Notes

Coach Culbertson | Train Signal, Inc.

Welcome to Windows Server 2008 R2 Training

Coach Culbertson

MCT, MCITP, MCTS ,etc., etc.


•A Little About Your Instructor

•Hardware Setup

•What’s In This Course

What Is New In Server 2K8 R2

In this video:


A Little About Your Instructor

• MCITP, MCSA, MCDBA, MCT, A+, Net+, CIW, and a few others

• 2 Year Tour of Duty as an Inner City High School Teacher in Chicago

• Launched a couple hundred careers

About Train Signal• Casual Training Method that teaches real skills first

• Scenario-Based Training to answer the question "Why does this change my life?"

About Benjamin “Coach” Culbertson


• 2 Hyper-V Compatible Servers with Server 2K8 R2 installed

• 1 Server is a DC, DC1-R2

• The Other is a Hyper-V box

• Both are – 4GB RAM – 2.4 GHZ Quad-Core

Processors– 2 - 250GB HDD’s

Hardware Setup

Here’s What I Have


2. New Active Directory Management Tools

3. The Active Directory Recycling Bin

4. New Group Policy in Server 2008 R2

5. Build an ASP.NET Application Server on Server Core

6. Boot a Machine with a Virtual Hard Disk

What’s In This Course

And now, the Hit Parade for this course!


7. Hyper-V Dynamic Storage and Quick Switch Settings

8. Remote Desktop Services: Personal Virtual Desktops

9. Hyper-V Clustering!?!?

10.2K8 R2+Win7: AppLocker

11.BranchCache

12.Concept: Direct Access

What’s In This Course


SO LET’S GET GOING!

So now…

…you know about your instructor, the basics of the hardware you need if you want to play along at home, and what you and I are going to cover in the course…


New Active Directory Management Tools

Easy-Peasy AD Management


• The Shiny New Active Directory Management Console

• The Best Practices Analyzer

• RSAT On Windows…7? YES!

New AD Management Tools

In this video:


• Engage the Active Directory Administrative Center

• Run the Best Practices Analyzer to find Best Practices for a particular Role

• Install RSAT on Windows 7

What We Covered

After watching this video, you should be able to:


The Active Directory Recycling Bin

A PowerShell Solution to Save You Massive Time When Your User Accounts Get

Trashed (Accidentally, of course)


• The Server 2008 R2 Domain Functional Level

•Coach’s AD Toolbox: Activating and Using the AD Recycling Bin

The Active Directory Recycling Bin

In this video:


• The new Server 2008 R2 Domain Functional Level has all the features of the Server 2008 Functional Level, but adds the AD Recycling Bin

• All Domain Controllers in your network must be running Server 2008 R2—no exceptions

The Server 2008 R2 Domain Functional Level

There’s a new Functional Level in Town…


• I Built a PowerShell Script Mini-Library for you so you can use the AD Recycling Bin ASAP

Coach’s AD Toolbox

Activating and Using the AD Recycling Bin


• Identify the Functional Level of a AD Domain

• Install the PowerShell Editor on a Server 2008 R2 Machine

• Activate the AD Recycling Bin using Coach’s AD Recycling Bin Mini-Library Script

• Restore an AD Object using Coach’s AD Recycling Bin Mini-Library Script

What We Covered



New Group Policy in Server 2008 R2

And now for some new GPO Toys!


• New Look, Nice Interface

• Super Easy Power Plan Preferences

• Internet Explorer 8 Preferences

• Starter GPO’s – Now built-in!

New Group Policy in Server 2008 R2

In this video:


• Admire the new interface

• Set Power Preferences for Win XP, Vista, and Win 7 Clients

• Find IE 8 Group Policy Settings Using the Filter Options

• Set IE 8 Options in Group Policy Preferences

• Install and Use the Built-In Starter GPO’s as a base for creating new GPO’s

What We Covered

After viewing this video, you should be able to:


Build an ASP.NET Application Server on Server Core

You and I are going to build an IIS 7.5 ASP.NET Web Server From Start to Finish, Including FTP and Remote

Management! BOOYAH!


• Ummm, yeah, I’ve already told you what we’re going to do….

–Included: The Batch Script for installing ASP.NET in Server Core So You Don’t Have to Type A Billion Commands

IIS 7.5: Now with More Toys

In this video:


1. Change the password on the administrator account on Server Core R2

2. Use sconfig to do the basic configuration:

1. Rename the machine to something intelligible

2. Set up your Network IP Address and DNS settings

3. Set Time Zone, etc.

What We Covered

Here’s your punchlist


3. Use sconfig to:

1. Enable Remote Management via MMC

2. Enable PowerShell

3. Enable Remote Management via Server Manager

4. Check Firewall Settings

4. Run the script included in this course, aspCoreInstall.bat

What We Covered

Punchlist Continued


5. Connect to your Server Core Machine using Server Manager on a separate machine

6. Connect Your Machine to your IIS Manager on a separate machine

7. Create an FTP site for your Server Core machine using IIS Manager

8. Set up any User Accounts that you want to have access to the FTP site

What We Covered

More Punchlist! I Need More Punchlist!


9. Test out the FTP site using either the command line ftp or connect with your favorite FTP client software (Filezilla rules!)

What We Covered

YES! More Punchlist Items

You can use RSAT on Windows 7 to manage your Server Core Machine using Server Manager. IIS Manager is also available for Win 7 (and Vista), and you can manage your Server Core Web Server with it as well.

Don’t forget when you log in to your FTP site to include the name of your Virtual Host: Ex: yourvirutalftpname.yourdomain.com|UserName


Boot a Machine with a Virtual Hard Disk

Test Out New Server Stuff (or Win7 stuff!) Without Blowing Away Your Current OS!


•Why Would You Do This?

•Coach’s Toolbox | The VHDBoot Script

Boot a Machine with a VHD

In this video:


Why Would You Do This?

So,ummm...yeah, what’s up with this VHD boot thing?

The Virtual Hard Drive lives on the

physical hard drive

Instead of booting up from the OS on the physical drive, in Server 2008 R2 we can boot up from the VHD file on the physical disk.


• Loading up an OS that’s different than your primary OS allows you to tweak, test, blow stuff up, and see how things work—without blowing away your primary OS

• Great for developers and admins trying out new things—and if doesn’t work, delete the VHD

• Also been tested to boot a VHD from a USB drive—Google or Bing this

Why Would You Do This?

…and here’s why


• We’ll need to use the bcdedit command to set this up

• It’s not hard, but it’s still a command that’s easier to use a script for

• Let’s try it out

Coach’s Toolbox | The VHDBoot Script

Easy VHD Boot Setup


• Copy a VHD file to another machine (BFD!)

• Use bcdedit /Enum to list the current entries in the Boot Manager

• Create a new boot set up with bcdedit /copy {current} /d “Name You Type Here”

• Modify the VHDBoot.bat script with the GUID from the new cloned boot settings

• Run the VHDBoot script to set up the boot loader for an alternate boot and boot it

What We Covered



Hyper-V Dynamic Storage and Quick Switch Settings

Just a Few New Toys in Hyper-V in Server 2008 R2


• A Quick Look at New Hyper-V Capabilities

• WHAT?!?! I Don’t Have to Shut Down?

–Quick Switch Settings

Hyper-V Dynamic Storage

In this video:


Comparing Microsoft Hyper-V Server R1 to R2

Feature Hyper-V Server 2008 R1 Hyper-V Server 2008 R2

Physical processor support

Up to 4 processors Up to 8 processors

Logical processor support

Up to 16 Up to 64

Physical memory support

Up to 32GB Up to 1TB

Live migration No Yes

High availablility No Yes

A Quick Look at New Hyper-V Capabilities

New Fun Stuff


A Quick Look at New Hyper-V Capabilities

And Even More Fun Stuff

• Support for running up to 384 virtual machines with up to 512 virtual processors

• Processor compatibility mode for live migration across different processors from the same vendor

• Hot add/remove of virtual storage


• Now with Server 2008 R2, you can add or remove virtual SCSI Hard Disks without shutting down your VM

• You’ll still need to boot up with a virtual IDE disk, though—no hot swapping on IDE

• It’s easy, let me show this now

WHAT?!?! I Don’t Have to Shut Down?

Ummm, yeah, that’s the point….


• Describe some of the new advantages of running Hyper-V on Server 2008 R2

• Add or remove virtual SCSI hard drives on a VM on the fly (without shutdown)

• Use the Quick Switch to move between VM Settings

What We Covered



Remote Desktop Services: Personal Virtual Desktops

Terminal Services No More—Now It’s all Remote Desktop Services


•Personal Desktops: Thin-Client Style OS’s

•Also, What is a VDI?

Remote Desktop Services

In this video:


• Why would you ever do this?– Reduced

hardware costs (sort of)

– Greater Administrative Control and Security

– It’s Cool

Personal Desktops: Thin Client Style OS’s

Everything old is new again...RDS Server

Hyper-V Server


VirtualDesktop

Infrastructure

Also, What the !@#$ is a VDI?

VDI is not a disease….


• Define what a VDI actually is

• Install all the necessary Roles and Role Services required for an initial VDI

• Rename Win 7 VM’s for use in a VDI

• Assign a User to a Personal Desktop

• Use RD Web Access to access a Personal Desktop VM

What We Covered



Hyper-V Clustering!?!?

Highly Available (and Highly Expensive) Virtual Machine Movement Between Servers


•What Does It Take To Build Highly Available VM’s?

• The 2 Methods of Easy VM Migration

Hyper-V Clustering!?!?

In this video:


• Here’s what you need:

– Two Hyper-V Servers with as close to identical hardware configsas possible

– A Separate SCSI-3 Compliant Storage Appliance

What Does It Take To Build Highly Available VM’s?

A lot of expensive hardware, that’s what!

SAN/NAS Storage(iSCSI is a good option)

Your SAN/NAS must support SCSI-3 persistent connections


When one machine needs to go down for maintenance, the VM can be migrated to the other live machine

What Does It Take To Build Highly Available VM’s?

So…what it does do once you have it built?

SAN/NAS Storage(iSCSI is a good option)

Virtual Machine


• The original method: Quick Migration– The Virtual Machine is taken offline,

moved to the other machine, and then brought back up

• The R2 method: Live Migration– The Virtual Machine is in essence

copied to the other machine while the original continues to run

– Once the copy is moved, the original VM is removed from the source machine, while the new copy is happily running on the destination machine

The 2 Methods of Easy VM Migration

Moving your VM can be easy


• Describe what is required to build a Hyper-V Failover Cluster

• Describe the 2 methods of migration and the difference between the tw

• But wait…there’s more

What We Covered



Bonus: Coach’s Hyper-V Clustering Science Experiment

Super Secret Video

If you act right now…by continuing to watch….


Science Time!

And here’s what I’ve got…

1 HP Proliant ML350 Xeon Quad Core4GB of RAM2 NIC’s

1 Frankenstein Intel Quad Core4GB of RAM3 NIC’s

ReadyNAS ProStorage Appliance

1 VMWareVirtual MachineWindows StorageServer 2008512 MB of RAM3 NIC’s


• Describe Failover Clustering in terms of how it’s useful with Hyper-V

• Describe the Hardware Requirements for Failover Clustering

• Run the Validate a Configuration Wizard to determine viability of hardware for Clustering

• Attach iSCSI storage using the iSCSI Initiator in Server 2008 (and R2)

• Create a Basic Failover Cluster using a Node Majority and File Share Quorum configuration

What We Covered



• Create a Highly Available Virtual Machine using the Failover Clustering Manager

• Describe the differences between Quick Migration and Live Migration

What We Covered


2K8 R2+Win7: AppLocker

Decide Who Can Run What Applications On Your Desktops


•The AppLockerGPO Setting

2K8 R2+Win7: AppLocker

In this video:


The AppLocker GPO Setting


• Locate the AppLocker GPO Setting in the Group Policy Editor

• Configure the Application Identity Service to start automatically (and start it!)

• Use the Local Security Policy on a Win 7 client to identify applications that you want to lock down

• Create a basic AppLocker Rule to deny the running of an application for a particular user in both a GPO and in Local Security Policy

What We Covered



BranchCache

A Nifty Feature That Will Help Stop Your Branch Offices From Bleeding

Bandwidth (And Make Your Users Happy)


• Stop the Bleeding!

• Two Methods of Implementing BranchCache

• The Easy Implementation: Co-Op

BranchCache

In this video:


Stop the Bleeding!

When you’ve got a branch office…

File Server


Two Methods of Implementing BranchCache

Instead…Cooperative Mode BranchCache

File Server


Two Methods of Implementing BranchCache

Or…Hosted Mode BranchCache

File Server


• First, install BranchCache on your File Server (or Web Server)

• Then, you’ll set up BranchCache on the Server using either Local Group Policy, a GPO, or by editing the Registry

• After that, make sure any shared folders that you want your Branch Office Users to have access to are BranchCache Enabled

• Configure the Client machines for BranchCache via Group Policy and the Firewall Exception

• Done

The Easy Implementation: Co-Op

This is how we do it…


• Identify the problem of bandwidth bleed and slow download times in a Branch Office scenario

• Describe the advantages of BranchCache

• Install the BranchCache Role Service on Server 2K8 R2

• Enable BranchCache using Local Group Policy on a File Server

• Enable BranchCache on Client Machines in a particular OU by using a GPO

• Create a Rule for your Client Firewall in the same GPO as your BranchCache settings

• Enable BranchCache on specific files and folders

What We Covered



Concept: Direct Access

An Overview of VPN Connections—Without the VPN!


• So, Ummm, What Is This Again?

• What You Need To Build a DA Setup

• The Secret Behind Direct Access

Concept: Direct Access

In this video:


• Direct Access provides VPN Access without a VPN

• Users can get access to all their usual stuff on the corporate network over standard internet connections

• Admins can push updates and GPO updates without the machine having to be actually on-premises

So, Ummm, What Is This Again?

So here’s how this works…

Internet

Woo-hoo! Access to all my stuff on the road!


1. Server 2K8 R2 Machine for use as a Direct Access Server

2. Windows 7 running on your mobile machines

3. At least one DC and a DNS (BFO) running Server 2K8 R2 or 2K8 SP2

4. A PKI Infrastructure along with a Network Access Protection (NAP)

5. IPSec

6. IPv6 Infrastructure (or Teredo)

What You Need To Build a DA Setup

So now for the laundry list-o-wonder….


The Secret Behind Direct Access

And now here’s what‘s behind the smoke and mirrors

Internet

The BIGGEST Secret to DA—CONNECT THROUGH PORT 443 –

YES, THAT’S HTTPS!

Two NIC’s on your DA Server

One ConnectedTo Internet

One ConnectedTo Intranet


• Describe the basic functions of Direct Access

• Describe the basic requirements of Direct Access

• Be able to talk about at least one of the secrets behind Direct Access

What We Covered


Documents

Notes