Windows Server 2016 Administration For Beginners | Bendjaballah Zine Eddine | Skillshare

Windows Server 2016 Administration For Beginners

Bendjaballah Zine Eddine, IT Engineer

Play Speed
  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x
54 Lessons (4h 52m)
    • 1. Introduction

      2:07
    • 2. WinServer2016 Beginners Intro Other Platforms

      3:04
    • 3. What is A Virtual Machine

      3:38
    • 4. Download & Install Virtual Box

      2:46
    • 5. Create A Virtual Machine

      7:13
    • 6. Virtual Machine Configuration

      5:09
    • 7. Understand Windows Server Editions

      2:25
    • 8. Download Windows Server 2016

      2:46
    • 9. Install Windows Server 2016

      6:15
    • 10. Install Virtualbox Guest additions

      4:44
    • 11. Windows Server First Configuration - Part 01

      3:40
    • 12. Windows Server First Configuration - Part 02

      5:38
    • 13. Understanding Roles and Features

      2:44
    • 14. Add Roles

      2:56
    • 15. Understand Domain Controller & Active Directory

      4:15
    • 16. Choose Your Domain Name

      6:21
    • 17. Create Your First Domain Controller

      10:28
    • 18. Prepare your Administration Environment

      4:31
    • 19. Install Windows 10

      12:30
    • 20. Join The Windows 10 Workstation To The Domain

      9:50
    • 21. Download And Install RSAT

      3:57
    • 22. Why You Should not Use RDP For Remote Administration

      9:30
    • 23. Introduction To Organizational Units

      4:33
    • 24. Design Your OU Structure

      3:16
    • 25. Create Your OU - Hands-on (Part 01)

      6:30
    • 26. Create Your OU - Hands-on (Part 02)

      3:57
    • 27. Users Account - Define Your Naming Convention

      4:34
    • 28. Create a User Account

      8:35
    • 29. What is DHCP

      2:52
    • 30. organize Your Network in IP ranges

      6:37
    • 31. Create DHCP Scope

      9:28
    • 32. DHCP Reservations

      6:29
    • 33. What is DNS (Domain Name System)

      3:12
    • 34. Understand DNS Zones and Records

      5:59
    • 35. Create DNS Host (A) Record

      6:27
    • 36. Create DNS Alias Record

      5:17
    • 37. Install Windows Server Backup Feature

      2:13
    • 38. Perform Full Server Backup

      6:16
    • 39. Perform Custom Backup

      4:00
    • 40. Schedule a Backup

      6:03
    • 41. Examine The Backup Content

      2:26
    • 42. Restore From Backups

      4:59
    • 43. Introduction To Print Servers

      9:16
    • 44. Add a Print Server Role

      3:14
    • 45. Add a Printer On The Client PC

      4:29
    • 46. Adding a Printer On The Server

      5:16
    • 47. Configuring The Printer

      5:34
    • 48. Automate Printer Deployment With GPOs

      6:49
    • 49. Install File Server Role

      1:47
    • 50. Sharing Folders

      8:57
    • 51. Map Network Drive

      5:12
    • 52. Map Network Drive With GPO

      10:41
    • 53. Set Storage Quotas

      10:50
    • 54. File Screening

      7:48

About This Class

According to Statista website, in 2018, Windows Server operating system was used on 71.9 percent of servers worldwide.

If you are planning to become a system administrator you need to master Windows server operating system.

 This course will introduce you to Windows Server 2016 administration concepts and techniques.

I've been a system administrator for more than a decade now. But when first I get my first system administrator job, I was moving from a programmer position. It was two different worlds and I didn't know so much about Windows server operating system.

I've designed this course for people getting their foot in the door with system administration. I'll walk you through the basics of Windows server administration so that you can accomplish the basics tasks.

I'll not only show you how to technically accomplish these tasks but I'll explain the why. I'll give you the best practices and recommendations when accomplishing your administration tasks.

By the end of this course, you will be able to:

  • Download and Install Windows Server 2016;

  • Understand the different Windows Server editions;

  • Add a role to a server.

  • How to choose a name for your domain

  • Build your domain controller;

  • Join a Windows 10 Workstation to your domain;

  • Create a privileged administration workstation for remote administration;

  • Design your organizational unit structure

  • Create a user account

Join me for an amazing learning experience.

Transcripts

1. Introduction: According to a statist a website. In 2018 Windows Server off fighting system was used in 72% off servers were Dwight. So if you are planning to become a system administrator mustering Windows Server off the writing system, he's a must have. Hello, My name is easy. I am in the I T field for about two decades now. I have working as a programmer, a system administrator, a network administrator and a 19 manager. I will be your instructor. If you give me this privilege, I will teach you how to become a Windows Server 2016 system administrator and start building your skill step by step. If you are just starting with Windows Server System Administration than discourse is for you, I have switch it from a programmer position to a system administrator. One. It was two different words, and I was so confused at the beginning I found myself dealing with all these things off domains, active directory, organizational units, and so and so. So when designing the scores, I have remembered all those days on the challenges I face it when starting my system administrator career. I have made this course From that perspective, I will work you step by step through the course and give you the necessary knowledge. You need to become a Windows server system administrator because I believe that the good system administrator is not the one who knows how to administer his system, but the one who knows how to administrate the right way. By the end of this course, you will acquire the necessary knowledge to start working as a Windows Server system administrator. I am impatient to see you in the course and leave this amazing learning experience together . 2. WinServer2016 Beginners Intro Other Platforms: hi there, And thank you for being part off this course before getting started. I want to give you an overview off the course and how you should go through each lecture and get the maximum benefits from it. I have designed a discourse for people getting their feet in the Windows Server system, administration work. Even if you are a complete beginner in this field, I will give you the necessary knowledge to start your sys admin career. Because I have Bean like you starting a system administrator or carrier from scratch. I asked myself, What are the concept and task us A beginner must understand and master in order to quickly become open, rational. To get the most off discourse, you need to practice as you go through the lessons. This is why in the first section we are going to set up our love by downloading and started and configuring visual box. Once our lab is ready, we will don't note and and stand Windows Server 2016. Next, we will prepare our server for the first utilization by giving it a name that might be addressed and defining a role for that sever. I will give you hear some advice to name your servers and all your devices such US workstations, printers and so on. Next we will talk about active directory domains and domain controllers. You will create your first domain controller, which is the mustard piece off all your infrastructure, and I will teach you the best practices when choosing your internal domain name. I have seen many system administrators even experience that one doing it wrong. As a system administrator, you are going to administer your servers every day. This is why we will build our secure administration workstation. We will set up a Windows 10 machine and stand on its that remote server administration tools that contains all the necessary tools you need to remotely administer all your servers from your privileges, administration, workstation and without forgetting to highlight the best practices. Next, I will show you how to structure your active directory object through the use off organizational units. We will see what to take under consideration when designing your organizational units structure, and finally, I will show you how to create a user account, giving you some good advice to name your users accounts. Notice that you can ask me questions at any time in the Q and A section. I hope you will enjoy this course. Let's begin. 3. What is A Virtual Machine: in this course you are about to learn Windows Server 2016. You will learn how to install, configure and use thes operating system. For that learning, you will need a machine on which you will and start Windows Server and practice what you will learn. This machine can be a physical machine, whether a desktop, a laptop or even server machine. For those who are rich enough. The downside off dysfunction is that you will invest in hardware that will cost you a few hundreds off dollars just to use it as a lab environment. I would not recommend that the other option is more cheaper. I mean, it will not cost you a cent. This solution is the use off a virtual machine. Virtual Machine, or Veum is a program that you will start on your computer that emulates a computer. It's a computer within a computer. Before going further in the definitions, I want to explain the concept off the host and the guest. The host refer to the physical machine that runs the V A. In the order hand. The guests represent the VM that runs on the host. We talk also off host operating system and guest operating system. The host operating system is the West that runs on the physical machine. The guest operating system is the U. S. Running on the Veum, for instance, you have a laptop running Windows 10. You won't start on it VM. And on this VM you want, start Windows Server 2016. So Windows 10 is the host OS, and Windows Server 2016 is the guest force. VM has resources such as ritual CPU, virtual Aram Virtual disk and order virtual components. In fact, the VM used the resources off the host on which a trance, for example, if you configure your Veum with two gigabytes off RAM and the horse contains eight gigabytes off RAM at the end, the host will have only six gigabytes off RAM available for running the host always, and the order programs. The order to gigabyte are used by the Veum tore on its own OS and programs. When you shut down the VM thes two gigabytes of RAM will be released it and can be used again by the host. The advantage off using a VM is that there is no extra investment to make. It's free, even if there is versions off VM software that art bed. But these are dedicated for professional environments for learning a new operating system or making loves. The free version is largely enough. Another advantage is that you can export your Veum, toe another computer and use it without having Korean style and configure the guest for West and the difference programs again. You can also clone your via if, for example, you need for your lab a second machine. You can take your VM clone. It makes some minor changes on the newly Clonaid VM, like changing the host name the I P address and your second Veum is ready to use. 4. Download & Install Virtual Box: in this lesson, I will show you how to download and install vitriol. Box two Don't know Virtual box. I will just open my browser and type in the U. S. Zone. Visual books that work once the page lot's go to the left side off the page and click on the download link. Next, I will choose the package version corresponding to my host operating system. The latest package available when recording this video is 5.2 dots 10. As I want to one start virtual box on my windows machine. I need to download the windows package, but this package is available for technical reason. As mentioned, If you are on a different operating system, choose the corresponding package. They're these packages available for Mark for the Knicks and Force Allies. Two don't know the Windows package. I have to choose and know their version. I will scroll down, go to the visual box, older builds. I would click on the link. Then I will choose the latest available version, which is $5 too. For these version. The Windows package is available and I can start the download. Once the don't load complete, I will run the set up a program to start the installation. The installation process is pretty simple. I have just to click next buttons in the different windows. Here I get a warning that the installation program with research, my network connection and I will lose temporarily my connection. It doesn't matter. I will just click Yes to continue the installation. Windows were me. That's the program. I am a stunning try to make changes to my device on if I want to allow that that well ends well, yes, make sure to and start the Oracle Universal Serial Bus and check the always dressed software from Oracle Corporation. This way you are sure that the virtual books will work properly and we not be misbehaving because your operating system is blocking some off its programs. Considering them as interested, I will click and start button toe, continue the installation and that's it. Click on the finish button and you are done 5. Create A Virtual Machine: In this lesson, you will learn how to create and prepare a virtual machine in order to install Windows Server 2016. After opening the vitriol manager, click on the new button toe Open the Wizard in the first window. I will enter the name off my VM on select the A West I am going to install for the name. I will just enter Windows Server 2016 in the type drop down menu. I can choose the US I want to one start on the Via you can select between windows Lennox. So allies or any or the boys. I will select Microsoft windows. There is something I want to clarify. Choosing the operating system will just set up the V M. Accordingly, it will not start the west for you. As we will see in the next steps. Victor books will help you set up your Veum according to the West type futures. Next, I will choose the Windows version. I am going to understand you can choose from the earlier Windows versions as the 3.1 TV, the latest version and if the Windows version you want to and start is not present in the list. You can choose order windows 32 bit or 64 bit. If you don't see the 64 bit in the always versions, that would mean three things. First, you have a known city that do not support hardware. Virtualization. Notice that more than sippy use supports these feature. The second case is that your CPU to support hard to individualization, but this feature is not enabled in the BIOS. You have just to enter your bios and enable it. The third case, You have another visualisation application already installed on your computer. That's prevents virtual books to use the hardware Virtual ization feature. It's can happen when Microsoft hyper V feature is a neighborhood on your system. I will select Windows 2016 and continue next. I have to pick the memory size off my VM Virtual books recommends two gigabyte for thes VM . This recommendation is based on the West type I have chosen in the preview step. I can choose another size by moving this slider. You can't use the memory size inside the Enter van represented by this escape. The minimum size you can choose is for gigabytes and the maximum which represents the total memory available on your machine. In this machine, I have 16 gigabytes. In practice, you can't located the maximum size because the host OS is already using apart off this memory and hence can't be allocated to the Vienna Virtual books help you choosing the memory size without causing the host us to slow down by staying in the Green Zone, for instance, the maximum size I can safely choose in this machine is 11 gigabytes. If I choose more than that, I would shift in the danger zone and will cause my host the West, to slow down and even make it crash. The choice off the memory size is basic on the guest of Western requirements, the memory available on the physical machine and the number off the EMS. You want to run concurrently, think a second about the size off 11 gigabyte I have chosen. If I will set up a second VM with same memory size, I can start the first VM. But the 2nd 1 can't be started because off lack off memory. By powering up the first VM, I have already used 11 gigabytes out off 16. The remaining five gigabyte, we not allowed the second VM to start. You will get a nearer message like this one for Windows Server 2016 I will choose four gigabytes off round on click next. The next step consists off adding visual hard disk. You have three choices. Do not added virtual disk. You can always at the dates later on. You can create the virtual disk now, or you can use an existing virtual disk if you have one. We just create virtual hard disk by clicking on the create button. Now I have to choose the hard disk file type the video I is the visual books not if format virtual books support also order for month. Like the VSD format used by Microsoft Hyper V, the MDK formats is used by many order virtualization products, in particular by VM Ware. We choose the VSD format so that I can easily use the VM on Microsoft's hyper V. The next step consists off choosing the Armand's off disk space to allocate. You have choice between dynamically allocated and fix it size when choosing dynamically allocated. The hard disk file will only use space on your physical hard disk as it fills up. Even if you have set up a size off 50 gigabyte the size we grow as you fill it out with more data till it hits the maximum size, you fix it. In the other hand, when you choose the fix it size option, the hard disk file will be created, and we'll occupy the size you give it on your physical hard disk. For instance, you create your virtual hard disk. Wait a fix it size off 50 gigabytes. This space will be consumed on your physical hard disk, even if the virtual disk contains only 10 gigabytes of data. So I am going to George dynamically allocated and click next. The next step consists off naming the virtual disk and give it a size. I am okay with suggested name, which is the same name as the Via. I will leave it as it is for the disk size. It will be 50 gigabytes. I will confirm that by clicking on the create button. That's it. My VM is created 6. Virtual Machine Configuration: After creating the visual machine on vitriol books, you need to do some additional configurations before going ahead and then start the operating system. You need to do the following things. Create effectual network to allow your VM to connect to the Internet and communicate with order v. EMS. You will added later on, said the number off Virtual CPU. Your VM will use a love your VM to exchange files with your host machine. There are other parameters you can set up, but these are the most important. First, you need to create the village and network for that, opened the Fine menu and click on Preferences. Click on Network in the Left panel, then click on this tiny green button toe added your network immediately. Visual box. Create the Victor network with a different name and also a different I P address. You can leave it as it is. It will work, or you can change the different sittings to feed your needs, especially for the I P address you want to use on your vehemence. I will change the network name to my network. Love for the I P address. It will be 10.10 Dr 0.0 slash 24 The slash 24 represent the sub net mask instead. Off typing 255.255255 dot zero We tend virtual books that 24 bits out off 32 are set to one . Leave the Deer CP check box, eh? Neighborhood to a low virtual box To assign I P addresses dynamically to the vehemence. Click OK to validates. Notice that the creation off the virtual network is usually done once you don't have to create a virtual network every time you create a new via unless you want to use another I P class or another sudden it next select your VM and click on the sittings shortcut to open the sittings window. First, go to the advance it that and enabled the shading clipboard by selecting bi directional. Do the same thing with the dragon drug option to be able to drag and drop files and folders between the host and the VM in both ways. Next click on system you can see on the mother board top the memory size. We have defined it in the previous step. Here we have the boot order you can't change if needed. Now click on the processor top to define the process of sittings. Pretty good books assigned one virtual CPU to my via you can added more CP whose two or Via lays it on the resources available on your host machine in this machine. I have four CP use. I am going toe added a second CPU to my via you can stay with one CPU if you have only to city use on your host machine. The Execution Cup feature allows you to specify how much time the hostage Pio can spend executing that B M court. The different value is 100% meaning there is no limitation. This feature can be useful on host with a small number off sippy use. If you don't want your host to slow down when the VM hog DeSipio, you can lower these value to 80 or 70%. Okay, I will leave this Value arts 100%. Next, we are going to configure the VM network in the attaches to drop down menu, select not network currency. Like the virtual network you have created in the previous step, you can also create a shared folder on your host machine to share files between your host and your V in, click on the add button and enter the folder path and the folder name. You can make this share read only so that the VM can't change the content off the shared folder. Are we not said this feature for now, as I have enabled the copy and past and the dragon drop features previously, that's it. We are don't with the VM configuration. 7. Understand Windows Server Editions: before going through the technical process off styling Windows Server 2016 You need to understand the different Windows Server additions. As a system administrator, you may be accorded to choose the Windows version you will deploy in your organization. Each Windows Server Edition is designed to meet the needs off each organization from the small one to the large one. The difference resides in the features available and the price off each addition before choosing your Windows Server edition. First, you have to assess your organization needs in terms off number off users, off devices you need to connect to your network and the budget available. There are primarily three Windows server additions. Windows Server Essential Addition. The Sedition is designed for small size IT organizations with up to 25 users and 50 devices . You can only run one instance off the server on a physical or victim and machine Windows Server Standard addition is designed for small to medium size IT organizations. It allows you to run one instance on a physical server and two additional visual instance on that server. If you need to run additional virtual instances, you need to buy order stander licenses Windows servers that are center addition, he's optimize it for large scale visualization. It's a lows one server to run an unlimited number off virtualized Windows Server instances . It's the addition that cost is the most. The advantage is that instead off having many physical service that cost you in energy and maintenance, you can have one physical server. We'd enough resources in terms off sippy use, memory size and the disk space and start the data center tradition and run as many Windows Server visual instance as you need. 8. Download Windows Server 2016: in this lesson, I will show you how to download Windows Server 2016 from the Microsoft Evaluation Center website. Microsoft allows you to download a legal version off Windows or another product for evaluation. Purples the windows you will don't don't will have the four functionalities as myself subversion, except that it will be limited in time. For example, you can use Windows Server 2016 with its full functionalities for 180 days exceeding this period. Windows continue to Iran, but it will shut down every one hour. But a solution exists to extend the trial very odd. Six times I will show you in the following lessons how to extend the trial period. Now let's don't load Windows Server 2016. For that, I will just type the following key words in the search giant Windows Server 2016 download. The first result, Google shows me is the Microsoft Evaluation Center. This is what I need, so I will click to open the website. I can't see straight away that Windows Server 2016 is offered to download for evaluation People's for a burial off 180 days The next step is to select the file type I want to download. I will select the ISO file. I can burn to a disc or load on A Via when I click on the continue button. I am asked to complete this form to continue the download. I will fill out these fields with my personal information. I am going to blur the form when doing that. I don't want Microsoft send me and former national emails about their products. So I will in check this check box. Then I click. Continue now I need to select the language off Windows Server. I will select English, then click on the download button. The download starts immediately. The ISA file is more than six gigabyte, so it can take a certain time to download depending on your Internet speed. This is all for this lesson. Thank you for watching and see you in the next lesson. 9. Install Windows Server 2016: in this lesson, we are going to install Windows Server 2016. The first step will be starting individual machine by selecting individual machine on clicking on the start button, the VM will display nearer message on the black screen, informing us that there is no potable medium found system halted To start installing Windows Server, we need to mount the ISO image so that the VM can use it as beatable. DVD. Open the devices menu, go to optical devices and click on Jews Disk Image. Next, go under the path where you have saved your disk image. Selected the disk image and click open. Now you need to restart the VM under the machine menu. Leak the research option the VM will, but now from the disk ISO image and we started the set up program. First, you have to choose the language you want to and start the time and cure and see format and the keyboard format. I will leave the different English values on. Continue click and start Now. Here you have to choose the addition. You want to one start. The Aiso image we have previously downloaded contains two additions. This thunder and the Debtor Center edition. The first installation option selected by default is the Windows Server 2016 Standard Addition. This is the core version without the graphical interface. You have to pay attention to these details because you can mistakenly and start the core addition and stayed off the food graphical addition, which is name it Windows Server 2016 Standard Addition Desktop experience. Microsoft stated that in the future, course servers will be more deployed than servers with gooey. In fact, course servers presents the advantage of having less resources footprint as they don't need tohave, all components installed intense, they are less vulnerable to modelers. The equivalent installation options are available for Windows that are center addition with the core installation option and the desktop experience. For this installation, I will choose the standard addition with desktop experience on continue. The next window contains the license dams agreement you have to agree with to be able to continue the set up process. Click next. Now the program prompt you to choose your installation type. The first option is a big grade. The's allows you to EPA great from a knee earlier version without removing the data and programs present on the server. This option is really use it. A pro grade in a production server is sensitive. If something goes wrong, it will impact negatively your organization. There is no guarantee that the EPA great process we succeed and things can go wrong. And then you have to recover your data and system states from your backup's, and you'd better have one. Otherwise, you will be in trouble. Best practices recommends to and start Windows Server on the new machine. Configure that server and when the new server is ready, you will me great roles and data to that new server. Then you can decommission the out the server. And this is what I will do by choosing the second option custom installation. In this step, you will choose the disk on which you want to perform the installation. Here we have only one disc, so I will select it and click on the next button. No, the set up process starts and starting the Windows server on the disk. It can make some time to complete, so I am going to speed this video and come back when the step complete. Once the set up is complete. You are prompted to enter the password for the building administrator account. I will enter my password and hit Enter Key on the keyboard. No, the logon screen is displayed, and you can log in using the administrator account and password you just created for that. You can just press right control and delete. Or you can do it from vitriol box menu by going to input keyboard. Then select Insert control. I'll delete. Now I am going to enter the password and open decision. Windows will prepare the user environment as it's the first time I open a session with the administrator account. Then that the stop is displayed. That's it for this lesson. 10. Install Virtualbox Guest additions: before going and start configuring our Windows Server 2016. First, we need to one style guest additions. Guest additions consists off device drivers and system programs for better performance on usability, some off the benefits off. And studying these features is to have a better video performance so that we can't display the Veum desktop in four screen mode before starting the guest additions. The virtual machine display size does not fit into the host display screen so that you can't see the world desktop, for example. Now, even if the VM screen is maximized, I can't see the World desktop content. If I want to click on the Start menu, I have to scroll down the slider to the bottom and scroll it up to display the top off the desktop. When are starting guest additions? You can also copy files between the guest and the host operating system, using the clipboard to one style guest additions, Open devices menu, then click own and self guest additions. See the image, then go and open Explorer. Click on this PC icon and you can see that a CD drive label it virtual box and guest additions, Waas added. Now I am going to double click on it to open the content. I will double click on the Reeboks windows additions to run to set up the set up process is pretty simple. You have just to follow the steps and let the default selected values. A pop up window is shown asking to confirm the software installation. Be sure that the always dressed software from Oracle Check Box is a neighborhood click and stand button. The set up will continue. You can notice the screen flashed toe black color. This is because a custom video driver is being installed on is testing the display at the end off the installation restarted the VM so that the new features takes effect. Okay, now I'm going to open a session or I miss type in my password. Let's try again. Yes, it's the good work, as you have noticed that the display size off the Veum has just bean recited to feed the screen size off my laptop. Now you can easily display the VM desktop in the four screen mode by going to a few menu and select the four screen option or by hitting the control F keys combination to switch back to normal display. Hit again the control F keys. Now let's see what happens if I want to reduce the screen size. No, this is not what I want to do. I will try to recite it from the bottom corner. Yes, the guest desktop size is reduce it, but it always fits into the new sites, and I don't have to scroll up and down to reach any particular desktop region. It's a handy feature. Cool. Now that we have were configured our virtual box machine, serious things can start. 11. Windows Server First Configuration - Part 01: after installing Windows Server 2016. The next step is to configure your server before assigning roll to your server, creating domain controller or any order configuration you need first to prepare your server , Toby integrated and use it in your enterprise network. There are some basic configurations we must do first. First, we need to attribute a name toe our server so that we can easily identify it in the network . How to Name your server If your company has a well defined it naming convention for servers , computers on order network devices, you will probably follow these convention. But if you have the charge off elaborating such convention, you have to establish an effective one. This will help you and your team toe quickly identify a device, its location and its purpose simply by reading its name. Your naming convention could be, but not necessarily like follow. Use the two first characters to represent the country. Example. US for United States, A L for Algeria and so forth the next two characters. Many represents the town or the city, for example, And why for New York A and four years use one character to represent this side court. This is useful when your company has multiple sites throughout the city. You can use three characters to represent the device road, for example. D. C for domain controller sequin for sequel Database Server Went for Web Server It's it. This could be the first part off the name to keep it readable. You can added a dash symbol before continuing with the Part two, which could contain one character toe. Identify the service. 11. It's gonna be be for production server T for test server, the for development, etcetera and, at the end, use digits for the sick ones number. Your naming convention does not have to be exactly like this one. You can adapt it to feed your needs. The most important is that you give a stricter IT names to your devices so that it will help you managing them and quickly identifying the device. Type its role in the network and its location. It can be off, agree tab. After attributing a name to your server, you have to give it an I P address so that it can be reachable from the network. We have to configure three things the I P address off the server, which will be 10 10 10 10. The Signet Mosque will be 2552552550 and the get way will be tent. And then what the get way allows the server to communicate with extend on networks such US Internet. Without the get way, the server will only be able to communicate with house belonging to its internal network. 12. Windows Server First Configuration - Part 02: Okay, now we are going to change the several name on its I P address. First, I will change the server. May. I will do that from the server manager, which is displayed just after you open a session. If it's not displayed, you can open it from the Windows Start menu and under the Windows Server Zone. Click own. Seven. Manager. No. In the server manager, I will click on the local server where I can find the computer name property After installing Windows. A randomly generated name is attributed to the server to change it. Just click on this name to open the system Properties window. There I will click on the change button as indicated. Next, I will enter the server name under the computer names or by applying the naming convention So the several name will be us to indicate to the country. And why for the New York City A for the site Coat and D. C for Domain Controller Road after the Dutch character I with Type B to indicate that it's a production server and 01 for the sequence number. When finish it click OK, I am warning that I must Tourister to the computer toe applied. These changes are we close the system Properties window. I will start to the server later after changing the I P address to change the I P address over on the network icon on the task bar, then right click to open the context menu, click on Open Network and Sharing Center under the Active Network zone. Go and click on the network interface connected here. That is only one interface. Name it Internet. I will click on it to open the Internet status panel. Next, click on the Properties button in the Internet Properties panel. Select Internet Protocol Version four. Then click on the properties. But as you can see, the server is attributed on automatic i p. Address by different the d. R C P Protocol. Give a server. Fix it I p address Select Used the following i P address. Then I will enter the I p address. Dan Jan I don't The subject mosque is 255 255 2550 On the different get way is 10 down June 1. After that, you need to enter the DNS servers so that the server can resort Host names on the local network and websites on the Internet. The referee DNS server will be the server itself. As we will set a d n a server road to this one. I will enter the look back I p address, which is Warren 27 001 Look back. I p is a special I p address which your affairs to the local host itself. So I stayed off using the I p 10 10 10 10. I will use the look back. It's very handy because the server i p can't change in the future. But the look back i p will never change. Set it up and forget it. For the alternate DNS server, I will enter the Google DNS server 8888 validate your configuration and closed the minus. Now I am going to test in the server connectivity to be certain that it can reach the extended networks and the Internet. I need to open the common front on do a pink test. But first, as I will use the common prompted offer, it will be better that I will pin it to the task bar so that I can access it quickly in the common front, I will just type thing 8.8 dot 8.8 the Google I P address and I get reply from Google. Now that the I P address is set up, I need to restart the computer so that the new seven name takes effect after the server manager is this bait Go and click on the local server option. And now the new server lane is displayed on just below. You can see the I P address we have assigned to this, Sarah. 13. Understanding Roles and Features: unlike the client operating systems such as Windows 10 where you can start using the computer and consuming data just after understanding the oars. This is not the case we'd Windows servers after installing Windows Server. You can't do anything useful at this point because the server people's is to set of data in the first place. And until you tell the server what's its peer pose, it will do nothing but consuming electricity. You have to tell the server what it's proposing life, and this is done by adding growers and features. And starting a role on a server defines that servers road on the network. In other words, a road gives a server appear pose in life, for example, and starting a fight server Road tells the server that its proposed is to serve files to the users and a no collaborative work. A future, in the other hand, is a subset off functions that you can start on. The server features can complete certain roars or stand on their own, So the first step as a system administrator is to identify the roles needed in your organization, especially if you are building your Windows infrastructure from scratch. the deployed roars differ from one organization to another, but the commonly used drawers you will find in each organization, whether it's a small one or a large one, are domain controller. This is the most important role in your infrastructure. It's the spin on Karlan off your network. If I may say all the other roles you will and start in, your organization will use or rely on the domain controller sizes. They're sippy server. It automatically attribute I P addresses to the client devices DNS Server. That's permit to the client computers to resolve your else so that they can go on the Internet, find sever. It allows users to store their files and documents on that server and also share them for collaboration. People's We have also green Server application server backups ever, and Windows updates sever. We will have the opportunity to view in detail eyes each one off those roles in the following lessons 14. Add Roles: toe added the road to your server. We will use the server manager, go under the management you and click on at the drawers and features the other drawers and features. Wizard is displayed the first page. Just display some helpful information on how to use the wizard. Read them and click the next button. In the next page, select the installation type by default, a role basit or feature. Basically installation type is selected on. This is what we need, so click next. On the next page, we will select the server on which we want. Toe added the roles and features. If the server manager is aware off order servers on your network and has been configured to manage them, it will show them on the server port list so that you can remotely and start broad or features. Click next to continue now, select the role you want to attribute to your server from the available role listed. For example, I would select the Deer CP role. A pop up window is displayed asking me if I want toe and start additional tools so that I can manage the Dare CP features from the server. I will just accept. Andi added. These tools Next, you can added the feature to your server if needed. Otherwise, you skip this step by clicking the next button. The four win page describes the roles. You have no style and give you some advice and actions to perform, so that's the role you haven't style. It will work as expected, click next to go to the final step on drowned the set up some roles and features required the server tour start. So if I click on their, start the destination server automatically. If required it, the server will automatically restart after the installation, complete without any warning. So be careful with disruption when you add the drawers and features on a production sever. This can lead toe service interruption and causes some problems to your users. Finally click their style button and wait till the set up process complete. The road I have added will be available under the tools menu 15. Understand Domain Controller & Active Directory: in this video, we will try to understand what is a dome in what is a domain controller on what he's been. Active directory. If you plan to be a system administrator, you have to understand those concepts. So what is the doorman? The domain is a form off computer network that is access it, and at the ministry weed, a common set off rules where all user accounts, passwords, computers, printers, groups on order objects. Our resisted it within a central database. Call it active directory, and the server that holds the active directory database is Call it the domain controller. A domain controller commonly refereed to us A. D. C. Is a central point off contact. Sort off central help that he's access it for your toe. Almost any network communication that takes place. The easiest way to describe it is a storage container for all identification that happens on the network. We don't a doorman. You have to create a user name and the password on each computer you want to access. Imagine if you have hundreds off users and computers. Imagine the amount off work that could be done. And even after creating the users profiles what happens if some users asked to change their password. You have to do it on all those computers. It's an overwhelming process, isn't it? With a domain controller, however, things are easier. User names and passwords are created only worse on the domain controller, and you can access any computer on the network using those credentials. Each Windows domain contains at least one domain controller. Usually there are more than one domain controllers for redundancy and performance reasons for a tendency. Because we only one domain controller, there are risks that's this one breaks down and then your entire network will be available . But if you have two domain controllers, even if one breaks down, the 2nd 1 will be available to authenticate users and allows access to the network resources. The order. Advantage off having multiple domain controllers. He's improving your network performance. Imagine this situation. Your organization has multiple sites spread around the country with one domain controller and starlet in the head office. All the users on the brash office should get be authenticated on that domain controller for your toe, accessing their computer or toe any other resources on the network. This will generate network traffic over the inter seats link and performance can drop down with a slow and not reliable link. Now, if you put a domain controller on the brash office, it's a lows user authentication on that local D. C and Steed off requesting authentication on the head office D. C. It's first and degrees network traffic between locations. The reality. The number off BC's you should have on your organization depends on manufacturers. The number off users, the member off locations, the really ability on the speed off your inter seedlings on order constants. In conclusion, we can say that a dome in allows you to manage large computers from network. A domain controller provides access to the Doman resources. Base it on users authentication. You need at least one domain controller to manage your doorman. 16. Choose Your Domain Name: Which name should you use for your dome in? This is an important question. To ask. We're choosing your domain name is an important step when building your active directory doorman A lot off system administrators neglect this important step on neglecting this step can cause you problems. Maybe not in the short term, but at some point off the evolution off your infrastructure off your company off the ICTY standards. Chances are you will face some problems. Let me explain all off this. Lots off system administrators when they are asking to create an active directory domain, the name day choose for that domain is usually company. Name that local and when you ask them why they choose thes name, the S word is usually for security reasons. By choosing the dot local top level domain and stayed off the dot com there, no men will not be accessible from the Internet and hands risk us off. Extended in threes decreases. But choosing the dot local extension for your domain name is not a good idea, and this is why. Imagine if your company planned to publish something on the Internet, a website or an e commerce platform or something like that. You can't register any u. N. That ends with the dot local for public access. And what if the dot local domain became available on the Internet and someone buys it before you did? If your users want to access the W W DOT company named that local website to see what kind off services that's company sort your local Dennis, the domain name server. We try to redirect them to the local server and they will not be able to access this company website. Another reason not to truth e that local domain is related to certificates. Certificates guarantee a secure data exchange between the client and the server By encrypting data. These certificates are issued by specialized companies. Call it certificates authorities. But since 2015 the Certificate Authorities forum decided to not more issue certificates for not public domains. As a consequence, your servers are seen as not dressed it servers by users who want to connect to them. At this point, you many think Okay, I got it. I will not use the dot local extension for my doorman. I will use the dot com instead. My company has a registering public domain name with the dot com expansion. So why not use it for our Windows domain as well? Well, it's possible to use a dot com domain name for your active directory. You have to consider some points. First, you need to have to set off DNS servers, an internal DNS server that contains the records for the internal servers Muppet to Internet I P addresses and an external DNS server Muppet to public addresses. Let me explain that you have a public Web server on the Internet w w dot company name dot com When an internal user type this you, Earl your internal, Dennis, See that the U. S Air contains the dome in company that come hey would say, OK, this is the internal Doman, so I can map this u N to the local server I p address and off course. The user will not be able to open the webpage because the Deanna server wasn't able to connect him to the right server. This can be address it but need amply mounting a complicated configuration off your Deanna servers. Another point to consider is security issues, as you are using the same name for your internal and extend Indo men. You don't want anyone from the Internet accessing your internal network. You may face some security issues, so now I guess you are confused. I told you it's not a good idea to use the dot local doman neither the dot com. So what do men name should you use? The best practices recommended by Microsoft is to name your internal domain as a symptom in off your extended dome in, for example, I owned the domain zinta dot com, so my internal doorman will be something like Court Dat's Imtech dot com or a d Dat's intact dot com. This will ensure that all the queries on my intern and resources are handling it by the Internet DNS Server and any request on the extended resources. For example, my website w w dot zinta dot com are forwarded to the extent Indiana sever. Also, the security is improved as the external Deanna server doesn't have any record off the Internet network as they are started in the internment Deanna Server. In conclusion, even if you are setting up a doorman for a small business, always for load, the best practices take into consideration the future needs and evolutions. Another best practice to consider is Toe always resisted the public domain name for your company, even if your company is not planning to publish a website or any other extended service that need a public doorman. If you don't do it, someone else can register that doorman before you and has hey, will own it. 17. Create Your First Domain Controller: toe the domain controller. Click on other drawers and features from the Silver Manager on the displayed wizard. We will follow the steps we have seen in the previews video related to the other drawers and features process. So click on the next button. Let the default selection role Basit or fitter basic installation and click. Next, we were added the domain controller on the cure and sever. So click next the roar you need to add it in order to create a domain controller is call it Active Directory Domain Services. When you select it, pop up window is displayed stating that active directory domains envies is can't be. Install it until certain rules and features are installed, so just click added features button click next to continue. We don't need toe added additional features, so just click next in the A T GS screen. There are some notes to consider. The 1st 1 on could adjust. Pasto added additional domain controllers at least two to ensure network availability in case one D. C. Goes down. The second not states that the active directory doorman services need a DNS server to be installed. And as we don't have a DNS server yet we will be prompted to and start one on the same machine, usually active directory domain services. The in a server on Dear CP Server roles go hand by hand and are almost always and started on the same sever. Click next to continue in the confirmation screen. The roles and features you have selected are listed so that you can confirm that once you are OK, go ahead and click the and stand button and wait for the installation to finish. Once the installation complete, you can notice a yellow warning triangle under the flag. When you click on it, you get notified that you need to perform a post deployment configuration that consists on promoting the server to a domain controller Vic to perform the action. Next, you have to select your deployment operation. There are three choices. How did the domain controller to an existing domain? This suggests that you already have a domain and want toe, added an additional domain controller. Not that if you want toe added the domain controller to an existing domain, the server must be a member off the domain before you promote it. The second choice is added a new demento on existing forest. This can be selected when you want. Toe added a child domain, for example. The third choice is added a new forest. This is what we need to select as we are creating our first domain. I will type the domain name I want to create court dot zine Dick Start, come hit, enter or click next button to go forward. Now you are asked to choose the forest and the dominant function. 11. This will determine the OS version that will run on domain controllers and also determines the forest or domain capabilities. Your country is from Windows 2008 to Windows 2016. Microsoft recommends sitting the forest and domain functional level to the highest value that your environment can support. This way, you can use as many a tedious features as possible, so I will choose Windows 2016. You must also specify the domain controllers capabilities. This server will also run as a DNS server. This functionality is needed to run a domain controller, so keep it, check it. The D. C. Will also be a global catalogue. This means it will contain an index off every object in the forest, and this will help to search for objects. Whether is it user's computers, printers? Or so you can notice that the checkbooks is great out and you can't change the default selection. This is because the first domain controller created in the forest must be a global catalogue. The read only domain controller is a domain controller that can't make changes to the active directory database. It's usually use it in smaller or less secure branch offices. It allows local users toe, have a quick and easy access story it from and authenticate to the dome in without running the risk off someone gaining a physical access and manipulating the entire dominant in a bad way. The first domain controller can't be a read only D. C. This is why these checkbooks is great out. Next type the password for the directory service restore moat or DS Arum, DSR Um allows you to perform an authoritative restore off related objects from the active directory database. I really explain that. Briefly imagine the case where you have to domain controllers. On Monday you will let a user account, and on Thursday you want to restore it back from your backup. If you perform a Norman restore, this user account will be deleted the next time the two DC's will synchronize with each order. Because the active directory considers the restored item simply out off date and is over its enduring the synchronization. This is why you need to perform a not authoritative restore. So type the password twice and click next. In the next screen, we get a warning stating that a delegation for these DNS server cannot be created because the authoritative parent zone cannot be found. This message can be ignored because we don't want computers in order domains or on the Internet to be able to resolve names within our domain. In the next step, you have to confirm your nets by US domain name, not by us. Doman name is the symptom in off the DNS domain name, as we have Name it Our Domain Corp Dat's intake dot com The Net bios Domain names Suggested S Corp. You can't change it by a more representative name off your domain. In our case, I will choose Zinta. This next by U. S name will be used when opening a session on our domain For example, if I want to open a session as an administrator on the Corp Dat's intact dot com domain, I will just type zin tick back slash administrator. So for your net by your Stoneman name, choose one that reflects your domain name in a meaningful way. On the but screen, there is the different location off the folders required by a DDS. Keep the different parts and click next. Here You can review all the options you have chosen so far. At this stage, you can still go back and make changes if necessary. You can also if you with the power shell script you can use to run the same steps in an automatic way, I would suggest you saved descript Click next. Now we are brought to the prayer. Require cities check window. The set up will check if all the prerequisite is to promote the server toe. A domain controller are satisfied. This will take a moment before the task complete. Waas the checks complete. You get the results here all deeply require cities checks. Pass it successfully. You can notice some warnings. None of this is critical and can be ignorant. Now click the start button to start the installation off the A. D. D s role. And wait till the installation complete on the server to reboot. Once on the logon screen, hit the control Aunt leads keys to open a session. What you can notice here is that the administrator user name is preceded by the nets by us Doman name Zin Tick. This indicates that you are about to open a session on the dome in type the administrator password and open your session in the server manager, you can see the new server roles we have just added. 18. Prepare your Administration Environment: know that your doorman is created and active directory services are installed. You can start creating users groups, grant users access rights, joining computers to the doorman and many more tasks. Those administration tasks are performed by using the appropriate active directory tools created when adding the active directory doorman services role on the domain controller. I want to discuss the different metals system administrator can use to perform those tasks . And what are the best practices recommended to ensure the security off your network? To perform your administration tasks on the Windows server, you can physically access your server in your data center room, open session and do the job. But this way off the wing is there are no days. While sometimes a physical interaction with your server is needed, today's servers are increasingly virtualized, and servers are usually hosted on remote data centers or on the cloud far away from the administrator's office. The second way off doing the administration job is by remotely connecting to the server via the remote desktop protocol or rdp for short. This consists off opening remote session on the server from your computer through the network. This has the advantage off notes to be physically in front off your server to do the job, your server can be thousands off miles away from your office. You can always get access to eat as long as your server is online. However, this solution has drawbacks. Your server came with only 23 Rdp instances. So imagine this situation. You were in a large organization with 50 or more system administrators spread around the country. Two off your sees that means has open it. Another baby session on the domain controller. When yourself try toe open a session on that same server, you will not be alone because the two available Rdp sessions has Bean used. So what you can do? Are you going to wait until one off the system administrators closes its RTP session. I know by experience that most sees that means are lazy. When they finish working on a remote server, they don't border closing their session. They just minimize the rdp window. And even if they closed the rdp window, the Rdp session remain. Open it. And if you don't want to wait, are you going to court each off? Your fellow sees ad means and ask if he or she has opening the session on the server. You want to work on seriously. You can spend the day on the phone before you get your hands on your guy. So this is definitely not the good way to administer your Suffers are the P connections should be the exception, not the rule. The best practices recommended by Microsoft for remote server administration is by using the remote Silver Administration tools or Assad for short. Her, such must be on, started on a dedicated the machine, usually a Windows 10 workstation. These work stations are so call it privilege ID administration workstations or power for short. Bo is a specially configured computer that you used to only perform a remote administration tasks. You don't use this computer to read your emails or self on the Internet. Many security incidents happen. It because a privilege it administrators computer was infected with Manuel and then has Bean used to perform administration tasks on servers, so remote server administration tools and started on a privilege. It workstation is what you need to perform your administration tasks 19. Install Windows 10: one style windows turn. First, we need to create a new VM in vitriol books. Click on the new button in the Create virtual machine window. Type the name off your fear are we type Windows 10. You can notice that future books has automatically selected Windows 10 64 bits. That is the version off the windows. I want one start by interpreting the VM name. I will just click next in the next window. Select the memory size you want to give to your via we just keep the suggested two gigabyte . Next, you have to create the VM hard disk. Select. Create a virtual hard disk now on click the create button. Next, choose the hard disk file type. You have choices between vidi I, the Native Vitriol box format VSD, the Microsoft's hyper V format and V M D K D V M Wear formats. You can keep the video I format on go forward, but I am going to choose the VSD format toe. Have the possibility to import my VM in Microsoft hyper. In the next step, you have to choose how your virtual disk will be growing. Whether you want your disk should grow dynamically as it is, use it. This has the advantage to preserve disc space on the host machine. I mean by the host, your laptop or desktop on which you have. Install it. Virtual box. On the other hand, fix it size disk well, occupy the space. You will relocate to it, even if it's half empty. For example, you give your vigilantes cut the maximum size off 100 gigabytes. Virgin Box will create the 100 gigabytes virtual disk file on your desktop or laptop. So even if Windows 10 you will start on these via will just pocket by 20 gigabytes, the remaining free space is considered as lost. For this reason, I will just select dynamically allocated size. Next, you have to choose the virtual disk file location and give it a name. Victory of Books suggested the same name for the disk as the name off the Veum. I will keep that name, and I'm going to select the path we're creating. Despite I will also keep the suggested file. Size 50 gigabyte will be enough for our Windows 10 via when don't click on the create button. All right, our Windows 10 vm is now created. Our next step consists off configuring the VM network so that it will be in the same network as the domain controller. So click on the sittings button. Click on at work in the attached to Dropbox Select, not network. When I do that, the virtual network name it my network club. I have created Ilia when configuring virtual box environment is automatically select. If you have created more than one network, you have to select one. Remember that movie EMS must be on the same network to be able to communicate with each order. Our next step will be mounting the Eisa disk image we have don't know that earlier. Mounting a nice image is like inserting a DVD in the DVD drive. So on the storage devices, select the empty disk icon, then click on Jews. Virtual optical disk five brows, too, and select the ISO image. Five We have downloaded with the Microsoft Media Creation Toe. You can see now that the label off the optical disk icon has changed to Windows 10 dots eyes. This means that the Windows 10 image is mounted and read it to use. Are we click OK button before starting my virtual machine. Now the set up program is starting, and the first window you have to select your language here. That is only English language available because when creating our ISA image with the Microsoft Media Creation tool, we have selected the English language. I will keep English United States format for the time and currency for the keyboard formats . I will select the French format as I have another T keyboard. Let's find fresh hair. It is. Let's continue click the estan now, but to begin the installation now, the set a program is starting in the activation window. Click. I don't have a product key, but set a program will understand that we want to use the evaluation version off Windows 10 . Now we need to choose which Windows 10 addition we want to use. The helm Addition is designed for personal use. Andi don't include all the features needed in a business environment. The education, in addition, is designed for students and educators on its includes more features than the home edition . The addition we are going to start is the Pro edition is the addition. Design it for business use. You can notice that there is also the end edition. The end when those addition is designed for Europe countries, it contains the same based features except media player and related preinstalled technologies. This is because off European antitrust more so I'm going to select Windows temporal and click the next button. Accept the license agreement on click Next here. We are going to choose the installation type. We are not going to choose up a great because we are doing a fresh installation. So click custom installation. Now we need to select the partition on which we perform the windows installation. Here we have only one partition, so the choice is simple. I will just click next to continue now. The set up is starting. This will take some time to complete, so be patient after the set up. Complete Cortana, the virtual Windows 10 assistant is talking to me. It allows me to use either the keyboard or my voice to interact with during the post set up process. After Cortana intro the post set up process. Continue first, select the region where you are. I will keep the different United States on click. Yes, next, choose your keyboard formats for me. I will select the French keyboard for months. I don't need to select a second keeper format, so I will skip distance at this step. You can configure the network, but I will skip this step for now. I will configure the network later on. Next type the name you will use to open a session on this fear. I retired my name. Type the bus worth. Confirm the password. We need to create security questions for these accounts. In case you forget the password, Windows will ask you those questions in order to allow you recovering your password. This step is mandatory and you can't skip it. There are three questions Let's begin with the 1st 1 as this is a love VM. I will not border to think more about questions and answers. I am going to select what was your first pet's name. I will just type. But second question third question Cortana is offering me. It's help when using Windows 10. I am going to decline because I want to save the VM resources on. I don't want Cortana talking to me all the time. Now we need to choose our privacy settings like speech your condition, which I don't need. I'm just going to dizzy, but all these sittings because I don't need them and I don't want the VM slow down unnecessarily click except on Wait for the configuration to complete Grant. The desktop is now displayed on Windows. Asks me if I want my PC Toby discoverable on this network by order devices. I will just click. Yes, now we need to start the Virtual books Guest Additions program to allow the dynamic resolution off the desktop and the copy paste function between the horse computer Onda via Give it to devices menu click. Insert guest additions. See the image. If the pop up window inviting you to start running the guest additions set up, do not automatically display. You can just open Explorer. Click this specie icon. Double click on the virtual box Guest Additions CD Drive to display the content to run the set up double click on V Box Windows Petitions Program. Click Yes to allow the set up to proceed. Just follow the steps by clicking next, next and start. Make sure that always stressed software from Oracle Corporation is selected and click the Understand, But now click on the finish button. Georgia, start the Via on This is it. Our Windows 10 VM is ready to use. Well done. 20. Join The Windows 10 Workstation To The Domain: in this video, we are going to join the Windows 10 workstation toe. Our dome in first ensured that the workstation and the domain controller V ums are started . Next opened the workstation VM opened the start menu. Click on settings, Click on system, scroll down a bit and click about scroll down on click on her name T specie button. The cure in specie name is desktop, followed by a randomly generated characters. I am going to type the PC name days it on our naming convention. You can go back to the related lesson to refresh your memory, so I would begin with the country Court us for United States, followed by the City Code W. A for Washington, D. C. The site court will be be. I will type W s for workstation Dash and I give a sequential member click. Next. The new computer name will take effect after restarting the system. So licorice start now. But I'm going to open my session now. I am going to check the new computer name by opening the start menu settings. Click on System Click about the new PC name is now effective. Our next step will consist off joining the workstation. Toe the dorm in on the same window, Go and click on system and for click on change settings, then click own Change button. Select Damen Andi. I will type the Domain Name Corp Dat's Intake Thoughts come click OK to validates. We get a nearer message stating that the Doman Corp. Adults intact dot com, could not be contacted. And sure, that's the domain name is Type it correctly. So first thing to do when getting these Parer is to check if we have correctly type of the domain name, I would switch to the dome and control of'em on the server manager. I will click on Local Sever to display the associative information. You can see the domain we have type. It is correct. The second thing we must check is the network connectivity between the workstation and the domain controller. By doing a big test, opened the common Brandt type Think, followed by the D. C I p. The server reply to the being. If there is no reply from the server, it could be due to a physical network issue. Either the workstation or the server is not correctly connected to the local network. Or it could be the server Fire one dropping the I P packets sent by the workstation so disabled the servers firework toe confirm this assumption. The next verification I am going to do is doing a pink on the domain Name Corp adults intact dot com to see if the DNS server is correctly resolving this name to the I. P address on Dhere is the issue. The being could not find the domain controller because the DNS server is unable to resolve the domain name. We can't confirm that by issuing the anus. Look up, comment by typing and this Look up corp dot Syntex dot com You can see in the common result that the server with this name and the I p. Address 1 92 168.1 dot one is trying to resolve the domain DNS name and its face. And it is failing because thes DNs server I'd be address is the I B off my WiFi router. You can see that by typing the ibeacon fiqh. That's all comment for some reason, and I think this is a bug. Inveterate books, my Via is assigning the WiFi a router I p address a day in a server and stayed off Domain Controller server, which is also the DNS server on our network. So to fix that situation, I need to manually assign the DNS server I p address. So opened this settings window. Go back to the home page, Click on Network and Internet. Click on Internet Change Adapter options. Right click on the Internet, a doctor icon Click Properties Select Internet Protocol version four and click on Properties Button. Select use the following day and a server address and type the Deanna Sever. I be 10 10 10 10. I will go back to the command, prompt and ran the being command again. And now the Ping Command succeed finding the domain name. So I will go back and try to join the workstation to the dome in. And this time I am getting prompted by the domain controller toe. Enter the credentials off an account with permission to perform these operations, I will type the domain administrator account, user name and password to complete this operation. I get the welcome Doman message. The computer was successfully joined through the doorman. Now I need to restart the computer in order to apply the changes. Click OK. Close the system Properties Window clicker. Start now, after the computer has ever started, I will open a dome in session. I will click on order User. I can see here that I am going to sign into Zantac Doorman So I will type the user name Administrator. But by doing that, the signing to an indicator has changed it to the computer name. This is because with the administrator user name, you must clarify whether you want to open a session with the local administrator account. Or we did Domain administrator account to use the domain administrator account. I must precede the user name with the dome in bios name Zin take back slash administrator. And now I am going to sign into these intact domain. I will type my password and open my session project that my computer is now joining to these intake doorman. I will open the Settings Panel league about click on system info. You can see that my computer is now part off the Doman Corp dot zinta dot com. I can also check that on the domain controller on the server manager. Open the Tools menu and click on active directory users on computers. Click on the dome in not to see the organizational units click on computers. I can see that the computer has bean joining to the domain. 21. Download And Install RSAT: in the previous lecture, we have seen that the most convenient and secure way to administer your Windows servers is by stoning. Remote server administration tours are set for short on a privilege it administration workstation. In this lecture, we are going to download and Dunstan R sat on our Windows 10 workstation First type the following on your Web Rosen Windows 10. There sat. Don't gloat. The first link is the Microsoft download page. I will click on the link to open the page. First, choose your language if your Windows 10 installation is on a different language than English, then selected from the list. When done, click the download button. Next, you are asking to select the back age according to your Windows 10 version and architecture . In my case, I will select the 18 or three weeks 64 version to check your Windows 10 version. Just click on the start menu and type, win their command. And just here you have your Windows 10 version, so I will click on the next button to start the download. Click Save on Wait till the dough note ends. After the download is completed. Run the set up program I get a warning from Windows Defender Smart screen that it's can't check if the set up file is Alicia Teammate application and not a malicious one. Smart screen. Need the Internet connection in order to perform these verification? If your Internet is golf, you will get this message. I will just in your that, as I am going to run a Microsoft set up program that is normally legitimate. Well, I hopes off the installation begins. In order to continue the installation, I need to install these updates likely. Yes. Accept the license stairs agreement and waits for this Set up to complete after this. Atop complete, Go and open the Windows Start menu. Scroll down on search for Windows Administrative Tools Container. Click on the container to expand the content. And as you can see, we have all the needed tools for server administration, like the Active Directory Administrative Centre, which is the future replacement off the active directory. Users and computers stewed. We see here we have here the deer sippy server, administrative tools. Let's scroll down to see the rest of the tools we have the Deena's administration to right here on many order of yours. Now you are ready to administer your Windows servers 22. Why You Should not Use RDP For Remote Administration: in this video, I will show you why you should not use remote desktop for remote administration. In a profuse lecture, we have seen that Rdp came only with two licenses baths ever, allowing only two similar tenuous connection at a time. So if 1/3 person wants to connect to the server, it will not be allowed until one session will be freed. Another reason why you should not use RTP is a security reason. Imagine this situation we have to administrators in the company want We don't meant administrative rights so he can create delete users. Joined servers and workstations toe the domain and many, many other operations that need high privileges. Let's name this mean good guy, and we have a second administrator that's just a load to do backups on servers. He has limited administrative rights he can't added, deletes users or give himself rights to access, not arise. It files, for example. Let's name it's bad boy because he has bad intentions. He is always looking for gaming the system. I will show you how it can be easy for bad boy to game the system and give himself dormant , admits rights by stealing good guy privileges. Who left his remote desktop session Open it? How he can do that demonstration. Here I am on the domain controller Sever. I have opened it a session with the bad boy accounts. Let's check that by opening a common prompt and you can see the cure. Int User is bad Boy, Let's now try to give bad boy Doman. Add means rights. I will open the active directory users on computers. Open the bad boy account properties. Click on members off that you can see that. But Boy is just member off backup operators and Doman Users Group. Now let's try Toe added it to the dominant Adami's group. Okay, league apply button and I get a message telling me that I don't have permissions to modify the group. So Cleary. But boy don't have rights to perform these actions. Now I will switch to the file server where Bad boy is already looked. Let's say to do backups. I will open a common prompt to check the curently Logan user. I will tied who, um, my command to show the curently Logan users, and it is but boy who is actually logged in next I will open desk manager to see all users that have opened the session on these sever by click own user Stop. And I can see that in addition to Bad Boy, there is also a good guy that has open it a remote session on these several. So now IV, the but boy user tries to take over the good guys session. He will be asked to answer the good guy bus work. So unless he knows these passwords, he can't access good guys session. But our but boy is resourceful guy, and he will bypass this restriction by using a 32 available on the Microsoft website that is PS Exacto off sees internals tours originally used it to travel Shoot when those OS, but our bad boy will use it toe hack the system he has just don't know that the cease internal stool sweet and impacted on the C drive. So I will move to the Seas and Journals folder. Now I will type thes comment B s exact dash as I d yes stands for system. This will run the common as a system user. I stands for interactive, and the four don't wait for the results You can find more info in the help, too. Cmd dot giggsy These the common? I want your on a system user now. If I type who and I command, you can see that the user is system. What I will do now is closing the task manager. I have open it earlier as bad boy user and open again the task manager with this system. User privileges. Now let's see what happens if I try to connect to the good guys session, and it seems that it's house work, how it could be possible. This is possible because the system account has the highest privileges on the system. He can't do whatever he wants. This is why it is powerful and dangerous. At the same time, many system administrators think mistakenly that Doman add means users have the highest religious and this is not true. No, I will open a common plumped and type who and I. And now I am the good guy. Really. The bad boy is now a good guy. Now the but boy will use the doorman Adami's privileges off the good guy to acquire the same privileges. First, I will change the cure INTs folder to seize internals for and type the following command B s exact Dash s I d. Backslash backslash and type the domain server name because I want to run the comment on the D. C. Let's switch to the D C server to copy the servers name Next type Nets groups doorman at the means between coats and finally, but that boy slush. But this comment means that I want to added bad boy user to the domain admits group I will tight and search around the comet. Now the BS exact tool is executing the comment on the dome and Control or several. I will wait till the common completes and go check, but boy Users accounts properties on the D. C to see if really, he has Bean added the doorman at Means Group. Okay, the comment has completed. Let's switch to the D. C. Via Let's close that open 80 users and computers open but boy user properties and you can see that now. But boy is a member off dormant at me group. So now, with these high privileges newly acquired, but boy can perform actions that it's not normally and low to perform, he can, for example, delete users accounts, finds access, orderly reserves, documents and many more. This is why you should not use RTB for remote administration and used instead Revelations Administration workstation. We'd remote server administration tours and stopped. I hope you have enjoyed these demonstrations. 23. Introduction To Organizational Units: before starting, creating users groups, computers, shares and order objects on the active directory. We need first to design a structure that will keep our active directory objects, organize it and structure it in a way that will help us better administered these objects. We already do that with our documents, photos and videos. We tend to organize them under folders by creating a structure that most fits our need to find our objects more quickly and to share a song off them. We'd orders, for example, the same thing can be done. We'd active directory objects through containers and organizational units. First, let's describe what are containers and organizational units. Containers are a building objects that holds order active directory objects such as users, groups and computers. Containers cannot be alter it without harming the system. You even don't have television toe. Delete them. It's like the Windows folder that you are not allowed to the lead because it holds fives needed by the system to work properly. Another constraint related to containers is that you can't apply group policy to them if you don't know what our group policies. It's a set off rules that allow an administrator toe. Implement a specific configuration to a group off users or computers. For example. Let's say you want the users working in the financial department change their password every month. You do that through a group policy that will apply only to these group off users, which must be located under a new organizational units and not under a container. This leads me to talk about organizational units. Organizational units are similar to containers in such a way that it contains users, groups and computers objects, but are different from containers in such way that you can apply group policies to them. You can delete them. You can create layer it organizational units. You can delegate privileges toe other administrators or users to administer a set off objects. For example, imagine the users off the marketing department are champions for losing their passwords, and they frequently come to you and ask for resetting their passwords. As you are a busy administrator, you want to delegate this task to another person. You can simply delegate privileges over the marketing organisational unit to the secretary off that department to do this task. Visually, you can make a difference between containers and organizational units in the active directory users and computers stool. The organizational units have almost the same icon shape as containers represented by a yellow folder, except that organizational units icon contains the active directory symbol inside it. But in the Active Directory Administrative Center, which is the future replacement off active directory users and computer stewed, the icons has another shape. Know that you have a better understanding off organizational units. How are you going to design yours? How many off them do you need to create? I will dance where these questions in the next lesson. 24. Design Your OU Structure: in this lesson, we are going to talk about organizational units designed. How are you going to design your organizational unit structure? First building might that the principal propose off using organizational units is administrative rights. Delegation comes next. The need for applying group policies to a group off users or computers. The two most major approaches used when designing organizational units are business, basic approach and geographical basic average. The business basic design consists off creating or in organizational units, structure that reflects more or less the company departmental structure. Let's say your company has the following departments. I t. Saves Engineering Design Accountability. The I T department is responsible for managing users and computers for the company, but for certain tasks like password reciting user account creation, the company has designated a local administrator in each department to accomplish these tasks. To let the I T. Department folks it own more challenging tasks. For that, you need to create an organizational unit for each department and delegate the appropriate administrative rights to the local administrators. The geographical basic design can be considerate in case off a company with many were Dwight remote branches. In this situation, the distributed ICTY administration off users and computers is more than necessary for more flexibility and time saving. More often, companies like that have a local ICTY team in each branch, so each team will be responsible for managing active directory objects under the organizational units that represent their branch office. You can also use a hybrid approach for your design. I mean, you can mix between the geographical base it on business. Basit design. As I said at the beginning, when designing your organizational units structure, keep in mind the administration aspect in the first place. Don't find on the trap off Designing an organizational units structure to just reflects your company organizational structure The simple you keep your design, the better will be so short up up. Design your organizational units structure based it on your administration needs Keep your structure as simple as possible to avoid complexity. Do not nest organizational units More than 10 years Egypt. That's it for this lecture. Thank you for watching 25. Create Your OU - Hands-on (Part 01): it's time for practice in this lecture. We are going to see how to create an organizational unit. We have to tools we can use for that. First, we will use active directory users and computers to create our organizational good It. Then we will use Active Directory Administrative Centre, the tour Microsoft is now recommending to use in place off active directory users and computers to. So let's begin here. I have open it. A session on the Windows 10 privilege it administration Workstation first opened the Start menu, scroll down and find Windows administrative tools click to expand. And here is the active directory users and computers to as I am going to use this tool. Often it's better to be in it toe the start menu to have a quick access to it, so I will just click and drag it to the right side. I will do the same. We'd active directory administrative centre. I will give a name to the group off the sharp cuts I have created. I we name it Windows administra tive towards. Okay, now let's open active directory users and computers. Let's open the court doors intact dot com container and you can see the different containers on organization on units that exists in our domain. The most known are the building container that contains security groups, such US account operators, the administrators group, back up operators and many others. The computer's container Hold the computers that are joining to the dome in by default. Each computer or server you join to your domain will be created under this container, and here we have the domain controller Organizational units. If you take a closer look toe, it's icon. You can see this tiny symbol representing the active directory inside the yellow folder icon. This is what differentiates visually on organizational units from a container. These organizational unit contains all the domain controllers off our domain. There are other containers. The users Container is an important one. It's contained the bulletin Doman accounts and groups such as the administrator accounts. Heavy's another old acquaintance. Do you remember the bad boy off course? Yes, there are also other groups, like doorman at Means Doman, computers, controllers, guests, users, just to name only those. So now let's create our first organizational units. First click on the doorman container. We have two methods to create our organization and units the 1st 1 by right clicking on the domain container. Go June you and click on organizational units. Option the second. The method is by using these sharp cuts in the menu, which we create the organization and units under the selected container. The displayed window is pretty simple. You have to type the organizational units name under names on Let's name. It's under the Name zone. We have thes checkbooks and neighborhood by different protect container from accidental deletion. This prevents administrators from accidentally deleting organizational units. I will click. OK, and now our I T organizational units is created. Let's do an experiment. I will try to the let these organizations. Yes, I am sure I want you to thes organizational unit. I get a message. You do not have sufficient privileges to the let's ICTY or this project is protected from accidental deletion. This is the result off enabling prevents from accidental deletion checkbooks. But if you are sure you want to delete the organizational unit, head is what you have to do, right. Click on the organizational units and select properties. I will search for the chick books to Dee's a Burr under the different tops and it's not there. And this is because we need to enable the advance. It features view in order to get it. Now you can see orders. Containers that have bean at most of them are not needed by administrators. This is why they are not listed in the default view. So let's try again. No, we have additional tops that have Bean added. You will find the check box under the objects that I and check It's on click. OK, I would try to the let it Now on this time it has Beene deleted. Okay, I will go and and check the advance. It features view. I don't want all these needed containers shown interview In the next video, I will show you how to create the ICTY organizational units using the active Directory Administrative Center too. 26. Create Your OU - Hands-on (Part 02): Now we are going to create our organizational units by using the active intellectually administrative center, too. First, go and open the Start menu. Click on the Active Directory Administrative Center, too. The Active Directory Administrative Centre Toe looks pretty different from the active directory users and computers. There are mainly two views. The list of you and the tree view. I prefer to use that review so that I can have the same layout I am used to in active directory use of spanned computers to But before creating the organizational unit. Let's take a look at the containers and organizational units icons shapes, which are different from those in active directory users. On computers. The Britain container is represented by a gray folder, while the Domain Controllers organizational unit is represented by this same gray folder, plus this tiny square in the above corner. Now let's create our I T organizational unit. I will right click on the Corp container, go to new and click on organizational units. The displayed window contains many fields to fill out, but not all of them are mandatory. Howdy, the names field is mandatory. I will type the organizational units name all righty. Now it can be interesting to enter complementary information such as address. For example. I can indicate the address off our I T department Algiers for the city, the ZIP code and the country. I can also enter a description I t department organizational units and here we have the protect from accidental deletion Checkbooks as best practice. Always keep it. Check it in managed by zone. You can indicate the administrator that's responsible for managing these organizational units. Just click on the edit button. Let's say I will delegate administration toe our good guy When don't click OK, the I T organizational unit is now created. If you click on it, you will see in the summary pain the complementary information we have field. Now that we have our first organizational units created, let's move a user to it. The last time I have created to users inside the different users Containers, the bad boy and the good guy users. I will move this one under the ICTY organizational unit. I will right click on select move in the move window. I will just select the ICTY organizational units and click OK, let's check now. Yes, the user has been moved. That's it for this lecture. Thank you for watching 27. Users Account - Define Your Naming Convention: know that your organizational units structure is define it and created. The next step is creating users accounts. But before rushing on how toe technically do that. Let's talk about the user account naming convention your company use or want to define having a well defined that user account naming convention is very important. It allows every system administrator creating a user account simply by referring to the naming convention and not coming up with a name off his head. It will keep user accounts names, harmonize it across the demand on this simplify administrator's job. And, more important, a well thought convention will prevent changing users. Account names more open because changing a user name can have negative impacts. First, most users applications accounts are map it on the active directory users accounts and dust . The user can be enabled to open its application session. Changing active directory user name can also distort the audit. If you have a user name that has bean, change it many times and you are, ask it toe audit these users access is toe. They filed chair. It can be difficult to do and decorate audit, especially if you don't have the changes history. Okay, now let's go back to the naming convention. There are mainly two approaches you can adopt, depending on your organization policy and priorities. The 1st 1 is usability basic. When applying this approach, you define a use that name that is convenient to your users and can be easy to remember by them. The most commonly used it is complete. First name Blast. Last name. It can be concatenation or separated by a hyphen. And then there score or a billiard example. For John Smith, the user name can be John Smith congratulated. It's can be Joan Underscore Smith or john dot smith. Another variable can be the use off the first letter off the first name, plus the complete last name. For example, the user name for John Smith can be G. Smith concussion. A tid g Underscore Smith or g dot smith. As we said earlier with this naming convention, user can't remember easily his Logan name. Also, the help desk job can be facilitated. Base it on the user, first name and last name. They can easily find the user accounts on which they need to perform a task. The second approach is security basic the naming convention. Bassitt on the first and the last name is convenient for users spend the help desk, but she has a job back on the security side. Most hackers weren't trying to access a user session or une email account. The first thing they do is guessing the user name, and if they get the user name, they have the heart off the authentication. This is why the security approach tries to make it harder for hackers to guess the using Lee it's can be combined it off. Three randomly generated letters. Combine it with a three randomly generated numbers. You can make it simple for users to remember by combining three letters from their names. We'd three numbers. For example. The user name for John Smith can be GSM 159. That's old for this lesson. Thank you for watching 28. Create a User Account: it's time to practice. Let's create a user account for John Smith visit on our naming convention. Let's say we have chosen the first letter off the first name, plus a period plus the complex last name. So the user name will be G that Smith in your privilege it administration workstation go open the start menu and opened the Active Directory Administrative Centre. First, I will select the organizational units under which I want to create the user account. Next, I will right click to open the context menu. Click new, then click own user. The displayed window show many fields to fill up. I will start by entering the first name John. Next, the last name. Smith. You can notice that the full name field has bean automatically filled. Next, I will enter the user. UPM Logan U P N. Stands for user principal name. It's ANNETTOR Net. Stein Log in name like an email address. You have the user name as a prefix, but and the Dominy I will time g dot smith. The U. P N. Logan will be g dot smith, but Corp Dat's Imtech dot com The user. Some account name is a local name used to support clients and servers from previews version off windows such as Windows and T four, Windows 95 Windows 98. It's under the format off the domain name. Backslash the user. Me next I typed in the user bus Web twice. There is thes interesting option protect from Actually, don't tell delete, which I recommend to check to protect users accounts from being accidentally removed, or at least check it for the important accounts. Like the CEO account. I guess you will be in trouble if you delayed it even accidentally, so make it as a good practice. To check this option. You have the possibility to specify the time range on which the user is a lower toe. Open a session. Let's say you work to give the user the ability to just open the session every day from 8 a.m. to 5 p.m. Outside this time range, he will not be able to open a session. The blue color means that the Logan is permitted and by default all days and all the time. First, I re select the range before 8 a.m. and going to deny access to the user from 12 a.m. to 8 a.m. I click logo on the night. You can see the color has been changed to bite on this time range. Next, I will select the time range after five PM and click logo on the night. Now the user will be only a load toe. Open the session on the Doman only between 8 a.m. and 5 p.m. I click OK and close this window. You can also limit the computers on which the user is a lower to open a session on by default. It's a load to look on all the computers. If you want to limit that to a set off computers, select this option. Andi. Enter the computer name in this field, then click on the added butter toe, added the computer toe. The authorized computers list. Here, you can specify the account lifetime by default, the account never expires. If you want to limit the account lifetime, click here and enter the experience. Shin Date. This can be useful if you create accounts for temporary salaries. Let's make these accounts per minute in the password option. You can't force the user to change its password at the first Logan This way, you are sure the user will not keep using the default password. I have seen many users not changing their default password until they are forces. You can also choose or their options like using Microsoft passport or a smart card for interactive logon. If you were in Eben, password never expires. Option. This will keep the password valid over time. If you implement a policy that forces users to change their passwords every three months, for example, this policy will not apply to these accounts. This is usually use it with accounts that interact. We'd services your campaign events user from changing its password. By this option, user cannot change password in the organization area. You can enter complementary information such as the office, the email address, webpage, the job Tighter department company. You can also enter the phone numbers, the address in the member off area. You can add it the user to groups By default. Every newly created user will be added to the domain users group. If you want, Toe added the user to another group. Just click on the add button, then select or type the group name Let's say I want Toe added this user to the backup operators group. I will click the Czech names to be sure I didn't made a typo, and that's the group name I type. It really exists in the active directory. Okay, the group has bean at this is all you need to create a user account. There are other options that are not always needed, Like the password sittings, where you can assign a password policy to the user. You can run a local script you added in the profile area. If you don't need all these options, you can hide them, click on sections, drop books and and check and needed areas. This way we keep only the areas and options we really need for user creation. When you are all done, click OK to create the user account. Yes, our user, John Smith has Bean created and that the ICTY organization and unit Good job. No, I want to open a session. We'd John Smith credentials just to test the time restriction. Logan. We have allowed the John Smith to Logan only between 8 a.m. and 5 p.m. At this time, it's 8 p.m. so normally I would not be able to open a session at that time. Let's try Enter the user, name the password and we get this message. Your account has time, restrictions, love, love. So it works. That's it for this lesson. Thank you for watching. 29. What is DHCP: in order to communicate on the network. Each device need a 90 address. The I P address will allow the device whether it's a computer, a server, a printer to reach order devices and be Richard by order devices. There is two methods to assign might be addressed to a device manually and dynamically. You can assign manually on my P address. If you have a few devices on your network and by a few I mean less Danton's. More than that, it become difficult to do that manually. You can have hundreds, even thousands off devices on your network. For those we need to use. A. D S c P server, a D S C P server is a network management protocol. That's a sign I p addresses for the devices. Who requested the acronym? The RCP stents for dynamic host configuration protocol. How does a D S C P server work? The DSE P server operates. Base it on the client server modern. When a device here, the client he is first connected to the network. It's broadcast request toe all devices prisons on the network. Ask him if there is a DS IPI sever. If the SCP server exists, it will reply to the client by offering him on. Might be address the clients then with requests the i P address from the DSE P server. Finally, the d r C P server assigns the client with the I P address. The four steps we just describe it are often abbreviated as Dora for discovery. Offer requests acknowledge in conclusion, every device on your network need an I P address. In order to communicate with the order devices, you can assign these I p address manually or dynamically by the SMP server. Using the manual assignment is not practical in large networks. It's a lot off work and maintenance. You have to keep track off each device. I d said that you will not assign this same to another device we the Deer sippy server. However, the task is easier. You just have to set the I P Ranch. You want toe use on your network and the D. A s. A P server will do the job for you, making sure to assign each device a unique I P address 30. organize Your Network in IP ranges: before you start configuring your DSE P server to dynamically assigned I P addresses to your network devices. One important step to consider before starting this face is too well. Design your network by defining the i P arranges. You will assign toe each device type. Like I said before, each device needs an I P address. To be able to communicate on the network and on your network, you have several types off devices between servers, computers, printers, mobile devices, routers, firewalls and so on. Usually we don't assign a dynamic. I'd be address toe each. Type off those devices because certain devices need to have a fix. It I p address known by or other devices on the network. These I p address should not change. Otherwise, it will make the device reachable and can't have bad consequences. You can lose access to your applications. Web server, Internet, for example. Toe illustrate that Let's take, for example, the Gateway device. If you remember in the previews lectures when we said a 90 address to the server, we have set three parameters. The I P address off the server that waas 10 10 10 10 the seven it mask to 552552550 and the 3rd 1 was the Gateway I. P. Address that waas 10 10 10. That's where the gateway is and network device usually a router or any order device able to connect your local network to the external network like the Internet. So all your computers servers that's need to communicate on the Internet with send packets to the 10 10 10 that one I p address. Now imagine if you set your router up to be assigned a dynamic idea address from the D. S. C. P server. The deer CPI will peak in available I p address up from its high people and give it to the router. He's I. P address can be different each time the rotor asks the DSE P server for a night. Be address. No. If your server need to access Internet, he will try to contact the get way with the 10 tent and don't want I P address. But now the Gateway has another I P address, and the server will not be able to access the Internet. This is not what you want to happen. So for certain network devices. The I P address is manually attribute it and stay static. Usually we set aesthetic. I'd be address to the servers, network printers, switches, routers and firewalls, to name a few. So your first step is to identify the devices that will be assigned a static I p address so that you will exclude those eyepiece from being dynamically attributed by the DS IPI server . Let's take the example off Small network. Let's say your network is 10 10 $10.0 slash 24. This means you're gonna have 254 devices in your network. The I P address you can assign to your network devices starts from 10 10 10.1 to 10 10 Teoh 100.254 the 10 10 10 0 I'd be represents the network address and the tent and then 0.255 represents the broke assed address. These are two special I P addresses that you can't assign to your network devices on our reserve ID I T addresses. To keep things simple, we will consider that you have four types off devices on your network. This is just for the example you can have more than three types off devices on your network . But let's say you have just for you. Have the manager switches that will be assignment static. I'd be addresses within the range. 10 10 10 2 up to 10. 10 10 doc. Nine, You have the servers with a static idee within the range. 10 10 10 10 to 10 10 10.30 You have printers with I'd be within the range tent and tim 0.31 to 10 10 10.40. And finally, the computers that will be assigned a dynamic I p address by the D. S. C. P server within the range 10 10 10.41 to 10 10 $10.200. Okay, now that you have defined it, the idea ranges that will be fix it and those that will be dynamically assigned it. You are ready to set your ds IPI server up. Basically, you will create a scope that contains the I P range that the DSE P server will assign to the computers For the example. Our scope. He's 10 10 10 2 up to 254. We will exclude the I P range 10 10 $10 to up to 40. Besides, a 90 address a computer needs also the I p off the DNS server to resort hosts names on the local network and yours on the Internet and get we I d address. In order to communicate, we'd extended networks. That's its for this lecture. Thank you for watching. 31. Create DHCP Scope: in this video, I will show you how to create a Deer CP scope. To do so in the server manager, go open the tools menu, then click own Dear CP. The DSE P manager will be displayed. Let's enlarge, de spun and first at the left side. Off the window you have the deer CPIs server name and just you know, there is the I. P. V four note where you define the ICTY for version scope. There is also the I P V six note to use own version six I p networks. In this course, we are just going to focus on I p v four networks. So do you agree it's a DSC. Be scope right click on IPTV four. Note. To display the context menu and click own new scope, a wizard is displayed. The first patient is just a welcome page. Just click next in this page. You are prompted to enter a name for your DSC. Be scope. For example. I will name my scope Zien thick London. You can also added a description. I would just let this field empty on. Click next on the next page, you have to specify the I p arrange. Our starting I P address is 10. Turn 10 don't to, and the ending I P address is turn turn turn 254. You need also to specify the sub net mask, either by entering the mask length 24 which is equivalent off the 2552552550 Submit musk. No click Next the next page alot you toe added exclusions. Exclusions are arranged off addresses that are not distributed by the DCP server. I will type the starting I p off my excluded range, which is 10 10. 10. Don't to the end I p address is 10 10. Done. 40. Click that button to confirm. Here I have just added one excluded I p. Wrench. You can added more than one depending on your network architect er and your needs. Rick. Next to continue on this page, you can specify the least duration. It's determines how long a client has a 90 address before it returns to the least board by default. It's eight days. I will keep the default value and click next on the configuration DSE P Option Space Select . I want to configure these options now, this will allow you to configure the default gets way DNS servers and wins sittings for that scope. The first option to configure is the default. To get way, I will enter the I p address off my get way, Tim 10 10 Touch one and click on the button. I click next on the domain name and DNS server Space age. You specified the parent Doman name. You want the client computers on your network to use for DNS Name resolution. The parent domain is Corp daughters intact dot com. This information is retrieved it from the DNS server. If you remember when we added active directory services on these server, we also and started the DNS service and created the Corp daughters in tech dot com domain be sites the opponents Domene. You have to specify the DNS servers I'd be addresses, Assign it to a client devices by default. The D S C P server offers us the DNS servers eyepiece its use. The first I p address is the RCP servers. I p. This is because the D a recipe server hosts also the DNS role. The second i p represents the Google Deanna Server. The Scope Desert program retrieved those I p addresses from the local server network interface. Remember that we have added the DCP role to the domain controller Sever. That is also the DNS server. When we set than network sittings up for the server we have assigned to I peas for the DNS servers. But let's open a comment prompt to see that I will type I p can pick slash All here we have the local host. I'd be address which is equivalent to 10 10 10 10 i p address and the Google DNS server. I'd be address. Okay, so here I am just going to the let the Google DNS i d and only keep the local DNS I p address. This is because I don't want my local devices. Asks the Google DNS server to resolve internal domain names to be more explicit. Let's take this situation. A computer on your local network wants to access your local Web server. Let's name it web dot corp dot zin tech dot com This computer will try first to query the local Dennis We'd the I be tent and 10 10 if this Deanna server is not available to, as were the clients Square. For any reason. The clients device will try to send the same query to the second day in a server, which is, in this case, the Google DNS server. Of course, Google's DNS servers are not aware off your local network and the dust can't hands were back. This is why you need at least two DNS servers in your network. Four. Fail over propose. I'd like next Windows Internet names, Service or Wins is a legacy computer name registration and the Resolution Service That's maps computer nets, BIOS name to I p addresses. They are not used in modern networks and have bean replace it by Dina Severs. So I will keep this beige blank and click next in this page, you are asking if you want to activate this scope, so choose Yes, I want to activate this a scope now and click next. Finally, click finish. Now you can see the scope I just created being added under the I P V four. Note. One more action has to be done before your DSE P starts assigning I'd be addresses. You have to authorize your DSE peace ever in the active directory. Otherwise it stays disabled At the I P V four note, you can see this. A small red arrow. This means that your DSE P server even configured it stays disabled at the right side, you can read the explanation and the instructions for authorizing the DSE peace ever so to authorize thes dcp server navigate to this server note and on the action menu click authorized. This is what I am going to do right now. I refresh the view to see if there is any change. Yes, you can see that the ITV four note color has now changed to agree. The DCP server is now authorised and fully operational in and the scope we just created is active. 32. DHCP Reservations: in this lesson, I will show you how to create a D SCP reservation. But first, let's take a look at the different scopes Options. Go Opened a d SCP manager I will expend the DSE p server note Click on the IBV for not opened the scope Note. Here we have the scope for the 10 10 $10.0 network that we name it Zin Tech lunch The first option just under the scope is the address pool where we define it the I B ranch for our network. Here is the address range. With these starting I'd be address and the ending I'd be address on Dhere is the excluded. I'd be addresses starting at 10 10 $10 too and ending at 10 Tent and 100.40. Here you have the address leases where you can't see the I P addresses already assigned to the clients in the first current. You have the assignment I P address in the 2nd 1 You have the client's name U S W A B. W s 001 And in the third Cullen, you have the lease expiration date and just here you have the reserve ations before I show you how to create a reservation? Let's answered this question. What is a DSE P reservation? A de SCP reservation ensures that a DCP client is always assignment. The same. I'd be address we have seen in the previews videos. That's a D S C. P. Server. Big A free I be address available in the baby pool and assign it to a client the client keep. Then these i p address during the lease period, let's say for eight days when the lease period expires, these I p address will be available and can be assigned it again. Toe any other clients who asks a DSE p for a Nike address. So if you want to assign the same, I'd be address to a specific client. The DSE P Service Offer a functionality. Call it a reservation, which binds a specific I p address to a specific clients. But why do you need to fix device? I'd be address. There could be many reasons for that. It could be for traffic filled drink need. If you want to give a group off computer Internet access and denied these access to the rest off the order computers, you are going to create a traffic cruel on your organization fire one that allows this group off computers with specific I'd be addresses to access the Internet. In order for this rule to work, the computers must have a fix it eyepiece. Now let's create a reservation. We have these PC. We'd the I p address 10 10 10.41. Now I want to assign it to the I. P address. 10 10 10.50 and set. To do that, you have to right click on the reservation container and click on new reservation. First, you need to type the reservation name. Let's name it. See you BC in the i p address field. The network I'd be is already populated. You just need to enter the host address 50. Now you need the Device Mac address to bind it to the I. P address. Let's bring their Windows 10 machine in front off the screen. Let's open the common prompt I with type. I become fiqh slash hole Command, and here is the Mark address. I was selected and hit the Enter Key to copy it into the clip Art. I will go back to the Windows Server VM and past the clipboard contents. For the description, I will just copy past the reservation name. Finally click on the add button to create their reservation. Let's close this window. The reservation is now created. What I am going to do now, in order to check if my reservation works, is to release the old I'd be address and ask for a new one in the Windows 10 VM. I will type these comment. I become seek slash Release forward by i p config slash ReNu command, it needs a few seconds in order to complete. Okay, you can't see that The new I P address is now 10 10 $10. 50. These I P address will be assigned it all the time for just this specie. Now let's see what change it in the address leases area. I need to refresh the view. You can see that the same machine has Bean assigned it the reserve it i p address and notice the lease expiration. Kahlan content the expiration dates and time has bean replace it with the reservation mentioned 33. What is DNS (Domain Name System): we humans are more comfortable. We'd name is then we'd numbers Most off people, for example, think about cities by their names and stayed off their zip code. This is why, when you need to broz the Internet, you are more likely to type the website Europe in the form off www dot Microsoft dot com and stayed off typing the website. I'd be address because it's easier to remember a name then a Siri's off numbers. But computers, however, are different from humans. They understand numbers one and zero a computer to reach a website need to translate the u . N L. You type it in your browser into its equivalent i p address. This is when name resolution comes in handy. This resolution off names toe I be addresses that computers can handle is done by the domain name system DNS for short. Back at the beginning off, the Internet name resolution was implemented with a simple text file call it hosts file that contained a simple list off all servers on the Internet and their correspondent I P addresses. But as more and more servers were added to the Internet, maintaining this fight became complicated. DNS servers implement a hierarchical method off name resolution in which servers resolve it . Only a certain segment off hostas on the intimate and delegated request is that it did not manage on Windows server operating systems. DNS servers keep records off all devices in the network and their correspondent I P addresses. So when you want to connect to a device on the network using the devices name, the DNS server will look at its records to find the artery corresponding to the device name and get the I. P address that allow you to connect to that device. It works like a phone book. If you want to go on someone and you don't have it's found number, so you take the phone book search for the person's name. You get the person's phone number. Then you can make the phone call on Windows Server 2016. A DNS server road is automatically added when you create a domain controller to add additional dominance servers just go to the several manager and added a DNS road. Go back to the reviews lectures to see how toe added a server or old, so that was a brief introduction to DNS concepts. We will go in more details in the next lessons. Thank you for watching 34. Understand DNS Zones and Records: what he's a DNS zone. A DNS zone is a portion off the domain name space that contains DNS resource records that allow any client to look up any name. If my dominate is corporate artisan tech dot come a d n a zone for that doorman he's created and we'd contain or network devices that are part off this dough. Men and their corresponding I p addresses. There are mainly to the end zone types forwards look absorbs these types off zone resolve names to I P addresses. For example, if a user won't storage, a server was in its name. The request is sent to the Dina Sever that looks in its forward look up zones for a correspondent I p address to illustrate that type of the anus. Look up, command photo it by the host in eight. As a result, the common we'll return the fully qualified domain name off the host and its I P address. The second zone type is reverse Look up zones. It does the exact opposite. Off the forward look absorbs it's much is 90 address to the host dome ending. This is similar to know in a phone number, but not knowing the name associated with it. The river's look up results are usually created money really an example you can use to illustrate that the reversal. Look up. Zone action is the use off the Ennis. Look at comment when you type an s hook up forward by the device, I p, the DNS server will receive a request for much in this I p address toe a hosni. If the correspondent a record exists in the reverse look absorbed, the DNS server will return the fully qualified dominant name. Now let's talk about the DNS resource records at the beginning. Off this lesson, I said that the inner zones contain DNS resource records that much network device name to its corresponding. I'd be address in the reality resource records can do more than much in names and I'd be addresses. Some of them can indicate which service the server they represent can deliver to the client . Here is the resource records. You may encounter host records, also known as an a record. It's the most common DNS resource record. This type off resource, a record, simply contains the name off the host and its correspondent I P address in your DNS server . Most off the resource records are a records because they are used to identify the I P addresses off most resources within a dome in the genius or seen a Marie court, but knows you to provide an alternate name to an existing host. Record 40 something If you're fine server. Deena's name is the following. You can create Ananias record with the following name file dot corp dot zinta dot com. So whenever you want to access your file server, you can just use the audience name instead off the Hosni. Because the ideas will redirect daiquiris to the house record, you can see different one off the advantages off. Using the alias is convenience. It's easier to remember the earliest name instead off the complicated Hosni. The second Advent Age off the earliest name is when you replace your seven. Imagine that you want your S users to use a new find. Sever instead off the old one. In this case, you need to change the fine server name references in each off your user's computers. But if you configure your user's computers to youth E alias, name the only change you need to make is to just point the onions toe the new find server name. You will just proceed. Win one change instead, off doing changes on every computer pointer records or prettier. The neighbors you know, connect and might be address to the hosni. They are hosted in reverse Luca resorts. If an appropriate rivers look up zone exists, a pity air record is automatically created by default When you create hostelry. Court May exchanger records are used to locate the May sever responsible for accepting the main messages on behalf off Dormant name. If you have a mail server like Microsoft Exchange in your domain, you will probably have an MX record on your DNS servers. That points to that mail server when a knee may is a center to a mailbox in your domain, the sender. Mail server will issues Dynamics. Look up a request to get the I P. Address off your main server. If a mimics record exists in your DNS servers, descending main server will establish a connection with your mail server in order to send the email. That's all for this lesson. Thank you for watching 35. Create DNS Host (A) Record: in this video, I will show you how a records are created. A quick reminder. A records are the most common DNS Resource records. It contains the name off the host and its corresponding I p address. First, let's open the Deanna's manager on the left panel off the DNS manager. There is the DNS note at the top and just below it. You have the DNS server here. I just have one day in a server in case I have many DNS servers. I will see all off them under the Deena's note. And just under the Dina server, I have the DNS zones. The two milli zones type you are going to work with a lot are the forward look observance and the reverse look up zones reverse look up zones are usually manually created and not always exist in every implementation. To display the resource records, click on the forward looking presents, then on the court doors in tech dot com zone on the right bottom is displayed the different resource records, as you can see most off the records, are a records that much is the host name with its corresponding I p address what you can notice is that some airy courts reflects the Hosni and some few others have this name same as parent folder between brackets. This means that this type off records represents the D N a server itself. Now let's see how a records are created. I am going to take this horse record for the demonstration. First, I will let the record and then try to recreate it again. Most off the air records are dynamically created by the horse itself. Usually, when the I P address is assigned to the host, the record is created on the d N A. Seven. Let's open the session on this Windows 10 books. Now I will open a common prompt and type ibeacon pick slash ReNu toe ASC d S c P server for a 90 address. The comment has completed successfully. I will switch back to the d n a server and see if the A record for that computer has been created. I need to refresh the view to see any change on. You can see that the A record has bean dynamically created, but there is a condition to be met in order that the records will be created dynamically. Let's reach to the Windows 10 workstation to see that I need to open the network. Enter FIEs properties, click on the Internet protocol version for and click on the properties button. Next, click on the advance of butter. Click on the Deanna spun it. Here is the condition These checkbooks resist that these connections addresses Indiana's must be checking. Otherwise the record will not be created. This check box is enabled by default. So if you search for a host record in your DNS server and don't find it, start by verifying if this check box is the neighborhood. No, let's do a test and see what happens. If these check box is not neighborhood first, I will let the record from the DNS set. Okay, I will switch back to the window, stand workstation and disable the checkbooks. Okay. Close. No, I will ask for renewing the I P address. Now that the has bean contributed by the DCP. Let's see if the record has been created. Let's refresh the view. You can clearly see that the A record has not being created. Remember that if the record is missing, you can't reach the host by using its Theoneste Nate. Let's do a quick test. I will issue a pink amount against the Windows 10 host. Surprisingly, there is. And that's where, where it shouldn't be the case. Logically, the explanation for that resides in won, where the DNS cache twins were clients. Square is quickly. The DNS server uses cash. This cash is refreshing periodically, so I will empty this cash to reflect the actual Deanna's come pick. No, if I ran the Pink Command again this time, the being couldn't find the host because the host a record is missing. All right, we have seen in the first part off this video how the records are dynamically created. My records can also be created manually. Manually. Add in a records can be useful in case you have some network devices that cannot dynamically create their own DNS records. For example, printers if you need to refer to your printers by their DNS names instead, off I p addresses, you need to manually create the correspondent A records to money, really create a host, a record just right, click and click on the new host country in the context menu in the name zone type of the name you want to give to the Eric court. Let's just copy the window stand host name from the common prompt. Next, I need to type the host I p address. I click own added host button, and the host record is successfully created. That's one for now. Thank you for watching. 36. Create DNS Alias Record: how to create an alias record. This is what you are going to learn in this video. A quick reminder, A C name. Aaliyah's record allow you to provide another Net name to an existing hostile court. For example, you want to give your file server a name you can remember easier instead off the complicated host may. So you create Ananias record and give it, for example, the following name files. It will be easier for you to remember these earliest name when you need to access your file server to create Ananias. See name record opened the DNS manager. Then select your doorman zone under the forward Luca Zone on the right panel, just right click to display the context menu. Then click on New Aaliyah's See name Country in the first texter zone. I will type my only a snake fights in the fully qualifying the domain name zone. I must enter the name off the host refereed by the ideas. I will just grows and search for the Hosni. Here is my find Sever. I will select it on validate. My Aaliyah's is now created and is referring to my find Sever with this fully qualified domain name. Now let's do a test. I'm going to switch to the windows 10 books right here and try to reach my find silver using the alias name. I will just typing forward by the alias Name fights and I get a reply from my fights ever. I not our test I am going to do is connecting a Muppet the network of drive to a share it for their located on the find several. My drive letter will be Z and I select the shaded for them. Notice that I am using here the alias name to refer to my find several. I click finish to validates. You can see that the Muppet drive has bean created. Okay, What I'm going to do now is to change the fight seven name and see how this will impact the configuration. I said for mapping the network drive one off the benefits off using alias names is that it will avoid me to do changes on every machine that refer to the host, which I changed the name. So, for example, if I use that the fine server host name instead off the ideas to map network drives on 100 workstations. When the find several name changes, I must go on each workstation and the map. The network drive using the new find server name. I let you imagine the task. So enough talk in, I will switch to the fight server. Click on local server, click on computer name. I click on the change button. Let's say I will change the two first letters. I will replace Deezer by us. Okay, I'm asking you to enter the abdomen Credentials to perform these operations. No, I must restart the computer to reflect the change. No, that's the fights ever has restarted. I will switch to the d n a silver to make changes. Own the alias name parameters. First, I will refresh the view to make sure that the new fight Sever name has been resisted on the Deanna Sever. Yes, it has been registered, but the earliest name is still referent to the old file server name. I need to change that manually. So I am going to double click on the illusory court and they put the new find silver name here. I will just the bro's and selected the fine sever. Okay. And now the ideas is referring to the correct file. Seven. A. So now I am going on the Windows 10 machine to check if the fi server name change has any impact on my config. Let's start by a big test. First, I need to empty the cash. To be sure I am dealing with the recent DNS data. Let's issue the ping command on. I get reply from the file server weed than you, Hosni. Now let's tested them up the drive. I double click and my Muppet drive is still connected and I can't access the content. That's all for now. Thank you for watching. 37. Install Windows Server Backup Feature: in this video, I am going to show you how Toe added Windows Server Backup feature two other The Windows feature from the Silver Manager Council. You can click on them, management you and select Add roles and features. Or you can click on the link under the Welcome to Server Manager section on the other. Drawers and features Wizard Click next to Skip the Andrew Paige. Make sure that role BASIT or feature basic installation option is selected and click next. You have now to select the server on which you want to understand the feature. If you have added additional servers to manage on your sever manager council, then you have to pick one. I'm going to selected the local server and click next Windows Server. Backup is a feature, so I will click next to escape the Roles section and display the feature section. I'm going to scroll down the features list and search for Windows Server back heritages. I click next on the confirmation page. Make sure not to select Restarted the destination server automatically if required to avoid a starting a production server. Inadvertently, the Windows Server backup does not need a system restart after installation, but make these habits off, not checking these books on a production server. If you added the role or a feature that needs to restart the sever plant, these restarts outside work hours. Finally click the understand button and wait for the installation to complete. The installation is now complete. I will close the wizard to run the Windows Server backup. I will just open the tools menu, scroll down and click on the Windows Server backup. The Windows Server Backup Council is now displayed, and I can't start running back abs. That's all for now. Thank you for watching. 38. Perform Full Server Backup: in this video, we are going to create a four server backup in the Tools menu, scroll to the bottom and click own Windows Server backup before going ahead. Let's take a quick look at the Windows Backup Council on the left panel. You can right click on the local backups icon to display the context menu. You can see different commands. Backup schedule backup wants Rickover and configure performance sittings. As you may notice, there are the same comments on the right side off the council in the central area. You have the results off the previously performed backups with the time stamp and the results off the backup, whether it was successful or failed in the bottom, you have the status off the last back up here. It was successful the time the backup was executed. If there is any scheduled backup, you will see the details here and here we have a summary off all performance backups on the server. There are two backups. Performance. The failed backups are not counted here, and you have the date and time off the latest backup copy and the oldest one. If you want to see more details about the latest backup. Click on the View Details link. There is the bucket, the description, the backup location, the backup stages, the start time and the time and the size off the backup. Copy. Okay, a food backup will include all the server data, the applications and the system state. It's the best practice that the first back up your on would be a full server backup. Then you're a neat periodically to perform a full server backup. I'm going to click the back up plants link the bucket. Wants Command is used to perform a one time bucket in the Wizard. The only backup option available is different options. As I am not going to perform a scheduled backup, I click next on the Select Backup configuration page. There are two options. A four server backup. The recommended the option. The backup size will be 24 gigabyte. The second option is custom back up. If you want to back up the specific files and folders, you select this option on this page, I need to selected a destination off the backup copy. I can't choose between local drives and remote shared folder. If I select local drives, I can't start the backup copy on second the disk partition. If available or on the DVD drive, I click next to display more details in the backup destination. The only available one is the DVD drive. Because I don't have a second disk partition on the server, you can see that in my Windows Explorer. There is only the sea partition and the DVD drive. And if you wonder why this C drive is not available as a destination for the backup, this is for the simple reason that you can't save the buck up off the C drive on the C drive itself makes sense. I'm going to display the previous page and select the remote Sherritt folder as the back of destination. On this page, I have to enter the shared for the location. I have to enter the pat off shared folder, own another server. But if you didn't set up a second Windows server VM, where you can create this shared folder, I would show you a work around to overcome this limitation. These work around consists off creating the shared folder bone, the local server. So in the Windows Explorer, I create a new folder name it back up Now I am going to share this for her. I will keep the default access permissions and click on the share button. Okay. My shared folder is now created. I will switch to the backup wizard and entered the shared for the location by typing backslash backslash local host to refer to the local silver backslash. I can see all the shared for their available on the server. I select the backup folder in the access control section. You choose whether you want to a low access to the backup copy to specific users you select , or you can select, inherit and allow access to everybody who has access to the remote shared folder. I will keep this option and click next. The confirmation pager displays a summary off the backup configuration. I can see that there is no fight excluded from the backup. This is because I am selected a food back up here. There is the backup destination to the shared folder. The VHS copy backup is an advance it concept that we are not going to cover for now. Here I have the items to back up the bar. Metal recovery allows you to Rick over your server from scratch. It includes the back up off the local discs, the system reserved partition and the system states. Now I'm going to click on the back a button to run the backup. This will take several minutes to fully backup the server. So you have to be patient. That's it for this video. Thank you for watching. 39. Perform Custom Backup: in this video, I will show you how to perform a custom back up on a Windows sever and like the full backup , a custom backup allows you to select the items you want to back up. These items could be set off files, a folder, a system partition and and so and so the size off the backup copy could be much smaller than for a food back up. To run a custom backup, I click on the backup one link Click. Next on the first page here, I will select Custom Onda. Click next on the Select Items page. I click on the added items button to select the items I want to include in the back up. I have these four groups off items here. Barmy Trauma Recovery System, state system reserved and local disc C. If, for example, I selected the bar metal record every item, this will make all the other items selected. This is because this backup option is used to perform a full server recovery and needs all the servers data to be back. And you can notice that I can't and check the other items because they are necessary for the bar metal recovered, so you inject the other items I needed to inject the bar metal item first. In this demo, I am going to back up The users profiles data located under the users for their own. The C drive I click to selected the user Surf order and all the related sit folders. Okay, now, because the user's profiles can contain the files like photos, videos, etcetera that can increase the backup copy size, I can exclude that this finds from my pack up. To do that, I click own advance its sittings in the exclusions a section. It's explained that to exclude fights, I need to choose the location, then enter the file type like DOT MP three and daughter TMB. Let's add some finds type toe the exclusion. I click on the added exclusion button. I would select the Users folder. Okay, The location is now selected and in the file type colon or on files and folders are excluded by default. I needed to change that and enter the files type. I want to exclude dot TMP to exclude the temporary files. I will use the separator character comma and the type dot G. PG to exclude the G peg images fights on the CIF under SEC alone. I can't specify if I want to exclude that this finds from all supporters. Keep it at Yes, on I click. OK, click next for the backup destination, I will select my backup remote shared folder. Backslash backslash local host. Backslash back up. I click. Next I get a warning missile displayed because this specified remote shared folder already has a backup on. If I'd Leica next, the new backup will overwrite the old one. It's OK. On the confirmation page, I get the summary off the bucket configuration. Such the excluded files from the local disk. See the backup destination and the item I am going to back up. Finally, I click the back of button to run the backup. Good job, and thank you for watching. 40. Schedule a Backup: in this lesson, I am going to show you how to schedule a backup. When a back of is schedule it, the system will automatically around the backup task are to the scheduled time so that you don't have to worry if you are going to meet, store on the back up manually to schedule a backup click on the backup schedule link. I'm going to click next to skip the first page on this page. I have to choose between a four server backup or a custom backup. I select Custom Backup, for example, and I click next on this page. I need Toe added the items I want to back up. I will select the user's profile folder. Okay, next, here. I need to select at the time when the backup should Ron and how many times I can't select two round the back up once a day, then select the time. I can also run the backup job more than once a day and select the Times to run this job. Let's say I want to run a backup twice a day, once at 9 p.m. And another time at let's say nine AM so my backup would run every day at 9 a.m. and 9 p.m. For this demo, I'm going to select once a day, and for the time I will choose one. I am usually at this Howard. The server workload is lower. Avoid to schedule backup during working hours to not negatively impact server performance and hands users experience next On this page, I will choose where to store the backup. I can store the backup to the hard disk that is dedicated for backups. This is the recommended option because as experiment, it's the safest way to store your backup. You can then put these disks in a vault or outside the site for better protection. Be aware that if you choose this option, the disk you are going to use for backups will be formatted and can't be used. It for order proposes. Windows Server will hide this disc so that it will not be shown on the Explorer when you plugged it to with computer or a server. This is a security mechanism to avoid accidental alteration off the back up. If I click and next I can see in the available discs area, my USB drive I can choose. Let's go back and explore the order options. I can choose to back up to a volume. Chose this option if you cannot dedicate an entire disc for backups. The downside is that the backup is store it own the servers, local disk. So if the disk crashes, you lose your backup. Avoid these one. The third option is back up to a shared network folder. If you read the description low, it say's to choose this option. If you don't want to start backups locally on the server, there is a caveat here that you will only have one backup restore it on the shared folder because then US backup overwrites the old one. This is not the best option to choose if you want to have multiple restores points. In this case, the better option indicated is dedicated the hard disks for this demo. I'm going to choose the shared network folder. I get a warning message that then us back, it will Aries the oldest er, I know that OK, here, I need to type the location. Yes, here is a note that says that the backer per data cannot be securely protected for these destination. I click on the more information link to read more about that. The reason why the bucket will not be safe if started on a shared folder is that many users can access a share it for them. So if your store backups on a shaded network folder, make sure to give access permission toe only authorize it. Users that usually are members off the ICTY group. Okay, Next, I'm prompted to provide a logging juice scared in my back up. The user logon should have write access to the shared folder and should be a nad ministrations or a backup operator on the local machine. I'm going to do that. Okay. The confirmation page displays the summary off the schedule. It the backup job there is the back up time. There is no excluded file, the backup destination and the items to back up. If all seems good, click the finish button to create this castle It back up. Otherwise you can go back and change the options. My scheduled backup is successfully created and the first round is scheduled It at these dates on time. Okay. On the stagers area off the backup concert. I can see that there is now a scheduled backup at the educated sign. You can see more details by clicking on the view details link. That's all for now. Thank you for watching. 41. Examine The Backup Content: Windows Server stores. Backup copies in VSD format. It's the Windows virtual disk. Former Having a back up under the VSD format allows you to mount this disk on your Windows session and access this disc as a local disk. You can then broz the deice content. Read a file, copy that file and so forth to mount the VSD disk, I first need to locate the backup file. Hair it ease. Let's check the five properties. You can see that the type off fight is Ah, hard disk image file with devious Deeks Extension to mount individual disc. I'm going to select Mount from the Context menu. Now the virtual disk is mounted. Windows gives it the F letter, and I can use it as if it was a local disk. I have here the backup content. Let's examine it. I opened the administrator for order documents. I can, for example, restored these text file only by copying it. Go to the original location and click based. Okay, no. If for any reason you can't mount the VSD disc from Windows Explorer, you can use the Disk Management Council, open the action menu and click on Attash VSD in the location zone. Click the browse button and select the VSD disk, then kick okay to come for him. Once you complete working on your back up copy, you can in Mount VSD disk just right click on the disc letter and select eject from the context menu. The discussion is no longer attention to the system. You can use this technique as an alternative to the restore process you run from the Windows Backup Council, especially if you need to restore individual files. You can check defies version before you restore it. 42. Restore From Backups: Now that you know how to bear for a back up, it's time to learn how to recover from backups. To recover from a backup in the Windows Server Backup Council, click on the Recover Link to start the recovery wizard on the first page off the Wizard. You need to specify the backup copy location. If the backup copy is a, store it on the local server where you are running the Windows Server Backup Council, then select the first option this sever. If the backup copy is stored own remote shared folder, then select the second option. As I have stored my backup copy on this server, I'm going to keep the first option selected and click next on this page. You need to select at the back of version. You want a tour restore base it on the back up dates, depending on the back of destination you choose when you perform your backup. You can see on this page multiple backup versions if you have decided to save your backup on disk, for example. But if, like me, you selected the to save your backup on a remote shared folder, you would have only one day's worth off buck up. So I click next here, you have to specify what you want to take over. You can choose to recover files or folders. This is useful when you have a specific files or folders you want to Zurich over. But if you need to recover, um, entire volume such us all data stored on the C drive You select volumes for this demo. I'm going to restore a fight, so I keep the first option selected Onda. Click next on this page. You can broz the backup content and select the folders or the files you wanted to restore. Let's say I want to restore a file in the documents folder off the administrators provide. I'm going to be this file and click next here. You need the recovery destination. Whether you want to recover the data to the original location or another location and you specify the location here, choose in Northern location for your recovered. The data can be useful. If you are not sure about the backup version, you are about to recover. To avoid the to overwrite the original data with the wrong backup version, restore your data to another location and compare the restored data with the original one when you are sure you can then restore to the original location. But even if you selected to recover to the origin in location, you can still avoid over right in the original data by tearing the wizard. What to do when it finds items in the backup that already exists in the recovery destination. By creating copies, you can have both versions. Then you decide which one you want to keep. If you are really sure, you can choose to overwrite the existing versions with the recovered versions. Personally, I never choose this one because you can be performing the recovery task under pressure or under fatigue. And on these moments, it is very, very easy to make a mistake and overwrite a good life data with older restoring data. The third option does not recover. The items that that already exists owned the recovery destination. You can use this option to recover a mistakenly deleted fire, for example. Now I'm going to select the create copies and continue on the confirmation page. Check the recovery options you selected. If there is something wrong, you can go back and make changes if all seems right, then click the recover button. Your started the recovery process. All right. The recovery has complete. I'm going to close the Wizard. Let's check the documents. Folder Here. There is the original file, and right here they recovered Fight that has the same name preceded by the dates and time when the recovery was executed and the world copy to distinguish the two fights. Now you can compare the two files and decide which one you want to keep. Good job. Thank you for watching and see you in the next lesson. 43. Introduction To Print Servers: while in thes days and age digitalization is becoming the norm when it comes to documents. Exchange people still use paper documents, and printers have still good days ahead. There are mainly two types off printers, local printers and network printers. A local printer is directly connected to the computer through a cable, usually a USB cable. This kind off printer is dedicated to personal users. If a motor person using another computer wants to print a document on this printer, she should first access the computer attaches to the printer and then green to the document . It's not very handy. There is a possibility to share the local printer across the network. We'd order users, but the downside is that if the computer attached to the printer is shut down, no one can lunch a print, even if the printer is powered up. Because the sharing is a load via the computer, the other type off a printer is network printers, and network printer is connected to the network through either a wired or wireless connection. This is the kind off Rangers you can find it the most in the corporate world. Many users can use them at the same time. Now let's discuss how can users across the organization print their documents? Own a network printer print in a document on a network printer can be done through two methods. The first method is direct. I'd be printing, and the 2nd 1 is through a print. Sever. Direct printing is when a client computer sense it's a documents printing request directly to the printer that is no enter mediated between the computer and the printer. Let's illustrate that wheat an example. We have these architect ER, a network printer. A. B C earned the laptop, all of them connected to the organization network. Let's say the user owned the PC wanted to print a document. Harry's the document. This document will be sent across the network to the printer. Once the document riches the printer, it is first put in the printer internal memory before being processes. Let's draw the printer memory here. Okay, this is the memory. Let's put the documents in their memory. No. If, at the same time the user on the laptop has a printing request, the same process will be followed. The document is sent to the printer and the printer will start it in its and journal memory . Now let's pretend that the documents sent by the two users are big enough, and the printer internal memory is pretty small, and the user on the PC wants to print another document. This is the second document. This is the 1st 1 What happens if the PC sense it's sprinting? Request to the printer the printer will elsewhere waits. My memory is full, and I can't accept your request for now till I free up some memory space. When the first document is funny, process it. It's the let it from the memory, and the printer can receive the second documents for a printing. I guess you understand that I am exaggerating by pretending that the printer's memory can only host to documents in the real world business printer's memory size varies between 32 megabytes and the 1512 megabyte. Some higher earned business printers contain hard drivers to increase their storage capability and are intended to handle high printing demands. Now let's talk about the bring server and see how it works. The roll off a print server is to centralize clients, printing demands, clients who wants to bring the document will send it first to the prince ever, which will process it and send it to the printer to be printed. Let's illustrate that with the following example, we have the same previews architecture, with do clients, machines and a printer, and we now have a print server. As we said, the road off a print server is to centralize the clients printing requests. This is don't via sort off a que where the print server will put any document sent to him. This Q is called a spool. Let's throw these servers sport here. As you see guys, I'm not good at drawing. Nonetheless, the goal is not to paint a Picasso canvas. It's to understand how things work. All right, so this is this pool now. What happens if the user owned the PC has a document? Joe prints. The document is sent to the Prince. Ever. The prince ever will put the documents in the sport? Okay, let's say that the user owned the laptop has a document to print. Same thing here. The printing request is ascent to the sever, and the document is put in the school. The prince, ever with then process the documents in its A spool and sent them to the printer. According to their arrival order. The first document is sent to the printer, which we put it in its internal memory. Let's draw the printer's memory. This time I did it much better than the school that is the first documents. Same thing for the second document. Now the printer will process that documents received, I give you hear the big picture off how the two printing models work. Now we are going to make a comparison between the direct printing on the brain's server. Direk Sprinting is not suitable in large organizations. We have a large number of computers where deploying and updating mini printer drivers on a broad set off computers can be a nightmare for an administrator. In this situation, the print server has its full place, and that means will deploy printers drivers only on the server. Even the drivers of date is easier. The updates are done once on the server. Instead, off on each computer on a print server, you can have printing statistics and audit. You can keep track off who is bringing in what and when. From security perspective, it's an important thing. You can also control who can print the what and where on a print server, the administration and troubleshooting are centralized. If you have a driver problem to fix, you are going to do it in one place, like direct sprinting, where you are going to troubleshoot and fix the driver problem on each computer. One downside off the print server is that it's a single point of failure. If the prince ever is for some reason available, the users are not able to green their documents. These downside can be overcome by using the high availability printing through clusters. In conclusion a large organizations with a broad A set off computers and printers. The use off the print server is a necessity. On the other hand, direct printing has its place in small organisations or branch offices off large organizations with a few computers, usually under 10 computers. I help you enjoy this lesson. Thank you for watching 44. Add a Print Server Role: in this lesson, we are going to install a print server road. For that. I'm going to use the add roles and features wizard. I click on the shortcut from the welcome area we have seen in previous lesson how to add a roar or feature. So you are familiar with this wizard on the first screen, I just click. Next I keep road basic or feature basic installations selected and kick next in this screen , prompted to select the server on which I want to install the roll. I have just the local server selected in the server poor area, so the choice is pretty straightforward. I click next here. I need to select the road I want to add. It's labeled the print and document services. When I select it, I get a pop up window and for me that there are tools that are required for that role. I keep management tools. Checkbooks enable it. Then I click own at features button Next. Next. This screen is some kind off summary ization about the road I am going toe at. You can read that print and document services enable you to centralize the prints, server and network printer management task. Us blah, blah, blah, blah beloved that there is not. That explains that Windows Server 2016 supports Type three and type for printer drivers. Most recent drivers are type for the among the advantageous off using type for drivers is that users who are not members off the local administrators. A group can connect to the printer by default, so no need for an administrator to accomplish this task. The other advantage is that computers with a 32 bits operating system can connect without a 32 bit driver. Install it on the print server, but no days 32 beats. Operating systems tend to disappear, so no big deal. Okay, so I could get next on this screen. I have additional services I can't understand. In addition to the print server service, the print server is jacket by default. I can other distributed scar on server if needed. I have also the Internet print in service and that the ldb service for our lesson. I'm just going to understand the prince ever on the confirmation page. If I just need to click the start button to start the prince, ever roll installation and wait for the set up to end? I hope you enjoy this. Listen, Thank you for watching 45. Add a Printer On The Client PC: in this. Listen, we are going to add a shared printer to a Windows 10 computer. If the user has permission to print own the printer, he can add the printer by itself. No need to open an administrator session. First, I needed toe open the computer sittings in the search bark type printer, Then click on the printers and scanners owned the printers and scanners page. There are the default windows, the printers installed. Fax. Bring to PDF and XPS, a document writer to add a new printer. Click own at a printer or scanner button immediately. Windows 10. Start search in your network for available shared printers. Windows that turn has found two shared printers. The marketing printer and marketing manager. Sprinter. I'm going to understand the marketing printer. Right click on it and the click own ad device. Button windows. Start installing the printer. Okay, now the printer is ready for use. If you can't see the printer you want toe out, make sure that you set the printer has shared owned the prince ever. If despite this, the printer you want to add is still not visible, you can then add it manually. For that, I'm going to click on the at a printer or scanner to start searching for the printer. After a short period, windows displays the following option. The printer that I want is not listed. Right Click on that. Here. I can choose the method I want to use to find and add my printer. The 1st 1 allows you to add the A note printer. That it's a driver is not in the windows. Drivers cattle look. Windows will try to detect and and start the printer. In most cases, you are not going to use this option unless you have a very out printer in your network. The second option allows you to find a printer in the active directory. I click next to display the search window. I can't see the two marketing printer listed in the search results area. Not that you will see here. Only printers that's have the least in the directory option. Check it. If the option is not jacket, the printer will not appear in the search bar. If you have a large number listed in the results area and they don't want to scroll through all the list, you can't do a search on the printer name. Okay, You can also do a search by location by model on the feature set up. You can apply filters to the search you can. For example, let's check this option to display only color printers. If I click on find now, there is no result. Off course. My Samsung 16 60 printer isn't a color printer. Okay, if you select a shared printer by name option, you can then type the path to the printer. You can enter the print server name or its I P address for Do it by the printer name. If I type backslash backslash, select the print server I p address backslash Windows has Don't a search owned the priest server and displayed the shared preachers I can at so that he is not necessary to type the food. That printer name it's made my job easier. I can also add a printer using the I P Address or the hospital. I click next here. I need to type the printer host name or its I P address. Mainly, these are the three most important search methods. Toe. Add a printer in a client's computer you are going to use the most. I hope you enjoy this lesson. Thank you for watching 46. Adding a Printer On The Server: in this lesson, you are going to learn how Toe added a printer in the print. Sever how to added a printer driver, how to configure the printer sittings and then make the printer available to use on the network. So let's begin for the demo. I'm going Toe added my local Samsung Ml 16 60 USB printer. First, I'm going to open the print management constantly on the council. Under the print servers icon, I click on the local server on which I want to order the printer. The first thing I will do is added the printer driver first, then the printer. I can't do the opposite, but I prefer to do it in this order. I write a click. Then I choose are the driver in The Wizard. I click next on the first page on this page. Er, I need to selected the processor type off computers that will be using this driver. The excess 64 processor is selected by default. If you have computers Iranian 32 bits operating system on your network, you can also choose the X 86 processor, but this will not be necessary if you are are starting a type for driver as the type for driver and lows, a 32 bit computer to print on the server without explicitly and starting the 32 bit driver . Next here, I need to choose the printers manufacturer and the model. Let's search for a Samsung in the manufacturer list. Hair it ease. Now let's find the modern, um, and 16 60 headed teas. Okay, Next on the Rika page, I can't see the printer. I'm going to add the processor architecture and did the type for driving. Now I click Finish my driver was successfully at. Now I'm going to add the printer by click own bridgers by default. There are the Microsoft Virtual Printers and start print to PDF and XPS Document Writer. Both can be used to print the documents to a fine. To add my printer, I right, click and select the printer on the Wizard. First, I need to peak an installation method. If I choose, search the network for Printers. The wizard will scan the network and will show me the list off the connected printer. I can't speak for installation. I can manually other a network printer by typing its I P address What I'm going to do to add my local printer is toe added a new printer using an existing poor. My breeder is connected through a USB port, so I will select the USB port Click next here. I need to select the driver to associate with my printer. I will select the Samsung Driver. I have a stand earlier next here. I'm going to give my printer and name. I can't keep the default name or change it. I will keep some song MM 16 60 added a meaningful comment to identify the printer quickly. This can help you when you have a large number. Offerings are deployed on your network. So let's say the marketing department uses today sprinter marker Tinga. Okay, if I check this option here, I can make the sprinter share. The share Name is what users will see when searching for the printer in the network. This name can be different from the printer. May. I will keep the same name marketing. Let's delete that in the location area. You can specify the printer location. Let's say in the marketing office. In the comments area, I will type printer in the marketing office Okay. Next and I click next to finish. Okay. My printer has bean at it. I can't choose to print a test page before I close the Wizard to ensure that the installed printer is working properly. Now I could get a finish. My printer has bean added and ready for use. I hope you enjoyed this lesson. Thank you for watching. 47. Configuring The Printer: Now that my printer has Bean added to the server, let's take a look at its properties on the context menu. I click own properties on the general panel. There is the printer name, the location and the comments. If I click on preferences, I can see some default presets like the paper orientation. Okay, own the sharing panel. There is the printer share. Name this option. Here. Render a print jobs on the client computers. Check it by default and knows the clients computers to render the print job locally before sending the data to the print server to be cute and the printed before Windows Vista. The rendering job was done on the prince ever because at this time, bring servers offer more processing power than clients computers. But no days. Client computers have enough processing power to perform this task locally, the least in the dialect. Cherie option. If Jack, it will make the printer name visible in active directory, this can be useful. When you want to add this printer to a client's computer, you will search for it in active directory. Using the printer. Share me on the parts panel. There is a list off different usable printer ports. My printer is connected to the U. S. B. Port. No need to do changes on the advance a tub. You can set the printer availability, whether it's always available. Or you can set a time ranger here. Okay, here you can set the printing priority, but how it works, Let's say in the marketing department you want to prioritise managers, printing tasks over the order marketing users. You need to create two groups and affect the marketing manager, the highest Priority 99 and the Order marketing group, the lowest priority. But for that to work, I need to have to virtual printers attaches to the physical printer, and they give each virtual printer the priority set for the group. Don't worry, if you are confused, I'm going to illustrate that we'd a demo. Okay, as I have already the first visual printer set up, I'm going to at the 2nd 1 I'm going to follow the same steps, select the port, select the driver here. I'm going to give the printer another name to differentiate it from the 1st 1 Marketing managers I give the shared named the same name. The location is the same marketing office. Let's put a comment here. Perfect. I click next finish. Let's arrange the view here. Is this second, the printer. Now I am going to set the printer priority. I will type 99 the highest priority. So know when that he's hiding it owned the printer. We'd many users documents ascent to the print server. The prince ever will send the marketing managers document to the printer, even if other users documents are waiting. In this sport in the sports area, you can specify whether you want to start printing after the last page is split. The silver then will wait till all the pages are in the sport before starting. Printing. This can make the printing process a bit slow. The start printing immediately is the default selected option. This makes it the printing process faster. Another option that can be interesting is to keep printed documents. Some organizations might need to keep the track off printed documents for control or security reasons. But be careful with this option as it makes the disc a grow faster and you can run out off space quickly. The corner management plan, it allows you to manage the corners off your color printers in the security panel, you can choose who can print on this sprinter by default. Everyone can print. If I want to allow only the marketing managers users to print on the sprinter. I will let the everyone group then added the marketing and managers a group off course. The administrator has full rights on the printer on the device, sitting spun and there are some defaults. Printer settings said that you seldom need to change. All right, that's all for this lesson. I hope you enjoy it. 48. Automate Printer Deployment With GPOs: in this lesson, we are going to see how to automate sprinter deployments on client computers through a group policy. When you have several computers on your network, deploying the printer manually is not a fan task. Luckily, Windows Server offers us the possibility to automate this task through the use off group policies. Deploying printers through GPO's is not only handy when you have a large number off computers, but even for a small number. Imagine there is a new user that has joined it. The marketing department. Usually the administrator prepares the user PC and starts the needed the programs and creates the user accounts on active directory. If you have ah, GPU to deploy a printer, you have saving time and effort by automating this task. To deploy a printer via a GPU, get to the printer Management council right click on the printer you want to deploy, then click own Deploy with the group policy. Under the group policy object, you need to select the GP your name. But as the GPU is not yet created, I'm going to create it. I click on the Rose Garden. I need first to selected the organizational units under which I want to create. My GPO. I select the Marketing organisational Unit. I click on the create a new GPU button and give my GPO and name deploy marketing Frenzer. Okay, under deployed these printer connection to the followin There are two options. The 1st 1 I'm going to check well applies the GPU to the users, regardless off the computer used. If the user opens session on another computer, then he's computer. The printer will be deployed on the new computer also in this case, the printer for lows the user. If I select the second option, the printer will be deployed on the computers you select. In our case, it will be the marketing department computers. Now, if a marketing department users opens a session on a computer that does not belong to the marketing department group, the printer well, let not be deployed. Now I click on the add button to create the GP so the Bridger something get endless. 16 60 will be deployed through this jeep. You I click OK to apply. The action has succeeded. Now, if I click own the deployed the printer note. You can see that the Samsung printer has Bean added to the list with the Jeep Your name. Now let's open the group policy management concern to take a look at our GP. So under the marketing organisational unit, I can see my GP If I want to see their GP or details, I click on the GPU under the marketing, not click on the sitting Seppinni. You can see the path under which the policy is created. It's under user configuration policies, Windows, a sittings, printer and connections. Okay, I want to give you a tip to speed up the GPO deployment on your network. This can't improve user experience, especially if you have many GPO's on and a large network. This tip applies to any GPU you create owned. The details Stop. There is a GPU state use Dropbox You can explicitly disabled the GPU computer configuration sittings to prevent the clients PC from processing them because it will be a loss off time . As I haven't said any computer sitting for this GPU I click OK on the conformation window. You can also do the opposite and the disabled user configuration sittings when you said only the computer sittings on your GP. Now that I have set my GPU up, lets us which to the windows 10 vm. And see how this GPO will apply for this GPU to work the user that open succession should be. Place it under the marketing organisational unit. Remember that I have link it the GPU to the marketing organisational unit. Okay, I'm going to open the computer sittings type print in the search bar, then select printers and scanners. As you can see, the printer is not yet deployed to deploy the printer. I can look off then Logan or I can force the application off a DPU. And this is what I'm going to do by opening de common prompts type GP up data slash force. Wait for the GPO to apply. The GPO has applied, but I don't see the printer owned the list yet. Maybe I need the to refresh your view. So I click on the home button, opened printers and see things again. All right. Heritage is the printer is now visible. If you refresh the view and the printer is still not visible, then check the following points. Make sure that the GPU you created is linked to the right organizational unit. make sure the user exists under the right organizational unit. Make sure that the user is a load to print on this printer. You check that under the security planet by displaying the printer properties. Make sure the user's computer is connected to the network by doing a being test. That's all for now. I hope you enjoy this lesson. Thank you for watching. 49. Install File Server Role: in this lesson, we are going to install the Windows five Server wrote. Now that you are family with this task, I'm not going to spend much time on this. So from the server manager dashboard, I click on Add roles and features in the desert. I skip the first page click next on the next page. Next in the rules list, I'm going to click on this tiny triangle to display the file and storage services sub list . First, I select the five silver role, and I will also check the file server Resource Manager roared Find Server Resource Manager . House tour starts with a no you to perform, Advance said file server management tasks like defining storage. Cota's for users running stories, reports that enables you to We don't if I large files and that duplicated files. For example, find several. Resource Manager has also an interesting feature that helps you as an administrator to prevent users from storing files in the shares, base it on the file name or file extension. For example, if you don't want users to store executable xfiles MP three fights and movies in the sheriff's, otherwise they will explode their stories. Kota Okay, Click Next. Finally click on the start button and wait for the installation to end. That's all for this lesson. Thank you for watching. 50. Sharing Folders: in this lesson, we are going to see how to create shares, how to grant access rights to these shares and how to access them. So let's pretend that the marketing department asks you to allow their collaborators to share documents over the network. So you answer these requests by creating a shared folder on Give the appropriate access permissions to the marketing collaborators. Let's do that. I'm going to open Windows Explorer on this server. I have two drives. The C drive that contains the US system that fights and programs, and the G Dr dedicated to story in users data on fight servers. Usually we separate that a partition from the system partition. That way, if something goes wrong with the operating system and you are forcing jewelry and start it and they're wiping away the partition content, the user's data stay safe on their own Partition. Separating partitions has also another advantage when you need to perform a full system partition. Backup for berm, it on recovery proposes for our example, I am going to created the share under the E partition. I name this folder marketing share. There are several ways to share this folder. The 1st 1 is by a right click in. Then on the share with sub menu, I click on specific people. No, I need to choose the users. I want to share this for their weight. If I click on the drug books, I get two options. Everyone. This will make the folder available for everyone on the network and that this is not what I want. The second option find people, is what I want in dysentery. Let's say I want to share these folder with John Smith, a marketing user, So I type g dot smith click on check names to confirm that the user account exists. Okay, Don't Smith has Bean added to the authorized users list by default. Windows will grant it. Read only access permission to allow John to create files and make changes under these a shared folder. I need to give him read and writes permissions. Finally, I need that took Leake owned the share button. Now my father is shared. Okay. You can also allow the share by using the Windows Explorer share menu. We have the documents available in the context menu share with specific people and the stop sherry. Okay, Now, I'm going to switch to the Windows 10 machine and try to access the shared folder. I have already opening a session using John Smits credentials. I opened the X corner in the path area. I'm going to enter the path to the share Backslash, backslash and Explorer displays the history off parts I already used in the past. The marketing share is located only the server with these I p address. So I select this path off course. The share is empty, so I'm going to create a file for a test. Yes, the fight is created because John Smith has read and write permissions on this shape. Now I'm going to show you another way to share a folder for this propose. I'm going to create another folder owned the file server. Let's name it Finance share. Okay. Next, I right click and select properties. I click on the sharing panel. Click on the offensive sharing button on the advance that sharing window I click own shared this folder to allow the sharing in the sitting zone. You can change the sh ending if you change the shade name. This would not change the original folder name on the file server. This will create a sort off an alias. So on the client machine, when you type the share path, you will see the new share ning. You can also limit the number off Symington use users. This can help you mitigated the file server workload, for example, because the more users access simultaneously to the share, the more server resources are requested and the discount impact its performance, you can also added their comments. If you want and off course, you need to attribute access permissions by defaults. Everyone on your network has read access Permission. I'm going to give the user Jane Doe read and write permission. Jack the name. Okay, I'm going to give Jane Doe this change permission so that it can create change and the lead documents in the shared space. But if I don't remove the everyone group from the permissions, least everyone can read the share content and this is not what I want. So let's remove that click. Apply. Apply. Okay, close. Now I'm going to switch to the Windows 10 machine. I'm still in the John Smith session going to access the fi server and display the available shares what happens if I try to open the finance share? And, of course, I don't have permissions to access this share because I did the grant access rights to only Jane Doe. I want to highlight one thing about permissions. Some system administrators can do it wrong. For example, if you want to grant permissions access to the marketing group and you want to prevent the rest off, the users from accessing the marketing share do not explicitly deny access to the everyone group. This will prevent everyone, including the marketing group, from access in the shape. Why? Because users in the marketing group also belong to the everyone group and in Windows, deny permissions take precedence over a low permissions. Let's do an example so you can understand what I am talking about on the file server. I'm going to display the finals share permissions. I'm goingto rd everyone group okay by different when you under a user or a group, it's a load. The read permission. Now I'm going to give the everyone group deny permissions apply Windows is warning me about what I have done. The message clearly say's. That's by denying access to everyone. Group no one will be able to access finance share. But let's go to the end off our experiments and click Yes, to confirm my choice. Okay, I'm going now to open a session on the Windows 10 machine using Jane Doe reductions. Let's open Windows Explorer type the file server. I'd be address, Okay. And no, I'm not able to access the final share even if Jane Doe has access permissions. So if you are facing a similar situation when you are driving shooting, keep in mind these information, that's all for this lesson. Thank you. For what you 51. Map Network Drive: Hello, everyone, In this lesson, I'm going to show you how to map the network. Drive that first. Let's explain, what's a mother drive? Remember, Dr is the Association Off Drive letter weed a shared storage area over the network. You can then access the share content through the drive letter as if it were. Store it locally on your computer. No place to the demon. Too much network drive. I first open Windows Explorer in the address. Spar. I type the file server bath, as I have open it. The session using John Smith their credentials and the joint is a marketing user, so I'm going to map a network of Dr Owned the marketing share. To do that, I write a click on the share and select much network of Drive in the Context menu. Own the displayed window. You can choose the drive letter from the available letters. Here you have the share path. Do reconnect at signing checkbooks. Tell windows to automatically mapped the drive every time you signing. If the box is and jacket, you need to map its manually, which would be overwhelming, especially when you use the drive off. You can also choose to connect using different credentials. I could get finish. The drive is now Muppet to see it. I click on this PC, and Harry is my Muppet drive. We the D assigned Z letter. But like the local drives like this, see Dr the content off the Muppet Drive is available as long as you are connected to the corporate's network. If you unplug your computer from the corporate network, dim Upper Dr Content will be unavailable. Let's do a quick demon. I'm going to disable the network interface and to see if I can still access the Z drive. I need to enter the administrator or credentials to disable the network interface. Okay, the interface is disabled. Let's now open Dizzy Drive. As you can see, the text file inside the C drive is market with the cross symbol to indicate that it's not available. And when I double click, I get this error message stating that they find is currently unavailable. Fortunately, windows give us the possibility to make the Muppet Dr content available offline by creating a copy on the local computer when the user is off line, for example, working from home, he makes changes on the local copy off the document, then went back to work as soon as he connects his computer to the network, Windows will synchronize the local copy with Network Copy Tour reflect the changes made by the user. First, let's reestablish the network connection. Okay, the network connection is now available, and now my next fight he's or lying again. To make the drive content available offline, G. O and write a click owned the network of DR, then click on the always available offline option. Windows is now synchronizing the network drive content between the file server and local computer. You can see that Windows has created a second share with a Green Circle icon that indicates the content off. This share is available offline. Now let's do a test toe and see what happens if I disable the network connection the network drives seems to be an available. Let's open it. Let's open the text. Fine. Yes, it works. Defy opens even when the computer is not connected to the network. A word off caution here. If the network drive is Muppet on Hughes shared folder make, the entire network drive available offline can consume a larger space on the local computer . To avoid this situation, you can make individual folders and documents available offline instead off the entire network of Dr So ask the user which documents and folders he needs the most and make them available offline. That's all for now. Thanks for watching. 52. Map Network Drive With GPO: Hello, everyone. In this video, I'm going to show you how you can map in network drive using a group policy. The advantage off mapping the network drive through a GPO is that you can automate the task and facilitate the deployment over a large member of computers. Also, by using GPO's, you can standardize the configuration and easily change it when needed. All right, enough talkin, It's time for the demon. In this demo, I'm going to matter and network to drive to the marketing shared folder. First, let's open the Group Policy Management Council. I'm going to create and link my GPU under the marketing organisational unit. I need to give my job your name. Let's send name it, drive them up. Okay, Did GPU is created? No, I'm going to eat it the GPU and enter my configuration under the user configuration, I expand that the preferences note. Then windows sittings. Then I click own drive map to create the Muppet Drive right click on the drive mop icon. Select new, then click own Muppet. The drive on the new driver properties a window you need first to select the action. The policy will perform for them up and drive on the action. Drop down books. There are four actions de create action. If selected, we create the Muppet drive with the configuration you choose. The replace action will replace the existing Muppet the drive with a new one with the same drive letter and applied the new configuration. But if you change the drive letter and then you apply the replace action, the chippy will create a new but that the drive with the new drive letter and the result will be too. Muppet drives the updates. Action. We've created a new Muppet drive. If it does not exist And if the drive exists, the action will update the existing configuration. This is the action I'm going to use to create my Muppet drive. The last action, as its name suggests, will lead them up and drive. Okay, I select the update. Action. Next. I need to enter the path to the shared folder. I want the drive to be Muppet. You. I type backslash backslash. Next. I need the either to type of the file server. I'd be address or the name. I prefer to use the seven e to get the silver name. You can open a common prompt type. The following command Ekho computer name between the presentation assemble could be the server name based it backslash, and I need to copy the folder name. All right, the Reconnect checkbooks we letter when those two are reconnect the Muppet the drive every time the user logs in. But it seems that on Windows 10 computers, this is not necessary to check in this box. The drive will stay Muppet, even if the user signs out or are starts the computer. You can give a label to the drive. This will be displayed just after the drive letter. This can be useful to distinguish the drive if the user has more than one weapon. The drive on his session. Let's type marketing drive. Next. I need that to choose a drive letter. There are two options. I can choose a specific letter and select the letter from the list. For example, I choose the the letter. This will tend the policy to map the drive with the dealer. But if the dealer is already in use by another Muppet drive or by a physical drive, the policy will fail to map the drive. That's why I prefer to use the first option use first available starting at in this case. If the dealer is not available, the next available letter will be used. There are other options here to hide it. The drive, for example. I don't think it's useful, so I'm not going to change that and keep the default options. Now let's see what we have in the common planet. Here you have some common options that will apply to own preference items. That means if you have more than one policy preference in your GPU. For example, if you configure in one GPU, a Muppet, the drive and the blowing a printer, these parameters will apply to the two preferences, the Muppet Drive and the printer. The first option is stop processing items in this extension if nearer walkers. If I took the examples off the Muppet Drive and the printer, if during the GPO, processing a nearer walkers while trying to map the drive, the policy stops and we not process the printer deployment. You can choose thes option if the two preferences items are related to each order. Otherwise, let this option and checked run in logged on user security context with cause the policy to run under the user security context instead off the system security context, which is the different option. But for policy preferences like mapping a network drive, windows will automatically switch into the user security context. Even if this option is not, check it. Remove these items when no longer applied will cause the Muppet the drive to be in a move it when the GPU is no more, link it to the marketing organisational unit. When you choose, apply ones on Do not reapply the map. A drive is created once and the policy will never be applied again. Even if you change the preferences item configuration. For example, if you want to change later on the drive label, you will not be able to do it until you inject this option. Harry is an interesting option. Item level targeting. I'm going to check this one and click on targeting button to display the targeting editor item level targeting and neighbors. You took control if a preference item applies to a group off users or computers. If I click on the new item button, I get a wide choice off filters. I can't for example, Mutt. My drive on a specific computer greater than all marketing department computers. I can also target Computer said, that use a particular language. I can map the drive on computers. We'd the French version off Windows, for example. I can also choose to map the network of DR Only own portable computers. I can target a group off users or an individual user. Let's select this one in the user field. I need to enter the user name. Let's say I want to map the drive only on Joan Smith's computer. Okay, okay and apply. Okay, My preference item is created and you can see at the left the different options and futures previously selected. Now I'm going to switch to the Windows 10 machine and apply the GPU under John Smith session. Let's check the logged on user name. Yes, it's John Smith. Let's open the Windows Explorer team now. There is no weapon drive yet to apply the GPO. I have two options. The 1st 1 is a to log off. Then Logan. The gypsy will apply at the Logan face. The 2nd 1 is to force the GPO toe apply without quitting the user session by using the GPS data slash force Command. I type d comment. Okay, Onda hair. It is the network of Dr Is Muppet. We did the e letter. I have chosen the D later in the group Policy editor. But as the CD drive uses, the did under the GPU has used it. The next available letter after the which is the letter. Now I want to check if the GPU will apply under Jane Doe accession as Jane Doe is marketing user, the GPU should normally apply to it. But the filter I have added at the item targeting 11 should prevent the network a drive to be map it. Let's open Windows Explorer. Click on this computer And there is no mother. Dr. I want to be sure. So I'm going to refresh the GPU and force it to apply one more time again. No Muppet drive. My GPU is working as expected. That's all for now. Thanks for watching 53. Set Storage Quotas: in this lesson, you are going to learn how to set Cota's to share it for others. Indeed, users have dis tendency to consume all available storage space. You are located them by dumping into the file share or kinds of fights I have found. Users trying to store music and movies owned the file server. So unless you put the mechanism to monitor the storage, you are going to run out off storage space on the file server rapidly, and you were not here off it until you get course about people not being able toe. Add files to the file shape. Windows Server allows you to set Cota's to shared folders through Find several Resource Manager or FS arm for short. So let's open, Officer I'm tool from the Server Manager Council on the Find Server Resource Manager Council. I click owned the hotel Management. Not. Then I click ona Cota's to display the Cota's set on the server on the server. There is only one Kota set on the VM folder Now. If I click on the Kota templates link in the action pain, I will display the prettified at the Kota templates that I can use to create my kota In the first Cullen, you have the opening. Next you have the limit, which can be in gigabyte, megabyte or terabyte. Then you have the kota type. It can be hard or soft. If you apply a heart kota to the share, the user will not be able to add the additional files once the limits is Richard. On the other hand, a soft quarter will not prevent users from Adan files to the share once the limit is Richard, this can be useful if you don't want to block users from Adan files to their share completely. In this case, Fs Aram can't generate another to inform you that the hotel limits has been Richard, and you can decide on the action. You can take it toward the users. Applying the heart or the soft Qatar will depend on the policy off your organization to create a kota. I'm going to click own Cota's, then right click and select creates a coat from the context menu phone. They create Kota Window. I need to enter the path to which the Kota will apply. I will select the marketing share folder. Okay, Now I have to select how to create the coder. The first option selected by default is create Kota own Bath. The water will be applied to the folder and all its sip folders cumulatively. For example, if you apply a coat off two gigabyte to the marketing share and under marketing share, there are two SIM folders, brand and campaign. If the brand folder is one gigabyte and the campaign folder is one gigabyte, the total size is two gigabyte. So the system will consider that the Kota Off two gigabyte is Richie, the other option auto. Apply some plates and create Cota's On existing and the new sub folders. We'll apply the Kota to each new and existing folder under the bath. If I take the previous example, the two gigabytes Kota will be configure it for the brand sub folder, and another two gigabyte will be configure it for the campaign sub folder. And if I create 1/3 simple older, this one will be configured with the two gigabytes coat in the Kota Properties. I am going to define the Kota I'm going toe apply. Do the marketing share path. I have two possibilities. The 1st 1 is to use the culture template and select a kota amount from the list. The second option is to define a custom culture. I click on the custom properties of button. The first thing to do is to type a description that identifies your culture template. I type marketing Kota. Next I you need to select the Kota Limits. I will keep it to 100 megabytes for the demon. Then I need to select the Kota type Heart Qatar or Soft Kota on Dhere. I can't configure notification when the threshold is Richard like leak the add button on the main message pennant. I can't send a Neiman notification to the administrator when the coaches threshold is Richard the mean email is variable that will be replaced by the appropriate administrator email address. You can also type a specific email address if you don't want to use it. The variable. You can also send an email notification to the user who exceeded the threshold. And here you have the image subject using the Goethe Threshold valuable and the message body you can customize by using decks on variables in the event Logger planet. Yes, higher. I get a warning message informing me that there is no SMTP server to send notifications. Indeed to a low the file server resource manager To send modifications you need to have in SMTP server in your network. Otherwise it will not work. Okay, so I can send the warnings to the event Look And here is the message that will be added to the local country on the common panel, you can trigger a common or a script to perform a specific task you enter here the common path and here the common arguments I am, I get this error message because I don't type the comment bath. So I'm going to and check this. You can also generate reports like own duplicate files. There are other reports, the templates you can use, like large files on many others. Okay, Okay, I get the SMTP warning one more time. Okay. I need to handle this one. It's about the reports. I need to select the one report at least or and check the generate reports. Checkbooks. Okay. Yes. Now my threshold. The notification is created. A name a notification will be sent when 85% off the kota is consume it. And also a not really will be added to the event. Look. Okay, here is the summary off the Kota properties. I'm a going to create the Kota will be applied to the marketing share path. The limit is 100 megabytes heart and I have configured to notifications, email and event. Look, now I click on the create button. Um, ask her to save the custom properties as a template. Why not tied the name This'll one already exists. Let's try another one. Yes, my quota is created with the given perimeters. Now it's time to check if this will work. I opened Windows Explorer Open Marketing Share folder. Now I'm going to copy a big file to this further. Let's take this one. It's 71 megabytes in size based. I have added the 71 megabyte it to the folder size. Now I'm going to switch back to the FS around concert. Refresh the view. Yes, you can see that the marketing share folder Richard 70% off its site. Now let's see if I can add more than 100 megabyte to the shared folder. I could be the same. Fine. I'm going to baste it into this supplier. A sub folder and I can't do that. The missing say's That's There is not enough space because my 100 megabytes Dakota I set for the marketing shared folder can't be exceeded. Okay, let's wrap up what we have seen in this lesson. Cota's help you limits and rationalised the storage space utilization own file servers. Do you create Dakota used the Fi server Resource Manager Tool or FS Sarah in the fs er on my council. You can create a Goethe Basit own the Kota templates, or you can customize your coat. There are two types off voters hard and soft heart got us will block the user from Adan data to the folders. If the limit is Richard, the soft voters will not block users from adding more data. Even when the limit is Richard, Dakota can be applied cumulatively toe the path or individually to each SIM folder. In the path you can set notifications to alert the administrator and the user. When the Kota Threshold is Richard, this can avoid the user from being block it. All right, that's all. For now. Thanks for watching 54. File Screening: five screens is a functionality off Windows server that alos administrators to prevent users from right in certain types of files into shared folders. For example, your organization may not allow users to store audio and video files to the shares because you notice that that users are abusing and filling out the story space with their music and movies. Libraries you can't end. Use five screens to block users from writing all these MP three and and before fights five screens. Use Find name extension to decide if the file can be written to the folder or not. For example, if you want to prevent users from writing MP three audio files, you can use the aesthetics dot mp three to tell the fine screens mechanism to block any file with the MP three extension to create a fight screen. I'm going to use five. Server resource manager, too owned the left pane open. Find screening management's not. Then click on the file screens Hlinka to display the list off the existing five screens. The list is empty. No fight screen is created. Yet on this ever here, there is the five screen templates that you can use to create your file A screens. For example, The bloke audio and video files templates can be used to blok audio and video fights. The screening type can be active or passive. Active means that the user is not a low to righted. Those finds to the share passive will not prevent the user from writing those fights to the share it's used to monitor the user activity To see whether the user is abusing or not applying active or passive file screening will depend on your organization's policy in the file group. Second, there is a description off what the group off a files they template applies to. For example, here the template applies to audio and video fights here, email files, images and so forth. And here we have filed groups. It allows you to define groups off five extensions that are common and use them into your file s screen filter. For example, audio and video files group include the fine extensions related to media files such ours. A V i. MP three, MP four. Harry is the backup files, a group and many orders. Now let's create a fight screen to prevent users from story media files to the marketing share I write. A click on the select creates a fighter screen. First, I need to enter the path to which I want to apply the fi screen. Okay, in the five screen Properties area, I need to select how I want to configure file the screen properties. I can choose a five screen template from the template list. We have seen rear, so I selected the block audio and video files complaints. If you want, you can't define custom five screen properties if the templates don't cover your needs. Indian. I checked this summary. Before I click, they create bottom. The five screen applies to the marketing share folder. I'm going to block audio and video files. The screen type is active, so I'm going to Blok users from storing these files types. And I have to notifications by he made and in the event look, ID lick own creates. Okay, my fight screen is created. If you want to change or add something to your screen file, just double click on it. To display the properties, I can click on the email missiles Japan in. I can check this box if I want to send a message to the administrator. If someone attempts to write a media file to the shared folder, I can type specific email address or I can insert a valuable I choose from this list. Insert valuable. Okay, the user also with your saving modification. When he attempts to write a media file to the share This way, the user will be informant off. The reason why he is not able to right the fight. It's a kind off a reminder off the organisation policy on the event Log Planet. Just ignore dismisses about SMTP server, and if you look, country will be created when the user attempts to write a media filer into the share, you can type your text in the log on three area, and you can use variables so you select from this list. You can also run a comment or a script, and you can generate a report such as the final screening audit report. Okay, now I'm going to do a test by copying a media file to the marketing share folder. I'm going to select the audio file on this video file based, and I get a message that I need permission to perform this action, so it works. Now let's talk about exceptions. What if your organization prevent users from storing for media files in the shares, but alot storing media files that users need to accomplish their job? For example, tutorials videos The efforts are on to allows you to define five screen exceptions to create a fight screen exception. I write. The click earned selector creates fine screen exception. First, I choose the path to which applied the exception. I select marketing share. I click on the create button to create my exception. Let's name the exception tutorial in the fights to include area I need to type the fine name and extension I want to add to the exception. Let's say I want to allow users to store in the share the file tutorial dots and before click add. Okay, Now I'm going to select my file group to excludes. Okay, the exception is created and apply to find group tutorial. Let's do it. This, too, and see if it works. I'm going to copy this tutorial. MP four video to the marketing share based. Yes, the exception works like expected. That's all for now. Thanks for watching