Book Image

Windows Server 2012 R2 Administrator Cookbook

By : Jordan Krause
Book Image

Windows Server 2012 R2 Administrator Cookbook

By: Jordan Krause

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Windows Server 2012 R2 Administrator Cookbook
Jordan Krause
Jan, 2015 | 310 pages
No titles found
Table of Contents (17 chapters)
Windows Server 2012 R2 Administrator Cookbook
Windows Server 2012 R2 Administrator Cookbook
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Learning the Interface
Learning the Interface
Introduction
Shutting down or restarting the server
Launching Administrative Tools
Using WinKey + X for quick admin tasks
Using the Search function to launch applications quickly
Managing remote servers from a single pane with Server Manager
Using PowerShell to accomplish any function in Windows Server
Installing a role or feature
Administering Server 2012 R2 from a Windows 8.x machine
Identifying useful keyboard shortcuts in Server 2012 R2
Setting your PowerShell Execution Policy
Building and executing your first PowerShell script
Searching for PowerShell cmdlets with Get-Help
2
Core Infrastructure Tasks
Core Infrastructure Tasks
Introduction
Configuring a combination Domain Controller, DNS server, and DHCP server
Adding a second Domain Controller
Organizing your computers with Organizational Units (OUs)
Creating an A or AAAA record in DNS
Creating and using a CNAME record in DNS
Creating a DHCP scope to assign addresses to computers
Creating a DHCP reservation for a specific server or resource
Pre-staging a computer account in Active Directory
Using PowerShell to create a new Active Directory user
Using PowerShell to view system uptime
3
Security and Networking
Security and Networking
Introduction
Requiring complex passwords in your network
Using Windows Firewall with Advanced Security to block unnecessary traffic
Changing the RDP port on your server to hide access
Multi-homing your Windows Server 2012 R2
Adding a static route into the Windows routing table
Using Telnet to test a connection and network flow
Using the Pathping command to trace network traffic
Setting up NIC Teaming
Renaming and domain joining via PowerShell
4
Working with Certificates
Working with Certificates
Introduction
Setting up the first Certification Authority (CA) server in a network
Building a Subordinate Certification Authority server
Creating a certificate template to prepare for issuing machine certificates to your clients
Publishing a certificate template to allow enrollment
Using MMC to request a new certificate
Using the web interface to request a new certificate
Configuring Autoenrollment to issue certificates to all domain joined systems
5
Internet Information Services
Internet Information Services
Introduction
Installing the Web Server (IIS) role with PowerShell
Launching your first website
Changing the port on which your website runs
Adding encryption (HTTPS) to your website
Using a Certificate Signing Request (CSR) to acquire your SSL certificate
Moving an SSL certificate from one server to another
Rebinding your renewed certificates automatically
Using host headers to manage multiple websites on a single IP address
6
Remote Access
Remote Access
Introduction
DirectAccess Planning Q&A
Configuring DirectAccess, VPN, or a combination of the two
Pre-staging Group Policy Objects (GPOs) to be used by DirectAccess
Enhancing the security of DirectAccess by requiring certificate authentication
Building your Network Location Server (NLS) on its own system
Enabling Network Load Balancing (NLB) on your DirectAccess servers
Adding VPN to your existing DirectAccess server
Replacing your expiring IP-HTTPS certificate
Reporting on DirectAccess and VPN connections
7
Remote Desktop Services
Remote Desktop Services
Introduction
Building a single server Remote Desktop Services (RDS) environment
Adding an additional RDSH server to your RDS environment
Installing applications on an RD Session Host server
Disabling the redirection of local resources
Shadowing another session in RDS
Installing a printer driver to use with redirection
Removing an RD Session Host server from use for maintenance
Publishing WordPad with RemoteApp
8
Monitoring and Backup
Monitoring and Backup
Introduction
Using Server Manager as a quick monitoring tool
Using the new Task Manager to its full potential
Evaluating system performance with Windows Performance Monitor
Using Format-List to modify PowerShell data output
Configuring a full system backup using Windows Server Backup
Recovering data from a Windows backup file
Using IP Address Management (IPAM) to keep track of your used IP addresses
9
Group Policy
Group Policy
Introduction
Creating and assigning a new Group Policy Object (GPO)
Mapping network drives with Group Policy
Redirecting the My Documents folder to a network share
Creating a VPN connection with Group Policy
Creating a printer connection with Group Policy
Using Group Policy to enforce an Internet proxy server
Viewing the settings currently enabled inside a GPO
Viewing the GPOs currently assigned to a computer
Backing up and restoring GPOs
10
File Services and Data Control
File Services and Data Control
Introduction
Enabling Distributed File System (DFS) and creating a Namespace
Configuring Distributed File System Replication (DFSR)
Creating an iSCSI target on your server
Configuring an iSCSI initiator connection
Configuring Storage Spaces
Turning on data deduplication
Setting up Windows Server 2012 R2 Work Folders
Index
Index

Configuring Autoenrollment to issue certificates to all domain joined systems

A lot of the new technologies requiring certificates to be used for authentication require those certificates to be distributed on a large scale. For example, if we want to use the Computer certificate for DirectAccess authentication, we need to issue a certificate to every DirectAccess client computer. This could be thousands of laptops in your network. If we want to start encrypting traffic inside the network with IPsec and require certificates to be distributed for that purpose, you potentially would need to issue some kind of machine certificate to every computer inside your network. While you could certainly issue each by hand using either the MMC console or the CA web interface, that doesn't sound like an awful lot of fun.

Enter Autoenrollment. We can turn on this feature, which is sort of like flipping a switch in Active Directory, and in doing so we can tell AD to issue certificates automatically to the...

Previous Section
End of Chapter 4
Next Chapter