performance Test, and then click Start. 2. Click Start, and then click Computer. 3. Double-click Allfiles (D:), double-click Labfiles, double-click Mod06, right-click SharePoint, and then click Copy. 4. In Windows Explorer, in the address bar, type C:\ and then press ENTER. 5. In Windows Explorer, on the Edit menu, click Paste. 6. In Windows Explorer, right-click SharePoint, and then click Copy. 7. In Windows Explorer, in the address bar, type D:\ and then press ENTER. 8. In Windows Explorer, on the Edit menu, click Paste. 9. Close Windows Explorer. 10. In Reliability and Performance Monitor, right-click Performance Test, and then click Stop. Task 3: Compare performance test results with a previous baseline 1. 2. 3. 4. 5. In Reliability and Performance Monitor, right-click Performance Test, and then click Latest Report. Record the Maximum value of the Disk Read Bytes/sec counter. In Reliability and Performance Monitor, under User Defined, right-click Baseline, and then click Latest Report. Record the Maximum value of the Disk Read Bytes/sec counter. This should be much higher than the value for the Performance Test data collector set. Close Reliability and Performance Monitor. 1.

Task 4: Examine and repair the disk problem 1. 2. 3. 4. 5. 6. Click Start, point to Administrative Tools, and then click Computer Management. In Computer Management, click Disk Management. In the Initialize Disk dialog box, click Cancel. Next to Disk 1, right-click Allfiles (D:), and then click Repair Volume. In the Repair RAID-5 Volume dialog box, click OK. In the Disk Management dialog box, click Yes.

Note: It may take some time for this process to complete. 7. Close Disk Management.

Exercise 3: Planning for Future Capacity Requirements

The following table lists the current disk space and anticipated future requirements for users. You have identified that your file servers' available disk space will last only six months and you must plan for additional capacity.
Number of users Expansion plans

User group

Current space

User group Marketing IT Sales HR Finance

Number of users 2,000 500 5,000 1,000 3,000

Current space 20 TB 50 TB 50 TB 10 TB 300 TB

Expansion plans 4,000 users 600 users 7,000 users 1,100 users 5,000 users

Server name NYC-FS01 CHI-FS01 LON-FS01 LON-FS02

Current disk capacity 150 GB 150 GB 150 GB 150 GB

Future requirements ? ? ? ?

You should consider reviewing disk space usage and using new storage area network (SAN) storage investments in London, New York, and Chicago as part of this exercise. The main task for this exercise is to create a plan for future file server capacity.
Task: Create a plan for future file server capacity 1. Determine the steps that you will take to resolve the current capacity problems.

You should review the space that is required for each user and ask the following questions: Does each user require the amount of disk space that is currently allocated? Have users archived older files? Have you considered a technical solution to archive older files to remote storage? Are there duplicate files in user storage areas? What type of files are users storing? Are stored files for business or personal use? Is there an opportunity to implement a central storage solution such as a SAN?

2. Compose a report to the SAN management team requesting disk space. You must put forward a business case for the requirement and you may want to consider quota limits for users, as the following table shows.

New User group Marketing IT Sales HR Finance Number of Current users space 2,000 500 5,000 1,000 3,000 20 TB 50 TB 50 TB 10 TB 300 TB Expansion plans 4,000 users 600 users 7,000 users 1,100 users 5,000 users space 40 TB 60 TB 70 TB 11 TB 500 TB

Server name NYC-FS01 CHI-FS01 LON-FS01 LON-FS02

Current disk capacity 150 GB 150 GB 150 GB 150 GB

Future requirements SAN SAN SAN SAN

3. Compose your solution in a word processor as a report to the SAN management team. Lab Shutdown 1. On the host computer, click Start, point to All Programs, point to Microsoft Virtual Server, and then click Virtual Server Administration Website. 2. Under Navigation, click Master Status. For each virtual machine that is running, click the virtual machine name, and, in the shortcut menu, click Turn off Virtual Machine and Discard Undo Disks. Click OK.

Exercise 4: Review Troubleshooting Plans

The main task for this exercise is to share your answers with others in the class and to identify areas for consideration that you have not included in your answers to Exercises 13.
Results: After this exercise, you should have shared your solutions with the rest of the class. Lab Shutdown

For each virtual machine that is running, click the Close button. In the Close dialog box, click Turn off machine and discard changes, and then click OK.

Module 14

Exercise 1: Resolving Driver Update Issues

In this exercise, you will identify a problem and then resolve a driver issue that is associated with the problem. You will need to start the virtual machine 6430A-NYCSVR1-14. The main task for this exercise is to identify a problem by troubleshooting log file entries.
Task: Identify a problem by troubleshooting log file entries 1. 2. 3. 4. 5. 6. 7. 8. Log on to 6430A-NYC-SVR1-14 by using the following information: o Username: WoodgroveBank\Administrator o Password: Pa$$w0rd Click Start, point to Administrative Tools, and then click Event Viewer. In the User Account Control dialog box, click Continue. In Event Viewer, expand Windows Logs, and then click System. Right-click System, and then click Filter Current Log. In the Filter Current Log dialog box, select the Critical and Error check boxes, and then click OK. In Event Viewer, double-click the Error event that has event ID 100. In the Event Properties dialog box, examine the reason for the error, and then click Close.

Actions for technical specialists to take:

1. Click Start, right-click Computer, and then click Properties. 2. In System, under Tasks, click Device Manager. 3. In the User Account Control dialog box, click Continue. 4. In Device Manager, expand Floppy drive controllers, right-click Standard floppy disk controller, and then click Scan for hardware changes. 5. Right-click Standard floppy disk controller, and then click Properties. 6. In the Standard floppy disk controller Properties dialog box, on the Driver tab, ensure that the Driver Version displays 6.0.6001.18000, and then click OK. 7. Close Device Manager. 8. Close System. 9. In Event Viewer, review the other filtered events and identify any that you feel are cause for concern. You should create a document that contains the steps that you feel are appropriate for each event. 10. Close Event Viewer.

Exercise 2: Rolling Back an Update

In this exercise, you will create a procedure that details how your technical specialists should roll back an unsuccessfully applied update. Furthermore, you will perform a rollback of an update.

The main tasks for this exercise are:

Plan to roll back an update. Perform a rollback of an update.

Task 1: Plan to roll back an update Create a document for a technical specialist to follow to enable them to manually roll back an update for servers in the organization. Your document should contain the following: Tools to use

Tools could include Windows Update History, Device Manager, and Event Viewer. Steps to take before rolling back an update Steps to roll back an update Steps to check for success after rolling back an update

Task 2: Perform a rollback of an update 1. Click Start, and then click Control Panel. 2. Double-click Programs and Features, and then click View installed updates. 3. Click Security Update for Excel 2007, and then click Uninstall. 4. In the User Account Control dialog box, click Continue. 5. Close Installed Updates.

Exercise 3: Creating a Plan to Resolve Version Incompatibilities

Scenario

In this exercise, you will identify the steps to take to resolve a problem with an application that was discovered after you upgraded a server to the Windows Server 2008 operating system. The main tasks for this exercise are:
Identify the cause of the problem. Provide a short-term fix to the problem.

Task 1: Identify the cause of the problem

Before you upgraded to Windows Server 2008, you undertook significant planning that involved all departments across the business. After you upgraded a server in the Marketing department, several users have reported that an application that generates advertising revenue from the corporate Web site no longer bills customers for advertisements. You must investigate the application to determine why it no longer works. You are busy in meetings all day and must assign another person to the task.

List the steps that a technical specialist should take to identify why the application no longer functions as required. You should consider the following: o Logs that the technical specialist should investigate

Logs to review include Event Viewer and application-specific logs. o Research that the technical specialist should undertake

Research could include application vendor Web sites, newsgroups, Internet search engines, and the Microsoft application compatibility Web site. Task 2: Provide a short-term fix to the problem You finally finish meetings at the end of the day. The technical specialist informs you that she has contacted the supplier of the software who will provide a fix within 30 days, as stated in the support contract. You need the advertising application to continue to generate revenue for the business. Create a list of the steps that you will take to bring the application back online within 24 hours to meet your service-level agreements (SLAs).

Answers could include restoring the server from backup or using a virtual server as an interim solution.

Exercise 4: Reconfiguring Software Settings

You have indentified that an antivirus program has stopped updating your servers with the latest antivirus database file. You must determine what has caused the problem and what steps you should take to provide a fix or workaround. The main tasks for this exercise are:
Identify the problem. Outline the tasks to perform to resolve the issue.

Task 1: Identify the problem

The following table lists the changes that you have recently applied to your network.
Change number 01428 01429 01430 01431 Servers All All File Servers All Description Group policy change Firewall rule change NTFS permissions change Operating system update

1. Identify how the changes above could affect antivirus updates. 2. Identify the changes that are most likely to prevent antivirus updates from occurring. Record your answers in a suitable format. You may find it helpful to use a spreadsheet or word processor. Answers could include: Group Policy change may have disabled the antivirus application. Firewall rule change may have disabled the antivirus update mechanism. NTFS file system (NTFS) permission change may prevent the antivirus application from updating the necessary folders. The operating system update may have disabled the antivirus software.

Task 2: Outline the tasks to perform to resolve the issue Based on your answers to the likely cause of the problem, you should outline the tasks that a technical specialist should perform to resolve the issue.

Answers are dependent on previous answers. Lab Shutdown 1. On the host computer, click Start, point to All Programs, point to Microsoft Virtual Server, and then click Virtual Server Administration Website. 2. Under Navigation, click Master Status. For each virtual machine that is running, click the virtual machine name, and, in the shortcut menu, click Turn off Virtual Machine and Discard Undo Disks. Click OK.

Module 15

Exercise 1: Resolving Server Connectivity Problems

The network consists of a mail server, a database server, an application server, a DNS server, a domain controller, a Web server, and a Dynamic Host Configuration Protocol (DHCP) server, all of which are running Windows Server 2008, and a mixture of client computers that are running the Windows XP and Windows Vista operating systems. All of the servers have at least one mission-critical function. All servers are performing optimally, except the mail server and the application server. There is no mail functionality for any client computer. One application on the application server is not performing correctly. The main tasks for this exercise are as follows:
Identify the scope and location of the server connectivity problem. Create a step-by-step checklist for server administrators to follow to resolve the issue.

Task 1: Identify the scope and location of the server connectivity problem Identify which servers have a connectivity problem and the extent of the problem on each server.

A suggested solution is as follows: The server connectivity problem applies to the mail server and the application server. The application server is only partly affected.

Task 2: Create a step-by-step checklist for server administrators to follow to resolve the issue Create a list of questions for server administrators to follow to resolve the problem. For example: a. Does the application that is not performing correctly use mail functionality?

If it does, the problem is likely to be isolated at the mail server. b. Is the mail server functioning correctly when it is used locally without networking? If it is, it is likely to be a network problem. If it is not functioning correctly, it is likely to be a problem with the mail system.

c. Can you connect to the mail server by host name? d. Can you use the ping command to contact the IP address of the mail server? If you can use the ping command to contact the IP address of the server, but you cannot connect by host name, it might be a DNS problem. e. If the ping command is not successful, use tracert to connect to the mail server. Tracert detects where a network failure has occurred between the source and destination.

Exercise 2: Resolving Name Resolution Problems

The network consists of a mail server, a database server, an application server, a DNS server, a domain controller, a Web server, and a DHCP server, all of which are running Windows Server 2008, and a mixture of client computers that are running Windows XP and Windows Vista. All servers and client computers had connectivity issues. Following a restart, all servers and the client computers that are running Windows Vista are performing optimally. The client computers that are running Windows XP have connectivity issues. Connectivity issues only affect host name connections. Connections that use an IP address are working optimally. The main tasks for this exercise are as follows:
Identify the scope and location of the name resolution problem. Create a step-by-step checklist for server administrators to follow to resolve the issue. You will need to start the virtual machines: 6430A-NYC-DC1-15 6430A-NYC-WEB-15 6430A-NYC-XP1-15 Resolve the name resolution problem.

Task 1: Identify the scope and location of the name resolution problem Identify which computers have connectivity issues and the extent of the problem on each computer.

A suggested solution is as follows: The connectivity problem applies to the client computers that are running Windows XP.

The client computers that are running Windows XP can connect by IP address, but they cannot connect by host name.

Task 2: Create a step-by-step checklist for server administrators to follow to resolve the issue Create a list of questions for server administrators to follow to resolve the problem. For example: Use ipconfig /all to retrieve information about the DNS server in use. Use ipconfig /registerdns to renew the DNS client registration. Use ipconfig /flushdns to flush the contents of the client resolver cache.

a. b. c.

Task 3: Resolve the name resolution problem Check the DNS server because the computers that are running Windows Server 2008 and Windows Vista may be resolving host names with Linklocal Multicast Name Resolution (LLMNR). Log on to 6430A-NYC-XP1-15 by using the following information: o Username: WoodgroveBank\Administrator o Password: Pa$$w0rd Click Start, and then click Internet. In the Address bar, type http://NYC-WEB.WoodgroveBank.com

a. b. c.

Confirm that you cannot access the Web site. d. e. f. Click Start, and then click Run. In the Run dialog box, in the Open box, type cmd and then click OK. At the command prompt, type ipconfig/all and then press ENTER.

Confirm that the address of the DNS server is 10.10.0.10. This is the address of the NYC-DC1 server. g. At the command prompt, type ipconfig/registerdns and then press ENTER. h. At the command prompt, type ipconfig/flushdns and then press ENTER. i. Switch back to the Microsoft Internet Explorer Internet browser, and then click Refresh.

Confirm that the site remains inaccessible. Log on to 6430A-NYC-DC1-15 by using the following information: o Username: WoodgroveBank\Administrator Password: Pa$$w0rd o k. Click Start, point to Administrative Tools, and then click Services. l. In the Services window, in the right pane, double-click DNS Server. m. In the DNS Server Properties (Local Computer) dialog box, in the Startup type list, click Automatic. Click Start, and then click OK. j.

n. o.

Switch back to the NYC-XP1-15 virtual machine. In Internet Explorer, click Refresh.

Confirm that the Web site is accessible.

Exercise 3: Resolving Slow Server Response Times

The application server has slow server response times. All other servers are performing optimally A new application was installed two days ago. The change control log lists that maintenance activity occurred the previous day. The main tasks for this exercise are as follows:
Identify the scope and location of the slow server response times. Create a step-by-step checklist for server administrators to follow to resolve the issue.

Task 1: Identify the scope and location of the slow server response times Identify which computers have slow server response times and the extent of the problem on each computer.

A suggested solution is as follows: The slow server response times affect the application server. Some of the applications are mission-critical, and this issue must be resolved as soon as possible.

Task 2: Create a step-by-step checklist for server administrators to follow to resolve the issue Create a list of questions for server administrators to follow to resolve the problem.

A suggested solution is as follows: a. b. c. d. e. Use ipconfig /all to verify the IP settings, including the subnet mask and default gateway. Use the Network Connection tool in Control Panel to examine the properties of the network interface card (NIC). Review the ticket history of the problem to check whether it coincides with the application installation or the maintenance activity. Test whether the problem occurs only during use of a particular application or if it is a more general network problem: Use Performance Monitor to isolate the problem on the server.

f.

If the results from Performance Monitor are not conclusive, and if applications are not mission-critical, shut down applications one by one to test whether they affect server response times.

Lab Shutdown 1. On the host computer, click Start, point to All Programs, point to Microsoft Virtual Server, and then click Virtual Server Administration Website. 2. Under Navigation, click Master Status. For each virtual machine that is running, click the virtual machine name, and, in the shortcut menu, click Turn off Virtual Machine and Discard Undo Disks. Click OK.