Sybex Book Flashcards
EAP-TTLS
Server 2012 exclusive security protocol using tunneling and mutual authentication
NIC teaming advantages
helps fail over and improved load balancing
RPC (Remote procedure Call)
legacy remote accsses protocol
what is WinRM replacing
RPC
command to force GPO update
gpupdate.exe or Invoke GPUupdate
BranchCache
optimizes branch bandwidth by caching data in branch servers
SMB (server message block)
file server service
File Server Resource Manager
manage data stored on file server
Dynamic Access Control File Classification Infrastructure
audit access to files on file server
executable to run server manager
compmgmtlauncher.exe
powershell to open network connections properties sheet
ncpa.cpl
command line set ip
netsh interface ip set address
command line to set dns
netsh interface ip set dns
command line rename computer
netdom /renamecomputer
command line join computer
netdom join
command line reboot flag
/REBooT
RDP port number
TCP3389
The more secure Remote Desktop option
Allow connections with Network authentication
what is a role
generic function like DNS server or web server
what is a feature
specific piece of software for functionality
load Powershell Server Manager modules
import-module Servermanager
Powershell to see installed roles and features
Get-WindowsFeature -Name
Powershell install a role or feature
Install-WindowsFeature -Name Web-Server
Powershell what if simulator
Add-WindowsFeature Name - whatif
Poweshell check if you can run scripts on server
get-exceptionpolicy
Powershell allow for scripts to be run on server
set-exceptionpolicy unrestricted
sever configurations are saved in what format
xml script
PowerShell remove a role
Remove-WindowsFeature
Windows IIS?
Internet Information Services
Active Directory Recycling Bin
ability to recover specific deleted objects
steps for rapid AD clone deployment
1) create copy of existing virtual domain controller
2) authorize cloning and use PS for configuration
Active directory certification Services (ADCS)
security public key technology
PS install ADCS roles
Install-AdcsCertofocationAuthority
ADRMS(rights management services)
maintains AD authentication, encryption, and certificates
Unattented Installation via ADK ( assessment and deployment kit
Window installations without having to click through menus
Unattented installation answer file
xml script used for unattested installations
PS enable scripts
Set-ExecutionPolicy AllSigned
PS change password
net user administrator * or Set-ADAccountPassword
PS display file shares
net view \bf1
PS access a shared volume
net use Z: \bf1
PS delete a mapped drive
net use Z: /del
PS get drive info
get-psdrive
PS map new drive
New-PSDrive
PS read text file with notepad
notepad documents\lol.txt
script by Server Core team to perform common registry tasks
SCRegedit
/cli
list common tasks on Server Core
PS run VB script through an interpreter
cscript scregedit.wsf /cli
PS Restart computer
Restart-Computer
VB script that provides product key information
slmgr.vbs
PS open Time and Date panel
control timedate.cpl
verify time and date change
w32tm /tz
get network configuration
PS get-ipconfiguration or CP ipconfig
PS change ip config
New-NetIPAddress
PS add computer to the domain
Add-Computer
PS find computer name
hostname
PS rename a computer
Rename-Computer
PS change how auto updates behave
SCONFIG
The 3 Server customization steps
1) Add roles and features
2) Enable Remote Desktop
3) Configure Windows Firewall
PS list roles and features
Get-WindowsFeature
PS install DHCP server role
Add-WindowsFeature DHCP
PS allows us to enable remote desktop
Sconfig
PS enable protocols associated to Remote Admin group
netsh advfirewall firewall set rule group=”Remote Administration” new enable=yes
PS firewall config template
netsh advfirewall firewall set rule
PS administer fire wall from MMC Microsoft management Console
netsh advfirewall set currentprofile settings remotemanagement enable
PS add a port
netsh advfirewall firewall add rule name=”Open SQL Server Port 1433” dir=in
action=allow protocol=TCP localport=1433
CP register credentials
cmdkey /add:bfsc1 /user:Administrator /pass:P@ssw0rd
Windows Remote Shell
allows commands to be sent to a server
Simple Object Access Protocol (SOAP)
XML-formatted text to send the command to the server, output reply as HTML
winrm
quickconfig
test drive Windows Remote Shell
HTTPS
(SSL) communication
server-based certifi cate to authenticate the server and
encrypt the connection.
CP/PS view certificates
rem using certuil and
certutil -viewstore my
dir
alias for get-items
FL
formats the output of
the dir command into a line-delimited list
listener
tells the Windows Remote Shell service which port and IP address to listen to
and respond to client requests
view listener config
winrm get winrm/config -format:pretty
and
indicate the port settings
PS adding rule to firewall
netsh advfirewall firewall>add rule ?
winrs.exe
Windows Remote Shell
checks the prerequisites for the domain
controller installation
Test-ADDSDomainControllerInstallation
install the domain controller
Install-ADDSDomainController
authorizing DNS server service
netsh> dhcp
netsh dhcp>add server bfsc1.bigfirm.com 192.168.1.11
list servers in directory serves
netsh dhcp>show server
what is scope?
consecutive range of possible IP addresses that the DHCP server can lease to clients on a subnet
add a dhcp server scope
netsh dhcp>server
netsh dhcp server>add scope 192.168.1.0 255.255.255.0 “Branch Office 1”
“Sample DHCP scope”
display dhcp scope
netsh dhcp server>show scope
DiskPart
manages all the functionality of
the Disk Management Console in a command-line format
PS list physical disks
DISKPART> list disk
PS list volumes
DISKPART> list volume
PS create primary partition
DISKPART> help create partition primary
PS assign letter to partition
DISKPART> assign letter=e
PS format a volume
DISKPART> format fs=ntfs label=”Data volume” quick
PS retrieve folder permissions
Get-Acl
PS sharing a folder
E:>net share SALES=e:\sales /grant:bigfirm\sales,FULL /Unlimited
PS add printer
PS C:> Add-Printer -Name “Sales Printer” -DriverName “HP 5150”
PS C:> Add-Printer -ConnectionName \bfsc1\192.168.1.253\
get a printer’s configuration
PS C:> Get-PrintConfiguration –PrinterName “ HP 5150”
SRV records (service record)
found in DNS and publishes the existence of services within a network
By default, Volume Activation 3.0 clients (Windows 8 and Windows Server 2012) attempt to
connect to the KMS automatically using the _____.
SRV records
PS install back up server role
PS c:\Users\Administrator>Install-WindowsFeature Windows-Server-Backup
PS create windows back up policy
PS c:\Users\Administrator> New-WBPolicy
ISATAPtunnelling
allows for IPv6 hosts on a IPv4 network
6to4 tunnelling
delivers address assignments and auto tunneling technology
teredo tunneling
allows for address assignments even behind a NAT. Last resort tech for IPv4/IPv6 connectivity
PS version of ping
Test-NetConnection
Static teaming
requires switch to be aware of the NIC team members. All connected to same switch
switch independent teaming
NIC team members dont have to connect to the same switch. Logic handled by Windows server
LACP(Link Aggregation Control Protocol)
removes admin overhead by auto combining NICs into logical unit any time a switch is configured
Address hash
Load balance mode that hashes destination metrics
Hyper V port
virtual Load balancing mode
Dynamic
newest Load balancing mode that breaks up traffic into “flowlets”
Virtual and Physical NIC teaming limitation
Physical- 32 NIC Limit
Virtual- 2 NIC limit
can you team NICs with different speeds
NAH
PS NIC teaming
New-NewLbfoTeam Team1 NIC1,NIC2
Data Center Bridging (DCB)
provides guaranteed bandwidth to different types of network traffic on a converged network. requires hardware support
DSCP value (differentiated Service Code Point value)
Policy based QoS point system of prioritization using different metrics
Distributed Cahe Mode
no branch server, data cached by separate client computers
Hosted cache mode
server at branch office
Receive segment Coalescing
Server network stress management tools , combines small packet to big one for increased performance
Registered I/O
pins application memory to reduce CPU cycle cost
Receive side scaling
distribute and receive network traffic across multiple processors
perfmon.exe
network performance monitor tool
IPAM(IP address management)
set of tools that enable end to end management of ip address infrastructure
ADS( Address Space Management)
IPAM feature that allows for centralized reporting of ip address infrastructure
DHCP failover
new High Availability method for maintain DHCP services
Namespace
name of the domain/computers last name
FQDN
host name appended to the domain’s namespace
HOSTS File
text file that statically maps host names to IP addresses
Name server
DNS server that that resolves FQDN to IPs. Also control namespaces
recursion
server directed process to resolve FQDN
standard primary zone
text file in which server maintains name space records (DNS). Can be replicated
standard secondary zone
read only copy of the primary zone or AD integrated zone
AD Integrated Zones/third zone
DNS records stored in AD rather than text file. Zones are also replicated to all other domain controllers
PS custom app partitions
Add-DNSServerDirectoryPartition
stub zone
used to integrate with other DNS servers. Only indicates what server support name resolution for the namspace
foreward lookup
client provides DQDN and the DNS server returns an IP
reverse lookup
client provides IP and DNS returns its FQDN. For security purposes
Dynamic DNS
allows DNS clients to auto register their host names in an assigned namespace
Host (A) and pointer record (PTR)
most common records in forward/reverse lookup zones
A- host name/ IP
PTR- IP/FQDN
CNAME
secondary name assigned to computers FQDN
Mail exchanger record (MX)
for SMTP server communication
Start of Authority(SOA) record
has info about what DNS server control the zone and has parameters on how to treat resolved records
Name Server Record
records list of servers that can respond to queries in the zone
WINS?
Windows Internet Name Service-WINS is to NetBIOS names what DNS is to domain names — a central mapping of host names to network addresses
Background Zone Loading
While the DNS service is starting, it will start responding to zones it has loaded. useful for large number of zones
DNSSEC
allow a DNS server to digitally sign the resource records for security
trust anchors
public certification of DNSSEC
nslookup
go to name resolution test
dcdiag
dns structure health check
Domain
A domain is a collection of objects that share the same database
Workgroup
A workgroup is basically one or more computers on a Windows network (LAN)
that are not joined to a domain
Site
Sites represent the physical structure or topology of your network
Objects
everything within Active Directory is an object
Schema
contains formal definitions of every object class that can be created in an Active Directory forest
Group Policy
needed to configure settings for
users and computers
Organizational Units
a container that
contains similar objects
Forest
A forest is a single instance of Active Directory
Global Catalog
contains information about each object in every domain in
a multidomain Active Directory forest
Trees
a collection of domains within a Microsoft Active Directory network.