Server Systems Security and Administration

(MC-SRVR-SYS.AP1) / ISBN : 978-1-64459-993-8
Lessons
Lab
TestPrep
AI Tutor (Add-on)
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Introduction

  • Changes since Windows Server 2016 Inside Out
2

Administration tools

  • Remote not local
  • Privileged Access Workstations
  • Windows Admin Center
  • Remote Server Administration Tools
  • PowerShell
  • Remote Desktop
  • SSH
3

Installation options

  • Windows Server 2019 editions
  • Windows Server servicing branches
  • Server Core
  • Server with Desktop Experience
  • Roles and features
4

Deployment and configuration

  • Bare metal versus virtualized
  • Windows images
  • Answer files
  • Windows Deployment Services
  • Virtual Machine Manager
  • Infrastructure configuration as code
  • Desired State Configuration
  • Chef Infra Server
  • Puppet
  • Package-management utilities
5

Active Directory

  • Managing Active Directory
  • Domain controllers
  • AD DS structure
  • Accounts
  • Group policy
  • Restoring deleted items
  • Managing AD DS with PowerShell
6

DNS, DHCP, and IPAM

  • DNS
  • DHCP
  • IPAM
7

Hyper-V

  • Dynamic memory
  • Smart paging
  • Resource metering
  • Guest integration services
  • Generation 2 VMs
  • Enhanced Session Mode
  • Discrete Device Assignment
  • Nested virtualization
  • PowerShell Direct
  • HVC for Linux
  • Virtual hard disks
  • Managing checkpoints
  • Virtual Fibre Channel adapters
  • Storage QoS
  • Hyper-V storage optimization
  • Hyper-V virtual switches
  • Virtual machine network adapters
  • Optimizing network performance
  • Virtual machine MAC addresses
  • Network isolation
  • Hyper-V replica
  • Hyper-V failover clusters
  • Hyper-V guest clusters
  • Live migration
  • Storage migration
  • Exporting, importing, and copying VMs
  • VM Network Health Detection
  • VM drain on shutdown
  • Domain controller cloning
  • Shielded virtual machines
  • Managing Hyper-V using PowerShell
8

Storage

  • Storage spaces and storage pools
  • Storage Replica
  • SMB 3.1.1
  • iSCSI
  • iSNS server
  • Scale-Out File Servers
  • Server for NFS
  • Deduplication
  • Storage Quality of Service
  • ReFS
  • Storage-related PowerShell cmdlets
9

File servers

  • Shared folder permissions
  • File Server Resource Manager
  • Distributed File System
  • BranchCache
  • PowerShell commands
10

Internet Information Services

  • Managing sites
  • Application pools
  • IIS users and delegation
  • Managing FTP
  • Managing IIS using PowerShell
11

Containers

  • Container concepts
  • Isolation modes
  • Managing containers with Docker
  • Managing containers
  • Applying updates
  • Container networking
  • Linux containers on Windows
  • Container orchestration
12

Clustering and high availability

  • Failover clustering
  • Network Load Balancing
13

Active Directory Certificate Services

  • CA types
  • Certificate revocation lists
  • Certificate Services role services
  • Certificate templates
  • Certificate autoenrollment and renewal
  • CA management
14

Active Directory Federation Services

  • AD FS components
  • Claims, claim rules, and attribute stores
  • Claims provider
  • Relying party
  • Relying party trust
  • Claims provider trust
  • Configuring certificate relationship
  • Attribute stores
  • Claim rules
  • Configure Web Application Proxy
  • Workplace Join
  • Multifactor authentication
  • Managing AD FS with PowerShell
  • Managing Web Application Proxy with PowerShell
15

Dynamic Access Control and Active Directory Rights Management Services

  • Dynamic Access Control
  • Configuring Group Policy to support DAC
  • Configuring User and Device Claims
  • Configuring Resource Properties
  • Central access rules
  • Central access policies
  • Staging
  • Access Denied Assistance
  • Installing AD RMS
  • AD RMS certificates and licenses
  • AD RMS Templates
  • AD RMS Administrators and Super Users
  • Trusted User and Publishing Domains
  • Exclusion policies
  • Managing AD RMS with Windows PowerShell
16

Routing and Remote Access

  • Remote Desktop Gateway
  • Virtual private networks
  • LAN routing
  • Network Address Translation (NAT)
  • DirectAccess
  • Managing Remote Access using PowerShell
17

Remote Desktop Services

  • Deployment
  • Remote Desktop Connection Broker
  • Deployment properties
  • Remote Desktop Session Host
  • Remote Desktop Virtualization Host
  • Remote Desktop Web Access
  • Remote Desktop licensing
  • Managing Remote Desktop Services using PowerShell
18

Azure IaaS and hybrid services

  • Windows Server IaaS VMs
  • Azure Active Directory
  • Azure hybrid cloud services
19

Windows Subsystem for Linux

  • Linux on Windows Server
  • Installing WSL
  • WSL 2.0
20

Hardening Windows Server and Active Directory

  • Hardening Active Directory
  • Hardening Windows Server
  • Shielded VMs
21

Security systems and services

  • Security Compliance Toolkit
  • Attack Surface Analyzer
  • Credential Guard
  • Windows Defender Application Control
  • Virtualization-based security
  • Controlled Folder Access
  • Exploit Protection
  • Windows Defender
  • Windows Defender SmartScreen
22

Maintenance and monitoring

  • Data collector sets
  • Alerts
  • Event Viewer
  • Network monitoring
  • Azure Monitor
  • Windows Server Backup
  • Azure Backup
  • Vssadmin
  • Windows Server Update Services
  • Azure Update Management
  • Monitoring and maintenance related PowerShell cmdlets
  • WSUS related PowerShell cmdlets
23

Upgrade and migration

  • Supported upgrade and migration paths
  • Active Directory
  • Active Directory Certificate Services
  • DNS
  • DHCP
  • File and storage servers
24

Troubleshooting

  • Troubleshooting methodology
  • Command-line tools
  • Sysinternals tools
25

Secure Windows Server on-premises and hybrid infrastructure

  • Skill 1.1: Secure Windows Server operating system
  • Skill 1.2: Secure a hybrid Active Directory infrastructure
  • Skill 1.3: Identify and remediate Windows Server security issues by using Azure services
  • Skill 1.4: Secure Windows Server networking
  • Skill 1.5: Secure Windows Server storage
  • Lesson summary
  • Thought experiment
26

Implement and manage Windows Server High Availability

  • Skill 2.1: Implement a Windows Server failover cluster
  • Skill 2.2: Manage failover clustering
  • Skill 2.3: Implement and manage Storage Spaces Direct
  • Lesson summary
  • Thought experiment
27

Implement disaster recovery

  • Skill 3.1: Manage backup and recovery for Windows Server
  • Skill 3.2: Implement disaster recovery by using Azure Site Recovery
  • Skill 3.3: Protect virtual machines by using Hyper-V Replica
  • Lesson summary
  • Thought experiment
28

Migrate servers and workloads

  • Skill 4.1: Migrate on-premises storage to on-premises servers or Azure
  • Skill 4.2: Migrate on-premises servers to Azure
  • Skill 4.3: Migrate workloads from previous versions to Windows Server 2022
  • Skill 4.4: Migrate IIS workloads to Azure
  • Skill 4.5: Migrate an AD DS infrastructure to Windows Server 2022 AD DS
  • Lesson summary
  • Thought experiment

1

Deployment and configuration

  • Importing an Image into WDS
2

Active Directory

  • Performing an Authoritative Restore
  • Changing the Default Tombstone Lifetime
3

DNS, DHCP, and IPAM

  • Installing the DHCP Server
  • Installing the IPAM Feature
4

Hyper-V

  • Creating a VM with an Existing Virtual Hard Disk
  • Creating and Disabling Checkpoints
  • Creating a Virtual Machine
5

Storage

  • Configuring the iSCSI Target Server
  • Installing the iSNS Feature
  • Configuring the NFS Data Store
  • Enabling Data Deduplication
6

File servers

  • Configuring a Classification Property
  • Running a Storage Report
  • Adding a Folder Target to an Existing Folder
  • Creating a New Folder to Replicate
  • Creating a DFS Namespace
  • Installing the BranchCache Feature
7

Internet Information Services

  • Creating an Authorization Rule
  • Configuring an IP Address and Domain Name Restriction
  • Modifying Custom Error Message Settings
  • Creating a Web Application
  • Adding a Virtual Directory Using the IIS Manager Console
  • Creating a New Application Pool
  • Delegating Administrative Permissions
8

Containers

  • Installing Docker
  • Creating a gMSA Account
9

Clustering and high availability

  • Installing and Configuring NLB
10

Active Directory Certificate Services

  • Revoking a Certificate
  • Configuring CA to Issue a Specific Certificate Template
  • Creating CA Backup and Recovery
11

Dynamic Access Control and Active Directory Rights Management Services

  • Enabling Dynamic Access Control Resources
  • Configuring Access-Denied Remediation
  • Installing Active Directory Rights Management Services (ADRMS)
12

Routing and Remote Access

  • Creating RD CAP and RD RAP
  • Creating a New Network Policy
13

Remote Desktop Services

  • Deploying Your Remote Desktop Environment
14

Azure IaaS and hybrid services

  • Creating a Virtual Network
  • Creating an Azure IaaS VM
15

Windows Subsystem for Linux

  • Installing WSL on Windows Server 2019
16

Hardening Windows Server and Active Directory

  • Resetting the KRBTGT Account Password
  • Creating an Isolation Rule
  • Creating a Server-To-Server Rule
  • Creating a Tunnel Rule
  • Enabling a Virtual Machine to Secure Boot and Shielding
17

Security systems and services

  • Configuring Windows Defender with GPOs
  • Enabling Device Guard
  • Enabling a Virtual Machine Secure Boot and TPM
18

Maintenance and monitoring

  • Creating a Data Collector Set
  • Creating an Event Log View
  • Installing a WSUS Server
19

Upgrade and migration

  • Upgrading SYSVOL Replication to DFS from FRS
20

Secure Windows Server on-premises and hybrid infrastructure

  • Creating a Group Policy Object Using the GPMC
  • Creating Active Directory Objects
  • Promoting a Domain Controller
  • Installing AD DS using PowerShell
  • Creating an RODC Server
  • Moving Active Directory Objects
  • Joining a Computer to an Active Directory Domain
  • Installing a WSUS Server
21

Implement disaster recovery

  • Creating and Managing Azure File Shares
  • Configuring Azure Backup
22

Migrate servers and workloads

  • Creating an Azure VM
  • Installing the DHCP Server