Install and Configure Windows Server 2019: get a job in IT | Alexander Gorbunov | Skillshare

Playback Speed

  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x

Install and Configure Windows Server 2019: get a job in IT

teacher avatar Alexander Gorbunov

Watch this class and thousands more

Get unlimited access to every class
Taught by industry leaders & working professionals
Topics include illustration, design, photography, and more

Watch this class and thousands more

Get unlimited access to every class
Taught by industry leaders & working professionals
Topics include illustration, design, photography, and more

Lessons in This Class

23 Lessons (2h 15m)
    • 1. 1

    • 2. 1

    • 3. 2

    • 4. 2

    • 5. 3

    • 6. 3

    • 7. 4

    • 8. 4

    • 9. 4

    • 10. 5

    • 11. 5

    • 12. 5

    • 13. 6

    • 14. 6

    • 15. 6

    • 16. 7

    • 17. 7

    • 18. 7

    • 19. 8

    • 20. 8

    • 21. 8

    • 22. 9

    • 23. 9

  • --
  • Beginner level
  • Intermediate level
  • Advanced level
  • All levels
  • Beg/Int level
  • Int/Adv level

Community Generated

The level is determined by a majority opinion of students who have reviewed this class. The teacher's recommendation is shown until at least 5 student responses are collected.





About This Class

This course is geared toward getting you up to speed with Windows server 2019. Whether you already hold a job as a helpdesk support representative, a desktop technician or are just looking to start your career in IT this course is designed to give you the essential skills required to install and configure basic roles and features in Windows Server 2019. This course attempts to cover about 90% of the daily tasks of system administrators. It includes the following topics:

Introduction to virtualization and VirtualBox

Installing Windows Server 2019

Installing AD DS

Managing Active Directory

Managing DNS within Windows server

Group Policies

Installing the DHCP role and managing your IP space

Installing and Configuring Windows Admin Center

Meet Your Teacher

Hello, I'm Alexander.

See full profile

Class Ratings

Expectations Met?
  • Exceeded!
  • Yes
  • Somewhat
  • Not really
Reviews Archive

In October 2018, we updated our review system to improve the way we collect feedback. Below are the reviews written before that update.

Why Join Skillshare?

Take award-winning Skillshare Original Classes

Each class has short lessons, hands-on projects

Your membership supports Skillshare teachers

Learn From Anywhere

Take classes on the go with the Skillshare app. Stream or download to watch on the plane, the subway, or wherever you learn best.


1. 1: Hello and welcome to my course on Windows Server 2019. My name is Alex. I have a full time job as a system administrator at a local MSP. Over the years, I was stabbed by my employers to get certified in different technologists that were used by us internally or by our coins. So I've got em. She s a server 2012 and M. C s E. Cloud platform and infrastructure and a few more certifications from other vendors. I have been working in 90 for over eight years. I have extensive experience working for M s piece where I was exposed to a lot of different mike self serve environments. I started working as a helpdesk support representative and now would primarily take care of infrastructure and servers have my current company most of the environments I get to manage Run Windows Server 2012. I have experienced in that working both physical running, where's installing switches in configuring switches, routers and firewalls Over the last few years, with virtualized, about 90% of our reclines he was in Vienna, where, and storage solutions from HP, we had to migrate a lot of old physical servers running Windows Server 2003 or 2008 to Nuvi EMS running Server 2012 or 2016. We also had to migrate a few exchange servers from 2003 and seven to exchange 2010 and 2016 . At our company, we host servers for some of the clients, and we also provide email hosting using exchange 2016. Another responsibility I have in my current job is security. That includes anti virus, far Bols, making sure there are no open pores that potentially can be used to get into the network from the outside over the material discourses, Something I had to do on the job for different clients throughout my career. You don't need to have a job in i t. To start learning Microsoft Windows Server 2019. All you need is a 64 bit PC with eight gigs of memory and 100 gigs of space on the hard drive. In this course, I will try to provide you with skills and knowledge that can help you toe lend a job as a system administrator or similar I t position. Thank you and I will see in the next video 2. 1: Hello. Welcome back. Let me briefly introduce you to the content of this course. This course is geared toward getting you up to speed with Windows Server 2019. Whether you already hold a job as a help, this support representative at desktop technician or just looking to start your career 90. This course is designed to give you essential skills required to install and configure basic rose and features in Windows Server 2019. This course attempts to cover about 90% of the daily tasks off system and being a Streeter's. You will learn to falling topics, downloading and installing virtual box. You will be introduced to the concept of virtual ization. We will also download and install virtual Box, which is a free for personal use. Hyper Visor Installing Windows Server 2019 We will install Windows Server 2019 is a virtual machine using virtual box and briefly talk about different installation options. Introduction to active directory here we will install active directory domain services and promote I was served to be a domain controller. I will also introduce it to active directory, forest and domains. We will take a look at active directory users and computer snap in and create some objects in active directory Managing Active Directory in this section will perform a scenario based active directory set up for a small business. We will create users, groups organizational units and join a workstation to the domain introduction to group policies. Here. I will introduce it to group policies and show you how you can use them to make your life as a system administrator a lot easier installing and configuring the DNS server room. In this section, you will learn about DNS and how to manage the Dina several in Windows Server 2019 installing and configuring the DCP server room. This part of the course will be about installing and configuring the DCP several on the Windows Server installing and configuring Windows Admin Center. This section will be focused on Windows Admin Center on YouTube that allows to manage multiple servers and windows 10 workstations from one Web console. Thank you very much and I will see you in the next chapter where we will learn about virtual ization and virtual box 3. 2: Hello. Welcome back in this video lesson will prepare a lab environment. We're going to use virtual box, which is a free for personal use. Hyper Visor, currently being developed by Oracle Virtual Box, has a lot of features that lets you create multiple V EMS assigned resources to them, and also you can set up different networks. For example, you can have an internal network where VMS can communicate on Lee with one another but dubbed with other PCs or devices on your land. Or you can make VM share the physical network adapter on your PC and communicated with other devices on your network. First, we need to go to triple W dot virtual boggs dot org's slash wiki slash downloads and download the Virtual Walks installation file. From here, I will download the one for Windows. Looks like it's finished downloading. Now let's run it. Click Next. Next, I will leave all the defaults. Notice this warning here. It resets your network connection during the installation so you will briefly lose your network access. I'm not going to lunch virtual box just yet. Instead, I'm going to download and install the extension. Pack it at certain features so it's always a nice thing to have in your virtual box installation. You can read what it does and over teachers here. I got this error. I will just click. OK, I believe the reason I got this air was because I had another version of virtual box installed before. So I will just go ahead and upgraded. Okay, I agree to that and finally was successfully installed. And there you have it. Now you have virtual box with the extension pack installed and you can use it to create and run virtual machines. Thank you very much. And I will see you in the next lecture. 4. 2: Hello. Welcome back. In this video lesson, I will show you how to download an evil eye so of Windows Server 2019. So open your browser and just go to this euro or type Windows Server 2019 valuation Download in your search bar. This leg will take you to Microsoft Evaluation Center Jucilei eso option under Windows Server 2019. It will ask you some information before it lets you download the I. So I will go ahead and fill this out with my information. After everything is filled out, click on the continue button, select your language and pressing the download button. This will take a while. So I'm going to pause this video until my eyes so finishes downloading. It took me about 20 minutes, and finally I got my eyes. So image I will see in the next chapter where I will introduce you to virtual machines and install Windows Server 2019 as a VM using virtual box 5. 3: Hello. Welcome back in this lecture of a briefly introduce you to virtual machines. If you already familiar with virtual ization, please feel free to skip this section. According to Wikipedia, a virtual machine and short VM is an emulation of a computer system. It is basically a computer within a computer. Software that allows us to run virtual machines is called hyper visor. A lot of different vendors have their own solutions for virtual ization like Microsoft or VM Ware. There are also some open source. Hyper advisers like TVM are open stack. The beauty of virtual ization is that on the same physical hardware, you can run a host of different operating systems. You get features like life migration when you can move an entire VM from one physical server to another without shutting it down. The whole idea behind virtualization is based on the fact that the majority of modern physical servers do not feel, utilize their CP use and run usually 20 to 30% capacity. This gives the opportunity to utilize hardware resources better by putting multiple V EMS on the same physical server. There are two types of hyper visors. Type one or bare metal hyper visors run directly on the host hardware and do not need an underlying operating system that seem to have a smaller footprint. Type two or host of hyper visors runs on an underlying operating system, just like other applications. In our settled will use Virtual Box, which is a type two hyper visor to run our virtual machines. I will see you in the next lecture, where we will install Windows 32,019 as a virtual machine. 6. 3: Hello and welcome back in this lecture will finally get our hands on Windows Server 2019. First, we need to ensure we have enough resources to run Windows Server 2019. Below are the minimum of hardware requirements that can be found on the Microsoft website. We will need a 1.4 gigahertz, 64 bit processor, two gigs of RAM for sir with desktop experience, installation option and at least 32 gigs of this space. Once we made sure our hardware matches the requirements and haven't Eissa image for a Windows server, we're going to launch our virtual box and create a new VM click on new type the name for your new VM. I will leave the machine folder, as is unspecified the U. S. And its version. So for there is no preset for 2019 So I will go ahead with 2016 because it is the closest we have. I will give it four gigs of RAM, so it's a little faster. This makes a huge difference when you add in euros or install updates, then we have to create a dry ford. I will choose vindicate because I'm planning to move this later to VM work. Laster, notice the options for your storage. If you choose dynamically allocated, it will only use the space on your drive as it fills up. If you like fixed size, it will create that drive right away and use up all the space. But the performance might increase. Since it's a lap set up. I will go have but dynamically allocated. I will give it 50 gigs of space. Now your vehemence created. Look how quick and easy it was. But before we powered it up, we need to make a few adjustments. Right? Click on the B M and go to settings, then system process tab and give it a little more CPU resources. Then go to storage and choose the eso image you downloaded earlier to be in your virtual optical drive so it can boot from it and install Windows Server 2019. I also want to change the default network setting and use the bridge mode, my virtual network adapter. To do this, go to network and in this drop down menu, it's like bridge adapter. This will make my V invisible on my local network later on. If I choose so I will be able to set up and connected using already P from my local computer. Everything is ready and we can start the VM to do it. Slugged a VM and click on start. You can choose your language, time and currency format as well as keyboard layout. Here I will leave all the defaults. Click next click on Install now. Yeah, for different options here, the main two options Air Standard and Data Center additions Data Center addition, has the most amount of features and is also more expensive. The main difference I would like to highlight is that the Data Center addition allows you to have as many virtual machines on the same physical server as you want, whereas with the standard edition, you will only get to GM's both editions. A licensed based on the amount of course in your server data center also includes some advanced features for storage replication and suffered defined networking. You can view the full comparison if you follow the link below notice. Each has what's called the core and the desktop experience modes when you disturb experience, because that basically means graphical user interface Without it, you will have to do everything through command line. I will go ahead with the standard edition desktop experience and click next. I will accept the license terms and click next. Let's go through the custom installation option. I have my drive here and not much else. In case this was a physical machine or for whatever other reason, and you needed to load a driver for your hard drive, you could click on the low, dry button Ambrose to that driver for your stores device. In this menu, you can also create a rim of partitions. I'm happy with the default layout, so I will click on next. I'll just wait until the copies, all the files and everything, and I will fast forward this until it finishes installing. - Okay , so it's finished installing, and now it's going to reboot. All right, Windows is getting device is ready. Finally, everything is ready, and it's time to set your password. I will try my super secure password and click finish, and now you kill law again. Now click on input Keyboard. Insert control. Oh, delete. You can also press right control and delete for this action. Put your password and hit Enter this message is asking you whether you want your computer to be visible to other Windows PC's on your land through network discovery. I'll click Yes to that, and here we have this pop up. Windows Admin Center is a browser based application that allows you to manage Windows servers and Windows 10 PCs. It comes with no additional cost and can be downloaded directly from the Microsoft website . You will learn about it later in this course, and here we have our server manager, where you get to do a lot of different things. This is where you can install rose and futures and change various configurations on your server. Now let's install virtual box guest editions to do that. Go to devices, Insert guests Edition CD image. Now let's go to a virtual city drive and launched executable fall from there. According to Oracle, the virtual box guest additions consist of device drivers and system applications that optimized the operating system for better performance and usability. It is always a good idea to install it. In case you're using humor product to run your V EMS, be sure to install via more tools from your virtual CD drive lunch TV box Wind is additions . Execute herbal Click next, next again and install. I will trust the software and click on the installed Bud Virtual Box Guest additions require a reboot, so I will reboot my server to finish the installation. After the service has rebooted, let's log in again. ID like to show you a few more things. The first thing I want to do is to set up a static. I pee on this server. To do that, you can right click on the computer icon in the trade and click on open network and Internet settings. Now select Ethernet and click on Change adapter options. Right Click on your network adapter and go to properties. So, like I P Before and click on properties, you can assign any available I pina network. Put your defoe gateway. For now, I will use Google DNS as my preferred DNS server. Next thing I want to do is enabling already P on the server. Remote desktop protocol is a Microsoft proprietary product call. It allows to connect remotely to win two servers and workstations and provides graphical interface. First, let's go to the computer properties now click on remote settings, switches radio button to allow remote connections to this computer. We got this pop up about a Farmall exception. Rdp uses Port 33 89 it needs to be open on the far wall in order for us to be able to connect. So this warning is basically saying that already P is now allowed on old networks and that we want to restrict this product. All we need to go to the formal settings and do from there I will say yes to that and click on apply. Last thing I want to do in this lesson is to change the server name to do the click on change settings. Click on change now type whatever name you want to give to your server and click OK, it will ask you to restart, so I will go ahead and restart my server. This is it for this lesson. We have installed a new window, stir 2019 and configured its network settings. I will see you in the next lecture where I will introduce you to active directory 7. 4: Greetings and welcome to this new chapter on active directory. Active Directory is a directory service that make yourself developed for the Microsoft Domain networks. So Active Directory is Microsoft's implementation of directory service. Director services are software systems that store organized and provide access to director information in order to unify and network resources. For example, actor director domain services stores information about user accounts such as names, passwords, phone numbers and so on. Actor director Demean services was first introduced in Windows Server 2000. Another primary function of active directory domain services is to provide authentication and authorization services to different resources on the network. Authentication is the process of verification. A user's identity and authorization is the process of giving permission to the resources that the user is allowed to access. Service Running active directory domain services are called the main controllers. Domain controllers replicate active director of data among themselves, providing fault tolerance and load balancing. Active Directory has a few different services for rules at directory service, such as active directory Domain Services provides the methods historical directory data and making this data available to network users and administrators. This data store, also known as directory contains information about active directory objects. It manages communication between user accounts and domains. It also provides authentication and authorization along with search functionality. This is probably the most important service and can be considered as the backbone off every Windows domain network. Active directory certificate services. This road allows us to build a public infrastructure and provide public key cryptography, digital certificates and digital signature capabilities for your organization. These certificates can be used to encrypt files emails for website traffic active directory federation services. This rule extends end user single sign on access to systems and applications located across organizational boundaries. For example, if you have a partner companies website that requires credentials to log in, you can get a less active directory federation services. In this case, once you, there's authenticated against your active directory actor director Infiltration services can pass the credentials to the partner website located outside of your network, and the users now don't have to type in their credentials. Toe log into the website. Active Directory Lightweight Directory Services is a lightweight implementation of active directory domain services. Active directory Lightweight directory services provides much of the same functionality as active directory domain services as it shares the same code base, but it does not require the deployment of the means or the big controllers. You can run multiple instances of active directory lightweight directory services concurrently on the same server, and it does not require active directory domain services. This can be useful if you have some third party applications that do not miss a sailor. Require active directory domain services. You can configure a separate incidence of active directory lightweight directory services for each application like that on the same server without making any changes to your active directory. Active Directory Rights Management Service. This role allows to protect unauthorized use and distribution of digital content by using encryption in a form of selective functionality. Denial for limiting access to documents such as corporate emails, Microsoft office documents and Web pages. If you install and configure this role, your user skin and crypt, for instance, a Microsoft word document and specify who can access that file and with what level of permission. All these roles, except for active directory lightweight directory service, require active directory Domain services in this course will focus on the an active directory that main services. In the next lesson, we will add active directory domain services several on our new installed and configured Windows Server 2019. I will see you in the next video. 8. 4: greetings and welcome to new video lesson, where we will install active directory domain services and promote our server to be a domain controller. First, we need to go to serve a manager. To get there, go to the start menu and start typing server. Click on server manager Cira Manager is a management console and Windows server that helps I t professionals provisioned and managed both local and remote Windows based servers. Active directory domain services as a role, and we need to add it to our server. Click on add roles and features. Click. Next, we're going to slight row based or feature based installation. If we had other service connected over active directory, who would see them here? But this is the only serve that we have so far, and it has already selected Click Next Police just active directory domain services here. This pop up offers to install necessary dependencies for this rope. Quick out features click. Next. Here we can add features is you can see it's a long list you can choose from. Currently, we don't need any additional features, and we can skip this menu click on next. This one was just giving us some tips. Click next clicked Install button. This will take a while so I will fast forward this video and get back to you once this is done. So the installation is finished and we can click on close notice this yellow triangle here . Click on it. And now we need to promote our servitude Domain controller. Click on that. We have different options here. If you have an existing domain, you could add another demand controller to the same domain or add a new domain to your forest. Since we do not have an existent forest will go so like the last option and add a new forest. I will give it a name and I happen to register this name on the Internet, which is test company Doctor Que. The stuff level domain allows you to register domain names free of church with some restrictions, and you can go and get thrown right now Click on next. Let me speed this up a little bit. Here you can choose your domain and force function levels. According to Microsoft, functional levels determine the available active director, domain services domain or force capabilities. They also determine which Windows server operating systems you can run on to make controllers in the domain or forest have ever functional levels do not affect which operating systems you can run on. Workstations and member servers that air joined to the domain or forced. For example, Active Direct Recycle Bin is a feature that allows you to quickly and easily restore active directory objects. It was first introduced in Windows Server 2008 are, too, and was not available in previous versions. You can view the full list of all active directory functional levels if you follow the link below. In case you had existing to being controllers running earlier versions of forest or the main functional levels, you would have to mash them. But since we're installing a bren you forest, we can choose the latest version for both forced and the main functional levels. Because there are no other Windows Dina service on your network, you have to install the delis several on your server while promoting your service to be a domain controller. Also, since there are no other domain controllers, you must store the global catalogue on the server. The Global Catalog is a distributed data repository that contains a searchable partial representation of every object in every domain in the multi domain active directory forest . Notice this option here. It is a great doubt right now. If you already had another debate controller, you could turn this server into read only domain controller. A read only to make controller holds a read only copy of active directory database. The security of read only domain controller is compromised and someone gets access to it. They won't be able to read any changes to active directory. This is a useful feature, in particular for locations where physical security is not guaranteed, but local users still need to authenticate against active directory. Here, you can choose your directory services. Restore mode Password Directory service. Restore Mode is a safe mode boot option for Windows Server domain controllers. De SRM allows enemies trader to repair or recovered the actual directory database. Once you tip your password, click next notice this warning here. This message means that our server looks to the service responsible for the top level domain in our cases dot DK and it looks for a delegation to itself. Windows DNS servers can ought to create such delegations on Leah Microsoft DNS servers and will always fail if the parent and as the main zone resides in 1/3 party. DNS servers, for example, Bind, which is used by most of the ice piece. This message can be ignored unless you're integrating your server with another DNS server that already exists in your network. In case he needs some of the resources in your internal. Don't mean to be accessible from the Internet. You need to create those records on the name service you have chosen to use, so we can safely ignore this message in our case and click next here. You can verify and change if need be. Euronet Bias Name Host names or NED Biased names were used to provide a friendlier means off identifying servers or workstations. No bias names is based on an older protocol that should be used within the land on Lee and registers itself on the network every time the PC is powered up. Are rebooted using Ellen hosts, broadcasts or wins to provide resolution off enough bias Host name to its I P address. They're limited to 16 characters in length, with 15 characters visible. Click next and proceed to the next step here, you can specify the locations of different files, but since it's a lap set up, I believe all the defaults. But you can change them to whatever you want. Click on next. Here we have our summary. I noticed this button. You can actually view the script. You can copy this and use this to instill actor director domain services through command line. Let's close this and click on next. As you can see, it's verifying older prerequisites at the moment. This might take a few minutes, so let me spit it up. You see a couple of warnings here. I already saw the second warning before. It means that there are no other bikers Sub d n a service on the network. The center will install the Dennis of Roll created Deanna Zone and configure all required DNS records for active directory. Let's talk about the first warning we have here. This warning means that the policy, called allow cryptography algorithms compatible with Windows and T 4.0 is configured to prevent Windows operating systems anther party clients from using we cryptography algorithms to establish that Logan security channels to domain controllers based on Windows Server 2008 and later Windows NT four point. Oh has been out of support for many years, so we will not concern ourselves with the warning. Let's go ahead and click on install. This might take a couple of minutes, so fast forward it until the installation is done. Installation is finally finished. You can click on close. Your server has been promoted to domain controller. It needs to be rebooted. Thank you very much for watching this video, and I will see you in the next lecture where we will go over the structure of active directory and at some objects inside of over newly created domain. 9. 4: Hello and welcome back in this lecture will take a look at active directory users and computer snapping. This is the place where you will perform over 90% of daily tasks related to active directory. The lunch this snapping Simply start typing active directory in the start menu and it should appear. Click on it at the top. You have your domain and a deliver level. You see this folders that contain various objects, like user computer accounts. You can also see that icons look a little different. That is because some of these folders are containers like computers here, and some are organizational units. The main difference between the two is the organization. Units can have group policy objects linked to them. We'll talk about GPO's Later in this course, let's go to these containers that were created by default. The 1st 1 contains security groups that give different permissions to their members. For example, members of the remote desktop group have permissions to log in to computers in the domain using remote desktop protocol. Next we have the computers container. This is where old computer accounts go by default. If I were to join a new workstation to the domain. I would see a computer account for it created in this container. We will join another virtual machine to this demean a little later. That they made controller ou is, as you could probably guess, where computer accounts for domain controllers go so we can see our server here. If you had to trust with another active directory forced external to yours, you could see some accounts in this. So you a trust allows to establish a communication channel between different entities, such as active directory domains or forests. For example, when a company that already has active directory in place acquires another company that also has an existing domain environment, it is common to create a trust to allow users from one company to access resources. In the other managed service accounts is a container for special demean accounts. They're usually used for applications or service installation, those air dedicated accounts to run services, bad jobs or management tasks. This is a rather advanced topic, and we will not discuss it in detail in this course. In the last container, we have more security groups and a couple of user accounts. This is the administrator account we're currently logged in with. Let's go ahead and create some objects. Lonely approaches to acting director management is to create organizational units according to departments in your organisation. So we will create an organizational unit for our HR department, right click on your domain new organizational unit and then type the name in this newly created OU. We will add a new user for Salad Johnson. I notice you have different password options here. Since this is a test set up, I will set up this password to never expire, so I don't have to worry about it later. We will also create a new group for this department Here. We have different options for group scope and type. A group scope identifies the extent to which the group is applied to in the domain, tree or forest. In this table, you can see the differences. The main local groups are most often used to sign permissions to resources. Global groups are commonly used income pass users with similar access requirements. Universal groups are usually used when your environment spins different domains. We can spend quite sometime talking about group scopes in active directory. But since this is an introductory course and we have only one domain and our environment. We will not go into too much detail here. The difference between security and distribution groups is that distribution groups are used only for mail distribution and cannot be assigned security permissions. Where is through security groups, you can assign access to resources like file shares. Let's make Sally member of this newly created group. The book. Look on the H, our group Go to Members Tab. Click on add button. Start typing the name and click on check names. The count was found. Everything is good. Click OK, now it can apply the change and click OK. In this lesson, we took a look at active directory structure and created basic objects. Thank you for watching, and I will see in the next chapter where we will continue our active directory set up based on the real world scenario. 10. 5: Hello. Welcome back In this video lesson, we'll download a window stent isil image. Use it to install a new virtual machine enjoying it. Our domain. First, let's go to this link. Select ice. So enterprise include Continue. You have to fill out some information here in order to be able to download the image, you can select 32 or 64 bit version. I will go ahead with 64 bit in case I need to have more than four gigs of RAM later and now download has started. I will fast forward to win. The has finished downloading. Our image has been downloaded. We will lunch virtual box now and creating UVM. We'll give it a name and select the appropriate settings. I will give it four gigs of Ram. I will keep the same settings that we picked before when we created our first server, VM. I will also give it to CP. Of course, I will point the virtual CD, drive our ice of image. Let's go to the network tab and change our network settings to the bridged adapter. Now we can start the VM and begin our window stand installation. Let's accept the license terms. We'll choose the custom install and you install it on the only dry we have, and we will leave the default formatting. This will take a while so I will fast forward to when it's done. And I'll see in a few minutes. Windows has basically finished installing, and we need to go through the initial set up where we get to choose our language region and are the things first need to choose your region. Now choose your keyboard layout, which is us, and I don't need a second keyboard at this point. Microsoft wants us to log in with an office 3 65 account. I don't have one, so I'm going to put my email. It will fail, but later he will allows us to create a local Windows account. Click on set of windows with a local account. Select your user name here. I will type test and then create your password. Make sure you will remember it in the next step. You have to create three pairs of security questions and answers. Make sure you remember those two. You can use them later to recover your password. In case you forgot it. I will not use Cortana as my personal assistant, So I will decline. I will not use activity history, so I will say no to that question. Since it's a lap set up, I will just accept all the default settings in the step. After a few minutes, our windows this final ready and I will say yes to this question because our PC is going to be a part of a work network now a sign aesthetic i p to this machine, go to the connection icon, right Click on it open network and Internet settings, go to Ethernet and then change adapter options. Right. Click on your adapter there, go to properties and then you need to change the I P V four properties. I will assign an available I pee on my network here and in the DNS. I'm going to put my server because you need to have the I p over your Windows DNS server as your primary DNS. In order to during this PC, too. Active directory. That's done. Now I'm going to enable Rdp. He needs a good to computer properties. Remote settings allow remote connections to this computer Apply. Okay, another thing I want to do is rename this computer to have something like Windows 10 prod instead of this randomly generated name, click on change settings, click on Change and then put whatever you want to name it. Here, this is going to be my name. Click OK, click OK again and we're going to restart. We're back. Let's law again. Next thing I want to do is install virtual box guest editions. In order to do that, just go to device, insert guest edition city image and then go to your computer. It will appear there, go to the C drive and launched the V box windows. Additions dot eggs e Next. Next, I believe all the defaults in stone. I will trust this software. I'm going to reboot it now. Let's go ahead and law again. Now we're going to join our computer to the domain. One thing I noticed before is when I try to join it. I couldn't when I had the I P V six enabled, I will go ahead and disabled. I previous six. You have to go to your adept options good to properties and just uncheck this I p v six check mark click OK, now we should have no problem joining this PC to the domain. Go to the computer properties, click on change settings here and click on change. We're going to make this computer a member of our domain, click on dummy and then typed a domain name that you've given your active directory before clicking. OK, so it's asking you for credentials how we use my administrator account for this click. OK, and there we have it. This computer is now joined to the domain and we need to reboot it. Thank you for watching, and I will see you in the next video where we'll continue working on our active directory set up. 11. 5: Hello. Welcome back in this video lesson, we're going to create our active directory structure. We'll create a few organizational units, users groups and also Logan scripts. Let's start by going to active directory users and computer snap in. We have already created our organizational unit here for our HR department. Now we're going to create a couple more. Let's create another organizational unit for accounting. Let's create another organizational unit for I t. We will create a couple of users in each organizational unit. It is quite a repetitive task, so I'm going to fast forward it now . I'm going to create a group for the accounting department. I will make all the people in this OU members of this group. I will also create a group for the I T department. I will check the membership of the HR group quickly. I will add Bob here. So now we have a few groups, a few users and different organizational units. Next thing that I want to show you is creating a shares voter In the few Logan scripts, these scripts will map a shared voter to users computers upon every log on Let's go to our computer, see Dr and we're going to create a folder here. Let's create a folder for the HR Department Creative folder and now let's share it. To do that, go to the properties, click on sharing and click on Share. Now you can see that Onley administrators have access to this folder. What you want to do now is at everyone and give it a read and write permissions. This water has been shared. Next step is we have to go and AT and T fs permissions to the appropriate group in order from members of this group to have access to this folder. Currently, everyone can access this folder. We don't want that we only one the members of the HR group to be able to access this folder . Let's edit that we will remove everyone and add the char group with full control permission to this folder. In order to demonstrate how this works, I'm going to go to my work station and law again as one of the H R users. - Since we're logging in for the first time, we're seeing these messages. Now you can open any folder and in this field type box, live box slash and the name of your server. Notice these two system voters here. According to Microsoft System, Well Folder is a shared directory that stores the server copy of the domains public files that must be shared for common access and replication throughout a domain. It contains log on scripts, group policies and some other files. Net Logan points to the scripts folder inside of CIS. Full. Let's go to our HR folder. I have full permission to it as Bob and I can critic file. So let's create a simple text document just like so and let's save it here. I'm going to log off and log in as a different user. I'm going to log in as Julia, who is not supposed to have access to the HR folder. - Let's try to connect our shared folders. Julia. We can see the same folders, but let's see what happens when you try to go into the are folder. This message says that we don't have permission to the folder, and that's the way we set permissions on this voter. I'm going to go back to our server and create a couple more shared folders for different departments. Now we have a folder structure in place. The last thing I wanted to show in this lesson is creating Log on scripts to create a log on script. You have to go to see Dr and then Windows Good to sis Full folder, go to domain and then the full trickled scripts. That's where Logan scripts, they're stored. We're going to create a text file, and we're going to name it be Winchester. We need to change the extension because Logan scripts are supposed to have dot bat extension. And yes, I'm sure break click on the file and select added, Here's the texting you to type net use and then you have to pick a letter for your drive. I will choose s calling space backslash backslash and then type the name of your server Protas, Servi, Zehr one in my case and then the name of your shared folder. I'm going to close it, saving now I'm going to copy the name of this file. You have to go to active directory users and computer, snap in and find our user Bob. Double click on it, go to the profile tap, and then put the name of your script here. Apply it in. OK, now we can log in his Bob and we should see the map drive. We're logged in and let's check. Go to your PC and there we have it. There's are a test file. That is how you automatically map shared drives to users. Computers. Thank you for watching this video, and I will see you in the next lecture where we will dive a little deeper into user account management in active directory. 12. 5: greetings and welcome back in this lesson, we're going to talk more about account management. First, let's go to active directory users and computer snapping. One of very common tasks you will have to perform as a system administrator is disabling accounts and active directory. You might get a request from your HR department saying, Well, you know what? David Bishop's contract has been terminated. Please disable his account. You would go to active directory, find the account and right click on it and disable it. What that means is that David Bishop can no longer log into any of the computers on your network or access any resources. Let's check how it works. There you go. David can no longer law again using his account annually computers on the network. Another common task is resetting account passwords. Say you get a call from Kathy Burns, and she forgot her password. Once you have verified her information, you can go to the active directory users and computer snap in, fund her account there and then right click inches reset password type in your password. After that, you can let the user know she can log in with the new password another feature of active directory I wanted to show you Today is active Directory cycle. Been active directory cycle been allows for a quick and easy restore of deleted active directory objects. First, we have to enable this feature because it is not unable that default. Let's go to the server manager. Click on Tools Active Directory, Administrative Centre. Let's go to our domain here and that we have this button on the right side enable recycle bin click on them. It will born is that we cannot reverse this action clicking OK and that's it. We can closed off for now. Let's suppose you're removed someone's account by mistake. Let's navigate to the h r o U and remove this account. Later, we realised that we made a mistake and we need to restore that account back. We can do that by going to the server manager again. Go to the active directory administrative centre, select you dummy and notice we have this folder here now deleted objects number. Click on that. There's our account that we just removed by accident. We can click on restore or restore to if you want to restore their count into a different location. I'm going to click on Restore to put their count back into the same organisational unit. Let's go in check There it iss her account is back. So the last thing in this video lesson that I wanted to show you it's how to enable disabled account. Let's go back to our counter. We disabled. We have this black little arrow next to our icon showing that it is disabled. Go to properties of that account, go to the account tab and then scroll down here. You just have to uncheck this click apply and OK, that's it. This means that David Bishop can log in again and use his computer. Thank you very much. And I look forward to seeing you in the next chapter where we will talk about group policies. 13. 6: Hello and welcome back to this new section. In this section, we will talk about group policies and implement a couple of them in our environment Group policies. The future of Mexico's Windows Active Directory that allows for additional control of user and computer accounts. It provides centralised management of operating systems, applications and user settings. In Dr Directory domain, a set of user and computer settings are referred to as a group policy object. The version of group policy, called local group Policy, allows group policy Object management without active directory On stand alone computers, post savings are created using the microscope management console. Snap in for group policy. Let's take a look at this on our server. Go to start menu and start typing group. Click on Group Policy Management and there you have it. This is the consul to manage group policies. So let's go ahead and drill down. So we have our forest here, our domain. Our organizational units notice this folder here. Group policy objects by default. There are two group policies already created. One is linked to the domain, and this applies to all users and computers in our environment. The other is linked only to domain controllers. With GPO's. You can enforce password complexity to prevent users from using passwords that are too simple. Block access to command line. Restrict access to certain boulders, change the background image and a lot of other things by default. Group policies are updated every 90 to 120 minutes, or when a PC is rebooted. Some settings are applied only during start up or log on such a drive. Map ings or automated software installation users. CA manual Refreshed group policy but executing the GP update command in a command prompt group policy objects are processed in the following order. Local group policies a process. First, you can have local group policy even on a standalone computer. Next level is group policies. Associate it with the active directory site where the computers located. In our environment, we only have one site, but if you had multiple geographical locations or networks, you could set up multiple active directory sites and apply different GPO's to them. After the group policies linked to domain get processed. Our active directory consists of only one domain, so if we wanted to create a GPO that must apply to everyone this would be a good place to link it to. At the lowest level are GPO's associated with organizational units. This means that a GPO linked an organizational unit will be processed last and will potential over its settings off another GPO. Higher up in the hierarchy. Let's create a GPO that enforces password length for all users in sight of our domain. Right click on the domain, click on Create a GPO in this domain and lick it here. Let's give it a name and click OK, now we have to modify the settings of the GPO, right click on it. And Goto added, Now we have to drill down to the setting. We need to change under computer configuration. Good of policies. Then, when the settings, then security settings, then account policies inside account policies go to password policy. Since we want to change the menu in Password went double click on that policy, clicking this jukebox and I will send my password length to eight characters, then click OK and apply. Now, let's find out if this GPO has been applied to our Windows 10 computer. Let's log in as Alexander Bruce, a member of the I T department and check open a command prompt window as an administrator to see the full output of the GP Result Command type GP results slash R and press Enter. Now let's scroll up and see what GPO's have been applied to this computer. As you can see, only the default. The main policy has been applied so far. As you already know, group policies by default are updated every 90 to 120 minutes. The fact that we don't see our nearly created GPO here means that this PC has not updated its set of GPO's yet. Let's fix it by issuing the GP of day command. Let's check again whether the new GPO has been applied on this computer. Now we can verify that our GPO has been successfully applied to this computer. Last two things. I wanted to show you this video how you can block inheritance or enforce the GPO link. If you do not want to apply higher level GPO's to certain Oh, you you can block inheritance. Let's say that, but whatever reason, you don't want to apply the default that main policy to the members of your group. Let's first check the group Post inheritance on not, Oh, you. So you have to GPO's apply to the users in the So you your group policy management snap in right click on the OU for your I T department and select block inheritance. Now, if you refresh and go to the group policy inheritance staff, you will see that no GPO applies to that. Oh, you. In case you still want to play selected high level GPO's, you can enforce them, which will override the block inheritance property. Let's say we still want to apply our password complexity GPO to the members of a variety department right click on the desired GPO and select enforced. Then click, refresh and check the group policy inheritance on our I T organizational unit. As you can see the password complex that GPO will still be applied to this. So you, even though we have blocked inheritance, that is it for this video, and I will see you in the next lesson. 14. 6: Hello and welcome back In this video lesson, I will show you how to set a background image through GPO's First, Prepare your background image. I have lining the route of C drive on the server. That is damage. First of all, we need to create a photo and shared so everyone can have read access to it. Now let's shared. Let's give everyone read access to it. Let's put the image into the shared folder. Now we need to go to the group Policy management snapping and create a new policy. I will apply this policy on the domain level, meaning everyone will get this picture as a background image at every log on. Let's create a new GPO and give it a name Now, right click and go to add it. Now I have to drill down and find the required policy. So go to user configuration policies that means treated templates. Desktop desktop. In here, you will see this policy called desktop wallpaper. Double click on it. Switch the radio button to enable in this field. We need to put the UNC path to our image. So computers on our network and access it. Let's get the UNC path of our picture, U. N C. Stands for universal naming convention. It is a standard that is used for locating computers, servers and other resources on the network. You can also refer to it as network path. You have different options here for your wallpaper style. You can select whatever you want. I will set mind to stretch now click on, apply and okay after our GPO's configured Let's test it. Let's long into our Windows 10 machine as one of the users we created before. As you can see, the GPO didn't apply. This is because we name will block inheritance on the OU where this account resides. Let's fix that. Let's go back to the server in turn off Blawg Inheritance option. Right click on the OU and click on block Inheritance. Now let's test it again for the GPO to apply, we need to log out. Look back in. So this time the GPL worked as intended and you have a new desktop wallpaper that was set through group policy. Thank you for watching this video and I will see you in the next one 15. 6: Hello and welcome back In this lecture, I will show you how to deploy software through group policies. To demonstrate this, we will deploy Far Fox for our H R department. First, we need to get the M assigned Stoller from Mozilla Firefox M Aside. Files are database files used by Windows Installer, the described installation via Data Beach tables and installed here, a complex set of installation sequences defined within the Masai file itself. To get that M aside file for Firefox, go to front motion dot com and download the file from motion. Far Fox Community provides M Assign Stoller's and other packages from Mozilla Firefox. Click on the Far Fox s Our Link. Let's download the US English version. Now let's copy the file over to our server. Next step is to create a distribution point. This is where you saw for packages will be stored. Let's create a folder and shared re permission is enough for computers to access the share and installed applications from it. Now move them aside, filed our distribution point. Now we're ready to create a GPO for soft for installation, go to the group policy management console. Let's create any GPO and lick it to the HR organizational unit. I will name on GPL Firefox Underscore installation. This message informs us that changes to the GPO are global and will affect all occasions where this GP was linked. In case you used this. GPO from multiple organizational units. Now right, click on the newly created GPO and Goto added. Under user configuration, expend policies go to software settings. Pray click on suffer installation. It's like new package. Let's went into our M Aside file. The first option is published. This means that the suffer will not be installed automatically. Instead, it will be available for users to install it if they choose, so they can do it by going to control panel programmes and features and clicking on install a program from the network. If you choose this sign option, the application will be installed automatically. The last option will basically take you through old, the different settings you have when creating a suffer a package deployment. We will choose a sign since we just want to install the application without any input required from the user. Let's check the properties of this package. Go to the deployment tap it noticed the deployment options. So far, only the first option is checked. What this means is that the application would not be installed right away. But if you use their attempts to open a file associated with this application, it will trigger installation. If we want. For this application to install a soon as the user logs on, we need to check the last option on the list installed. This application at log on the second option on the list means that the application will be removed when the Associated GPO no longer applies to the user. The third option allows you to hide this package in control panel, so you just won't be able to go there and select Install the application. The last section allows you to choose how much of the installation information is shown to the user using other tabs. You can specify if and how you want to deploy updates to your software package. Assign into different categories, which you can create in the properties of the software installation. You can also add modifications in the form of MST files in an SD file. You can specify different options for yourself for installation so users won't have to go through them while the application is being installed. Those air more invest options and they will not be covered in this lecture. Now it's. Does the far policy worked? I'm going to along the PC and refresh group policies. On this PM I will type GP update, slash force and enter. This basically tells us that we need to first log out and the lung back in for the changes to be processed. Let's look out and walked back in. As you can see, far FARC's has been installed and we have a shortcut on the desktop. This concludes the lesson as well as the current chapter focused on group policies. We have more exciting things coming up, and I will see you in the next lesson. 16. 7: Hello and welcome back in this chapter, we're going to talk about the main name system, or DNS, for short. Deena's automated naming system that facilitates conversion of easy to remember often America domain names two series of numbers as an I P before or numbers and letters as in my PV six i p addresses. The idea behind DNS was to simplify and automate the manual work off updating and centralized host table that could be only updated the phone during business hours. Guinness can handle domain names in various types of records, like A or Mexicans. It we simplify a little. We can say that the structure of the DNS servers on the Internet consists of various DNS servers such as those that ice peace have en route service at the court that are responsible to give you a list of authoritative name servers for the appropriate top level domain. If you're gonna server doesn't have a record than it would afford. The query to the root server that will point you to the right authoritative server. They should have all the records for that domain. Marcus Oats definition of DNS is domain name system is one of the industry standard suite of protocols that comprise TCP AP and together the DNS climbed Indian as server provide computer named Toe I p. Address mapping name resolution services to computers and users. We have already added the Dina several on our D. C. Your active director installation actor director requires a dina server to function properly. Let's take a look at the genus management console. Go to start menu type DNS and wait until Adina Snapping Icon appears. Click on it. This is the DNS manager snapping. Let's drill down. The top level indicates the name of the Dina server itself. Let's explore the server settings first, right click and go to properties. The first step shows interfaces. These settings are responsible for binding interfaces to the DNS server. By default, all interfaces will accept and resolve Dennis queries. Click on Forward ish Tap. Ford has helped to speed up the resolution process for DNS queries by sending queries not to the root servers but to third party server like Google or Cloudflare, which advertised itself as the fastest DNS server on the Internet. Let's set A Ford is now click the Edit button and entered the I P address of a Google DNS server. We will use a dot a 0.0.4 dollars for I p. You can see now the green check mark and server F. Cody in is set to Google Public DNS be dot google dot com. Also, you can see okay in the Validated column. That means that the Fording servers operational and was able to resolve a test query, by the way, the process of resolving an I P address to an F. Cody and it's called Reverse Look up and that will talk more about it later. At the bottom, you see the number of seconds before fourth queries time out setting. I don't believe it as default three seconds. This specifies how long your server will wait for a response from one forwarder before tries the next forward or i P address on the list. If you said the setting toe one second, for example, and the network connection to the server has a greater delay than the time out period, then the query makes part before arriving back to the server, and the result will affect it would be dismissed. Let's add another for murder. We will do Cloudflare this time. The I P is 1.1 dot 1.1. As you can see this, i p result 21.1 dot 1.1 name. Let's click OK button To save our settings, we now have added two more eyepiece Tower list of forwarders. There's another type of forwarders available and it's cold. Conditional forwarder. We will talk about it later. Click on the advanced stab On this stab, you can see the DNS server version number and advanced options. Towards the bottom of this tab, you can see enable automatic scavenging of stale records Check box. This setting will enable scavenging function on this particular server, but actually once started deleting any DNS records to enable scavenging of stale records. Fully additional set of is required. We will talk about it later in this chapter. For now, let's talk about what Dina scavenging is. Scavenging is a process of deleting still DNS records that are no longer in use. This function is useful to keep the Deena's database maintained and helps to avoid potential connectivity issues. This is useful because an actor director Environment computers automatically create an update their Guinness records to facilitate seamless connectivity inside a domain in contradiction. In the older days, the records were created and maintained manually and had to be updated every time an I P address changed. We won't enable dysfunction. Now we will conduct it later. You're in the scavenging set up process. The last option here's through its Adina server to his default settings. Click on the route in staff. In this step, you can see the default settings for the DNS root servers, according to the Internet Assigned Numbers Authority, the authoritative name servers that served the DNS Root zone. Comely, numb as the root servers are a network of hundreds of servers in many countries around the world. They're configured in the DNS Root zone as 13 named authorities. Their name in the form letter dot root servers dot net, where letter goes from A to M. Theoretically, you can use your own list of servers for the route in servers. I will keep the default setting since we're using four orders. Instead, click of a security tap. This step is standard mike, so Windows security settings you can define who can access the D in this service. Here, let's click on the monitoring tap here you can set of automated Deena's testing on your server. Let's do that. As you can see, both simple and recursive queries have passed the test. Now we've set up automated testing to make sure it's working correctly. You don't have to keep it on if you don't want to click on the event logging tab. This type is used adjusted logging settings of the Dina server. I keep default settings to look all events because of issues arise. It is better to have all available locks for the troubleshooting rather than having less logs. Now click on the debug logging tap. This step is used to enable advanced package logging. This is needed in case of serious problems arise and advanced troubleshooting is required. It is recommended to keep it off your normal operation, since it will reduce the performance of the DNS server. We have checked Guinness Service settings that are available in this management console. In the next video, we'll go over the most common types of Dennis records. Thank you and I will see you in the next video 17. 7: in this lecture, we will talk about different types of DNS records and go over the most common ones. You're most likely already familiar with a records that result. Guinness names Toe I p addresses Bright previous. Six. You would use quad records to do the same thing. Old Unit's records have a time to live value. It specifies the amount of time recursive DNS service will keep that record in cash after clearing the authoritative server. Another common type of Guinness records is a canonical name record or C name. This record maps and alias to true name. In other words, seen any maps and earliest another a record. Here's an example of seen a record we could use in our environment. Reverse look Appointed records or PTR map An I p to host name, which is the opposite of what, in a record does mail exchange record specifies the mail server to handle incoming email for domain. Here's an example of a Mex records notice that this DNS record has a field called Priority . This is the specified the preference in which we want our mail server to receive email in the example above. Since both records were set to have the same priority. The load will be distributed evenly. Zero is the highest priority. But if it wanted to set up another mail server to be used in case of a disaster, we would set up another record with a lower priority. Like so this way, if male and male to become unreachable, other mail service on Internet will start using D our site to deliver email. Our domain name server or NETS record indicates the authoritative Dennis Forgiven domain. In a typical scenario, after you purchase a public domain name from the registrar, you would set up. And that's records with the registrar to point to the DNS servers that you will use for that domain internally when you installed the DNS rule. This record is created by default and points to internal Windows. DNS Server text record is another type of resource records in DNS. He's very goods are often used for identity verification. For example, you can use a TXT record to implement Senator Policy framework products, all designed to prevent spoofing. In other scenario, who would set of the falling 60 wrecker to specify that only mailed out test company, Dr. K is allowed to send email from test company Doctor Que start of authority record. This record is created at the beginning of a dean of zone file and specifies the authoritative name server for that Gina Zone, along with contact details for the demean administrator, the main serial number and information. How frequently secondary Dina servers should query the master name server service record or SRV record a Serie record specified the host name and port numbers of servers for specified services. You can said the following parameters in an interview record in the Windows DNS server Snapping Service. This and bawling name of the Desert Service protocol to transfer protocol of the desired service. This is usually either TCP or UDP priority. The priority of the target host lower value means more preferred. Wait a relative weight for records with the same priority. Hard value means hard chance of getting picked. Support the TCP or UDP port, on which the service is to be found. Host offering the service the canonical host name of the server, providing the service and digging and dot. A good example of this record would be an auto discover. A survey record for the Microsoft Exchange server. This record allows outlook to connect to the exchange server from outside of your local network. In this lecture, we have covered the most basic types of Guinness records. Stay tuned for the lecture where we will talk about more events. Topics such a split brain, DNS. Indiana's Policies and Windows Server. 18. 7: welcome back to new video of this course. In this lecture, we're going to talk about split brain, DNS and Windows Server. Deanna's policies split brandy, and this is a delis. Implementation method allows you to solve a problem that all right, just when a network resource needs to be access from both internal network and the Internet , so you have a website, triple W dot test company dot TK, and it has hosted on an internal Web server with internal job postings. Another version of this website is available to external users that contains external job postings. Two separate access between external and internal users before an administrator would have to maintain to DNS servers, one internal and one external. Let's consider scenario. The internal site is available of the local I P. 1 92.1 $68.3 dollars, one on one. The external version of the website is available at the public i p. $65.55 dollars 34.101 You would need to have your internal DNS server configured with an a record that would allow internal users taxes the website. For external users, you would have to have a different Dina server that would resolve a different public i p to redirect users coming from the Internet to a different version of the website. Starting from Windows Server 2016. Yuki's Deena's Policies Toe holds these Don's on the same Dina server. You would need to have a multi home Dina server with one network cadaver configure with a public I pee in our case till four dot 86.10 dot 33 for external queries and one network adapter configured with a private I p. Again, in our case, 1 92.1 $68.3 dollars. 31 for internal queries. Let's go to our server and lunch Power shell prompt. First, we need to add a new scope. Our existing zone for that issued the full in command. Add DNS Server Zone Scope Dash Zone name. In our case, it's test company dot TK dust name, and we'll just called external Next. We need to add records to both internal and external scopes of our test company. Dot TK zone. You can use the following commence to do that Ed Vienna Server resource record. Dash zone Name. Tess company Doctor Que dash a dash name Triple Double You dash I P v four Address. $65.54 dollars 34.101 Dash his own scope External. This commend adds an a record to the external scope off over zone for Internet users. The next command is at Dina Server Resource Record Dash Zone name, which is test company dot TK. In our case, dash a dash knee, triple W Dash I PP four dress And then there's our I P address. This command adds an A record for internal users is you can see we don't need to use the zone scopes, which, in this case, as this command uses the internal scope by default, we can create that record also through Go using the Dina snapping. Once you have set up zone scopes, you need to create Deanna's policies. Let's have the fooling command. Add Dash Dina Server Queary Resolution policy, Dash name. Let's call it Split Brain Zone Policy. Dash action allow dash Service in her face equals to 4.86 dot 10.33. Dash his own scope external comma one Dash zone name, test company dot DK. In our case, this command will allow DNS queries that come to the external interface to be result to records from the external scope of the zone. Dennis policies have a lot of different options. For example, you can manage Gina's traffic based on sub minutes where inquiries come from. In our case, we use the server interface. The example we just went over is not very common of ever. If you manage a large enterprise with multiple sudden, it's in geographical locations. Dennis Policies Comm proved to be a useful tool when it comes to traffic management. You can learn more about Windows Server Deena's policies if you follow the link below, thank you and I will see you in the next chapter where we will talk about DCP. 19. 8: greetings and welcome back. This is a new chapter that focuses on GH C. P. The name in Khost configuration protocol is designed to centrally manage your I p space. In the old days, users had to manual a sign I p addresses all the device on the network. You can see how that can become cumbersome even for a small network. A D C. P server automatically provides an I P two devices on the network, along with other related information such as some that mask default Gateway Deanna Server Time server etcetera. This protocol enables computers and other devices on the network to request type information from the D. C P server. There is no DCP server on the network. Devices will have to be either manually configured for than I P address or will assign themselves a link. Local address also called the People, which allows for communications Onley within the local network segment. Here. The main benefits of using JCP reliable i p address assignment de HCP reduces chances off i p conflicts. That may happen if devices air manually configured with i P addresses ease of eyepiece space management. DCP allows to manage your I p space and options from one central occasion in case with complex networks. DCP RLY agent allows to Ford DCP messages among different sub minutes, thus removing the need for a D H C P server on each submit. A D C. P server ascends I p addresses dynamically. So if you have a lot of new devices constantly connecting and disconnecting from your network, such as wireless devices, it ensures that I p addresses Onion Network I used efficiently. So how does DCP work? DCP runs on top of UDP and utilizes Port 67 as the destination port of a server and poor 68 is used by client. There are four phases in a typical JCP session. First declined broadcast a DCP discovery message. The D C P server, in turn, receives a discovery message than reserves. The night people declined and since back a DCP offer, the client replies with a DCP request message requesting the address offered by the server . If you have multiple DCP servers on the network, the client might receive multiple DCP offers but will only accept one of them. The D. C. P server received the DCP request from the client and says an acknowledgment message back continuing the least duration and other information that decline may have requested. The client configures itself with the I p information received from the server and this is the final phase of the whole process. This is a high level overview of how DCP works. In the next video, we will install the DCP so roll on our Windows server and take a look at what DCP options we can configure on our DCP server. 20. 8: Hello. Welcome back in this lecture. We're going to install the DCP, sir Wirral and make our domain controller. Oh, so a D c. P. Server. Good to serve a manager, click on Manage and Rose and features click next. Next. Since this is the only sir we have, it's already selected. Click. Next. It's like the DCP. Several click on add features as we'll need those tools to manage the server. Click next and installed so it has finished installing Click on Close. Now click on the C of a triangle is there are a couple more steps to complete for the DCP service set up. Now it tells us that two groups will be created to manage the beach. Shapiro on the server gcb Users group will have a read only Access and DCP Administrators Group will give you full permission to manage this D. C. P server. Click on next. And during this step, we need to authorize this DCP server in the active directory. This provides additional protection from unwanted Windows DCP service on the network. We'll use the credentials we're currently logged in with. Teoh authorized his d. C P server. Click on Commit Here you can see that both steps were finished successfully. Now we can close this window. At this point, we can go to the JCP snapping and see what options we can configure on our server http in the start menu and click on the DCP icon. Here's already sippy server cooking this arrow to expand it is you can see we can configure options for both high P before an I. P. V six in this lecture will focus solely on I p before expend the I P. If of order, let's create a new scope right click on the I P four icon and select new scope. Click Next and give it a name. I will call my production. Put something in description. I will put production network click next here. We get to specify the range of I P addresses for our scope. I will start my scope at 1 92.1 68.3 dot 100 at 1 92.1 68.3 dot 200. I will keep the sudden it mascots last 24 and click on next. Here we can add an exclusion range for instance, you might have some computers with static I peas in this range, and we don't want those addresses to be assigned to other devices on the network. Justin Example. I will exclude 1 92 that 1 68.31 50 to 1 92 dogs 1 68.3 dot 160 Click on next. Here we can said the least duration. This option specifies how long it advice will give the given I P address before going back to the server and asking for renewal. I will leave the default value and guess you had a network with a lot of different devices constantly connecting and disconnecting, such as wireless. You will probably want to reduce the least time to ensure you don't run out of available I P addresses. Click next. Here. We can configure other DCP server options. You can go through the Wizard now or do it later. Let's do it now. Select. Yes, I want to configure these options now click Next here you get to special for your default Gateway. In my case, it is 1 92 Don't once extended on 31 click, add and next. In the next window, we get to specify our DNS server, our Dana servers, our domain controller, which is also now a DCP server. It's already been added so we can click on next. Once is an obsolete implementation for resolving not biased names and is recommended by Microsoft itself to use DNS instead, unless you have a good reason to still keep it. I have no need for wins in my network, so I'll leave it blank and click next. The last step is to activate the newly created scope. Click Next, and there it ISS. We've just configured a new scope with basic options. Let's take a look at our scope. Expend the scope voter. In the address pull folder, you can see the range for distribution were created along with exclusion range. Let's go to the address Lisa's folder. As you can see, there are no leases yet, as we just created the scope, you'll see Lisa's once new devices started joining your network, and here we can add reservations in case you need to sign a specific I P two device, but you don't want to do it statically on the device itself. You can make a reservation for it here and have a device always using the same I p. It is pretty useful, especially for mobile devices. Let's create a test reservation, right click on the reservation and select new reservation. Type the name of the device you want to make, uh, this reservation for Choose a New I P address on, but it doesn't have to be in the distribution range we just created. Put the Mac address and description. We can also choose one to use boot, P, D, C, P or both protocols, but he was designed for disclose devices to get the network location of their boot image. We do not use such devices on our network, so so I will choose DCP here. Let's go to scope options. They're two different levels where you can configure recipe options global or server level and scope specific. Say you have multiple scopes and they all have the same basic DCP options, such as NTP or Dina Server. You can configure that on the server level, and then you can configure other options like Defoe gateway or static routes on the scope level. Next, we have policies, but we will talk about them in the next video. Last thing we can configure hiss filters. In case you wanted to deny certain devices to obtain an I P address on your network, you would unable to deny filters and had those devices here is in there Mac addresses. Let's create a new filter to demonstrate this right click on deny and slight new filter. But the Mac address of that device in brief description. Now you can see this new filter with the red acts, meaning the device with the Mac address we just entered will not be able to get an i P address from our d. C P server. The only thing left to do is to actually enable this filter right click on the Deny folder and select enable in case you had a very sensitive network with only few devices allowed to obtain an I P address from the D. C. P, you would use the allow filter and at the max of all those devices there, so no other device can be serviced by your DCP server. I personally have never seen this being used in the real world. It is very strict, and you would probably implement a different security measure against unauthorized access. Now we have a fully working DCP server on our network and this concludes our lesson. I will see you in the next video on DCP policies. 21. 8: greetings. In this lecture, we will talk about DCP policies in Windows Server 2019. He Should Be Policies is a feature that was first introduced in Windows Server 2012. It allows to create custom I p. Address an option assignments for decent declines based on different conditions. The conditions can be the following Mac. Address the media Access Control ADDers or lingua address of declined vendor class vendor managed DCP option assignments. User class None Standard DCP option assignments. Client identifier The Clinton into Far Client I D. It's typically a Mac address. In the case of pixie clients, it can be the G I. D of the number interface cart Nick Relate agent information, including some options agent Circuit I D. Agent Remote I D and subscriber idea Information inserted into DCP Client request by DCP Really using option 82 fully qualified domain name the FDD in of the client. This can be useful when you want to have signed differently spee options to different groups of devices. For example, you can assign a shorter lease, duration toe wireless devices or assigned different gateway to VoIP phones. In every lesson. We will create a vendor class and the policy for Polycom phones. In this example, I wonder a direct book traffic to different connection, and that is why I need to provide a different gateway to the phones on the network without changing anything on other devices. I like to warn you that this is just one of different ways you can achieve this. In most cases, this would be done through creating multiple villains for different types of devices. For that, you would need to have many switches in my set up. I don't have a manage switch, so I will use the tools available to me in Windows Server 2019. Let's go to the DCP snapping. First, we need to create a vendor class I D. Right. Click on the I P V four icon and select defining vendor classes. Click add and I will try Polycom vv X for 11 because that is the phone I have in my test lab. And the same goes into the description. Now type Polycom vv X for 11 in the ask a part of the I D and the binary part will automatically populate Click OK, click on close Police know that This is a vendor specific piece of information. If you want to configure this setting for a different device, you will have to look of documentation for that specific bender and model. Now we can create a policy right click on policies and select new policy. Give it a name I will name in polychrome phones, but next click add. Make sure better classes selected in the criteria Drop down menu. The operator needs to be equals and select the vendor clause that we just created in the value Click on add and okay, click on Next and now we can specify D. C. Appearance that one assigned our phones. I don't want to use a different range from my phones, so I will select no and click next. You can see all the different options we have here in this example. I just want to change the default gateway on my phones. I was like the router option and put the I p of the second connection I have. Click add next and finish now Polycom phones. On this network, we use a different Defoe gateway from all other devices on the network. This concludes the chapter on HCP. Thank you for staying with me and I will see you in the next chapter 22. 9: greetings and welcome back to the final chapter of this course. In this video lesson, we will talk about Windows Admin Center and you Tool that was released by Microsoft in 2018 . According to Microsoft, it is a locally deployed browser based app for managing servers, clusters, hyper converged infrastructure and Windows 10 PCs. Windows Admin Center comes at no additional cost and allows for central management of your Windows based servers and computers. It is like having the Microsoft management console for all of your machines in one place. It supports Windows. Servers from 2008 are to up to 2019 although you may need some additional preparations and also supports Windows 10 computers. In my opinion, Windows Admin Center is ideal for a small office and provides an easy to use graphical interface to manage and monitor your servers and workstations. Windows Admin Center cannot be installed on the domain controller. Therefore, I had to spend up another Windows server virtual machine. I signed a new VM a static I P and I joined it to the domain. I also installed another Windows 10 bm and join it to the domain just so I have more machines to demonstrate what Windows Agnes center is and how it works. Let's get started. All of my love e m zehr turned on and running. Let's look into the newly created Windows Server 2019 VM that will host our Windows Admin Center, lunch your browser and go to the fulling link. This is where you can download Windows Admin Center from click and download. Now click and continue. You need to fill out some information before you can continue. Once you filled out all of the required fields, click and continue. Let's see the file and now let's launch it. Put the check we're here and click next. I will select to use Microsoft Update because it is always a good idea to keep yourself for up to date. This message lets you know of different installation options. In our case, we're installing Windows Admin Center on this server, and we're going to access it from here. According to Microsoft, modifying trusted hosts is required in a workgroup environment or when using local administrator credentials in the domain. If you choose to forgo the setting, you must configure trusted hosts manually. We're in a domain environment so we can allow Windows Admin Center to modify this machine's trusted host settings. We also don't care about using https Onley in the lab, so we will leave the second option unchecked. He would get to specify a port that will be used for the Windows Avenue center. To use this GPS, you need a certificate so you can either generate a self signed certificate or use an existing one. But the name of the certificate has to match the host name of your surfer, and you cannot use well cards. You can also choose to redirect http traffic to secure a GPS for the purpose of the slap. I will go ahead with a self signed certificate and leave port for 43 is my desire port click on install. Installation has been completed successfully, and it shows us the Ural of our Windows Admin Center. Let's use it to log into our windows having a center of website. We're seeing this warning because a self sent certificate that we just have generated is used for this website. Let's go ahead and accept the risk. Enter your admin credentials here, as you can see right now, it is pretty empty, and we only see one server where Windows Admin Center is actually installed on Thank you very much and I will see you in the next video, where we will add more devices, store windows admin center and explore how it can manage them through it. 23. 9: Hello. Welcome back. In this lesson, we will add more machines to our Windows Admin Center and take a look at what tools it has . First, let's add the rest of the machines we have. Click on add. I will just Windows Server. Let's use the active directory search. I will try my server name, which has brought a survey 01 click on search. It's like the server and click Add. Now I want to add my Windows 10 PCs. Click on add and select Windows PC. Have the name of your workstations. Click search, select it and click Add. I have another Windows 10 PC, so I will quickly add that one as well. Let's try to connect the one of our work stations. Click on it in the list of connections we have here. This air indicates a problem with Windows Remote Management Service when his admin center relies on Windows Remote Management Service that needs to be running an accessible through the far wall on clients computers. Let's fix it. We need to log into this Windows 10 machine Open up command prompt to make win RM available of Windows 10 PCs, we can use the following command win or M space Quicken FIC Say yes to that question that will start the service and changed the startup type from manual to automatic. Say yes to this as well. This will add an exception to Windows Defender Farwell and allow the port used by win RM to be available for inbound connections. You also need to ensure that the network type on this client is set to either domain or private. Let's go back to our server and try to connect again. Enter your credentials and click Continue. This is what managing your PC's through Windows Admin Center looks like service have a fewer options than workstations. So let's go toe one over servers and review over the tools available to us right away. We represented with general information about this machine weakens its harbor properties and utilization. This is almost like giving the performance tab off a test manager window. Let's quickly go through old tools we have here as your hybrid services. You can connect it as your services, which provides features like monitoring diagnostic backup, etcetera. Microsoft Azure comes with an additional cost and is not very likely to be used in a small environment, so we would discuss it in detail here as your back up here. You can set a backup to Azure Cloud as your file sync. Here, you can utilize azure to synchronize files between your servers and multiple locations and azure cloud azure. Monitor this after service can monitor your servers and send notifications via email as your security center provides unified security management and events Threat protection certificates. This tool allows access to the certificate store of the connected client. You can import a new certificate, export an existing one or issue certificate request. Let's demonstrate this by exporting one of the existing certificates. Select any certificate, click on Export Jews D R. Click OK and safe, and the file was downloaded devices. This still gives the same disability as you would have with the device manager. Snap in. You can see all the harbor of the server. Here. You have an option to disable devices or to update drivers events. Here you can browse logs that would be other voice available in the event Viewer files. You have access to the file system of our server. We can delegate and upload files. Create new folders. Let's download a small file to see how this works for will. This tool lets you modify Farmall rules, which would normally do through the Windows Defender Farwell with events security on the local machine. Let's take a look at the settings of this rule installed ABS. This two allows you to see what applications have been installed on this machine. You can also remove applications from here, local users and groups because this is a domain controller, we cannot configure local users and groups on any other workstation or server that is not a domain controller. This would allow us to perform the same tasks as you would in the local users and groups snapping. So I just creating and deleting local users and groups or modifying their properties network this year shows us available nicks on this machine. You can modify the adapter options from here. Performance monitor. This still was similar to the performance monitor snapping, where you can collect different performance data which allows for effective troubleshooting power. Show this to establishes a partial session to the machine we connected to and lets us run scripts remotely. It will ask for the password of the account we used to connect. Put your password and just to demonstrate, Let's issue the following Commend I pekan thick. So now we know the I p of this machine. Let's use another command host name just to be sure that we're connected to the proper machine processes. This is like looking at a test manager window. You can see different processes running on the computer and how much resource is they're using. You can also start and end processes from here. Registry. You can connect to the register of remote computer and make changes using this tool remote desktop. This lets you connect to remote computers using remote desktop protocol. Rosen features. From here, you can manage your Windows servers and install roles and features all from one place to demonstrate how it works. Let's install the Telnet client Click on install. Say yes to that, and after a few moments it was successful. Installed scheduled tasks. This provides the same capability as the task Scheduler lets you properties of one of the tasks we have in our library services. This essentially is the services snapping and allows you to view services, start and stop them along with configuring them. Let's try and stop a service. Now I actually need my DCP service service running, so I will start it back up storage. Here, you can see your drives, their capacity and status. You can also see Williams and even foul shares Storage Migration service. This tool allows you to my grade data across your servers. It even works with older service like 2003 and gives a great weight to move data from old servers in order to decommission them. Storage replication is an advanced option. It can be used to replicate volumes between servers or clusters for disaster recovery. This is usually used in larger environments, so we will not discuss this feature in our course system. Insights allows you to truck your usage and make forecasts how much your resource usage can grow on what capacity you might need to add in the future. Updates. You can install and configure options for Windows updates from here Settings. Here you can configure things like environment, variables, power configuration, remote desktop and role based access. - Let's go to settings of our Windows Admin Center. Here we have different options like account settings, personalization, language. The most important part in my opinion here is the extensions. Here you can start MAWR extensions to manage different features of your servers. For example, we can install the actor director extension to be able to manage our active directory from here. This extension allow similar functionality to the active directory users and computer snap in. I encourage you to install Windows Admin Center in your lap and explore different features it offers. This concludes the last chapter of this course. Thank you very much for watching and that I hope you will be able to apply the knowledge you gain in this course in your current or future job is 90 professional.