Lesson Ten: DHCP

This lesson covered the basic information about how the Dynamic Host Configuration Protocol (DHCP) addressing works in the networking environment.  It first went over the theory of how DHCP operates, and covered the authorization requirements and configuration information to successfully implement DHCP in an Active Directory environment.

System administrators can manage IP addressing needs by first defining the addressing scope, and then using reservations to guarantee the same address being handed out to a system and exclusions to prevent systems from being given a dynamic IP address.  These are necessary to streamline client system administration.

A neat feature is that of the split scope.  In this scenario, two DHCP servers on different network segments can each take a portion of the other server’s reserved address pool and hand those addresses out in case of one of the DHCP servers crashing.  Without this failover response, there would be no fault tolerance and the network would be unable to function.

This was the final lesson in this class – chock full of informative and interesting information on how to configure and maintain Windows server systems.

Lesson Nine: Networking

This week's lesson contain information on networking protocols and methods and covered IP v4 as well as IP v6.  Although I've been using IP networking since the early 1990's, it was a great refresher, and I ever learned a few new things.

The instructor did a comprehensive job of explaining IP4 networking concepts including netowrk addresses, subnet masks, the default gateway and address classes such as public and private address assignments.

One thing that I learned a lot from was the two ways of expressing subnet masks.  Since I am rather weak on this theory, I valued the lesson.  I especially appreciated the process of "anding", which is a method to analyze the network address of a classless IP address.   I already knew how to do this, but to have it explained in the manner that was used was interesting and most informative.

We also learned about IP v4 "supernetting", which is a way to join network segments together so that large numbers of devices can be on the same local network.  It's not commonly used and is no longer needed with the larger address pool of 128 bit IP v6 addresses, but was interesting nonetheless.

Other material covered included modern VPN protocols and the strengths and weaknesses of each. One thing is clear:  data has never been more secure while in transit than it is using modern methods available with the Windows 8 and Server 2102 implementation.

Lesson Eight: Group Policy

This week's lesson focused on Group Policy.  This is a useful and versatile tools that works in Windows Server 2008R2 and Server 2012 to help configure workstations.

You can do many things with Group Policy; some common ones include setting and managing passwords, assigning user rights and permissions within a domain as well as working with restricting access to objects that you might not want the user to access.

Another feature that is very useful is the way that Group Policy works with Windows Firewall. Although you can use the Advanced Firewall by itself, you can also call it from a Group Policy object.

Another useful feature is how Group Policy lets an network administrator apply application restrictions in various ways.  You can even set a hash restriction, which allows an application to be blocked even if it is renamed.

One problem is that the Group Policy Editor running on the server software listed above only works with Windows 7 and Windows 8 clients; machines running Vista or Windows XP are not supported. There is a workaround in that you can download Client Side Extensions from Microsoft to use Group Policies with older clients.

A extremely valuable lesson that will help the modern network administator out immensely!

Lesson Seven: Print and Document Services

This lesson looked at how to manage print resources on a network.  This could include dedicated print servers as well as physical printers connected to client machines.

They talked about how to install and configure printer driver, and how to control access to those printers in various ways.  Printer pooling makes it possible for users to send jobs to one print spooler, and then for that job to be sent to a printer based on availability, capacity or other considerations.

It’s also possible to limit access to users or groups based on their needs or lack of them.  One neat feature is that you can set up two identical printers that print to the same physical unit, but to use the different defined printers to allow or deny access as needed.

Looking for more interesting and useful information in the next lesson.

Lesson Six: File and Share Access

In this lesson, we looked in detail at NTFS file and folder permissions.  These work in close coordination with group access control lists to grant or deny access to system resources including data as well as physical resources such as printers or other items available on a network.

We were shown how to craft file system permissions to allow or deny access to files and folders, as well as how to enable quota management.  This allows sysadmins to control user’s usage of file storage so as to not allow a user to use more than their share of system resources.

You can also use NTFS permissions to control access to system file shares, however it is a best practice to allow everyone to have share access and then lock down permissions on the file system itself.

This module also discussed Access Based Enumeration, and Volume Shadow Copies, which are methods to control access to files and folders and to backup and restore information on the file tree.

Lots of good stuff here, looking forward to more!

Lesson Five: Domain Name System (DNS)

This week’s lesson focused on the Domain Name System (DNS).  It was a very useful primer on how DNS works and how to configure Windows Server 2008 and Server 2012 as DNS servers.  I was very interested by the information on name resolution and Internet root servers in particular.  We were shown how to forward DNS requests to other machines that might be authoritative, and how to handle name resolution within a private intranet.

We then learned about DNS zone management, including primary, secondary and stub zones and the advantages and disadvantages of each.  If you are able to run a DNS sever as a domain controller, they you can designate the zone as an Active Directory Integrated zones.  This allows zone transfers to be made with encrypted data.  Next, we covered how to create reverse lookup zones and then the types of records that can be added for different purposes.  Very useful information when trying to keep untrusted people and machines away from your data.

The lesson closed with information on DNS troubleshooting, including the relevant commands as well as best practices.  This module has given me a more comprehensive view of the purposes and functions of the DNS system as implemented in Windows Server operating systems.

Lesson Four: Active Directory

This week’s lesson in the Windows Server Pro certification curriculum focused on Active Directory. This agent allows organizational resources to be effectively deployed and managed.  This is accomplished by the use of a server call the Domain Controller.  These machines use Organizational Units (OU) to hold resources of users and hardware to accomplish the organization’s mission while making sure that corporate security and access needs are met.

An OU is a generic container that can hold users or groups of users as well as computers or other resources. It is the smallest unit that can be assigned Group Policy settings or that can be delegated administrative authority.  OU's should reflect a domain structure that closely reflects the design of the organization.     

This was an useful lesson, looking forward to more!