Highlights of the main topics requested for the 70-410 exam, covering main subjects with some info and details about most points and minor subjects requested
6. Switching between modes
• Full – Core - Minimal
• GUI needs Vs Core advantages
Features on demand
• Security, space
• If we needed it later?
• Online or to an Offline VHD
Adding roles to offline VHDs
8. WinRM (Mostly for monitoring)
RSAT (Useful for desktops)
Another Server With Same Role
Non-domain joined computer
(FW rule, PS script)
Remote Management
9. Active Directory
Each server has its own password policy (complexity,
expiration, etc.), different companies, and many
users for each server
10. Domain Vs Workgroup
DC redundancy
Domain naming
Parent, child, tree, and forest
Trust between domains
Active Directory
18. LDIFDE:
dn: “cn=Elizabeth Andersen,ou=Research,dc=adatum,dc=com”
changetype: add (or modify, delete)
ObjectClass: user
SAMAccountName: eander
UserPrincipalName: eander@adatum.com
telephoneNumber: 586-555-1234
Then, save it with .ldf and run:
ldifde –i –f <filename.ldf>
CSVDE:
dn,samAccountName,userPrincipalName,telephoneNumber,objectCla
ss
“cn=Elizabeth
Andersen,ou=Research,dc=adatum,dc=com”,eander,eander@adatu
m.com,586-555-1234,user
Then you run the command:
csvde.exe -i -f <filename.csv>
19. DSADD
DSADD allows adding users to multiple
OU; create OUs, computers, users
dsadd ou ou=test,dc=northwindtraders,dc=com
dsadd user
“cn=test321,ou=sales,dc=dabbas,dc=com” -disable
no
DSquery, Dsmod, DSget, DSMove, DSRm
Check the notes file
20. PowerShell
CSV file (first line is parameters)
Import-Csv .CSVimport.csv | foreach-object
{$userprincipalname = $_.SamAccountName
+ "@{domainname}.com"
34. Group Policy
What are GPOs & Why we use them?
Where GPO Files are saved?
GPOs Types:
Local GPO
Non-Local GPO
Creating & Managing a Local GPO
Non-Local Overwrites Local GPOs
35. Domain (Non-Local) GPOs
Creating a GPO
Linking (Applying) to an OU
Blocking Top GPOs on a specific OU
Enforcing Blocked GPO!
How long GPO takes to be applied?
36. Templates GPOs
Pre-defined GPOs
Can be downloaded
Multiple OSs?
Central Store
Useful to avoid OSs diff. templates
Found under “PolicyDefinitions”
www.gpanswers.com
37. Scope of Management
• User (Computer) Should be linked
to Users (Computers) OUs
• Policies are Cumulative
• Computer overwrites User
Processing Order
Local > Site > Domain > OU >
OU
Authenticated Users
38. Starter GPOs
Policies Vs. Preferences
Policies Preferences
Settings are permanent (greyed
out UI)
User can change settings (drive
map
Applied at startup, logon, refresh Same as policies, option to do not
reapply
Removing policy reverts to
defaults
Does not revert back
automatically
Takes precedence over
preferences
not available for local GPO
Useful for: preventing installing
apps, prevent changing
backgrounds
Useful for: desktop icons,
shortcuts, add URL on desktop,
drive map, file copy, update
39. GPO Permissions
• Who have Full perm. By default?
• Delegate Permission
GPO Security Settings
Comp. > Policies > Win. > Sec.
User Tokens (Standard & Admin
Tokens)
Security Templates
Security Configuration & Analysis
40. Software Restriction Policy &
Applocker
Software Restriction Policy Applocker
Designed for legacy Windows
(XP, 2003)
Designed for Win 7/8, 2008 R2,
2012
Fairly easy to bypass Less easy to bypass
All apps are allowed by defaults All apps are denied by defaults
41. DHCP
What is DHCP?
Why it’s better than Static IP?
Allocation Methods:
• Dynamic
• Automatic
• Manual
42. DORA
Discover – Offer – Request –
Ack.
Common Parameters
PXE & DHCP
Relay Agent
Extra:
• DB Backup
• Failover Options
43. DNS
What is DNS?
Zones & Zones Types
How DNS Works?
Type of Queries (Recursive &
Iterative)
Type of Answers (Authoritative &
Non-Authoritative)
44. Forwarders:
• Root Hints
• Conditional Forwarders
Stub Zones
Manage Cache
Records Types (Resource Records)
45. Hyper-V
What is Virtualization and Why?
Benefits of Using Virtualization
• Space, Power, Cooling
• Less Management (at least centralized)
• Optimize Resources to the max.
• Greener, easier to backup, easier to
replicate, etc.
46. Hypervisor
Hypervisor Types:
• Type 1: Native or Bare Metal (Hyper-
V)
• Type 2: Hosted (VMWare
Workstation)
Hyper-V needs 64-Bit processor
BIOS Should Support Virtualization
RAM & Storage Consideration
48. Storage in Hyper-V
VHD Max. 2 TB, VHDx up to 64 TB
VHDx is more resilient
How to modify VHD files?
How to Change VHD size? Disk Mgmt.?
Differencing drives
Pass through disks
Snapshots
Fiber Channel Adapter
50. Gen1 & Gen2
Gen2 can be used on 2012, 8, 8.1 64-
bit only
Hyper-V in R2 uses RDP (supports
copy/paste, audio redirection)
Online VHDx resize / shrink
52. Local Storage
Disk Types, Basic & Dynamic
Choosing Storage Type Depends on:
• Amount of Storage needed
• Number of Users (at the same time)
• Data Sensitivity
• Data Importance
54. File Systems (Must know, not directly
required)
File. Allocation Table FAT/FAT32/exFAT
• No Security
New TechFile System NTFS
• Secured using Permissions
• Encryption & Compression
• Quotas
• Auditing, File Tagging, Larger Files
55. Resilient File System ReFS
• File can have 16 Exabyte size
• File Name Length is up to 32000
char.
• High Resiliency
• Backward Compatible
• No Disk Quotas
56. Creating VHD & VHDx through Disk
Management
Adding files to VHD & VHDx through
Disk Management
57. Storage Spaces in 2012
What is SAN?
• Administration? Cost Wise?
What about NAS?
Virtual Disks (Not VHDs!)
Storage Pools
58. Virtual Disk Configuration
Layout
• Simple, Two or Three way Mirror,
Parity
Provisioning
• Fixed, Thin
Allocation
• Data Store, Manual, Hot Spare
59. Storage Spaces Using Enclosures
• Approved JBOD:
www.windowsservercatalog.com
• 2U/4U Rack mounted, up to 70 Drives
• Smart, can send not. to Windows
about temp., storage status)
• Redundant fan, Power
60. Storage container not a self RAID
Storage Spaces Tiering
• Fast SSD for hot or pinned data
• Slow HDD for cold data
61. Share & NTFS
Share Vs. NTFS permissions
Share NTFS
Network Only, no control over
local access
Local and Network access
First line of defense Primary tool to control access
Options are: Read, change, Full Much more
Applies to folders only Applies to files & folders
No inheritance Many options available for
inheritance
62. Share
• Cumulative permissions apply (deny
wins)
• Can be combined with NTFS perms.
• Administrative Share
• Access-Based Enumeration
NTFS
• Change Owner
• Inheritance apply order
63. • Permission can be either additive or
subtractive (start with all denied then
allow, or start with all allow then deny)
• Effective access: the result of applying
these rules:
•Deny overrides allow
•Allow permissions are cumulative
•Explicit perm takes precedence over
inherited
• Authorizing occurs to SID for users
64. Offline Files
• Applies to network shares
• Files stay available when
disconnected
• High reliable sync. Mechanism
• Can be configured using Offline
settings or GPO
• Needs to be enabled first, then apply
on folders
65. Disk Quotas
• Limit disk usage
• Enabled on volume level
• Soft Quota & Hard Quota
• File Server Resource Manager FSRM is handy
• FSRM can apply quotas on folders, Windows
Explorer on volumes only
• File Screening, Data Deduplication
• Storage Reports Management
66. Volume Shadow Copy
• Used in VM snapshots
• Used by backup operations
(Windows, Acronis)
• Used for File Recovery
In File Recovery:
• Quick restore for accidental deletions
• Scheduled
• Used on the machine not only shares
67. • VSS is configured under volume
properties
• VSS is replaced with File History,
starting Win. 8
• On servers, enabled under driver
properties under disk management
• VSS by default creates two copies, at
7:00 AM and 12:00 PM
68. Work Folders
• Similar to Offline Files feature
• Allows access to joined & non-joined
domain workstations
• Enables managing BYOD
• Transparent conflict resolution
• Hub-Spoke topology
• Works with file screening, classification (can
classify documents), quotas
• Security policies for encryption, screen lock
(data security if device was stolen)
69. Work Folders Configuration
Server Side:
• Define appropriate users and groups
• Add & configure “work folders” role
• DNS (workfolders.domain.com)
• Certificates
• Proxy
Client Side:
• Control panel configuration
• Access using “work folders”
71. Network printers & Local printers
• Central Management, drivers,
easier to install, queue
management, less cost
Printer Management MMC
• Printers Filtering
Creating multiple instances
(objects) of a printer, if we want to
give higher priority for managers
72. Printing Options:
• Direct print
• Locally attached printer sharing
• Network attached printing
• Network attached printer sharing
Printer Pool: Identical devices ONLY
Adding 32-bit driver to a 64-bit
server
Easy Print
74. Hardware Firewall & Software Firewall
Firewall Modes:
Domain
• Work
• Home
• Public
Opening port Vs. Allowing Application
Connection security rules
75. Importing & Exporting Rules
Configuring Firewall under GPO
Computer > Policies > Windows >
Security > Windows FW with Advanced
Security