Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
230 Cards in this Set
- Front
- Back
|
Features and Advantages of Windows Server 2012 and Server2012 R2 |
ActiveDirectory Certificate Services Active Directory Certificate Services(AD CS) ActiveDirectory Domain Services ActiveDirectory Rights Management Services Active Directory RightsManagement Services (AD RMS) BitLocker BitLocker\ BranchCache BranchCache DHCP DynamicHost Configuration Protocol (DHCP) DNS FailoverClustering File ServerResource Manager Hyper-V IPAM KerberosAuthentication ManagedService Accounts (gMSAs) Networking RemoteDesktop Services SecurityAuditing Smart Cards TLS/SSL(Schannel SSP) WindowsDeployment Services |
|
|
Roles and Features in W2012R2
|
Active DirectoryCertificate Services Active DirectoryDomain Services. Active DirectoryFederation Services Active Directory Federation Services (AD FSActive Directory Lightweight DirectoryServices Active Directory Lightweight Directory Services (AD LDS) Active DirectoryRights Management Services ApplicationServer FailoverClustering File and StorageServices Group Policy Hyper-V Networking Network LoadBalancing The Network Load Balancing (NLB) Network Policyand Access Services (NAP) Print andDocument Services Remote DesktopServices Security andProtection Telemetry Volume Activation Web Server (IIS) WindowsDeployment Services Windows ServerBackup Feature Windows ServerUpdate Services |
|
|
Active Directory Certificate Services |
The AD CS server role in Windows Server 2012 R2 allows you to build a PKI and provide public key cryptography, digital certificates,and digital signature capabilities for your organization. Feature AD CS provides a customizable set of services that allows you to issue and manage PKI certificates. These certificates can be used in software security systems that employ public key technologies. Role AD CS in Windows Server 2012 R2 is the server role that allows you to build a PKI and provide public key cryptography, digital certificates, and digital signature capabilities for your organization. |
|
|
Active Directory Domain Services |
The AD DS server role allows you to create a scalable, secure, and manageable infrastructure for user and resource management and to provide support for directory-enabled applications, such as Microsoft Exchange Server. |
|
|
Active Directory Federation Services |
Active Directory Federation Services (AD FS) provides Internet-based clients with a secure identity access solution that works on both Windows and non-Windows operating systems. AD FS gives users the ability to do a single sign-on (SSO) and access applications on other networks without needing asecondary password. |
|
|
Active Directory Lightweight Directory Services |
Active Directory Lightweight Directory Services (AD LDS) is a LightweightDirectory Access Protocol (LDAP) directory service that provides flexiblesupport for directory-enabled applications, without the dependencies and domain-related restrictions of AD DS. |
|
|
Active Directory Rights Management Services |
Active Directory Rights Management Services (AD RMS) in Windows Server2012 R2 is the server role that provides you with management and development tools that work with industry security technologies including encryption,certificates, and authentication to help organizations create reliableinformation protection solutions. |
|
|
Application Server |
Application Server provides an integrated environment for deploying and running custom, server-based business applications. |
|
|
Failover Clustering |
The Failover Clustering feature provides a way to create, configure, and manage failover clusters for up to 4,000 virtual machines or up to 64 physical nodes. |
|
|
File and Storage Services |
File and Storage Services allows an administrator to set up and manage one or more file servers. These servers can provide a central location on your network where you can store files and then share those files with network users. If users require access to the same files and applications or if centralized backup and file management are important issues for your organization, administrators should set up network servers as a file server. |
|
|
Group Policy |
Group policies are a set of rules and management configuration options that you can control through the Group Policy settings. These policy settings can be placed on users' computers throughout the organization. |
|
|
Hyper-V |
The Hyper-V role allows administrators to create and manage a virtualized environment by taking advantage of the technology built into the Windows Server 2012 R2 operating system. When an administrator installs the Hyper-V role, all required virtualization components are installed. Some of the required components include the Windows hypervisor, Virtual Machine Management Service, the virtualization WMI provider, the virtual machine bus (VMbus), the virtualization service provider (VSP), and the virtual infrastructure driver (VID). |
|
|
Networking |
This feature allows administrators to design, deploy, and maintain a Windows Server 2012 R2 network. The networking features include 802.1X authenticated wired and wireless access, BranchCache, Data Center Bridging, low-latency workload technologies, and many more. |
|
|
Network Load Balancing |
The Network Load Balancing (NLB) feature dispenses traffic across multiple servers by using the TCP/IP networking protocol. By combining two or more computers that are running applications in Windows Server 2012 R2 into a single virtual cluster, NLB provides reliability and performance for mission-critical servers. |
|
|
Network Policy and Access Services |
Use the Network Policy and Access Services server role to install and configure Network Access Protection (NAP), secure wired and wireless access points, and RADIUS servers and proxies. |
|
|
Print and Document Services |
Print and Document Services allows an administrator to centralize print server and network printer tasks. This role also allows you to receive scanned documents from network scanners and route the documents to a shared network resource, Windows SharePoint Services site, or email addresses. Print and Document Services also provides fax servers with the ability to send and receive faxes while also giving the administrator the ability to manage fax resources such as jobs, settings, reports, and fax devices on the fax server. |
|
|
Remote Desktop Services |
Remote Desktop Services allows for faster desktop and application deployments to any device, improving remote user effectiveness while helping to keep critical data secure. Remote Desktop Services allows for both a virtual desktop infrastructure (VDI) and session-based desktops, allowing users to connect from anywhere. |
|
|
Security and Protection |
Windows Server 2012 R2 has many new and improved security features for your organization. These security features include Access Control, AppLocker,BitLocker, Credential Locker, Kerberos, NTLM, passwords, security auditing, smart cards, and Windows Biometric Framework (WBF). |
|
|
Telemetry |
The Telemetry service allows the Windows Feedback Forwarder tosend feedback to Microsoft automatically by deploying a Group Policy setting to one or more organizational units. Windows Feedback Forwarder is available on all editions of Windows Server 2012 R2, including Server Core. |
|
|
Volume Activation |
Windows Server 2012 R2 Volume Activation will help your organization benefit from using this service to deploy and manage volume licenses for a medium to large number of computers. |
|
|
Web Server (IIS
|
The Web Server (IIS) role in Windows Server 2012 R2 allows anadministrator to set up a secure, easy-to-manage, modular, and extensibleplatform for reliably hosting websites, services, and applications
|
|
|
Windows Deployment Services
|
Windows Deployment Services allows an administrator to install a Windowsoperating system over the network. Administrators do not have to install eachoperating system directly from a CD or DVD.
|
|
|
Windows Server Backup Feature
|
The Windows Server Backup feature gives an organization a way toback up and restore Windows servers. You can use Windows Server Backup to backup the entire server (all volumes), selected volumes, the system state, orspecific files or folders.
|
|
|
Windows Server Update Services
|
Windows ServerUpdate Services (WSUS) allows administrators to deployapplication and operating system updates. By deploying WSUS, administratorshave the ability to manage updates that are released through Microsoft Updateto computers in their network. This feature is integrated with the operatingsystem as a server role on a Windows Server 2012 R2 system.
|
|
|
NIC Teaming |
NIC Teaming, also known as load balancingand failover (LBFO), gives an administrator the ability to allow multiplenetwork adapters on a system to be placed into a team. One advantage of Windows Server 2012R2 is that an administrator can setup 32 network adapters in a NIC Team An administrator can configure NICTeaming in either Server Manager or PowerShell. |
|
|
Server Core: If server was initially installed in Servercore mode and you want to convert to GUI. What steps should you follow: |
1. Determine theindex number for a server with a GUI image (for example, SERVERDATACENTER, not SERVERDATACENTERCORE) using this cmdlet: Get-WindowsImage -ImagePath path to wim\install.wim 2. Run this lineof code: Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell -Restart -Source wim: path to wim\install.wim: Index # fromstep 1 3. Alternatively,if you want to use Windows Update as the source instead of a WIM file, use thisWindows PowerShell cmdlet: Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell -Restart |
|
|
What Powershell Command we need to run to convert from Windows 2012 orWindows 2012 R2 Core to Server GUI |
Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell –Restart |
|
|
Windows Server core Support Roles |
Active Directory Certificate Services (ADCS) Active Directory Domain Services (AD DS) Active Directory Federation Services (ADFS) Active Directory Lightweight DirectoryServices (AD LDS) Active Directory Rights Management Services(AD RMS) Application Server DHCP Server DNS Server Fax Server File and Storage Services BITS Server BranchCache Hyper-V Network Policy and Access Services Print and Document Services Remote Access Remote Desktop Services Volume Activation Services Web Server (IIS) Windows Deployment Services Windows Server Update Services .NET Framework 3.5 Features .NET Framework 4.5 Features Streaming Media Services Failover Clustering iSCSI Network Load Balancing MPIO qWave Telnet Server/Client Windows Server Migration Tools Windows PowerShell 4.0 |
|
|
Windows Server core Benefits: |
Reduced Management Because Server Core has a minimumnumber of applications installed, it reduces management effort. Minimal Maintenance Only basic systems can be installedon Server Core, so it reduces the upkeep you would need to perform in a normalserver installation. Smaller Footprint Server Core requires only 1GB ofdisk space to install and 2GB of free space for operations. Tighter Security With only a few applicationsrunning on a server, it is less vulnerable to attacks. |
|
|
Ways of Installing Windows20012 |
Windows Server 2012 R2 with the Graphical User Interface(GUI) Windows Server 2012 R2 Server Core Windows Server 2012 R2 MinShell |
|
|
Migration tools: |
a tool to migrate roles, role services and feature to newservers. It can be used to migrate thesefeature from core to a physical or Virtual GUI server. |
|
|
Migration tool advantages: |
1.
Reduce migration downtime 2. Migrate between physical to virtual 3. Full and core 4. Support cross-subnet migration |
|
|
Windows Server Migration tool on Server Core |
1. Open aWindows PowerShell session by typing powershell.exe in the current command prompt session and then pressingEnter. 2. In theWindows PowerShell session, install Windows Server Migration Tools by using theWindows PowerShell Install-WindowsFeature cmdlet for Server Manager. In the Windows PowerShellsession, type the following, and then press Enter. (Omit the ComputerName parameter ifyou are installing the Windows Server Migration Tools on the local server.) Command:Install-Windowsfeature Migration –ComputerName computer_name Non-Core servers: Use the “addroles or feature” in server Manager |
|
|
Migration Tool installation and requirements: |
1.- Must be anadministrator on both the source and target server.
Installation: 1. InstallingWindows Server Migration Tools on destination servers that run Windows Server2012 R2 2. Creatingdeployment folders on destination servers that run Windows Server 2012 R2 forcopying to source servers 3. Copyingdeployment folders from destination servers to source servers 4. RegisteringWindows Server Migration Tools on source servers |
|
|
Windows 2012R2 Version |
Windows Server 2012 R2 Datacenter This version is designedfor organizations that are looking to migrate to a highly virtualized, privatecloud environment. Windows Server 2012 R2 Datacenter has full Windows Serverfunctionality with unlimited virtual instances. Windows Server 2012 R2 Standard This version is designed fororganizations with physical or minimally virtualized environments. WindowsServer 2012 R2 Standard has full Windows Server functionality with two virtualinstances. Windows Server 2012 R2 Essentials This version is ideal forsmall businesses that have as many as 25 users and 50 devices. Windows Server2012 R2 Essentials has a simpler interface and preconfigured connectivity tocloud-based services but no virtualization rights. Windows Server 2012 R2 Foundation This version is designedfor smaller companies that need a Windows Server experience for as few as 15users. Windows Server 2012 R2 Foundation is a general-purpose server with basicfunctionality but no virtualization rights. |
|
|
Windows 2012R2 Upgrade path: |
TABLE 1.2 Supported WindowsServer 2012 R2 upgrade path recommendations Current System Upgraded System Windows Server 2008 R2 Datacenter with SP1 Windows Server 2012 R2 Datacenter Windows Server 2008 R2 Enterprise with SP1 Windows Server 2012 R2 Standard or Windows Server 2012 R2 Datacenter Windows Server 2008 R2 Standard with SP1 Windows Server 2012 R2 Standard or Windows Server 2012 R2 Datacenter Windows Web Server 2008 R2 with SP1 Windows Server 2012 R2 Standard Windows Server 2012 Datacenter Windows Server 2012 R2 Datacenter Windows Server 2012 Standard Windows Server 2012 R2 Standard or Windows Server 2012 R2 Datacenter Hyper-V Server 2012 Hyper-V Server 2012 R2 Windows Storage Server 2012 Standard Windows Storage Server 2012 R2 Standard Windows Storage Server 2012 Workgroup Windows Storage Server 2012 R2 Workgroup |
|
|
Windows Deployment Services |
WDSallows an IT administrator to install a Windows operating system without usingan installation disc. Using WDS allows you to deploy the operating systemthrough a network installation. WDS can deploy Windows XP, Windows Server 2003,Windows Vista, Windows 7, Windows 8, Windows Server 2008/2008 R2, MicrosoftWindows 2012, and Microsoft Windows Server 2012 R2. |
|
|
advantagesof using WDS for automated installation
|
You canremotely install Windows 7/Windows 8. The proceduresimplifies management of the server image by allowing you to access Windows 7/8distribution files from a distribution server. You canquickly recover the operating system in the event of a computer failure. |
|
|
Basic steps of WDS process |
1. The WDSclient initiates a special boot process through the PXE network adapter (andthe computer's BIOS configured for a network boot). On a PXE client, the userpresses F12 to start the PXE boot process and to indicate that they want toperform a WDS installation. 2. A list ofavailable Windows PE boot images is displayed. The user should select theappropriate Windows PE boot image from the boot menu. 3. The WindowsWelcome screen is displayed. The user should click the Next button. 4. The WDS useris prompted to enter credentials for accessing and installing images from theWDS server. 5. A list ofavailable operating system images is displayed. The user should select theappropriate image file to install. 6. The WDS useris prompted to enter the product key for the selected image. 7. The PartitionAnd Configure The Disk screen is displayed. This screen provides the ability toinstall a mass storage device driver, if needed, by pressing F6. 8. The imagecopy process is initiated, and the selected image is copied to the WDS clientcomputer. |
|
|
The WDS server must meet these requirements:
|
* At least one partition on the server must be formatted as NTFS. * WDS must be installed on the server. * The operating system must be Windows Server 2003, Windows Server 2008/2008 R2, Windows Server 2012, or Windows Server 2012 R2. * A network adapter must be installed. |
|
|
to remove a role or feature completely from the system
|
use -Remove with the Uninstall-WindowsFeature. Example: Uninstall-WindowsFeature Server-Gui-Shell -Remove To install a removed role or feature using a WIM image, follow these steps:1.Run the following command: Get-windowsimage -imagepath \install.wimIn step 1, imagepath is the path where the WIM files are located.2.Run the following command: Install-WindowsFeature featurename -Source wim: path: indexIn step 2, featurename is the name of the role or feature from Get-WindowsFeature. path is the path to the WIM mount point, and index is the index of the server image from step 1. |
|
|
Different types of partition styles are used to initialize disks:
|
Master Boot Record (MBR) and GUID Partition Table (GPT).
|
|
|
Master Boot Record (MBR)
|
MBR has a partition table that indicates where the partitions are located on the disk drive, and with this particular partition style, only volumes up to 2TB (2,048GB) are supported. An MBR drive can have up to four primary partitions or can have three primary partitions and one extended partition that can be divided into unlimited logical drives. Windows Server 2012 R2 can only boot off an MBR disk unless it is based on the Extensible Firmware Interface (EFI); then it can boot from GPT. An Itanium server is an example of an EFI-based system |
|
|
GUID Partition Table (GPT).
|
a GPT disk drive can support volumes of up to 18EB (18,874,368 million terabytes) and 128 partitions. As a result, GPT is recommended for disks larger than 2TB or disks used on Itanium-based computers
|
|
|
Windows Server 2012 R2 supports two types of disk configurations
|
basic and dynamic
|
|
|
Basic Disk
|
are divided into partitions and can be used with previous versions of Windows. A basic disk can simply be converted to a dynamic disk without loss of data. However, converting a dynamic disk back to a basic disk is not as simple. First, all the data on the dynamic disk must be backed up or moved. Then, all the volumes on the dynamic disk have to be deleted. The dynamic disk can then be converted to a basic disk. Partitions and logical drives can be created, and the data can be restored. |
|
|
Dynamic disk
|
are divided into volumes and can be used with Windows 2000 Server and newer releases. When a disk is initialized, it is automatically created as a basic disk, but when a new fault-tolerant (RAID) volume set is created, the disks in the set are converted to dynamic disks. Fault-tolerance features and the ability to modify disks without having to reboot the server are what distinguish dynamic disks from basic disks |
|
|
Basic Disk: Actions/options
|
•Formatting partitions•Marking partitions as active•Creating and deleting primary and extended partitions•Creating and deleting logical drives•Converting from a basic disk to a dynamic disk
|
|
|
Dynamic Disk: Actions/options
|
•Creating and deleting simple, striped, spanned, mirrored, or RAID-5 volumes•Removing or breaking a mirrored volume•Extending simple or spanned volumes•Repairing mirrored or RAID-5 volumes•Converting from a dynamic disk to a basic disk after deleting all volumes
|
|
|
A volume set
|
A volume set is created from volumes that span multiple drives by using the free space from those drives to construct what will appear to be a single drive.
|
|
|
various types of volume sets and their definitions
|
Simple volume uses only one disk or a portion of a disk.•Spanned volume is a simple volume that spans multiple disks, with a maximum of 32. Use a spanned volume if the volume needs are too great for a single disk.•Striped volume stores data in stripes across two or more disks. A striped volume gives you fast access to data but is not fault tolerant, nor can it be extended or mirrored. If one disk in the striped set fails, the entire volume fails.•Mirrored volume duplicates data across two disks. This type of volume is fault tolerant because if one drive fails, the data on the other disk is unaffected.•RAID-5 volume stores data in stripes across three or more disks. This type of volume is fault tolerant because if a drive fails, the data can be re-created from the parity off of the remaining disk drives. Operating system files and boot files cannot reside on the RAID-5 disks.
|
|
|
Storage Spaces
|
Windows Server 2012 R2 allows an administrator to virtualize storage by grouping disks into storage pools. These storage pools can then be turned into virtual disks called storage spaces. The Storage Spaces technology allows an administrator to have a highly available, scalable, low-cost, and flexible solution for both physical and virtual installations. Storage Spaces allows you to set up this advantage on either a single server or in scalable multinode mode. Storage spaces and storage pools can be managed by an administrator through the use of the Windows Storage Management API, Server Manager, or Windows PowerShell.One of the advantages of using the Storage Spaces technology is the ability to set up resiliency. There are three types of Storage Space resiliency: mirror, parity, and simple (no resiliency). |
|
|
Storage Pools
|
Storage pools are a group of physical disks that allows an administrator to delegate administration, expand disk sizes, and group disks together.
|
|
|
Storage Spaces
|
Storage spaces allow an administrator to take free space from storage pools and create virtual disks called storage spaces. Storage spaces give administrators the ability to have precise control, resiliency, and storage tiers.
|
|
|
advantages of using Storage spaces features in Windows Server 2012 R2
|
Availability: One advantage to the Storage Spaces technology is the ability to fully integrate the storage space with failover clustering. This advantage allows administrators to achieve service deployments that are continuously available. Administrators have the ability to set up storage pools to be clustered across multiple nodes within a single cluster. Tiered Storage The Storage Spaces technology allows virtual disks to be created with a two-tier storage setup. For data that is used often, you have an SSD tier; for data that is not used often, you use an HDD tier. The Storage Spaces technology will automatically transfer data at a subfile level between the two different tiers based on how often the data is used. Because of tiered storage, performance is greatly increased for data that is used most often, and data that is not used often still gets the advantage of being stored on a low-cost storage option. Delegation One advantage of using storage pools is that administrators have the ability to control access by using access control lists (ACLs). What is nice about this advantage is that each storage pool can have its own unique access control lists. Storage pools are fully integrated with Active Directory Domain Services |
|
|
Redundant Array of Independent Disks (RAID)
|
The ability to support drive sets and arrays. RAID can be used to enhance data performance, or it can be used to provide fault tolerance to maintain data integrity in case of a hard disk failure
|
|
|
Windows Server 2012 R2 supports three types of RAID technologies
|
RAID-0 (Disk Striping) Disk striping is using two or more volumes on independent disks created as a single striped set. There can be a maximum of 32 disks. In a striped set, data is divided into blocks that are distributed sequentially across all of the drives in the set. With RAID-0 disk striping, you get very fast read and write performance because multiple blocks of data can be accessed from multiple drives simultaneously. However, RAID-0 does not offer the ability to maintain data integrity during a single disk failure. In other words, RAID-0 is not fault tolerant; a single disk event will cause the entire striped set to be lost, and it will have to be re-created through some type of recovery process, such as a tape backup.RAID-1 (Disk Mirroring) Disk mirroring is two logical volumes on two separate identical disks created as a duplicate disk set. Data is written on two disks at the same time; that way, in the event of a disk failure, data integrity is maintained and available. Although this fault tolerance gives administrators data redundancy, it comes with a price because it diminishes the amount of available storage space by half. For example, if an administrator wants to create a 300GB mirrored set, they would have to install two 300GB hard drives into the server, thus doubling the cost for the same available space.RAID-5 Volume (Disk Striping with Parity) With a RAID-5 volume, you have the ability to use a minimum of three disks and a maximum of 32 disks. RAID-5 volumes allow data to be striped across all of the disks with an additional block of error-correction called parity. Parity is used to reconstruct the data in the event of a disk failure. RAID-5 has slower write performance than the other RAID types because the OS must calculate the parity information for each stripe that is written, but the read performance is equivalent to a stripe set, RAID-0, because the parity information is not read. Like RAID-1, RAID-5 comes with additional cost considerations. For every RAID-5 set, roughly an entire hard disk is consumed for storing the parity information. For example, a minimum RAID-5 set requires three hard disks, and if those disks are 300GB each, approximately 600GB of disk space is available to the OS and 300GB is consumed by parity information, which equates to 33.3 percent of the available space. Similarly, in a five-disk RAID-5 set of 300GB disks, approximately 1,200GB of disk space is available to the OS, which means that 20 percent of the total available space is consumed by the parity information. The words roughly and approximately are used when calculating disk space because a 300GB disk will really be only about 279GB of space. This is because vendors define a gigabyte as 1 billion bytes, but the OS defines it as 230 (1,073,741,824) bytes. Also, remember that file systems and volume managers have overhead as well. |
|
|
Mount Points
|
With the ever-increasing demands of storage, mount points are used to surpass the limitation of 26 drive letters and to join two volumes into a folder on a separate physical disk drive. A mount point allows you to configure a volume to be accessed from a folder on another existing disk. Through Disk Management, a mount point folder can be assigned to a drive instead of using a drive letter, and it can be used on basic or dynamic volumes that are formatted with NTFS. However, mount point folders can be created only on empty folders within a volume |
|
|
Microsoft MPIO
|
Multipath I/O (MPIO) is associated with high availability because a computer will be able to use a solution with redundant physical paths connected to a storage device. Thus, if one path fails, an application will continue to run because it can access the data across the other path.The MPIO software provides the functionality needed for the computer to take advantage of the redundant storage paths. MPIO solutions can also load-balance data traffic across both paths to the storage device, virtually eliminating bandwidth bottlenecks to the computer. What allows MPIO to provide this functionality is the new native Microsoft Device Specific Module (Microsoft DSM).
|
|
|
Microsoft Device Specific Module (Microsoft DSM)
|
Microsoft Device Specific Module (Microsoft DSM The Microsoft DSM is a driver that communicates with storage devices—iSCSI, Fibre Channel, or SAS—and it provides the chosen load-balancing policies |
|
|
Windows Server 2012 R2 supports the following load-balancing DSM policies:
|
Failover In a failover configuration, there is no load balancing. There is a primary path that is established for all requests and subsequent standby paths. If the primary path fails, one of the standby paths will be used. Failback This is similar to failover in that it has primary and standby paths. However, with failback you designate a preferred path that will handle all process requests until it fails, after which the standby path will become active until the primary reestablishes a connection and automatically regains control. Round Robin In a round-robin configuration, all available paths will be active and will be used to distribute I/O in a balanced round-robin fashion. Round Robin with a Subset of Paths In this configuration, a specific set of paths will be designated as a primary set and another as standby paths. All I/O will use the primary set of paths in a round-robin fashion until all of the sets fail. Only at this time will the standby paths become active. Dynamic Least Queue Depth In a dynamic least queue depth configuration, I/O will route to the path with the least number of outstanding requests.Weighted Path In a weighted path configuration, paths are assigned a numbered weight. I/O requests will use the path with the least weight—the higher the number, the lower the priority. Weighted Path In a weighted path configuration, paths are assigned a numbered weight. I/O requests will use the path with the least weight—the higher the number, the lower the priority. |
|
|
Internet Small Computer System Interface (iSCSI)
|
(iSCSI) is an interconnect protocol used to establish and manage a connection between a computer (initiator) and a storage device (target). It does this by using a connection through TCP port 3260, which allows it to be used over a LAN, a WAN, or the Internet. Each initiator is identified by its iSCSI Qualified Name (iqn), and it is used to establish its connection to an iSCSI target. iSCSI was developed to allow block-level access to a storage device over a network. This is different from using a network attached storage (NAS) device that connects through the use of Common Internet File System (CIFS) or Network File System (NFS).Block-level access is important to many applications that require direct access to storage. Microsoft Exchange and Microsoft SQL are examples of applications that require direct access to storage. |
|
|
iSCSI advantage over Fiber Channel
|
1.- By being able to leverage the existing network infrastructure, iSCSI was also developed as an alternative to Fibre Channel storage by alleviating the additional hardware costs associated with a Fibre Channel storage solution. 2.- it can provide security for the storage devices. iSCSI can use Challenge Handshake Authentication Protocol (CHAP or MS-CHAP) for authentication and Internet Protocol Security (IPsec) for encryption. |
|
|
Ways to initiate iSCSI sessions
|
Windows Server 2012 R2 supports two different ways to initiate an iSCSI session. •Through the native Microsoft iSCSI software initiator that resides on Windows Server 2012 R2 •Using a hardware iSCSI host bus adapter (HBA) that is installed in the computer |
|
|
Internet Storage Name Service (iSNS) |
allows for central registration of an iSCSI environment because it automatically discovers available targets on the network. The purpose of iSNS is to help find available targets on a large iSCSI network. |
|
|
ISNS Details |
The Microsoft iSCSI initiator includes an iSNS client that is used to register with the iSNS. The iSNS feature maintains a database of clients that it has registered either through DCHP discovery or through manual registration. iSNS DHCP is available after the installation of the service, and it is used to allow iSNS clients to discover the location of the iSNS. However, if iSNS DHCP is not configured, iSNS clients must be registered manually with the iscsiclicommand.To execute the command, launch a command prompt on a computer hosting the Microsoft iSCSI and type iscsicli addisnsserver server_name, where server_name is the name of the computer hosting iSNS |
|
|
Fibre Channel |
Fibre Channel storage devices are similar to iSCSI storage devices in that they both allow block-level access to their data sets and can provide MPIO policies with the proper hardware configurations. However, Fibre Channel requires a Fibre Channel HBA, fiber-optic cables, and Fibre Channel switches to connect to a storage device. |
|
|
A World Wide Name (WWN) from the Fibre Channel HBA |
A World Wide Name (WWN) from the Fibre Channel HBA is used from the host and device so that they can communicate directly with each other, similar to using a NIC's MAC address. In other words, a logical unit number (LUN) is presented from a Fibre Channel storage device to the WWN of the host's HBA. Fibre Channel has been the preferred method of storage because of the available connection bandwidth between the storage and the host.Fibre Channel devices support 1Gb/s, 2Gb/s, and 4Gb/s connections, and they soon will support 8Gb/s connections, but now that 10Gb/s Ethernet networks are becoming more prevalent in many datacenters, iSCSI can be a suitable alternative. It is important to consider that 10Gb/s network switches can be more expensive than comparable Fibre Channel switches. |
|
|
N-Port Identification Virtualization (NPIV) |
is a Fibre Channel facility allowing multiple n-port IDs to share a single physical N-Port. This allows multiple Fibre Channel initiators to occupy a single physical port. By using a single port, this eases hardware requirements in storage area network (SAN) design. |
|
|
network attached storage (NAS) |
a network attached storage (NAS) solution is that it is a low-cost device for storing data and serving files through the use of an Ethernet LAN connection. A NAS device accesses data at the file level via a communication protocol such as NFS, CIFS, or even HTTP, which is different from iSCSI or FC Fibre Channel storage devices that access the data at the block level. NAS devices are best used in file-storing applications, and they do not require a storage expert to install and maintain the device. In most cases, the only setup that is required is an IP address and an Ethernet connection |
|
|
Virtual Disk Service (VDS) |
was created to ease the administrative efforts involved in managing all of the various types of storage devices. |
|
|
VDS more information |
VDS is a set of application programming interfaces (APIs) that provides a centralized interface for managing all of the various storage devices. The native VDS API enables the management of disks and volumes at an OS level, and hardware vendor-supplied APIs manage the storage devices at a RAID level. These are known as software and hardware providers. |
|
|
A software provider |
A software provider is host based, and it interacts with Plug and Play Manager because each disk is discovered and operates on volumes, disks, and disk partitions. VDS includes two software providers: basic and dynamic. The basic software provider manages basic disks with no fault tolerance, whereas the dynamic software providers manage dynamic disks with fault management. A hardware provider translates the VDS APIs into instructions specific to the storage hardware. This is how storage management applications are able to communicate with the storage hardware to create LUNs or Fibre Channel HBAs to view the WWN. |
|
|
The following are Windows Server 2012 R2 storage management applications that use VDS: |
The Disk Management snap-in is an application that allows you to configure and manage the disk drives on the host computer. You have already seen this application in use when you initialized disks and created volume sets. DiskPart is a command-line utility that configures and manages disks, volumes, and partitions on the host computer. It can also be used to script many of the storage management commands. DiskPart is a robust tool that you should study on your own because it is beyond the scope of this book. Figure 1.8 shows the various commands and their function in the DiskPart utility. DiskRAID is also a scriptable command-line utility that configures and manages hardware RAID storage systems. However, at least one VDS hardware provider must be installed forDiskRAID to be functional. DiskRAID is another useful utility that you should study on your own because it's beyond the scope of this book. |
|
|
The Boot Configuration Data (BCD) |
The Boot Configuration Data (BCD) store contains boot information parameters that were previously found in boot.ini in older versions of Windows. To edit the boot options in the BCD store, use the bcdedit utility, which can be launched only from a command prompt. |
|
|
Features On Demand |
This feature allows you to remove roles and features from the operating system and remove the associated files completely from the hard drive, thus saving disk space. |
|
|
You are the administrator for the ABC Company. You are looking to install Windows Server 2012 R2, and you need to decide which version to install. You need to install a version of Windows that is just for logon authentication and nothing else. You want the most secure option and cost is not an issue. What should you install? |
B. Windows Server 2012 R2 Server Core is a more secure, slimmed-down version of Windows Server. Web versions of Windows Server 2012 R2 are not available. You would use Windows Server 2012 R2 Standard as a web server. |
|
|
You are the IT manager for a large organization. One of your co-workers installed a new Windows Server 2012 R2 Datacenter Server Core machine, but now the IT team has decided that it should be a Windows Server 2012 R2 Datacenter with GUI. What should you do? |
C. One of the new advantages of Windows Server 2012 R2 is that you can convert Server Core and GUI versions without the need to reinstall the operating system files completely. |
|
|
You are the administrator for your company, and you are looking at upgrading your Windows Server 2008 web server to Windows Server 2012 R2. Which version of Windows Server 2012 R2 does Microsoft recommend you use? |
B. Microsoft recommends that you upgrade your Windows Server 2008 or Windows Server 2008 R2 web server to Windows Server 2012 R2 Standard. |
|
|
You are looking at upgrading your Windows Server 2008 R2 Enterprise with SP2 machine to Windows Server 2012 R2. Your organization is considering virtualizing its entire server room, which has 25 servers. To which version of Windows Server 2012 R2 would you upgrade? |
A. Windows Server 2012 R2 Datacenter was designed for organizations that are seeking to migrate to a highly virtualized, private cloud environment. Windows Server 2012 R2 Datacenter has full Windows Server functionality with unlimited virtual instances. |
|
|
You have been hired to help a small company set up its first Windows network. It has had the same 13 users for the entire two years it has been open, and the company has no plans to expand. What version of Windows Server 2012 R2 would you recommend? |
D. Windows Server 2012 R2 Foundation was designed for smaller companies that need a Windows Server experience for as few as 15 users. Windows Server 2012 R2 Foundation is general-purpose server with basic server functionality and no virtualization rights. |
|
|
You have been hired to help a small company set up its Windows network. It has 20 users, and it has no plans to expand. What version of Windows Server 2012 R2 would you recommend? |
C. Windows Server 2012 R2 Essentials is ideal for small businesses that have as many as 25 users and 50 devices. It has a simple interface, preconfigured connectivity to cloud-based services, and no virtualization rights. |
|
|
Which of the following are benefits of using Windows Server 2012 R2 Server Core? (Choose all that apply.) |
A, B, C and D. All four answers are advantages of using Windows Server 2012 R2 Server Core. Server Core is a smaller installation of Windows Server, and therefore all four answers apply |
|
|
You are a server administrator, and you are trying to save dows Server 2012 R2 Datacenter machine. Which feature space? |
B. Windows Server 2012 R2 Features On Demand allows an administrator not only to disable a role or feature but also to remove the role or feature's files completely from the hard disk. |
|
|
You have a server named SRV1 that runs Windows Server 2012 R2. You want to remove Windows Explorer, Windows Internet Explorer, and all components and files from this machine. Which command should you run? |
D. New to Windows Server 2012 R2, an administrator has the ability to turn a Windows GUI installation into a Server Core installation. |
|
|
What type of domain controller would you install into an area where physical security is a concern? |
C. Windows Server 2012 R2 has a type of domain controller called a read-only domain controller (RODC). This gives an organization the ability to install a domain controller in an area or location (onsite or offsite) where security is a concern |
|
|
Which of the following is a valid role for a Windows Server 2012 R2 computer?
A. Stand-alone server B. Member server C. Domain controller D. All of the above |
D. Based on the business needs of an organization, a Windows 2012 R2 Server computer can be configured in any of the roles listed. See Chapter 1 for more information.
|
|
|
Which of the following is a benefit of using Active Directory? (Choose all that apply.) A. Hierarchical object structure B. Fault-tolerant architecture C. Ability to configure centralized and distributed administration D. Flexible replication |
A, B, C and D. All of the options listed are benefits of using Active Directory. See Chapter 3 for more information.
|
|
|
Which of the following features of the Domain Name System (DNS) can be used to improve performance? (Choose all that apply.) A. Caching-only servers B. DNS forwarding C. Secondary servers D. Zone delegation |
A, B, C and D. One of the major design goals for DNS was support for scalability. All of the features listed can be used to increase the performance of DNS. See Chapter 2 for more information.
|
|
|
Which of the following pieces of information should you have before you begin the Active Directory Installation Wizard? (Choose all that apply.) A. Active Directory domain name B. Administrator password for the local computer C. NetBIOS name for the server D. DNS configuration information |
A, B, C and D. Before beginning the installation of a domain controller, you should have all of the information listed. See Chapter 3 for more information.
|
|
|
An Active Directory environment consists of three domains. What is the maximum number of sites that can be created for this environment? A. Two B. Three C. Nine D. Unlimited |
D. The number of sites in an Active Directory environment is independent of the domain organization. An environment that consists of three domains may have one or more sites, based on the physical network setup. See Chapter 3 for more information.
|
|
|
Which of the following is not a valid Active Directory object? A. User B. Group C. Organizational unit D. Computer E. None of the above |
E. All of the choices are valid types of Active Directory objects, and all can be created and managed using the Active Directory Users and Computers tool. See Chapter 5 for more information.
|
|
|
Which of the following is not considered a security principal? A. Users B. Security groups C. Distribution groups D. Computers |
C. Permissions and security settings cannot be made on distribution groups. Distribution groups are used only for sending email. See Chapter 4 for more information.
|
|
|
Which of the following should play the least significant role in planning an OU structure? A. Network infrastructure B. Domain organization C. Delegation of permissions D. Group Policy settings |
A. In general, you can accommodate your network infrastructure through the use of Active Directory sites. All of the other options should play a significant role when you design your OU structure. Permissions and Group Policy can both be applied at the domain or OU level. See Chapter 4 for more information.
|
|
|
How can the Windows Server 2012 R2 file and printer resources be made available from within Active Directory? A. A system administrator can right-click the resource and select Publish. B. A system administrator can create Printer and Shared Folder objects that point to these resources. C. The Active Directory Domains and Trusts tool can be used to make resources available. D. Only resources on a Windows 2000 or newer server can be accessed from within Active Directory. |
B. Printer and Shared Folder objects within Active Directory can point to Windows Server 2012 R2 file and printer resources. See Chapter 4 for more information.
|
|
|
The process by which a higher-level security authority assigns permissions to other administrators is known as which of the following? A. Inheritance B. Delegation C. Assignment D. Trust |
B. Delegation is the process by which administrators can assign permissions on the objects within an OU. This is useful when administrators want to give other users more control over administrative functions in Active Directory. See Chapter 4 for more information.
|
|
|
What is the minimum amount of information you need to create a Shared Folder Active Directory object? A. The name of the share B. The name of the server C. The name of the server and the name of the share D. The name of the server, the server's IP address, and the name of the share |
C. The name of the server and the name of the share make up the Universal Naming Convention (UNC) information required to create a Shared Folder object. See Chapter 4for more information.
|
|
|
Which of the following operations is not supported by Active Directory? A. Assigning applications to users B. Assigning applications to computers C. Publishing applications to users D. Publishing applications to computers |
D. Applications cannot be published to computers, but they can be published to users and assigned to computers. See Chapter 5 for more information.
|
|
|
Which of the following filename extensions is used primarily for Windows Installer setup programs? A. .msi B. .mst C. .zap D. .aas |
A. MSI files (.msi) are native Windows Installer files used with Windows Installer setup programs. The other file types do not apply to this situation. See Chapter 5 for more information.
|
|
|
A system administrator wants to allow a group of users to add computer accounts to a specific organizational unit (OU). What is the easiest way to grant only the required permissions? A. Delegate control of a user account B. Delegate control at the domain level C. Delegate control of an OU D. Delegate control of a computer account E. Create a Group Policy object (GPO) at the OU level |
E. To allow this permission at the OU level, the system administrator must create a GPO with the appropriate settings and link it to the OU. See Chapter 5 for more information.
|
|
|
A Group Policy object (GPO) at the domain level sets a certain option to Disabled, while a GPO at the OU level sets the same option to Enabled. All other settings are left at their default. Which setting will be effective for objects within the OU? A. Enabled B. Disabled C. No effect D. None of the above |
A. Assuming that the default settings are left in place, the Group Policy setting at the OU level will take effect. See Chapter 5 for more information.
|
|
|
Which of the following tools can be used to create Group Policy object (GPO) links to Active Directory? A. Active Directory Users and Computers B. Active Directory Domains and Trusts C. Active Directory Sites and Services D. Group Policy Management Console |
D. In Windows Server 2012 R2, you can create GPOs only by using the Group Policy Management Console. See Chapter 5 for more information.
|
|
|
To test whether a DNS server is answering queries properly, you can use which of the following tools? A. The ping tool B. The nslookup tool C. The tracert tool D. The ipconfig tool |
B. The nslookup tool allows you to look up name and address information. See Chapter 2 for more information.
|
|
|
Which of the following is true about the time to live (TTL) attached to a DNS record? A. A resolver cannot use it; only servers making recursive queries can use it. B. Only resolvers use it. C. It is used to determine how long to cache retrieved results. D. It is refreshed each time the record is modified. |
C. The TTL indicates how long the record may be safely cached; it may or may not be modified when the record is created. See Chapter 2 for more information on TTL.
|
|
|
Which of the following statements about Windows Server 2012 Dynamic DNS (DDNS) is true? A. DDNS requires a Microsoft DHCP server to work. B. The Windows Server 2012 DDNS server can interoperate with recent versions of BIND. C. DDNS clients may not register their own addresses. D. DDNS works only with Microsoft clients and servers. |
B. DDNS works with BIND 8.2 and later. See Chapter 2 for more information on DDNS.
|
|
|
You have been given a server that contains three HBAs. Each card can access the storage over a separate path. The application that runs on the server can exceed the usage of a single path. Which of the following MPIO options should be selected to provide the needed bandwidth as well as minimal redundancy? A. Failover B. Dynamic Least Queue Depth C. Weighted path D. Round robin |
D. A round-robin configuration uses all of the available active paths and will distribute I/O in a balanced round-robin fashion. Failover uses only the primary and standby paths, allowing for link failure. Weighted path assigns requests to the path with the least weight value. Dynamic Least Queue Depth routes requests to the path with the least number of outstanding requests. See Chapter 2 for more information.
|
|
|
You need to stop an application from running in Task Manager. Which tab would you use to stop an application from running? A. Performance B. Users C. Options D. Details |
D. All of the applications that are running on the Windows Server 2012 R2 machine will show up under the Details tab. Right-click the application and end the process.
|
|
|
As a network administrator, you are responsible for all client computers at the central corporate location. Your company has asked you to make sure that all of the client computers are secure. You need to use MBSA to scan your client computers, based on IP addresses, for possible security violations but you need to use the command-line version. Which of the following command-line commands would you use? A. mdsacli.exe /hf -i xxxx.xxxx.xxxx.xxxx B. mdsacli.exe /ip xxxx.xxxx.xxxx.xxxx C. mbsa.exe /hf -ip xxxx.xxxx.xxxx.xxxx D. mbsa.exe /ip xxxx.xxxx.xxxx.xxxx |
A. If you use MBSA from the command-line utility mdsacli.exe, you can specify several options. You type mdsacli.exe/hf (from the folder that contains Mdsacli.exe) and then customize the command execution with an option such as /ixxxx.xxxx.xxxx.xxxx, which specifies that the computer with the specified IP address should be scanned.
|
|
|
A. You are the administrator of a new Windows Server 2012 R2 machine. You need to install DNS and create a primary zone. Which MMC snap-in would you use to install DNS? a. Add/Remove Programs b. Programs c. Server Manager d. Administrative Tools |
C. Server Manager is the one place where you install all roles and features for a Windows Server 2012 R2 system.
|
|
|
You are the administrator for a large company that has purchased a new multifunction printer. You want to publish the printer to Active Directory. Where would you click in order to accomplish this task? A. The Sharing tab B. The Advanced tab C. The Device Settings tab D. The Printing Preferences button |
A. The Sharing tab contains a check box that you can use to list the printer in Active Directory.
|
|
|
Isabel is a system administrator for an Active Directory environment that is running in Native mode. Recently, several managers have reported suspicions about user activities and have asked her to increase security in the environment. Specifically, the requirements are as follows: The accessing of certain sensitive files must be logged. Modifications to certain sensitive files must be logged. System administrators must be able to provide information about which users accessed sensitive files and when they were accessed. All logon attempts for specific shared machines must be recorded. Which of the following steps should Isabel take to meet these requirements? (Choose all that apply.) A. Enable auditing with the Computer Management tool. B. Enable auditing with Group Policy Objects. C. Enable auditing with the Active Directory Domains and Trusts tool. D. Enable auditing with the Event Viewer tool. E. View the audit log using the Event Viewer tool. F. View auditing information using the Computer Management tool. G. Enable failure and success auditing settings for specific files stored on NTFS volumes. H. Enable failure and success auditing settings for logon events on specific computer accounts. |
B, E, G and H. The Active Directory Users and Computers tool allows system administrators to change auditing options and to choose which actions are audited. At the file system level, Isabel can specify exactly which actions are recorded in the audit log. She can then use Event Viewer to view the recorded information and provide it to the appropriate managers.
|
|
|
You are the network administrator for a large widget distributor. Your company's network has 20 Windows 2012 R2 servers, and all of the clients are running either Windows 8 or Windows 7. All of your end users use laptops to do their work, and many of them work away from the office. What should you configure to help them work on documents when away from the office? A. Online file access B. Offline file access C. Share permissions D. NTFS permissions |
B. Offline files give you the opportunity to set up files and folders so that users can work on the data while outside the office.
|
|
|
Your company has decided to implement an external hard drive. The company IT manager before you always used FAT32 as the system partition. Your company wants to know whether it should move to NTFS. Which of the following are some advantages of NTFS? (Choose all that apply.) A. Security B. Quotas C. Compression D. Encryption |
A, B, C and D. Improved security, quotas, compression, and encryption are all advantages of using NTFS over FAT32. These features are not available in FAT32. The only security you have in FAT32 is shared folder permissions.
|
|
|
You have been hired by a small company to implement new Windows Server 2012 R2 systems. The company wants you to set up a server for users' home folder locations. What type of server would you be setting up? A. PDC server B. Web server C. Exchange server D. File server |
D. File servers are used for storage of data, especially for users' home folders. Home folders are folder locations for your users to store data that is important and that needs to be backed up.
|
|
|
GPOs assigned at which of the following level(s) will override GPO settings at the domain level? A. OU B. Site C. Domain D. Both OU and site |
A. GPOs at the OU level take precedence over GPOs at the domain level. GPOs at the domain level, in turn, take precedence over GPOs at the site level.
|
|
|
A system administrator wants to ensure that only the GPOs set at the OU level affect the Group Policy settings for objects within the OU. Which option can they use to do this (assuming that all other GPO settings are the defaults)? A. The Enforced option B. The Block Policy Inheritance option C. The Disable option D. The Deny permission |
B. The Block Policy Inheritance option prevents group policies of higher-level Active Directory objects from applying to lower-level objects as long as the Enforced option is not set.
|
|
|
Mateo, a system administrator, is planning to implement Group Policy objects in a new Windows Server 2012 R2 Active Directory environment. To meet the needs of the organization, he decides to implement a hierarchical system of Group Policy settings. At which of the following levels is he able to assign Group Policy settings? (Choose all that apply.) A. Sites B. Domains C. Organizational units D. Local system |
A, B, C and D. GPOs can be set at all of the levels listed. You cannot set GPOs on security principals such as users or groups.
|
|
|
Ann is a system administrator for a medium-sized Active Directory environment. She has determined that several new applications that will be deployed throughout the organization use registry-based settings. She would like to do the following: Control these registry settings using Group Policy. Create a standard set of options for these applications and allow other system administrators to modify them using the standard Active Directory tools. Which of the following options can she use to meet these requirements? (Choose all that apply.) A. Implement the inheritance functionality of GPOs. B. Implement delegation of specific objects within Active Directory. C. Implement the No Override functionality of GPOs. D. Create administrative templates. E. Provide administrative templates to the system administrators who are responsible for creating Group Policy for the applications. |
D and E. Administrative templates are used to specify the options available for setting Group Policy. By creating new administrative templates, Ann can specify which options are available for the new applications. She can then distribute these templates to other system administrators in the environment.
|
|
|
You are the network administrator for your organization. A new company policy has been released wherein if a user enters their password incorrectly three times within 5 minutes, they are locked out for 30 minutes. What three actions do you need to set to comply with this policy? (Choose all that apply.) A. Set Account Lockout Duration to 5 minutes. B. Set Account Lockout Duration to 30 minutes. C. Set the Account Lockout Threshold setting to 3 invalid logon attempts. D. Set the Account Lockout Threshold setting to 30 minutes. E. Set the Reset Account Lockout Counter setting to 5 minutes. F. Set the Reset Account Lockout Counter setting to 3 times. |
B, C and E. The Account Lockout Duration setting states how long an account will be locked out if the password is entered incorrectly. The Account Lockout Threshold setting is the number of bad password attempts, and the Account Lockout Counter setting is the time in which the bad password attempts are made. Once the Account Lockout Counter setting reaches 0, the number of bad password attempts returns to 0.
|
|
|
You are teaching a Microsoft Active Directory class, and one of your students asks you, “Which of the following containers in the Active Directory Users and Computers tool is used when users from outside the forest are granted access to resources within a domain?” What answer would you give your student? A. Users B. Computers C. Domain Controllers D. Foreign Security Principals |
D. When resources are made available to users who reside in domains outside the forest, Foreign Security Principal objects are automatically created. These new objects are stored within the Foreign Security Principals container.
|
|
|
Your manager has decided your organization needs to use an Active Directory application data partition. Which command can you use to create and manage application data partitions? A. DCPromo.exe B. NTDSUtil.exe C. ADUtil.exe D. ADSI.exe |
B. The primary method by which systems administrators create and manage application data partitions is through the ntdsutil tool.
|
|
|
Your network contains an Active Directory domain named Sybex.com. The domain contains a RADIUS server named Server1 that runs Windows Server 2012 R2. You add a VPN server named Server2 to the network. On Server1, you create several network policies. You need to configure Server1 to accept authentication requests from Server2. Which tool should you use on Server1? A. Set-RemoteAccessRadius B. CMAK C. NPS D. Routing and Remote Access |
C. The NPS snap-in allows you to set up RADIUS servers and designate which RADIUS server will accept authentication from other RADIUS servers. You can do your entire RADIUS configuration through the NPS snap-in.
|
|
|
Your network contains an Active Directory domain named Sybex.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the following role services installed: DirectAccess and VPN (RRAS) Network Policy Server Remote users have client computers that run Windows XP, Windows 7, or Windows 8. You need to ensure that only the client computers that run Windows 7 or Windows 8 can establish VPN connections to Server1. What should you configure on Server1? A. A vendor-specific RADIUS attribute of a Network Policy Server (NPS) connection request policy B. A condition of a Network Policy Server (NPS) network policy C. A condition of a Network Policy Server (NPS) connection request policy D. A constraint of a Network Policy Server (NPS) network policy |
C. NPS allows you to set up policies on how your users could log into the network. NPS allows you to set up policies that systems need to follow, and if they don't follow these policies or rules, they will not have access to the full network.
|
|
|
You are the network administrator for a large organization that contains an Active Directory domain named WillPanek.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed. You plan to deploy 802.1x authentication to secure the wireless network. You need to identify which Network Policy Server (NPS) authentication method supports certificate-based mutual authentication for the 802.lx deployment. Which authentication method should you identify? A. PEAP-MS-CHAP v2 B. MS-CHAP v2 C. EAP-TLS D. MS-CHAP |
C. Windows Server 2012 R2 comes with EAP-Transport Level Security (TLS). This EAP type allows you to use public key certificates as an authenticator. TLS is similar to the familiar Secure Sockets Layer (SSL) protocol used for web browsers and 802.1x authentication. When EAP-TLS is turned on, the client and server send TLS-encrypted messages back and forth. EAP-TLS is the strongest authentication method you can use; as a bonus, it supports smart cards. However, EAP-TLS requires your NPS server to be part of the Windows Server 2012 R2 domain.
|
|
|
You have an Active Directory domain named WillPanek.com. The domain contains a server named ServerA that runs Windows Server 2012 R2. ServerA has the Network Policy and Access Services server role installed. Your company's security policy requires that certificate-based authentication must be used by some network services. You need to identify which Network Policy Server (NPS) authentication methods comply with the security policy. Which two authentication methods should you identify? Each correct answer presents part of the solution. (Choose two.) A. MS-CHAP B. PEAP-MS-CHAP v2 C. CHAP D. EAP-TLS E. MS-CHAP v2 |
B and D. PEAP-MS-CHAP v2 is an EAP type protocol that is easier to deploy than Extensible Authentication Protocol with Transport Level Security (EAP-TLS). It is easier because user authentication is accomplished by using password-based credentials (user name and password) instead of digital certificates or smart cards. Both PEAP and EAP use certificates with their protocols.
|
|
|
You are the network administrator, and you have been asked to set up an accounting system so that each department is responsible for the cost of their use of network services. Your network contains a Network Policy Server (NPS) server named ServerA. The network contains a server named Databasel that has Microsoft SQL server installed. All servers run Windows Server 2012 R2. You configure NPS on ServerA to log accounting data to a database on Database1. You need to ensure that the accounting data is captured if Database1 fails. The solution must minimize cost. What should you do? A. Implement Failover Clustering. B. Implement database mirroring. C. Run the Accounting Configuration Wizard. D. Modify the SQL Server Logging properties. |
C. One advantage of NPS is that you can use the accounting part of NPS so that you can keep track of what each department does on your NPS server. This way, departments pay for the amount of time they use the SQL server database.
|
|
|
In a secure environment, IPsec encryption should only be disabled for inter-node cluster communication (such as cluster heartbeat) under what circumstances? A. Certificates use weak encryption methods such as DES B. LowerQuorumPriorityNodeID is set on a node. C. DatabaseReadWriteMode is set to 2 D. Group Policy Updates have a high processing latency |
D. Group Policy Updates have a high processing latency, because IPsec encryption is interrupted until updates to the Group Policies are complete. If the updates to Group Policy do not occur quickly, cluster heartbeat can be impacted (eg if the processing delay exceeds the heartbeat threshold).
|
|
|
In Windows Server 2012 R2, Failover Clustering supports how many nodes? A. 8000 B. 1024 C. 64 D. 1000 |
C. In Windows Server 2012, the number of cluster nodes increased to 64. 8000 is the number of VMs/Clustered Roles. 1024 is the maximum amount of VMs or Clustered Roles per cluster node, and 1000 is the maximum amount of VMs or Clustered Roles per cluster node in Windows Server 2008 R2.
|
|
|
In Windows Server 2012 R2, what feature dynamically adjusts cluster node votes in order to maintain an odd vote count where no witness is being used? A. Witness Dynamic Weighting B. Tie Breaker for a 50% Node Split C. Lower Quorum Priority Node D. Force quorum resiliency |
B. Witness Dynamic Weighting and Lower Quorum Priority Node are options in Power-Shell to modify Dynamic Quorum, but they are not a good answer. Force quorum resiliency is completely incorrect.
|
|
|
What authentication mechanism does Active Directory–detached clusters utilize? A. NTLM B. MIT Kerberos Realms C. AD Kerberos D. SSL |
A. NTLM is the only supported authentication mechanism that will utilize local security authorities (non-active directory integrated Windows Servers).
|
|
|
Shared virtual hard disks can be utilized by SQL Server and Exchange Server for virtualized workloads. A. True B. False |
A. Prior to Windows Server 2012 R2, shared virtual hard disks did not exist. At release of Windows Server 2012 R2, shared virtual disks were supported for file server roles as well as Exchange Server and SQL Server workloads.
|
|
|
What is the default TCP port for iSCSI? A. 3389 B. 21 C. 1433 D. 3260 |
D. The iSCSI default port is TCP 3260. Port 3389 is used for RDP, port 1433 is used for MS SQL, and port 21 is used for FTP.
|
|
|
You are a server administrator, and you are trying to save hard drive space on your Windows Server 2012 R2 machine. Which feature can help you save hard disk space? A. ADDS B. HDSaver.exe C. Features On Demand D. WinRM |
C. Windows Server 2012 R2 Features On Demand allows an administrator not only to disable a role or feature but also to remove the role or feature's files completely from the hard drive.
|
|
|
Your company is headquartered in Colorado Springs and has a remote site location in Tampa. The Colorado Spring office has a file server named FS01. FS01 has the BranchCache for Network Files role service installed. Your Tampa Office has a file server named FS02. FS02 has been configured as a BranchCache-hosted cache server. You needto preload the data from the file shares on FS01 to the cache on FS02. You have already generated hashes for the file shares on FS01. Which cmdlet should you run next? A. Set-BCCache B. Publish-BCFileContent C. Export-BCCachePackage D. Add-BCDataCacheExtension |
C. After generating hashes on the Colorado Springs file server that will be preloading Tampa's file server cache with file share data, the next logical step is to run the Export-BCCachePackage to get the data to FS02 from FS01.
|
|
|
What command would be used to register an iSCSI initiator manually to an iSNS server? A. iscsicli addisnsserver server_name B. iscsicli listisnsservers server_name C. iscsicli removeisnsserver server_name D. iscsicli refreshisnsserver server_name |
A. The iscsicli addisnsserver server_name command manually registers the host server to an iSNS server. refreshisnsserver refreshes the list of available servers. removeisnsserver removes the host from the iSNS server. listisnsservers lists the available iSNS servers.
|
|
|
You have a Windows Server 2012 R2 file server named FS01. FS01 has the File Server Resource Manager role service installed. You attempt to delete a classification property, and you receive the error message “The classification property is in use and cannot be deleted.” You need to delete the Contains Personal Information classification property. What should you do? A. Clear the Contains Personal Information classification property value for all files. B. Set files that have a Contains Personal Information classification property value of Yes to No. C. Disable the classification rule that is assigned the Contains Personal Information classification property. D. Delete the classification rule that is assigned the Contains Personal Information classification property. |
D. Since there is a classification rule that is currently configured and applied to company resources, you will be unable to delete the Contains Personal Information classification property manually because the classification rule controls the property. In this case, you have to delete the classification rule in order to be able to delete the classification property.
|
|
|
After you update multiple drivers on your Windows Server 2012 R2 machine, the machine hangs at the logon screen, and you can't log into the machine. You need to get this computer up and running as quickly as possible. Which of the following repair strategies should you try first to correct your problem? A. Restore your computer's configuration with your last backup. B. Boot your computer with the Last Known Good Configuration option. C. Boot your computer with the Safe Mode option. D. Boot your computer to the Recovery Console and manually copy the old driver back to the computer. |
B. If you need to get a stalled computer up and running as quickly as possible, you should start with the Last Known Good Configuration option. This option is used when you've made changes to your computer's hardware configuration and are having problems restarting but have not logged into the machine. The Last Known Good Configuration option will revert to the configuration used the last time the computer was successfully booted.
|
|
|
You enable the Boot Logging option on the Advanced Boot Options menu. Where can you find the log file that is created? A. \Windows tbtlog.txt B. \Windows\System32 etlog.txt C. \Windows etlog.txt D. \Windows\System32 etboot.log |
A. When you enable boot logging, the file created is \Windows
tbtlog.txt. This log file is used to troubleshoot the boot process. |
|
|
You need to ensure that you can recover your Windows Server 2012 R2 configuration and data if the computer's hard drive fails. What should you do? A. Create a system restore point. B. Create a backup of all file categories. C. Perform an Automated System Recovery (ASR) backup. D. Create a complete PC Backup and Restore image. |
D. Using images allows you to back up and restore your entire Windows Server 2012 R2 machine instead of just certain parts of data.
|
|
|
You have a file server named FS01 that is running on a server core installation of Windows Server 2012 R2. You need to make sure that your users can access previous versions of files that are shared on FS01 using the Previous Versions tab. Which tool should you use? A. Wbadmin B. Vssadmin C. Ntsdutil.exe D. ADSI Editor |
B. Out of the tools listed, remember that Vssadmin gives you the ability to use Shadow Copies, which in turn provides backups and previous versions of shared data. Wbadmin is used for Windows Server Backups, Ntsdutil.exe is used for Active Directory maintenance, and the ADSI Editor is used for extended Active Directory attribute management.
|
|
|
You are unable to boot your Windows Server 2012 R2 computer, so you decide to boot the computer to Safe Mode. Which of the following statements regarding Safe Mode is false? A. When the computer is booted to Safe Mode, there is no network access. B. Safe Mode loads all of the drivers for the hardware that is installed on the computer. C. When you run Safe Mode, boot logging is automatically enabled. D. When you run Safe Mode, the screen resolution is set to 800×600. |
B. When you run your computer in Safe Mode, you simplify your Windows Server 2012 R2 configuration. Only the drivers that are needed to get the computer up and running are loaded.
|
|
|
You are the network administrator for Stellacon Corporation. Stellacon has two trees in its Active Directory forest, stellacon.com and abc.com. Company policy does not allow DNS zone transfers between the two trees. You need to make sure that when anyone in abc.comtries to access the stellacon.com domain, all names are resolved from the stellacon.com DNS server. What should you do? A. Create a new secondary zone in abc.com for stellacon.com. B. Create a new secondary zone in stellacon.com for abc.com. C. Configure conditional forwarding on the abc.com DNS server for stellacon.com. D. Configure conditional forwarding on the stellacon.com DNS server for abc.com. |
C. Conditional forwarding allows you to send a DNS query to different DNS servers based on the request. Conditional forwarding lets a DNS server on a network forward DNS queries according to the DNS domain name in the query.
|
|
|
Your IT team has been informed by the compliance team that they need copies of the DNS Active Directory Integrated zones for security reasons. You need to give the Compliance department a copy of the DNS zone. How should you accomplish this goal? A. Run dnscmd /zonecopy. B. Run dnscmd /zoneinfo. C. Run dnscmd /zonefile. D. Run dnscmd /zoneexport. |
D. The dnscmd /zoneexport command creates a file using the zone resource records. This file can then be given to the Compliance department as a copy.
|
|
|
You administer a network that assigns IP addresses via DHCP. You want to make sure that one of the clients always receives the same IP address from the DHCP server. You create an exclusion for that address, but you find that the computer isn't being properly configured at bootup. What's the problem? A. You excluded the wrong IP address. B. You must configure the client manually. You cannot assign the address via the DHCP server. C. You need to create a superscope for the address. D. You need to make a reservation for the client that ties the IP address to the computer's MAC address. Delete the exclusion. |
D. An exclusion just marks addresses as excluded; the DHCP server doesn't maintain any information about them. A reservation marks an address as reserved for a particular client.
|
|
|
You are the network administrator for a small company with two DNS servers: DNS1 and DNS2. Both DNS servers reside on domain controllers. DNS1 is set up as a standard primary zone, and DNS2 is set up as a secondary zone. A new security policy was written stating that all DNS zone transfers must be encrypted. How can you implement the new security policy? A. Enable the Secure Only setting on DNS1. B. Enable the Secure Only setting on DNS2. C. Configure Secure Only on the Zone Transfers tab for both servers. D. Delete the secondary zone on DNS2. Convert both DNS servers to use Active Directory Integrated zones. |
D. Active Directory Integrated zones give you many benefits over using primary and secondary zones including less network traffic, secure dynamic updates, encryption, and reliability in the event of a DNS server going down. The Secure Only option is for dynamic updates to a DNS database.
|
|
|
You are the network administrator for a midsize computer company. You have a single Active Directory forest, and your DNS servers are configured as Active Directory Integrated zones. When you look at the DNS records in Active Directory, you notice that there are many records for computers that do not exist on your domain. You want to make sure that only domain computers register with your DNS servers. What should you do to resolve this issue? A. Set dynamic updates to None. B. Set dynamic updates to Nonsecure And Secure. C. Set dynamic updates to Secure Only. D. Set dynamic updates to Domain Users Only. |
C. The Secure Only option is for DNS servers that have an Active Directory Integrated zone. When a computer tries to register with DNS dynamically, the DNS server checks Active Directory to verify that the computer has an Active Directory account. If the computer that is trying to register has an account, DNS adds the host record. If the computer trying to register does not have an account, the record gets tossed away and the database is not updated.
|
|
|
Which of the following does not need to be created manually when you are setting up a replication scenario involving three domains and three sites? A. Sites B. Site links C. Subnets D. Connection objects |
D. By default, Connection objects are automatically created by the Active Directory replication engine. You can choose to override the default behavior of Active Directory replication topology by manually creating Connection objects, but this step is not required.
|
|
|
You need to deactivate the UGMC option on some of your domain controllers. At which level in Active Directory would you deactivate UGMC? A. Server B. Forest C. Domain D. Site |
D. The NTDS settings for the site level are where you would activate and deactivate UGMC.
|
|
|
Your network contains two Active Directory forests named contoso.com and fabrikam.com. Both forests contain multiple domains. All domain controllers run Windows Server 2012 R2.contoso.com has a one-way forest trust to fabrikam.com. A domain named paris.eu.contoso.comhosts several legacy Applications that use NTLM authentication. Users in a domain named london.europe.fabrikam.com report that it takes a long time to be authenticated when they attempt to access the legacy Applications hosted in paris.eu.contoso.com. You need to reduce how long it takes for the london.europe.fabrikam.com users to be authenticated inparis.eu.contoso.com. What should you do? A. Create an external trust B. Create a two-way transitive trust C. Disable SID filtering on the existing trust D. Create a shortcut trust |
D. Remember that a shortcut trust is used to eliminate multiple hops to and from certain domains within a multiforest, multidomain infrastructure. By configuring a shortcut trust between the two domains, you will reduce the slowness and authentication latency between them.
|
|
|
A system administrator suspects that there is an error in the replication configuration. How can the system administrator look for specific error messages related to replication? A. By going to Event Viewer Directory Service Log B. By using the Computer Management tool C. By going to Event Viewer System Log D. By using the Active Directory Sites and Services administrative tool |
A. The Directory Service event log contains error messages and information related to replication. These details can be useful when you are troubleshooting replication problems.
|
|
|
Which of the following services of Active Directory is responsible for maintaining the replication topology? A. File Replication Service B. Windows Internet Name Service C. Knowledge Consistency Checker D. Domain Name System |
C. The Knowledge Consistency Checker (KCC) is responsible for establishing the replication topology and ensuring that all domain controllers are kept up-to-date.
|
|
|
You are the administrator at Adacom. You need to make sure that you have daily backup of the AD CS database, logs, and private key. What command or commands should you run? (Choose all that apply.) A. Run certutil -backup. B. Run certutil -backupdb. C. Run Ntbackup /systemstate. D. Run certdb.ps1. |
A and B. Certutil -backup backs up the CA certificate including private key in the backup.Certutil -backupdb backs up only the certificate database and logs.
|
|
|
You are the new administrator at MMG Publishing. The previous administrator made a failed attempt to implement Active Directory. You attempt to implement AD RMS and receive an error that states, “The SCP is registered, but the root cluster cannot be contacted.” You must remove the SCP. What tool should you use? (Choose all that apply.) A. Setspn B. Active Directory Sites and Services C. ADSI Edit D. Remove-SCP |
B and C. Under AD Sites and Services, navigate to Services RightsManagementServices and remove the SCP object. This operation can also be done by using ADSI Edit.
|
|
|
ABC Company wants to allow external partners to log into a web application and run reports. What AD FS component does Company ABC need to configure for this access? A. Certificate exchange B. Transitive trust C. One-way trust D. Relying-party trust |
D. The relying party is the organization that receives and processes claims from a resource partner. The resource partner issues claims-based security tokens that contains published web-based applications that users in the account partner can access. This is accomplished through a relying-party trust. See Chapter 22 for more details.
|
|
|
Which TCP ports does AD RMS use to access the global catalog server? A. 445 B. 1433 C. 22 D. 3268 |
D. AD RMS contacts the global catalog through port 3268. See Chapter 22 for more details.
|
|
|
All of the 32-bit versions have been eliminated, and there is no build that supports Itanium processors. This leaves Windows Server 2012 R2 with the following core editions:
|
Windows Server 2012 R2 Datacenter
Windows Server 2012 R2 Standard Windows Server 2012 R2 Essentials Windows Server 2012 R2 Foundation. |
|
|
Windows Server 2012 R2 Datacenter. |
The Datacenter edition is designed for large and powerful servers with up to 64 processors and include fault-tolerance features such as hot-add processor support. As a result, this edition is available only through the Microsoft volume-licensing program and is bundled with a server from original equipment manufacturers (OEMs).
|
|
|
Windows Server 2012 R2 Standard. |
The Standard edition includes the full set of Windows Server 2012 R2 features and differs from the Datacenter edition only in the number of virtual machine (VM) instances permitted by the license.
|
|
|
Windows Server 2012 R2 Essentials. |
The Essentials edition includes nearly all the features in the Standard and Datacenter editions; it does not include Server Core, Hyper-V, and Active Directory Federation Services. The Essentials edition is limited to one physical or virtual server instance and a maximum of 25 users.
|
|
|
Windows Server 2012 R2 Foundation. |
The Foundation edition is a scaled-down version of the operating system; it is designed for small businesses that require only basic server features, such as file and print services and application support. The Foundation edition comes pre-installed with server hardware, includes no virtualization rights, and is limited to 15 users
|
|
|
Each running instance of the Windows Server 2012 R2 operating system is classified as being |
in a physical operating system environment (POSE) or in a virtual operating system environment (VOSE).
|
|
|
Server sales channel availability by edition |
Datacenter: Retail: No, Volume Licensing: Yes, Original Equipment Manufacturer:YES Standard: Retail: Yes, Volume Licensing: Yes, Original Equipment Manufacturer:YES Datacenter: Retail: YES, Volume Licensing: Yes, Original Equipment Manufacturer:YES Datacenter: Retail: No, Volume Licensing: No, Original Equipment Manufacturer:YES |
|
|
Table 1-1. Physical and virtual instances supported by Windows Server 2012 R2 editions |
DataCenter has 1 POSE Instance and Unlimited VOSE Standard: 1 POSE 2 VOSE Essentials: 1 POSE or VOSE and 1 POSE or VOSE Foundation: 1 POSE and 0 VOSE |
|
|
Windows 2012R2 Installation requirements |
1.4-GHz 64-bit processor 512 MB RAM 32 GB available disk space Super VGA (1024 × 768) or higher resolution monitor Keyboard and mouse (or other compatible pointing device) Internet access |
|
|
Maximum hardware configurations in Windows Server versions |
Windows Server 2012 R2 Processors:640 RAM:4 TB Failover cluster nodes:64 |
|
|
Advantages to running servers using Server Core: |
• Hardware resource conservation. Server Core eliminates some of the most memory-intensive and processor-intensive elements of the Windows Server 2012 R2 operating system, thus devoting more of the system hardware to running essential services. • Reduced disk space. Server Core requires less disk space for the installed operating system elements and less swap space, which maximizes the utilization of the server’s storage resources. • Reduced patch frequency. The graphical elements of Windows Server 2012 R2 are among the most frequently updated, so running Server Core reduces the number of updates that administrators must apply. Fewer updates also mean fewer server restarts and less downtime. • Reduced attack surface. The less software there is running on the computer, the fewer entrance points for attackers to exploit. Server Core reduces the potential openings presented by the operating system, increasing its overall security. Additional Information: Server Core is now the default installation option because in the new way of managing servers, administrators should rarely, if ever, have to work at the server console, either physically or remotely. Server Core option in Windows Server 2012 R2 includes 12 of the 19 roles, plus support for SQL Server 2012, as opposed to only 10 roles in Windows Server 2008 R2 and nine in Windows Server 2008. |
|
|
Windows Server 2012 R2 Server Core roles: |
Active Directory Certificate Services Active Directory Domain Services Active Directory Lightweight Directory Services Active Directory Rights Management Services DHCP Server DNS Server File and Storage Services Hyper-V Print and Document Services Remote Access Web Server (IIS) Windows Server Update Services |
|
|
Roles Not Available in Server Core |
Active Directory Federation Services Application Server (deprecated) Fax Server Network Policy and Access Services Remote Desktop Gateway Remote Desktop Session Host Remote Desktop Web Access Volume Activation Services Windows Deployment Services |
|
|
Minimal Server Interface |
A setting that removes some of the most hardware-intensive elements from the graphical interface. These elements include Internet Explorer and the components of the Windows shell, including the desktop, File Explorer, and the Windows 8 desktop apps. Also omitted are the Control Panel items implemented as shell extensions, including the following: • Programs and Features • Network and Sharing Center • Devices and Printers Center • Display • Firewall • Windows Update • Fonts • Storage Spaces What’s left in the Minimal Server Interface are the Server Manager application, the MMC application, Device Manager, and the entire Windows PowerShell interface. This provides administrators with most of the tools they need to manage local and remote servers. To configure a Windows Server 2012 R2 Server with a GUI installation to use the Minimal Server Interface, you must remove the Server Graphical Shell feature by using Windows PowerShell or the Remove Roles And Features Wizard |
|
|
Windows PowerShell Uninstall-WindowsFeature cmdlet for Windows Feature on demand |
Uninstall-WindowsFeature Server-Gui-Shell -Remove |
|
|
Windows Server 2012 R2 does not support the following: |
• Upgrades from Windows Server versions prior to Windows Server 2008 • Upgrades from pre-RTM editions of Windows Server 2012 R2 • Upgrades from Windows workstation operating systems • Cross-platform upgrades, such as 32-bit Windows Server 2008 to 64-bit Windows Server 2012 R2 • Upgrades from any Itanium edition • Cross-language upgrades, such as from Windows Server 2008, U.S. English to Windows Server 2012 R2, French |
|
|
Windows Server Migration Tools and migration guides supplied with Windows Server 2012 R2, you can migrate data between servers under any of the following conditions: |
• Between versions. You can migrate data from any Windows Server version from Windows Server 2003 SP2 to Windows Server 2012 R2. This includes migrations from one server running Windows Server 2012 R2 to another. • Between platforms. You can migrate data from a 32-bit or 64-bit server to a 64-bit server running Windows Server 2012 R2. • Between editions. You can migrate data between servers running different Windows Server editions. • Between physical and virtual instances. You can migrate data from a physical server to a virtual one, or the reverse. • Between installation options. You can migrate data from one server to another, even when one server is using the Server Core installation option and the other is using the Server with a GUI option. |
|
|
Windows Server Migration Tools is a standard feature that you install |
Windows Server 2012 R2 by using the Add Roles And Features Wizard in Server Manager, as shown under the Feature option, or the Install-WindowsFeature Windows PowerShell cmdlet. |
|
|
Ralph recently took delivery of a new server with Windows Server 2012 R2 Datacenter edition already installed with the full GUI option. Ralph wants to configure the system as a web server, using the absolute minimum of hardware resources. His first step is to use Server Manager to install the Web Server (IIS) role. 1. What Windows PowerShell command should Ralph use to convert the full GUI installation to Server Core? 2. What Windows PowerShell command should Ralph use to completely remove the GUI installation files from the system? |
Uninstall-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell –Restart Uninstall-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell –Remove |
|
|
What is the preferred method of replacing an existing server with one running Windows Server 2012 R2 |
Migration is the preferred method of replacing an existing server with one running Windows Server 2012 R2. Unlike an in-place upgrade, a migration copies vital information from an existing server to a clean Windows Server 2012 R2 installation.
|
|
|
Which of the following processor architectures can be used for a clean Windows Server 2012 R2 installation? (Choose all that apply.) 1. 32-bit processor only 2. 64-bit processor only 3. 32-bit or 64-bit processor 64-bit or Itanium processor |
Correct answer: B
A. Incorrect: Windows Server 2012 R2 cannot run on a 32-bit processor. B. Correct: Windows Server 2012 R2 can run only on a 64-bit processor. C. Incorrect: Windows Server 2012 R2 cannot run on a 32-bit processor. D. Incorrect: Windows Server 2012 R2 cannot run on an Itanium processor. |
|
|
Which of the following paths is a valid upgrade path to Windows Server 2012 R2? 1. Windows Server 2003 Standard to Windows Server 2012 R2 Standard 2. Windows Server 2008 Standard to Windows Server 2012 R2 Standard 3. Windows Server 2008 32-bit to Windows Server 2012 R2 64-bit Windows 7 Ultimate to Windows Server 2012 R2 Essentials |
Correct answer: B
A. Incorrect: You cannot upgrade any version of Windows Server 2003 Standard to Windows Server 2012 R2 Standard. B. Correct: You can upgrade Windows Server 2008 Standard to Windows Server 2012 R2 Standard. C. Incorrect: You cannot upgrade Windows Server 2008 R2 32-bit, or any 32-bit version, to Windows Server 2012 R2 64-bit. D. Incorrect: You cannot upgrade Windows 7 Ultimate, or any workstation operating system, to Windows Server 2012 R2 Essentials. |
|
|
Which of the following features must be added to a Windows Server 2012 R2 Server Core installation to convert it to the Minimal Server Interface? 1. Graphical Management Tools and Infrastructure 2. Server Graphical Shell 3. Windows PowerShell Microsoft Management Console |
Correct answer: A
A. Correct: Installing the Graphical Management Tools and Infrastructure module—and only that module—on a Server Core installation results in the Minimal Server Interface. B. Incorrect: Installing the Server Graphical Shell with the Graphical Management Tools and Infrastructure converts a Server Core installation to the full GUI. C. Incorrect: Windows PowerShell is a command-line interface that has no effect on the Minimal Server Installation. D. Incorrect: MMC is one of the graphical applications available in the Minimal Server Installation, but you do not install it |
|
|
Which of the following terms is the name of the directory where Windows stores all the operating system modules it might need to install at a later time? 1. Windows 2. System32 3. bin WinSxS |
Correct answer: D
A. Incorrect: The Windows directory contains live operating system files, not the installation files. B. Incorrect: The System32 directory contains live operating system files, not the installation files. C. Incorrect: There is no bin directory associated with the Windows operating system. D. Correct: Windows stores all the operating system installation modules in the WinSxS directory. |
|
|
Which of the following statements are valid reasons as to why administrators might want to install their Windows Server 2012 R2 servers by using the Server Core option? (Choose all that apply.) 1. A Server Core installation can be converted to the full GUI without reinstalling the operating system. 2. The Windows PowerShell 4.0 interface in Windows Server 2012 R2 includes more than 10 times as many cmdlets as Windows PowerShell 2.0. 3. The new Server Manager in Windows Server 2012 R2 makes it much easier to administer servers remotely. 4. A Windows Server 2012 R2 Server Core license costs significantly less than a full GUI license. |
Correct answers: A, C A. Correct: It is possible to convert a computer running Windows Server 2012 R2 between the Server Core and the Full GUI interface as needed. B. Incorrect: The inclusion of additional cmdlets in Windows PowerShell 3.0 is not a benefit exclusive to Server Core. C. Correct: Server Manager incorporates a server selection interface into many of its wizards. D. Incorrect: There are no different licenses for Server Core and Full GUI versions of Windows Server 2012 R2. |
|
|
What tool can you use to Rename the server via the command line for the Server Core option when installing Windows Server 2012 R2 |
Sconfig.exe or Netdom.exe program.
netdom renamecomputer %ComputerName% /NewName: |
|
|
What tool can you use to Join to the domain server via the command line for the Server Core option when installing Windows Server 2012 R2 |
Sconfig.exe or Netdom.exe program.
netdom join %ComputerName% /domain: /userd: /passwordd:* |
|
|
What tool can you use to shutdown/restart the server via the command line for the Server Core option when installing Windows Server 2012 R2 |
Sconfig.exe or Netdom.exe program.
shutdown /r |
|
|
Command To convert a Windows Server 2012 R2 Server Core installation to the full GUI option |
Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell –Restart |
|
|
To convert a full GUI server installation to Server Core, use the following command: |
Uninstall-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell –Restart
|
|
|
IC teaming, also called bonding, balancing, and aggregation |
is a technology that has been available for some time, but it was always tied to specific hardware implementations.
|
|
|
NIC teaming in Windows Server 2012 R2 supports two modes: |
• Switch Independent Mode. All the network adapters are connected to different switches, providing alternative routes through the network. • Switch Dependent Mode. All the network adapters are connected to the same switch, providing a single interface with their combined bandwidth. |
|
|
In Windows Server 2012, there is one significant limitation to NIC teaming |
If your traffic consists of large TCP sequences, such as a Hyper-V live migration, the system will avoid using multiple adapters for those sequences to minimize the number of lost and out-of-order TCP segments. You will therefore not realize any performance increase for large file transfers using TCP. In Windows Server 2012 R2, a new Dynamic Mode splits these large TCP sequences into smaller units and distributes them among the NICs on a team. This is now the default load-balancing mode in Windows Server 2012 R2
|
|
|
What is the Powershell command to use EXPORTED CONFIGURATION FILE to install Roles:
|
Install-WindowsFeature –ConfigurationFilePath |
|
|
WHAT IT MEANS TO MOUNT THE VHD FILE |
The wizard must mount the VHD file on the server you select to look inside and determine which roles and features are already installed and which are available for installation. Mounting a VHD file only makes it available through the computer’s file system; it is not the same as starting the VM by using the VHD.
|
|
|
Deepak is an IT technician who has been assigned the task of configuring a new server running Windows Server 2012 R2 Server Core, called ServerA, which is to be shipped out to the company’s branch office. The server must be configured to function as a file server with support for the Distributed File System (DFS), a print server with support for Internet printing, and a secured intranet web/FTP server for domain users. With this in mind, answer the following questions. 1. What Windows PowerShell command should Deepak use to install the required roles on the servers? 2. What Windows PowerShell command can Deepak use to obtain the short names for the roles used by Windows PowerShell? 3. List the commands that Deepak must run on the new server to install the required modules. |
1. Install-WindowsFeature 2. Get-WindowsFeature 3. Install-WindowsFeature FS-FileServer Install-WindowsFeature FS-DFS-Namespace Install-WindowsFeature FS-DFS-Replication Install-WindowsFeature FS-NFS-Service Install-WindowsFeature Print-InternetServices –allsubfeatures Install-WindowsFeature Web-Server Install-WindowsFeature Web-Windows-Auth Install-WindowsFeature Web-Ftp-Service The Install-WindowsFeature FS-Fileserver command is not necessary, as it installs as dependency for DFS. The Install-WindowsFeature Web-Server and Install-WindowsFeature Web-Windows-Auth commands are not necessary, as they install as dependencies for Print-Internet. |
|
|
Server Manager |
is designed to enable administrators to fully manage Windows servers without ever having to interact directly with the server console, either physically or remotely. |
|
|
1. Which features must be removed from a full GUI installation of Windows Server 2012 R2 in order to convert it to a Server Core installation? (Choose all that apply.) a. Windows Management Instrumentation (WMI) b. Graphical Management Tools and Infrastructure c. Desktop Experience d. Server Graphical Shell |
Correct answers: B, D A. Incorrect: Windows Management Instrumentation (WMI) is a set of driver extensions often used with Windows PowerShell. You do not have to remove it to convert to a Server Core installation. B. Correct: Removing the Graphical Management Tools and Infrastructure feature is required to convert to a Server Core installation. C. Incorrect: Desktop Experience is not installed by default on a full GUI or a Server Core installation. D. Correct: Server Graphical Shell provides support for the Windows graphical interface, including the desktop and File Explorer. You must remove it to convert to a Server Core installation. |
|
|
2. Which of the following NIC teaming modes provides fault tolerance and bandwidth aggregation? a. Hyper-V live migration b. Switch Independent Mode c. Switch Dependent Mode d. Link Aggregation Control Protocol |
Correct answer: B A. Incorrect: Hyper-V live migration is not a NIC teaming mode. B. Correct: In Switch Independent Mode, the NICs in the team are connected to different switches, providing alternate paths through the network. C. Incorrect: In Switch Dependent Mode, the NICs in the team are connected to the same switches, providing link aggregation but no fault tolerance. D. Incorrect: Link Aggregation Control Protocol is not a NIC teaming mode. |
|
|
3. Which of the following command-line tools are used to join a computer to a domain? a. Net.exe b. Netsh.exe c. Netdom.exe d. Ipconfig.exe |
Correct answer: C A. Incorrect: Net.exe is a Windows command-line tool that provides many different functions, but it cannot join a computer to a domain. B. Incorrect: Netsh.exe is a network shell program that you can use to configure the network interface, but it cannot join a computer to a domain. C. Correct: Netdom.exe is the Windows command-line domain manager application. D. Incorrect: Ipconfig.exe can display network configuration settings and reset DHCP settings, but it cannot join a computer to a domain. |
|
|
4. Which of the following statements about Server Manager is not true? a. Server Manager can deploy roles to multiple servers at the same time. b. Server Manager can deploy roles to VHDs while they are offline. c. Server Manager can install roles and features at the same time. d. Server Manager can install roles and features to any Windows Server 2012 R2 server on the network. |
Correct answer: A a. Correct: Server Manager cannot deploy roles to multiple servers at the same time. b. Incorrect: Server Manager can mount offline VHD files and install roles and features to them. c. Incorrect: Server Manager combines the role and feature installation processes into a single wizard. d. Incorrect: Server Manager can install roles and features to any Windows Server 2012 R2 server on the network. |
|
|
5. Which of the following operations can you not perform on a service by using Server Manager? (Choose all that apply.) a. Stop a running service b. Start a stopped service c. Disable a service d. Configure a service to start when the computer starts |
Correct answers: C, D a. Incorrect: You can stop a running service by using Server Manager. b. Incorrect: You can start a stopped service by using Server Manager. c. Correct: You cannot disable a service by using Server Manager. d. Correct: You cannot configure a service to start when the computer starts by using Server Manager. |
|
|
Storage Spaces
|
which enables a server to concatenate storage space from individual physical disks and allocate that space to create virtual disks of any size supported by the hardware
|
|
|
Windows Server 2012 R2 supports two hard disk partition styles: |
the master boot record (MBR) partition style and the GUID (globally unique identifier) partition table (GPT) partition style.
|
|
|
Windows Server 2012 R2 supports two disk types: |
the basic disk type and the dynamic disk type
|
|
|
Divide the disk into partitions or volumes. |
it is correct to refer to partitions on basic disks and volumes on dynamic disks.
|
|
|
MBR. |
The MBR partition style has been around since before Windows and is still a common partition style for x86-based and x64-based computers.
|
|
|
GPT |
GPT has existed since the late 1990s, but no x86 version of Windows prior to Windows Server 2008 and Windows Vista supports it. Today, most operating systems support GPT, including Windows Server 2012 R2. Unless the computer’s architecture provides support for an Extensible Firmware Interface (EFI)–based boot partition, it is not possible to boot from a GPT disk. If this is the case, the system drive must be an MBR disk and you can use GPT only on separate nonbootable disks for data storage.
|
|
|
A basic disk using the MBR partition style organizes data |
by using primary partitions, extended partitions, and logical drives. A primary partition appears to the operating system as though it is a physically separate disk and can host an operating system, in which case it is known as the active partition.
|
|
|
When you select the GPT partition style |
, the disk still appears as a basic disk, but you can create up to 128 volumes, each of which appears as a primary partition. There are no extended partitions or logical drives on GPT disks.
|
|
|
A dynamic disk can contain the following five volume types: |
• Simple volume. Consists of space from a single disk. After you have created a simple volume, you can extend it to multiple disks to create a spanned or striped volume, as long as it is not a system volume or boot volume. You can also extend a simple volume into any adjacent unallocated space on the same disk or, with some limitations, shrink the volume by deallocating any unused space in the volume. • Spanned volume. Consists of space from 2 to 32 physical disks, all of which must be dynamic disks. A spanned volume is essentially a method for combining the space from multiple dynamic disks into a single large volume. Windows Server 2012 R2 writes to the spanned volume by filling all the space on the first disk and then filling each of the additional disks in turn. You can extend a spanned volume at any time by adding disk space. Creating a spanned volume does not increase the disk’s read/write performance or provide fault tolerance. In fact, if a single physical disk in the spanned volume fails, all the data in the entire volume is lost. • Striped volume. Consists of space from 2 to 32 physical disks, all of which must be dynamic disks. The difference between a striped volume and a spanned volume is that in a striped volume, the system writes data one stripe at a time to each successive disk in the volume. Striping provides improved performance because each disk drive in the array has time to seek the location of its next stripe while the other drives are writing. Striped volumes do not provide fault tolerance, however, and you cannot extend them after creation. If a single physical disk in the striped volume fails, all the data in the entire volume is lost. • Mirrored volume. Consists of an identical amount of space on two physical disks, both of which must be dynamic disks. The system performs all read and write operations on both disks simultaneously so they contain duplicate copies of all data stored on the volume. If one disk fails, the other continues to provide access to the volume until the failed disk is repaired or replaced. • RAID-5 volume. Consists of space on three or more physical disks, all of which must be dynamic. The system stripes data and parity information across all the disks so that if one physical disk fails, the missing data can be re-created by using the parity information on the other disks. RAID-5 volumes provide improved read performance because of the disk striping, but write performance suffers due to the need for parity calculations. |
|
|
A file system |
is the underlying disk drive structure that enables you to store information on your computer. You install file systems by formatting a partition or volume on the hard disk.
|
|
|
Windows Server 2012 R2, five file system options are available: |
• NTFS • FAT32 • exFAT • FAT (also known as FAT16) • ReFS • NTFS is the preferred file system for a server; the main benefits are improved support for larger hard drives than FAT and better security in the form of encryption and permissions that restrict access by unauthorized users. • Because the FAT file systems lack the security that NTFS provides, any user who gains access to your computer can read any file without restriction. Additionally, FAT file systems have disk size limitations: FAT32 cannot handle a partition greater than 32 GB or a file greater than 4 GB. FAT cannot handle a hard disk greater than 4 GB or a file greater than 2 GB. Because of these limitations, the only viable reason for using FAT16 or FAT32 is the need to dual boot the computer with a non-Windows operating system or a previous version of Windows that does not support NTFS, which is not a likely configuration for a server. • ReFS is a new file system first appearing in Windows Server 2012 R2 that offers practically unlimited file and directory sizes and increased resiliency that eliminates the need for error-checking tools, such as Chkdsk.exe. However, ReFS does not include support for NTFS features such as file compression, Encrypted File System (EFS), and disk quotas. ReFS disks also cannot be read by any operating systems older than Windows Server 2012 and Windows 8. |
|
|
On a new server running Windows Server 2012 R2, Morris created a storage pool that consists of two physical drives holding 1 TB each. Then he created three simple virtual disks out of the space in the storage pool. Using the Disk Management snap-in, Morris then created a RAID-5 volume out of the three virtual disks. With this in mind, answer the following questions. 1. In what way is Morris’s storage plan ineffectual at providing fault tolerance? 2. Why will adding a third disk to the storage pool fail to improve the fault tolerance of the storage plan? 3. How can Morris modify the storage plan to make it fault tolerant? |
1. Morris has created a RAID-5 volume out of virtual disks created out of a storage pool that has only two physical disks in it. A RAID-5 volume can only provide fault tolerance by storing data on three physical disks. 2. Adding a third disk will not guarantee fault tolerance because there is no assurance that each of the three virtual disks exists on a separate individual disk. 3. To make the plan fault-tolerant, Morris should delete the three simple virtual disks and create one new virtual disk by using either the mirror or parity layout option. |
|
|
OBJECTIVE SUMMARY |
• Windows Server 2012 R2 supports two hard disk partition types: MBR and GPT; two disk types: basic and dynamic; five volume types: simple, striped, spanned, mirrored, and RAID-5; and three file systems: ReFS, NTFS, and FAT. • The Disk Management snap-in can initialize, partition, and format disks on the local machine. Server Manager can perform many of the same tasks for servers all over the network. • Windows Server 2012 R2 includes a new disk virtualization technology called Storage Spaces, which enables a server to concatenate storage space from individual physical disks and allocate that space to create virtual disks of any size supported by the hardware. • All Windows Server 2012 R2 installations include the File and Storage Services role, which causes Server Manager to display a menu when you click the icon in the navigation pane. This menu provides access to home pages that enable administrators to manage volumes, disks, storage pools, shares, and iSCSI devices. • The Disk Management snap-in in Windows Server 2012 R2 enables you to create VHD files and mount them on the computer. • Once you have installed your physical disks, you can concatenate their space into a storage pool, from which you can create virtual disks of any size. Once you have created a storage pool, you can use the space to create as many virtual disks as you need. |
|
|
1. Which of the following statements are true of striped volumes? (Choose all that apply.) A. Striped volumes provide enhanced performance over simple volumes. B. Striped volumes provide greater fault tolerance than simple volumes. C. You can extend striped volumes after creation. D. If a single physical disk in the striped volume fails, all the data in the entire volume is lost. |
Correct answers: A, D 1. Correct: Striping provides improved performance because each disk drive in the array has time to seek the location of its next stripe while the other drives are writing. 2. Incorrect: Striped volumes do not contain redundant data and therefore do not provide fault tolerance. 3. Incorrect: Striped volumes cannot be extended after creation without destroying the data stored on them in the process. 4. Correct: If a single physical disk in the striped volume fails, all the data in the entire volume is lost. |
|
|
2. Which of the following statements best describes the requirements for extending a volume on a dynamic disk? (Choose all that apply.) A. If you want to extend a simple volume, you can use only the available space on the same disk if the volume is to remain simple. B. The volume must have a file system (a raw volume) before you can extend a simple or spanned volume. C. You can extend a simple or spanned volume if you formatted it by using the FAT or FAT32 file systems. D. You can extend a simple volume across additional disks if it is not a system volume or a boot volume. |
Correct answers: A, D 1. Correct: When extending a simple volume, you can use only the available space on the same disk. If you extend the volume to another disk, it is no longer simple. 2. Incorrect: You can extend a simple or spanned volume, even if it does not have a file system (a raw volume). 3. Incorrect: You can extend a volume if you formatted it by using the NTFS file system. You cannot extend volumes by using the FAT or FAT32 file systems. 4. Correct: You can extend a simple volume across additional disks if it is not a system volume or a boot volume. |
|
|
3. Which of the following volume types supported by Windows Server 2012 R2 provide fault tolerance? (Choose all that apply.) A. Striped B. Spanned C. Mirrored D. RAID-5 |
Correct answers: C, D 1. Incorrect: A striped volume spreads data among multiple disks, but it writes the data only once. Therefore, it does not provide fault tolerance. 2. Incorrect: A spanned volume uses space on multiple drives, but it writes the data only once. Therefore, it does not provide fault tolerance. 3. Correct: A mirrored volume writes duplicate copies of all data to two disks, thereby providing fault tolerance. 4. Correct: A RAID-5 volume writes data and parity information on multiple disks, thereby providing fault tolerance. |
|
|
4. A JBOD drive array is an alternative to which of the following storage technologies? A. SAN B. SCSI C. RAID D. iSCSI |
Correct answer: C 1. Incorrect: A SAN is a separate network dedicated to storage and a JBOD is a drive array that can be installed on a SAN or on a standard network. 2. Incorrect: SCSI is disk interface, not a type of drive array. 3. Correct: A JBOD array is an alternative to a RAID array that treats each disk as an independent volume. 4. Incorrect: A JBOD array is not an alternative to iSCSI, which is a protocol used for SAN communications. |
|
|
Windows Server 2012 R2 supports two types of folder shares: |
• Server Message Blocks (SMB). SMB is the standard file sharing protocol used by all versions of Windows. • Network File System (NFS). NFS is the standard file sharing protocol used by most UNIX and Linux distributions. before you can create and manage SMB shares by using Server Manager, you must install the File Server role service; to create NFS shares, you must install the Server for NFS role service. |
|
|
Share Server configuration options? |
1. Enable Access-Based Enumeration. Prevents users from seeing files and folders they do not have permission to access 2. Allow Caching Of Share. Enables offline users to access the contents of this share 3. Enable BranchCache On The File Share. Enables BranchCache servers to cache files accessed from this share 4. Encrypt Data Access. Causes the server to encrypt remote file access to this share |
|
|
Access-based enumeration (ABE) |
a feature first introduced in Windows Server 2003 R2, applies filters to shared folders based on the individual user’s permissions to the files and subfolders in the share. Simply put, users who cannot access a particular shared resource are unable to see that resource on the network. This feature prevents users from seeing files and folders they cannot access. You can enable or disable ABE for a share at any time by opening the share’s Properties sheet in the Sharing and Storage Management console and clicking Advanced, which displays the same Advanced dialog box displayed by the Provision a Shared Folder Wizard. |
|
|
OFFLINE FILES |
Offline Files, also known as client-side caching, is a Windows feature that enables client systems to maintain local copies of files they access from server shares. When a client selects the Always Available Offline option for a server-based file, folder, or share, the client system copies the selected data to the local drive and updates it regularly so the client user can always access it, even if the server is offline. To enable clients to use the Offline Files feature, the share must have the Allow Caching Of Share check box selected. Windows Server 2012 R2 and Windows 8.1 also have an Always Offline mode for the Offline Files feature that causes clients to always use the cached copy of server files, providing better performance. To implement this mode, you must set the Configure slow-link mode Group Policy setting on the client to a value of 1 millisecond. |
|
|
following permission systems: |
• Share permissions. Control access to folders over a network. To access a file over a network, a user must have appropriate share permissions (and appropriate NTFS permissions if the shared folder is on an NTFS volume). • NTFS permissions. Control access to the files and folders stored on disk volumes formatted with the NTFS file system. To access a file, either on the local system or over a network, a user must have the appropriate NTFS permissions. |
|
|
Understanding the Windows permission architecture |
To store permissions, Windows elements have an access control list (ACL). An ACL is a collection of individual permissions in the form of access control entries (ACEs). Each ACE consists of a security principal (that is, the name of the user, group, or computer granted the permissions) and the specific permissions assigned to that security principal. When you manage permissions in any of the Windows Server 2012 R2 permission systems, you are actually creating and modifying the ACEs in an ACL. |
|
|
Basic permissions |
are actually combinations of advanced permissions, which provide the most granular control over the element. Prior to Windows Server 2012, basic permissions were known as standard permissions and advanced permissions were known as special permissions. Candidates for certification exams should be aware of these alternative terms.
|
|
|
There are two basic types of ACE: |
Allow and Deny
This makes it possible to approach permission management tasks from two directions: • Additive. Start with no permissions and then grant Allow permissions to individual security principals to give them the access they need. • Subtractive. Start by granting all possible Allow permissions to individual security principals, giving them full control over the system element, and then grant them Deny permissions for the access you don’t want them to have. |
|
|
Permission inheritance means |
that parent elements pass their permissions down to their subordinate elements. For example, when you grant Alice Allow permissions to access the root of the D drive, all the folders and subfolders on the D drive inherit those permissions, which means Alice can access them.
|
|
|
In some situations, an administrator might want to prevent subordinate elements from inheriting permissions from their parents. There are two ways to do this: |
• Turn off inheritance. When you assign advanced permissions, you can configure an ACE not to pass its permissions down to its subordinate elements. This effectively blocks the inheritance process. • Deny permissions. When you assign a Deny permission to a system element, it overrides any Allow permissions that the element might have inherited from its parent objects. |
|
|
Because a security principal can receive permissions from so many sources, it is not unusual for those permissions to overlap. The following rules define how the permissions combine to form the effective access. |
• Allow permissions are cumulative. When a security principal receives Allow permissions from more than one source, the permissions are combined to form the effective access permissions. • Deny permissions override Allow permissions. When a security principal receives Allow permissions—whether explicitly, by inheritance, or from a group—you can override those permissions by granting the principal Deny permissions of the same type. • Explicit permissions take precedence over inherited permissions. When a security principal receives permissions by inheriting them from a parent or from group memberships, you can override those permissions by explicitly assigning contradicting permissions to the security principal itself. |
|
|
NTFS authorization |
In the NTFS permission system, the security principals involved are users and groups, which Windows refers to by using security identifiers (SIDs). When a user attempts to access an NTFS file or folder, the system reads the user’s security access token, which contains the SIDs for the user’s account and all the groups to which the user belongs. The system then compares these SIDs to those stored in the file or folder’s ACEs to determine what access the user should have |
|
|
VOLUME SHADOW COPIES |
enables you to maintain previous versions of files on a server, so if users accidentally delete or overwrite files, they can access a previous copy of those files. You can implement Volume Shadow Copies only for an entire volume; you cannot select specific shares, folders, or files. no matter how much space you allocate to the storage area, Windows Server 2012 R2 supports a maximum of 64 shadow copies for each volume. |
|
|
NTFS quotas |
enable administrators to set a storage limit for users of a particular volume.
|
|
|
Windows Server 2012 R2 supports two types of storage quotas |
The more elaborate of the two is implemented as part of File Server Resource Manager. The second, simpler option is NTFS quotas.
|
|
|
Work Folders is a Windows Server 2012 R2 feature that |
enables administrators to provide their users with synchronized access to their files on multiple workstations and devices while storing them on a network file server.
To set up the Work Folders environment, you install the Work Folders role service in the File and Storage Services role on a server running Windows Server 2012 R2 and create a new type of share called a sync share. This installs the IIS Hostable Web Core feature, which makes it possible for the server to respond to incoming HTTP requests from Work Folders clients on the network. |
