Sunday, 4 September 2016

The final step in delegating administrative duties is identifying the toolsets available to your delegates. Microsoft has provided us with the following tools to help with administrative tasks:

Server Manager: Server Manager provides the ability to manage local or remote servers from a central location.
Windows PowerShell Web Access: As we have seen previously, PowerShell is a powerful command-line tool that has been available since Windows Server 2008. As an improvement to Server 2012 R2, PowerShell now has the ability to be executed over the Web through the use of a Windows PowerShell Web Access Gateway. This is available as an installable feature through Server Manager.

Windows PowerShell Desired State Configuration (DSC): PowerShell Desired State Configuration (DSC) is a PowerShell extension released with Windows Server 2012 R2 and Windows 8.1. We discuss DSC in more detail in the next section.
Microsoft Management Console (MMC): As with previous versions of Windows, the MMC is still a powerful tool used by administrators to manage local and remote servers. You can create custom read-only MMC consoles with specific snap-ins containing only those tools required for the specific delegate function.
Remote Server Administration Tools: Provides a set of tools to be used with client computers running Windows 8/8.1. It includes Server Manager, MMC snap-ins, PowerShell cmdlets, and additional command-line tools used to manage Windows Server 2012 R2 Core and Full installations. You can download Remote Server Administration tools from the Microsoft Download Center as a standalone installer.

One of the major benefits of Active Directory is that you can split up administrative tasks among various individuals using the AD DS Delegation of Control Wizard. You can assign different sets of administrative responsibility to different users, and these can include segments of the directory structure such as OUs or sites. The following are several benefits of delegating administrative control:

You can assign subsets of administrative tasks to users and groups.
You can assign responsibility of a limited portion of the domain, such as OUs or sites, to users or groups.
You can use a nested hierarchy of OUs for even more granular control over which users can perform certain administrative tasks.
You can enhance network security by placing more restrictive limits on the membership of powerful groups such as Domain Admins, Enterprise Admins, and Schema Admins.

When designing your AD DS forest structure, you should keep in mind the administrative requirements of each domain. Each domain has the capability to contain a different OU hierarchy. The forest administrators, who are members of the Enterprise Admins group, are automatically granted the ability to create an OU hierarchy in any domain within the entire forest. Domain administrators, who are members of the Domain Admins group in each separate domain, by default are granted the right to create an OU hierarchy within their own domain.
When you initially create your OU design, you should do so to enable administration. After that, you should create any additional OUs required for the application of Group Policy and management of computers. Delegation of Control and management of AD DS are discussed in more detail later.

Establishing Delegate Access

Once a delegation model has been selected, the next step is to decide how to delegate access. Depending on the server, installed roles, and applications installed, there are different ways to delegate access. In some cases, applications or roles include an interface where elevated access is granted. In most other situations, local built-in groups can be used to grant different access to different delegates depending on their function.
For example, suppose you have delegated backup duties to a small team of junior administrators. To grant or delegate the necessary permissions, you might decide to nest, rather than add, the junior admins’ domain accounts to the built-in local backup operators group on one or more servers. To help streamline this in larger organizations, you might consider additional layers of group nesting along with group policy to push down the elevated access to a group of servers. This method provides a more scalable solution as expanding delegate access is as simple as adding more junior admin accounts to a domain group. The domain group is then automatically added to the backup operators local group on the servers. Active Directory will be discussed in more detail later. Refer to Table 2-4 for a listing of built-in local groups and their functions.

Table 2-4 Built-in Local Groups

Group	Function
Access Control Assistance Operators	Remotely query permissions or authentication attributes for resources on the computer.
Administrators	Grants full access and control to the computer. Allows members to change and manage permissions and access to the computer.
Backup Operators	Ability to back up and restore files regardless of the permissions assigned to the folder or files. These users are unable to modify and manage permissions.
Certificate Services DCOM Access	Members are allowed to connect to Certificate Authorities.
Cryptographic Operators	Perform Cryptographic operations.
Distributed COM Users	Start, activate, and use DCOM objects.
Event Log Readers	Ability to read event logs on the computer.
Guests	Users are granted virtually no access to the system other than to use the Internet and basic applications. They are granted temporary profiles upon logon.
Hyper-V Administrators	Grants full control over Hyper-V.
IIS Users	Used by IIS Web Services.
Network Configuration Operators	Ability to make changes to TCP/IP Settings and release and renew IP addresses.
Performance Log Users	Manage and schedule performance counters logs and alerts on the computer.
Performance Monitor Users	Ability to monitor performance counters and read performance counter data.
Power Users	Typically used to provide elevated privileges for legacy applications.
Print Operators	Administer printers and print jobs on the server.
Remote Desktop Users	Members of this group are granted permission to log onto the computer remotely.
Replicator	Manages domain replication functions.
Users	Limited access to log on to the computer. Allows users to run applications, use local devices and peripherals but not make administrative changes.
WinRMRemoteWMIUsers	Ability to access WMI resources.

Preparing for a Delegation Model

Preparing for a delegation model requires some planning up front. Deciding how to manage your systems administration can be a frustrating task. The key to success is to define a model that best works for your situation, agree upon the long-term strategy, and discipline those involved to stick with the model. There are three basic strategies to select from when deciding how to manage your environment:

Decentralized: This is typically designed for small mom-and-pop shops or even home offices. In this model, administrators are present at each site and all share the same responsibilities and access to the servers. This model typically introduces challenges with scalability and standardizations.
Centralized: Typically found in medium to large organizations, the centralized model focuses on driving standards and consistent management from a central site or from a central group of administrators. Branch sites might employ desktop engineers who have been granted local admin rights to workstations but limited access to servers. In many cases, the centralized approach is what the decentralized model evolves into overtime.
Shared/Delegated: While a shared/delegated model can be used for an organization of any size, it is typically adopted by large/enterprise class organizations with a larger IT workforce. Containing characteristics of both decentralized and centralized models, the shared or delegated approach focuses on centralized policies and procedures governed by the enterprise admins. Enterprise admins “deputize” junior admins at each site to manage local servers and drive a consistent process among all sites. This approach is hierarchical in nature in that many layers of administration can be defined.
For example, the main office might contain the majority of the systems. These systems are managed by senior administrators or an enterprise admin group. Branch sites might contain locally significant servers such as file servers that are managed by site admins and/or the enterprise admin group. Desktop engineers might be delegated administrative access to all desktops but might escalate issues to site admins or even enterprise admins if necessary.

what is Delegation of Server Administration

Delegation of Server Administration

As an organization grows, administration of servers can become become quite overwhelming to manage. To help balance the workload and create a smooth support process, a delegation model should be implemented. Implementing a delegation model involves the following:

installing windows server 2012 r2step by step

Installing Windows Server 2012 R2

As already introduced in Chapter 1, “Introducing Windows Server 2012 R2,” you can install Windows Server 2012 R2 as either Server with a GUI, which presents a full graphical user interface, or Server Core, which presents only a command prompt window.

INSTALLATIONS
u can install Standard or Datacenter version of Windows Server 2012 R2 with a GUI or Windows Server 2012 R2 Server Core.

1. Installing a Windows Server Core Computer

2. Installing the Windows Server 2012 R2 Standard (Server with a GUI)

Converting Between Windows Server 2012 R2 Core and GUI

Converting Between Core and GUI

You can convert the full GUI version of Windows Server 2012 R2 to Server Core or vice versa at any time; further, you can interconvert the GUI version between any of the three options described in Chapter 1.
Use the following procedure to convert the full GUI server to Server Core:

From the Search charm, type powershell and select Windows PowerShell.

Type the following cmdlet:

Uninstall-WindowsFeature Server-Gui-Mgmt-Infra –Restart

A display on the PowerShell window tracks the removal process, which takes several minutes. A Configuring Windows features message then appears as the GUI is removed. After a few more minutes, the server restarts. When the logon screen appears, press Ctrl+Alt+Delete and log back on as an administrator.

Use the following procedure to convert a Server Core computer to run the full GUI:

From the administrative command prompt, type powershell.

Type the following command:

Get-WindowsImage -ImagePath <path to wim>\install.wim

This command returns the index number for the server with a GUI image. Then type the following command:

Install-WindowsFeature Server-Gui-Mgmt-Infra, Server-Gui-Shell –
Restart –Source wim:<path to wim>\install.wim:<Index #>

Wait as Windows configures features and restarts; then press Ctrl+Alt+Delete and log back on as an administrator.

If you are converting a server that was originally installed in GUI mode back to GUI from Server Core, the procedure is slightly simpler. Use the following PowerShell command in place of those given in steps 2 and 3:

Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell
–Restart

To install the complete desktop experience on your server (including access to Windows Store apps as in Windows 8 or Windows 8.1), use the following PowerShell command and then restart your computer. This mode adds a link to Windows Store on the Start screen, as shown in Figure 2-9:

Install-WindowsFeature Desktop-Experience

Figure 2-9 The complete desktop experience in Windows Server 2012 R2 enables you to add Windows Store apps.

Installing the minimal server interface on your server requires you to remove the Start screen shell. Use the following PowerShell command and then restart your computer. You receive a command prompt window and the Server Manager console as previously shown in Figure 2-8.

Uninstall-WindowsFeature Server-Gui-Shell

Upgrading a Windows Server 2008 Computer to Windows Server 2012 R2.

Upgrading a Windows Server 2008 Computer

You can upgrade a computer running Windows Server 2008 R2 with Service Pack 1 (SP1) or later to Windows Server 2012 R2, provided that the computer meets the hardware requirements for Windows Server 2012 R2. You cannot upgrade a Windows Server 2003 or older computer or a computer running any client version of Windows to Windows Server 2012 R2.
To upgrade to Windows Server 2012 R2, proceed as follows:

While logged on to Windows Server 2008 R2 as an administrator, insert the Windows Server 2012 R2 DVD-ROM.
When the Install Windows screen appears, click Install now.
Select your operating system, either the standard or Windows Core version of Windows Server 2012 R2; then click Next.
Accept the licensing terms and then click Next.
On the Which Type of Installation Do You Want? page, select Upgrade.
Windows checks compatibility of your hardware and software and displays a compatibility report that informs you of any potential upgrade problems. Review this report and make any changes you feel are required. When you are ready to proceed, click Next.
Take a lunch break while the upgrade proceeds. This will take 60 minutes or longer, depending on your hardware configuration or use of virtual computing software. The server will reboot three or four times.
After the final reboot, log on using the password previously used in Windows Server 2008 R2. Windows prepares your desktop and displays the Server Manager tool as previously shown in Figure 2-8.

Installing the Windows Server 2012 R2 Standard (Server with a GUI)

Installing the Full GUI Server

Although Microsoft markets Server Core as being the default Windows Server 2012 R2 installation, the full GUI version still represents the most easily managed version of the server. The procedure for installing the full GUI server is the same whether you’re installing directly from a DVD-ROM or a network share, except that you must have some type of network client installed on your computer to access a network share. The following procedure outlines installation from a DVD-ROM:

Follow the procedure outlined earlier for installing Windows Server Core until you receive the screen previously shown in Figure 2-3.
Select either Windows Server 2012 R2 Standard (Server with a GUI) or Windows Server 2012 R2 Datacenter (Server with a GUI), and then click Next.
Complete steps 6–10 of the earlier procedure. Installation will take 15–45 minutes, depending on your hardware.
Type and confirm a secure password. Windows informs you that your password has been changed. Click OK.
Windows displays a Welcome message and prepares your desktop. Then the desktop with Server Manager shown in Figure 2-8 appears.

Figure 2-8 When you log on to Server with a GUI for the first time, Server Manager appears.

After you have performed the initial configuration steps, you will be prompted to press Ctrl+Alt+Delete and enter your password when you restart your server.

TIP

When you shut down a Windows Server 2012 R2 computer, it displays the Shutdown Event Tracker dialog box, which asks you for a reason for shutting down the server. For learning purposes, it is helpful to disable this item. You can do so by typing gpedit.msc to open the Local Group Policy Object Editor. Navigate to Computer Configuration\Administrative Templates\System, right-click the Display Shutdown Event Tracker policy, and click Properties. On the dialog box that appears, click Disabled and then click OK.

Windows Server Core Commands and Cmdlets

Useful Server Core Commands

All configuration, management, and troubleshooting of Windows Server Core is done from the command line. Available utilities enable you to perform almost all regular configuration tasks in this fashion. In Windows Server 2012 and 2012 R2, many of the commands used with Server Core in Windows Server 2008 have been replaced by PowerShell cmdlets. Table 2-3 describes some of the more useful available commands.

Table 2-3 Useful Windows Server Core Commands and Cmdlets

Command	Meaning
`netdom join` `computername` `/domain:domainname`	Joins an Active Directory domain. You will be prompted for the username and password of a user with domain administrator privileges.
`Sconfig.cmd`	Configures and manages a series of common Server Core installation properties. See Figure 2-7.
`cscript scregedit.wsf`	Enables automatic updates.
`Get-WindowsFeature`	Displays roles and features currently installed on the server.
`Install-WindowsFeature`	Adds roles or features.
`Uninstall-WindowsFeature`	Removes roles or features.
`netsh interface IPv4`	Includes a series of subcommands that enable you to configure IPv4 networking.
`netsh advfirewall`	Includes subcommands that enable you to configure the Windows firewall.
`Help`	Provides a list of all available Windows Server Core commands.

Figure 2-7 The Sconfig.cmd utility enables you to perform many basic configuration actions on a Server Core computer.

Available commands also include most commands formerly used with MS-DOS and previous Windows versions. We discuss many Server Core commands and PowerShell cmdlets in various chapters of this book and other Cert Guide books in this series.

NOTE

For additional information on installing Windows Server Core, as well as any of these commands or other commands available in Windows Server Core, type the command name followed by /? or consult “Configure and Manage Server Core Installations” at http://technet.microsoft.com/en-us/library/jj574091.aspx. For additional information on the available Windows Server 2012 R2 installation options, refer to “Windows Server Installation Options” at http://technet.microsoft.com/library/hh831786.

Installing a Windows Server Core Computer

As explained in Chapter 1, Windows Server Core includes a minimal version of the server software without the GUI; you perform all configuration tasks from the command prompt. Follow this procedure to install Windows Server Core and perform initial configuration tasks:

Insert the Windows Server 2012 R2 DVD-ROM and turn on your computer. You should see a message informing you that Windows is copying temporary files; if not, you should access the BIOS setup program included with your computer and modify the boot sequence so that the computer boots from the DVD.
After a few minutes, you receive the Windows Server 2012 R2 screen shown in Figure 2-1. Click Install now to begin the installation.

Figure 2-1 Starting the installation of Windows Server 2012 R2.
Windows copies temporary files and then displays the Get important updates for Windows Setup screen shown in Figure 2-2. If you’re connected to the Internet, select Go online to install updates now (recommended).

Figure 2-2 If you’re connected to the Internet, you should select the option to get updates.
On the next Install Windows screen, click Install now.
You receive the options shown in Figure 2-3, which enable you to install the complete Standard or Datacenter version of Windows Server 2012 R2 with a GUI or Windows Server 2012 R2 Server Core. Select the Windows Server 2012 R2 Datacenter (Server Core Installation) option and then click Next.

Figure 2-3 This screen enables you to select either the complete installation of Windows Server 2012 R2 or the Server Core option.
You are asked to accept the license terms. Select the check box labeled I accept the license terms and then click Next.
You receive the options shown in Figure 2-4 to upgrade or install a clean copy of Windows Server 2012 R2. Select Custom (advanced) to install a clean copy of Windows Server 2012 R2. The upgrade option is available only if you have started the installation from within Windows Server 2008, Windows Server 2008 R2, or the original version of Windows Server 2012.

Figure 2-4 You have the option to upgrade when run from Windows Server 2008/R2/2012.
Select the disk on which you want to install Windows and then click Next.
Take a coffee break while the installation proceeds. This takes some time (particularly when installing on a virtual machine), and the computer restarts several times. As shown in Figure 2-5, Setup charts the progress of installation.

Figure 2-5 Windows Setup charts the progress of installing Windows Server 2012 R2.
After 15–30 minutes (depending on your hardware), Windows restarts a last time and informs you that your password must be changed before logging on for the first time. Click OK.
Type and confirm a strong password. When informed that the password is changed, click OK. After a minute or so, the desktop appears, containing a command window but no Start screen or desktop icons (see Figure 2-6). This is the standard Windows Server Core interface.

Figure 2-6 At startup, Windows Server Core 2012 R2 displays only a command window.
To set the correct time, type control timedate.cpl. By default, Server Core sets the time zone to Pacific Time. If you are in a different time zone, you will need to change this. Set the appropriate time zone, change the date and time if necessary, and then click OK.
Windows installs Server Core with a randomly generated computer name. To set a name of your choice, type netdom renamecomputer %computername% /newname:ServerC1 (where, in this instance, ServerC1 is the name you’re assigning; substitute your desired server name).
Windows warns you that the rename process might have an adverse impact on some services. Type Y to proceed.
You are informed that the computer needs to be restarted in order to complete the rename. Type shutdown /r /t 0 to reboot your server.
After the server reboots, press Ctrl+Alt+Delete and log on using the password you set in step 11.

Windows Server 2012 R2 Hardware Requirements

As with previous Windows versions, your hardware must meet certain requirements for Windows Server 2012 R2 to function properly. First of all, Windows Server 2012 R2 requires a 64-bit processor; Microsoft has discontinued 32-bit software with this release of Windows Server. Table 1.1 outlines the minimum and recommended hardware requirements for Windows Server 2012 R2 as provided by Microsoft:

Table 1.1 Windows Server 2012 R2 Hardware Requirements

Component	Minimum Requirement	Microsoft Recommended
Processor	1.4 GHz	2 GHz or faster
Memory	512 MB RAM	2 GB RAM or greater
Available Disk Space	32 GB	40 GB or greater
Optical Drive	DVD-ROM drive	DVD-ROM drive
Display	Super VGA (800x600) monitor	XGA (1024x768) monitor

In addition, you must have the usual I/O peripherals, including a keyboard and mouse or compatible pointing device and a wired or wireless network interface card (NIC). If you can connect to a network location on which you have copied the contents of the Windows Server 2012 R2 DVD-ROM, you are not required to have a DVD-ROM drive on your computer. As with any other operating system installation, you will receive improved performance if you have a faster processor and additional memory on your system.
Further, when you install Windows Server 2012 R2 on an Itanium-based computer, you must have an Intel Itanium 2 processor and additional hard disk space. Computers with more than 16 GB RAM require additional disk space for paging, hibernation, and dump files. With disk space at an all-time minimum cost, it is easy to acquire a high-capacity hard disk. You will certainly need plenty of disk space on a server that will be a domain controller in a large domain.
Microsoft recommends that you also perform the following actions before installing Windows Server 2012 R2:

Disconnect uninterruptible power supply (UPS) devices: If you are using a UPS, disconnect its serial or USB cable before installing Windows Server 2012 R2. However, note that you do not need to disconnect other USB devices such as external hard drives, printers, and so on.
Back up data: Perform a complete backup of configuration information for your servers, especially network infrastructure servers such as DHCP servers. The backup should include the boot and system partitions as well as the system state data.
Disable antivirus software: Antivirus software can interfere with operating system installation.
Run the Windows Memory Diagnostic tool: This tool tests your computer’s RAM. For more information, refer to “Utility Spotlight: Windows Memory Diagnostic” at http://technet.microsoft.com/en-us/magazine/2008.09.utilityspotlight.aspx?pr=blog.
Provide mass storage drivers if needed: Save the driver file to appropriate media so that you can provide it during setup.
Note that Windows Firewall is on by default: Server applications that require inbound connections will fail until you create inbound firewall rules that allow these connections. For more information, refer to “Windows Firewall with Advanced Security Overview” at http://technet.microsoft.com/en-us/library/hh831365.aspx.
Prepare your Active Directory environment for Windows Server 2012 R2: Before adding a Windows Server 2012 R2 domain controller or updating an existing domain controller to Windows Server 2012 R2, prepare the domain and forest by running Adprep.exe. We discuss this tool in Chapter 13, “Installing Domain Controllers.”

Wednesday, 6 April 2016

CCNA Vs. MCSE: What's the Difference?

Information technology (IT) professionals have the option of earning numerous certifications, including Cisco Certified Network Associate (CCNA) and Microsoft Certified Solutions Expert (MCSE) designations. Explore these options, their availability, and applications.

CCNA Qualifications and Requirements

The Cisco Certified Network Associate (CCNA) designation is for IT professionals who have around 1-3 years of work experience creating business solutions specifically using Cisco switches and routers. These IT professionals also configure, install, and maintain LANs, WANs and dial-up networks using IP, Ethernet, frame relay, and other protocols. They might configure servers, routers or other network or security devices.
CCNA specializations include service provider, data center, industrial, cloud, and routing and switching. Routing and switching certification can be used to meet prerequisites for additional specialty certifications in wireless, industrial and security. Depending on the specialty a candidate pursues, he or she will need to pass one or more exams.
CCNA certifications expire after three years. After that time period, CCNA professionals must recertify. There are a number of ways to do this, including passing a current CCNA exam in one of the other specialty areas or by taking a certification exam offered at the specialist or professional level.

MCSE Qualifications and Requirements

The Microsoft Certified Solutions Expert (MCSE) designation is designed for current IT professionals. Individuals can pursue the MCSE credential in the following specialties: SharePoint, messaging, communication, business intelligence, enterprise devices and apps, private cloud, server infrastructure and data platform. Most credentials require completion of 4-5 exams.
While there are no specific prerequisites for MCSE exams per se, Microsoft notes that for each exam, test-takers typically have experience working with the IT tools in question. In addition, some of the optional preparatory courses offered by Microsoft call for at least two years of experience with Microsoft technology, whether that's servers, databases or other IT tools. MCSE certifications must be renewed every three years by passing a recertification exam.

What is MCSE?

An MCSE (Microsoft Certified Systems Engineer) is someone who has Knowledge about the Microsoft Windows NT operating system, related desktop systems, networking, and Microsoft's BackOffice server products.

About the Blog

Microsoft Certified Solutions Expert (MCSE)

Using this blog a person alone can learn and gain knowledge on Microsoft Certified Solutions Expert (MCSE) . This blog gives the complete information on MCSE. some topics like --

Installing & Configuring Windows Server
Administering Windows Server
Configuring Advanced Windows Server Services
Designing and Implementing Server Infrastructure
Implementing an Advanced Server Infrastructure

Sunday, 4 September 2016

Saturday, 3 September 2016

Friday, 2 September 2016

Thursday, 1 September 2016

Thursday, 4 August 2016

Wednesday, 27 July 2016

Sunday, 26 June 2016

Sunday, 19 June 2016

Wednesday, 25 May 2016

Tuesday, 10 May 2016

Thursday, 28 April 2016

Sunday, 17 April 2016

Identifying Administration Tools

Leveraging Active Directory