Designing and Implementing Windows Server 2012 Network Infrastructure and Security

Active Directory provides a single administration point for sign-on, policies and authentication control. This hands on course provides experience configuring Active Directory and essential network security components such as AD Certificate Services, IPSec and virtual private networking (VPN). Students will install Active Directory Domain Services (ADDS), integrate DNS for Active Directory and Internet name resolution, implement AD security for DNS, and configure logical AD components, such as forests, trees, domains and organizational unit (OUs). Upgrading and migrating the ADDS structure within or between forests, troubleshooting, backup and restore methods and additional maintenance tools will be explored. Attendees will investigate additional Active Directory roles and services. With ADDS installed, we will monitor and maintain sites and replication to assure up-to-date information.

An administrator needs to control the user environment, so students will look at the architecture, scope, inheritance, replication and troubleshooting in group policy before learning to restrict and enable users with login scripts, rights, desktop policies and software deployment and control. We'll also look at further controlling computers through security policies, loopback processing, and templates. Attendees will delegate administration of the configuration policies, control application and inheritance and explore tools to refine the user experience. Comprehensive labs and exercises give the students real experience installing and configuring Active Directory while securing the network.

Prerequisites: Completion of Windows Server 2012 R2 System Administration course or equivalent knowledge.

Domain Name Service (DNS)

• DNS Server Role Introduction
• DNS Architecture
• DNS Name Resolution
• Creating and Managing DNS Zones
• DNS Zone Transfers
• Dynamic DNS
• Integration with Active Directory

Active Directory Domain Services

• Active Directory DNS Naming Strategy
• DNS AD-Integrated Zones
• Active Directory Architecture
• AD Trust Relationships
• Domain and Forest Functional Levels
• Read-Only Domain Controller (RODC) Configuration

Dynamic Host Configuration Protocol

• DHCP Lease Process
• Troubleshooting DHCP Clients
• Authorizing a DHCP Server in Active Directory
• Scopes
• Reservations
• DHCP Options

AD Maintenance and Monitoring

• Server 2012 Monitoring Tools
• Flexible Single Master of Operations (FSMO) Roles
• Backing Up the AD Database
• Restore Methods
• Troubleshooting AD and Group Policy

Active Directory Schema

• Defining the Active Directory Schema
• Administering the Active Directory Schema
• Schema Modification
• Object Classes and Attributes
• Deactivating Schema Objects

Group Policy Objects (GPO)

• Group Policy Overview
• Centralized Configuration
• Domain and Local Policies
• Policy Scope
• Policy Inheritance
• Security Configuration Wizard (SCW)
• GPO Replication
• Troubleshooting Conflicts and Inheritance

GPO User Configuration

• Logon Scripts
• Folder Redirection
• User Rights
• Desktop Restrictions
• Application Limitations
• Deploying User Software with .msi Files

GPO Computer Configuration

• Assigning Applications to the Desktop
• Security Settings
• Policy Refresh Interval
• Loopback Processing

GPO Security

• Reducing Attack Surface through GPO
• Creating Security Policies
• Using Custom Templates
• Fine-Grained Password Policies
• Software Restrictions
• Application Control Policies

GPO Administration

• Refreshing the Policy Manually
• Delegating GPO Administration
• Group Policy Management Console (GPMC)
• Combining Policies
• Disabling GPOs
• Block Inheritance
• Enforcement

Group Policy Management Console

• Analyzing Resultant Set of Policy (RSoP)
• Group Policy Modeling
• Importing Policies
• Backup and Restore GPOs
• Starter GPOs

Group Policy Software Deployment

• Assigning Software to Users or Computers
• Publishing Applications to Users
• Upgrading and Removing Applications
• Customizing Distributed Software

Active Directory Certificate Services

• Public Key Infrastructure (PKI)
• Installing and Configuring Internet Information Server (IIS) 7.5
• Installing Active Directory Certificate Services
• Web-Based Certificate Request
• Granting and Revoking Certificates
• Publishing the Certificate Revocation List
• PKI Applications and Uses
• Certificate Authorities

Routing and Remote Access

• Virtual Private Network (VPN) Configuration
• VPN and Authentication Protocols
• Remote Access Policies
• Network Policy Server (NPS)
• Configuring a RADIUS Server
• Troubleshooting

Remote Desktop

• Remote Desktop Architecture
• Remote Desktop
• Remote Applications
• RD Web Access
• Mapping Local Resources
• Terminal Server Licensing
• RD Gateway Server
• RD Session Broker
• Remote Desktop Client
• Network Level Authentication

Networking

• TCP/IP version 4 (IPv4)
• IPv4 Addressing
• TCP/IP version 6 (IPv6)
• Dynamic Host Configuration Protocol (DHCP)
• TCP/IP Diagnostic Tools
• Windows Firewall with Advanced Security
• Network Troubleshooting