Lesson Ten: DHCP

This lesson covered the basic information about how the Dynamic Host Configuration Protocol (DHCP) addressing works in the networking environment.  It first went over the theory of how DHCP operates, and covered the authorization requirements and configuration information to successfully implement DHCP in an Active Directory environment.

System administrators can manage IP addressing needs by first defining the addressing scope, and then using reservations to guarantee the same address being handed out to a system and exclusions to prevent systems from being given a dynamic IP address.  These are necessary to streamline client system administration.

A neat feature is that of the split scope.  In this scenario, two DHCP servers on different network segments can each take a portion of the other server’s reserved address pool and hand those addresses out in case of one of the DHCP servers crashing.  Without this failover response, there would be no fault tolerance and the network would be unable to function.

This was the final lesson in this class – chock full of informative and interesting information on how to configure and maintain Windows server systems.

Lesson Nine: Networking

This week's lesson contain information on networking protocols and methods and covered IP v4 as well as IP v6.  Although I've been using IP networking since the early 1990's, it was a great refresher, and I ever learned a few new things.

The instructor did a comprehensive job of explaining IP4 networking concepts including netowrk addresses, subnet masks, the default gateway and address classes such as public and private address assignments.

One thing that I learned a lot from was the two ways of expressing subnet masks.  Since I am rather weak on this theory, I valued the lesson.  I especially appreciated the process of "anding", which is a method to analyze the network address of a classless IP address.   I already knew how to do this, but to have it explained in the manner that was used was interesting and most informative.

We also learned about IP v4 "supernetting", which is a way to join network segments together so that large numbers of devices can be on the same local network.  It's not commonly used and is no longer needed with the larger address pool of 128 bit IP v6 addresses, but was interesting nonetheless.

Other material covered included modern VPN protocols and the strengths and weaknesses of each. One thing is clear:  data has never been more secure while in transit than it is using modern methods available with the Windows 8 and Server 2102 implementation.

Lesson Eight: Group Policy

This week's lesson focused on Group Policy.  This is a useful and versatile tools that works in Windows Server 2008R2 and Server 2012 to help configure workstations.

You can do many things with Group Policy; some common ones include setting and managing passwords, assigning user rights and permissions within a domain as well as working with restricting access to objects that you might not want the user to access.

Another feature that is very useful is the way that Group Policy works with Windows Firewall. Although you can use the Advanced Firewall by itself, you can also call it from a Group Policy object.

Another useful feature is how Group Policy lets an network administrator apply application restrictions in various ways.  You can even set a hash restriction, which allows an application to be blocked even if it is renamed.

One problem is that the Group Policy Editor running on the server software listed above only works with Windows 7 and Windows 8 clients; machines running Vista or Windows XP are not supported. There is a workaround in that you can download Client Side Extensions from Microsoft to use Group Policies with older clients.

A extremely valuable lesson that will help the modern network administator out immensely!

Lesson Seven: Print and Document Services

This lesson looked at how to manage print resources on a network.  This could include dedicated print servers as well as physical printers connected to client machines.

They talked about how to install and configure printer driver, and how to control access to those printers in various ways.  Printer pooling makes it possible for users to send jobs to one print spooler, and then for that job to be sent to a printer based on availability, capacity or other considerations.

It’s also possible to limit access to users or groups based on their needs or lack of them.  One neat feature is that you can set up two identical printers that print to the same physical unit, but to use the different defined printers to allow or deny access as needed.

Looking for more interesting and useful information in the next lesson.

Lesson Six: File and Share Access

In this lesson, we looked in detail at NTFS file and folder permissions.  These work in close coordination with group access control lists to grant or deny access to system resources including data as well as physical resources such as printers or other items available on a network.

We were shown how to craft file system permissions to allow or deny access to files and folders, as well as how to enable quota management.  This allows sysadmins to control user’s usage of file storage so as to not allow a user to use more than their share of system resources.

You can also use NTFS permissions to control access to system file shares, however it is a best practice to allow everyone to have share access and then lock down permissions on the file system itself.

This module also discussed Access Based Enumeration, and Volume Shadow Copies, which are methods to control access to files and folders and to backup and restore information on the file tree.

Lots of good stuff here, looking forward to more!

Lesson Five: Domain Name System (DNS)

This week’s lesson focused on the Domain Name System (DNS).  It was a very useful primer on how DNS works and how to configure Windows Server 2008 and Server 2012 as DNS servers.  I was very interested by the information on name resolution and Internet root servers in particular.  We were shown how to forward DNS requests to other machines that might be authoritative, and how to handle name resolution within a private intranet.

We then learned about DNS zone management, including primary, secondary and stub zones and the advantages and disadvantages of each.  If you are able to run a DNS sever as a domain controller, they you can designate the zone as an Active Directory Integrated zones.  This allows zone transfers to be made with encrypted data.  Next, we covered how to create reverse lookup zones and then the types of records that can be added for different purposes.  Very useful information when trying to keep untrusted people and machines away from your data.

The lesson closed with information on DNS troubleshooting, including the relevant commands as well as best practices.  This module has given me a more comprehensive view of the purposes and functions of the DNS system as implemented in Windows Server operating systems.

Lesson Four: Active Directory

This week’s lesson in the Windows Server Pro certification curriculum focused on Active Directory. This agent allows organizational resources to be effectively deployed and managed.  This is accomplished by the use of a server call the Domain Controller.  These machines use Organizational Units (OU) to hold resources of users and hardware to accomplish the organization’s mission while making sure that corporate security and access needs are met.

An OU is a generic container that can hold users or groups of users as well as computers or other resources. It is the smallest unit that can be assigned Group Policy settings or that can be delegated administrative authority.  OU's should reflect a domain structure that closely reflects the design of the organization.     

This was an useful lesson, looking forward to more!

Lesson Three: Hyper-V

This week we focused on using Windows Server’s ability to create and use virtual machine, which is known as Hyper-V.  In Hyper-V, Windows can simulate virtual machines, which can then be configured to do any task that can be accomplished by a physical server.  This server virtualization allows the virtual servers to extend access to the resources on a network.

By using virtual machines, Windows can stretch the physical limits of any available resources.  TO take an example, if you have a 10 GB physical hard disk, virtual machine 1 and virtual machine 2 can each see those 10 GB and call it their own, thereby making it seem like Windows has 20 GB of disk storage available.  It is a good strategy to extend processor cores, system memory and storage space among many competing priorities.

These lesson on server virtualization interested me greatly - I'm looking forward to much more to come!

Lesson Two: Hardware Management

This week we learned about the installation of Windows Server 2012.  It was a pretty wide-ranging lesson, from how, when and why to implement the three types of user interface from a full Windows experience with Internet Explorer included; a GUI of server management tools; or command line access only.

Control of a server using Windows Power Shell commands from a command line only obviates the need for a graphical interface using up precious clock cycles and closes potential server vulnerabilities by avoiding the use of a graphical interface.  This type of installation is knows as Server Core.

We also learned a lot about the modern tools available in the re-thought Windows Server 2012.  NIC teaming allows an administrator to gang each interface together to either aggregate performance or provide failover capabilities for each interface.

The training course also covered the usage of storage devices and how to connect and install them on the server.  While they went into great depth to cover the ability of the operating system to provide the traditional types of software RAID arrays of mirroring, striping and parity to provide different types of volumes.  These can be easily understood:

A simple volume is a single and contiguous block of space of a single hard drive.  There is no failover tolerance in this mode, i.e., any hard drive dying loses all data on it.

A spanned volume combines areas from two or more disks into one unit.  This has the advantages of combining scraps of space the might otherwise go unused, but like the simple volume provides no protection against hardware failure.

A striped volume breaks data into units and then stores those units across various disk drives that are available to the system.  This can be set up on two or more disks as long as the size of the partition on each disk is the same.  This provides an increase in performance but no fault toleration.  The acronym RAID 0 applies to this type of volume.

A striped volume with parity acts much like the striped volume above, but adds parity information to each drive used.  This has the benefit that data can be recovered by the combination of the existing data with the existing parity information surviving on the non-failed devices to recreate the dataset across all devices in the array.  This type of array is analogous to RAID 5.

The mirrored volume stores two copies of each file on two different disk drives.  This has the effect of halving storage capacity, but provides fault toleration in case of hardware failure.  This type of array is also known as RAID 1.

Having gone into some length about this, the instructor then dropped the bombshell that a sysadmin most likely would rarely if ever use this software RAID implementation to manage hard drives.  A new tool, Storage Pools, helps the system administrator to aggregate available storage devices or at the same time provide failover services.  This more closely mimics traditional hardware RAID services, but is more flexible and does not usually require the admin to configure each device separately.

Likewise, server aggregation or failover tolerance is provided by the tool Server Pool.  This allows the admin to pool servers in groups, and then administer the group as if they were working on an individual machine.  Server groups, or Pools, can then be tasked with server roles and features.

A tool that interested me extremely is Windows RM, or Remote Manager.  Windows RM allows an administrator to push commands in real time to another server (or any joined machine) on the workgroup or domain.  The advantage of this is that any command that can be given from the command line can be immediately sent to the remote system without requiring a reboot.

There are many more features that I am not able to cover in this brief synopsis such as virtual hard disks and Server 2012's ability to import and export disks and servers.

This week was an overwhelming but exhilarating introduction to Windows Server 2012.  I'm looking forward to next week's lesson!

Lesson One: Course Introduction

This week constituted an introductory lesson of working with the course materials at testout.com.  Their format of written documentation, videos and test labs followed by an exam for each module was already familiar to me. Since this week was a trial run with practice exams, the documents and videos consisted of introductory information about Windows Server 2012, and the practice exams were a mixture of information from the material given as well as questions based on things we did not yet know; an example of this is when we were asked which Server Manager toolbar button launches Active Directory Domain Services.

The documentation and videos were informative and interesting.  I'm looking forward to learning how to manage Windows Server 2012!

Week One: Introduction

My name is Richard Rowland, and I live in Crystal Lake with my wife and four dogs.  I've been working with computers since 1978, and with the Windows operating system since Windows 3.0 was released in 1990.  For the past 11 years, I've operated my own IT support business, catering to local small businesses and non-profit organizations and have configured many workstations.

I returned to school in 2013 and hope to graduate next spring with an AAS in Computer Science with a concentration in Network Security.  My hope to be able to find a position that helps protect end users from the kinds of data breach and theft that seems so common nowadays.

I am sure I will learn a lot more about Advanced Windows Workstation.  I'm looking forward to a great semester, and wish my classmates the best of luck!