20411D D Enayat Meer

Size: px
Start display at page:

Download "20411D D Enayat Meer"

Transcription

1 Lab A Module 8: Implementing Direct Access by Using the Getting Started Wizard Scenario: Recommended lab time is 240 Minutes {a complete class session is dedicated for this lab} Many users at A. Datum Corporation work from outside the organization. This includes mobile users as well as people who work from home. These users currently connect to the internal network by using a third-party VPN solution. The security department is concerned about the security of the external connections and wants to ensure that the connections are as secure as possible. The support team wants to minimize the number of support calls related to remote access, and would like to have more options for managing remote computers. Information Technology (IT) management at A. Datum is considering deploying DirectAccess as the remote access solution for the organization. As an initial proof-of-concept deployment, management has requested that you configure a simple DirectAccess environment that can be used with client computers running Windows 8. Exercise 1: Verifying Readiness for a DirectAccess Deployment Task 1: Document the network configuration Verify the IP Address on LON-DC1 1. Switch to LON-DC1. 2. Right-click the Start button, and then click Control Panel. 3. Under the Network and Internet section, click View network status and tasks. 4. In the Network and Sharing Center window, from the menu on the left, click Change adapter settings. 5. In the Network Connections window, right-click the Ethernet icon, and then click Properties. 6. In the Ethernet Properties dialog box, select Internet Protocol Version 4 (TCP/IPv4), and then click Properties. 7. Document the current IP address, subnet mask, default gateway, and Domain Name System (DNS) configuration. 8. Click Cancel twice, and then click Close to close the Network Connections window. Verify Network Configuration on LON-RTR 1. Switch to LON-RTR. 2. On the Start screen, click on Server Manager. 3. In the Server Manager window, on the upper right side, click on Tools, and then click Routing and Remote Access. 4. In the Routing and Remote Access console, in the left pane, right-click LON-RTR (local), and then click Disable Routing and Remote Access. 5. Click Yes in the Routing and Remote Access dialog box. This step is necessary to disable the Routing and Remote Access that was preconfigured for this lab. 6. Right-click the Start button, and then click Control Panel. 7. Under the Network and Internet section, click View network status and tasks. 8. In the Network and Sharing Center window, click Change adapter settings. 9. In the Network Connections window, verify that there are three network adapters: Ethernet, Ethernet 2, and Internet. 10. In the Network Connections window, right-click Ethernet adapter, and then click Disable. 11. In the Network Connections window, right-click Ethernet adapter and then click Enable. 12. Repeat steps 10 and 11 for Internet network connection. 13. Verify that Ethernet adapter is connected to the domain network Adatum.com. 14. Right-click the Ethernet adapter, and then click Properties. 15. In the Ethernet Properties dialog box, select Internet Protocol Version 4 (TCP/IPv4), and then click Properties. 16. Verify that the IP address corresponds with the subnet used in domain network (the IP address should be ), and then click Cancel twice. 17. Right-click the Internet adapter, and then click Properties. 18. In the Internet Properties dialog box, select Internet Protocol Version 4 (TCP/IPv4), and then click Properties EnayatMeer02@yahoo.com 1

2 19. Verify that the IP address corresponds with the subnet used to simulate Internet connectivity. The IP address should be Click Cancel twice, and then close the Network Connections window. Note: If you notice that the Internet network adapter is connected to Adatum.com, disable Routing and Remote Access service (RRAS). This is because, for DirectAccess, you will need at least one adapter to be on the external network. Verify Network Configuration on LON-CL1 1. Switch to LON-CL1. 2. Right-click the Start button, and then click Control Panel. 3. In the Control Panel window, click Network and Internet, click View Network Status and Tasks, and then click Change adapter settings. 4. Verify that the Ethernet adapter is connected to the domain network Adatum.com. 5. Right-click the Ethernet adapter, and then click Properties. 6. In the Ethernet Properties dialog box, select Internet Protocol Version 4 (TCP/IPv4), and then click Properties. 7. Document the current IP address, subnet mask, default gateway, and DNS configuration. 8. Click Cancel twice, and then click Close. Verify Network Configuration on LON-SVR1 1. Switch to LON-SVR1. 2. Right-click the Start button, and then click Control Panel. 3. Under the Network and Internet section, click View network status and tasks. 4. In the Network and Sharing Center window, from the menu on the left, click Change adapter settings. 5. Verify that the Ethernet adapter is connected to the domain network Adatum.com. 6. Right-click the Ethernet adapter, and then click Properties. 7. In Ethernet Properties, select Internet Protocol Version 4 (TCP/IPv4), and then click Properties. 8. Document the current IP address, subnet mask, default gateway, and DNS configuration. 9. Click Cancel twice, and then click Close. Verify Network Configuration on INET1 1. Switch to INET1. 2. Right-click the Start button, and then click Control Panel. 3. Under the Network and Internet section, click View network status and tasks, and then click Change adapter settings. 4. In the Network Connections window, right-click the Ethernet adapter, and in then click Properties. 5. In the Ethernet Properties dialog box, select Internet Protocol Version 4 (TCP/IPv4), and then click Properties. 6. Document the current IP address, subnet mask, and DNS configuration. 7. Click Cancel twice, and then close all open windows. Note: The INET1 server role in this module is to simulate the Internet DNS server. Task 2: Verify the server readiness for DirectAccess 1. On LON-DC1, from the taskbar, click the Server Manager console. 2. In the Server Manager console, in the upper-right corner, click Tools, and then click Active Directory Users and Computers. 3. In the Active Directory Users and Computers console tree, right-click Adatum.com, click New, and then click Organizational Unit. 4. In the New Object Organizational Unit dialog box, in the Name box, type DA_Clients OU, and then click OK. 5. In the Active Directory Users and Computers console tree, expand Adatum.com, right-click DA_Clients OU, click New, and then click Group. 6. In the New Object - Group dialog box, in the Group name box, type DA_Clients. 7. Under Group scope, ensure that Global is selected, under Group type, ensure that Security is selected, and then click OK. 8. In the details pane, right-click DA_Clients, and then click Properties EnayatMeer02@yahoo.com 2

3 9. In the DA_Clients Properties dialog box, click the Members tab, and then click Add. 10. In the Select Users, Contacts, Computers, Service Accounts, or Groups dialog box, click Object Types, select the Computers check box, and then click OK. 11. In the Enter the object names to select (examples) box, type LON-CL1, and then click OK. 12. Verify that LON-CL1 is displayed under Members, and then click OK. 13. Close the Active Directory Users and Computers console. Exercise 2: Configuring DirectAccess Task 1: Configure DirectAccess by using the Getting Started Wizard 1. Switch to LON-RTR. 2. In Server Manager, click Tools, and then select Remote Access Management. 3. In the Remote Access Management console, under Configuration, click DirectAccess and VPN. 4. Click Run the Getting Started Wizard. 5. On the Configure Remote Access page, click Deploy DirectAccess only. 6. Verify that Edge is selected, and in Type the public name or IPv4 address used by clients to connect to the Remote Access server box, type , and then click Next. 7. In the Configure Remote Access page, click the here link. Note: Ensure that you click the here link to display an additional window for configuring GPO settings and Active Directory security groups, which will contain the computers that will be affected by the DirectAccess settings. 8. On the Remote Access Review page, verify that two GPOs are created, DirectAccess Server Settings and DirectAccess Client settings. 9. Next to Remote Clients, click the Change. 10. Select Domain Computers (Adatum\Domain Computers), and then click Remove. 11. Click Add, type DA_Clients, and then click OK. 12. Clear the Enable DirectAccess for mobile computers only check box, and then click Next. 13. On the DirectAccess Client Setup page, click Finish. 14. On the Remote Access Review page, click OK. 15. On the Configure Remote Access page, click Finish to finish the DirectAccess wizard. 16. In the Applying Getting Started Wizard Settings dialog box, click Close. Exercise 3: Validating the DirectAccess Deployment Task 1: Verify the GPO deployment 1. Switch to LON-CL1. 2. When you configured the DirectAccess server, the wizard created two Group Policies and linked them to the domain. To apply them, restart LON-CL1, sign in as Adatum\Administrator by using the password Pa$$w0rd and, on LON-CL1, on the Start screen, type cmd and then press Enter to open the Command Prompt. 3. At the command prompt, type the following command, and then press Enter: gpupdate /force 4. At the command prompt, type the following command, and then press Enter: gpresult /R 5. Under the Computer Settings section, verify that the DirectAccess Client Settings GPO is applied. 6. At the command prompt, type the following command, and then press Enter: netsh name show effectivepolicy 7. Verify that following message is displayed: DNS Effective Name Resolution Policy Table Settings Note: DirectAccess settings are inactive when this computer is inside a corporate network. 8. To move the client from the intranet to the public network, on LON-CL1, to open Control Panel, at the command prompt, type control, and then press Enter. 9. In Control Panel, click Network and Sharing Center. 10. In the Network and Sharing Center window, click Change adapter settings. 11. Right-click Ethernet, and then click Disable. 12. Right-click Ethernet 2, and then click Enable EnayatMeer02@yahoo.com 3

4 13. Right-click Ethernet 2, and then click Properties. 14. In the Ethernet 2 Properties dialog box, double-click Internet Protocol Version 4 (TCP/IPv4). 15. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, ensure that the following is displayed, and then click OK: o IP address: o Subnet mask: o Preferred DNS server: In the Ethernet 2 Properties dialog box, click Close. 17. Close all open windows. Task 2: Test DirectAccess connectivity Verify Connectivity to the Internal Network Resources 1. Switch to LON-CL1. 2. On the taskbar, click the Internet Explorer icon. 3. In the Address bar, type and then press Enter. The default Internet Information Services (IIS) 8.0 web page for LON-SVR1 appears. Note: If the default Internet Information Services (IIS) 8.0 web page for LON-SVR1 doesn t appear, restart LON-CL1. After LON-CL1 restarts, sign in as Adatum\Administrator and repeat steps 2 and 3 again. 4. Leave the Windows Internet Explorer window open. 5. On the Start screen, type \\LON-SVR1\Files, and then press Enter. Note that you are able to access the folder content. 6. Close all open windows. 7. Click the Start button, on the Start screen type cmd, and then press Enter. 8. At the command prompt, type ipconfig, and then press Enter. Notice the IP address for Tunnel adapter iphttpsinterface starts with This is an IP-HTTPS address. Verify Connectivity to the DirectAccess Server 1. At the command prompt, type the following, and then press Enter. Netsh name show effectivepolicy 2. Verify that DNS Effective Name Resolution Policy Table Settings presents two entries for adatum.com and Directaccess-NLS.Adatum.com. 3. At the command prompt, type the following command, and then press Enter: Powershell 4. At the Windows PowerShell command prompt, type the following command, and then press Enter: Get-DAClientExperienceConfiguration Notice the DirectAccess client settings. Verify Client Connectivity on DirectAccess Server 1. Switch to LON-RTR. 2. Switch to the Remote Access Management console. 3. In the Console pane, click Remote Client Status. Notice that the client is connected via IPHttps. In the Connection Details pane, in the bottom-right of the screen, note the use of Kerberos for the Machine and the User. 4. Close all open windows. Note: After completing the lab, do not revert the virtual machines. Note: This section Part B is time consuming: EnayatMeer02@yahoo.com 4

5 Lab B Module 08: Deploying an Advanced DirectAccess Solution Scenario The proof-of-concept deployment of DirectAccess was a success, so IT management has decided to enable DirectAccess for all mobile clients, including computers running Windows 7. IT management also wants to ensure that the DirectAccess deployment is scalable and provides redundancy. You need to modify the proof-of-concept deployment to meet the new requirements. Exercise 1: Preparing the Environment for DirectAccess Task 1: Configure the AD DS and DNS requirements Edit the Security Group for DirectAccess Client Computers 1. Switch to LON-DC1. 2. In the Server Manager console, in the upper-right corner, click Tools, and then click Active Directory Users and Computers. 3. In the Active Directory Users and Computers console tree, click DA_Clients OU, and then in the details pane double-click DA_Clients group. 4. In the DA_Clients Properties dialog box, click the Members tab, and then click Add. 5. In the Select Users, Contacts, Computers, Service Accounts, or Groups dialog box, click Object Types, select the Computers check box, and then click OK. 6. In the Enter the object names to select (examples) box, type LON-CL3, click Check Names, and then press OK. 7. Verify that LON-CL3 and LON-CL1 are displayed below the Members list, and then click OK. 8. Close the Active Directory Users and Computers console. Create Required DNS Records 1. In the Server Manager console, click Tools, and then click DNS. 2. In the console tree of DNS Manager, expand LON-DC1\Forward Lookup Zones\Adatum.com. 3. Right-click Adatum.com, and then click New Host (A or AAAA). 4. In the Name box, type nls. In the IP address box, type Click Add Host, and then click OK. Note: The NLS record will be used by the client to determine the network location. 5. In the New Host dialog box, in the Name box, type CRL. In the IP address box, type , and then click Add Host. 6. In the DNS dialog box, which confirms that the record was created, click OK. 7. In the New Host dialog box, click Done. 8. Close the DNS Manager console. Note: The CRL record will be used by the internal clients to check the revocation status on the certificates that are used in DirectAccess. Remove ISATAP from the DNS Global Query Block 1. On the Start screen, type cmd.exe, and then press Enter to launch the Command Prompt window. 2. In the Command Prompt window, type the following command, and then press Enter: dnscmd /config /globalqueryblocklist wpad 3. Ensure that the Command completed successfully message displays. 4. Close the Command Prompt window. Configure the DNS Suffix on LON-RTR 1. Switch to LON-RTR. 2. On the Start screen, type Control Panel, and then press Enter. 3. In Control Panel, click View network status and tasks. 4. In the Network and Sharing Center window, click Change adapter settings. 5. In the Network Connection window, right-click Internet, and then click Properties. 6. In the Internet Properties dialog box, double-click Internet Protocol Version 4 (TCP/IPv4). 7. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, click Advanced. 8. On the DNS tab, in the DNS suffix for this connection box, type Adatum.com, and then click OK. 9. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, click OK. 10. In the Internet Properties dialog box, click Close. 11. Close the Network Connections window EnayatMeer02@yahoo.com 5

6 Note: The Internet client needs this suffix when resolving names for internal resources. Task 2: Configure CRL distribution Configure Certificate Requirements Note: The following steps will be performed to prepare the CA with proper extensions for the CRL distribution point, which will be included in the future certificates that will be used by the CA. 1. On LON-DC1, in Server Manager, on the Tools menu, click Certification Authority. 2. In the details pane, right-click AdatumCA, and then click Properties. 3. In the AdatumCA Properties dialog box, click the Extensions tab. 4. On the Extensions tab, click Add. In the Location box, type 5. Under Variable, click <CAName>, and then click Insert. 6. Under Variable, click <CRLNameSuffix>, and then click Insert. 7. Under Variable, click <DeltaCRLAllowed>, and then click Insert. 8. In the Location box, type.crl at the end of the Location string, and then click OK. 9. Select Include in CRLs, Clients use this to find Delta CRL locations, and Include in the CDP extension of issued certificates checkboxes, and then click Apply. 10. Click No in the dialog box that displays prompting you to restart Active Directory Certificate Services (AD CS). 11. Click Add. 12. In the Location box, type \\LON-RTR\crldist$\ 13. Under Variable, click <CaName>, and then click Insert. 14. Under Variable, click <CRLNameSuffix>, and then click Insert. 15. Under Variable, click <DeltaCRLAllowed>, and then click Insert. 16. In the Location box, type.crl at the end of the string, and then click OK. 17. Select Publish CRLs to this location and select Publish Delta CRLs to this location, and then click OK. 18. Click Yes to restart AD CS. Export Root Certificate Note: In following steps you will export the root certificate because it will be required in Labs C and D for configuring virtual private network (VPN) and Web Application Proxy. 1. In Certification Authority, right-click AdatumCA, and then select Properties. 2. On the General tab, click View Certificate. 3. In the Certificate window, click the Details tab, and then click Copy to File. 4. In the Certificate Export Wizard, click Next. 5. Select DER encoded binary x.509 (.CER), and then click Next. 6. In the File Name box, type c:\root.cer, and then click Next. 7. Click Finish to close the Certificate Export Wizard. 8. Click OK three times and then close the Certification Authority console. Task 3: Configure client certificate distribution Configure Computer Certificate Autoenrollment 1. On LON-DC1, switch to Server Manager, click Tools on the upper-right side of the window, and then click Group Policy Management. 2. In the console tree, expand Forest: Adatum.com, expand Domains, and then expand Adatum.com. 3. In the console tree, right-click Default Domain Policy, and then click Edit. 4. In the Group Policy Management Editor, navigate to Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies. 5. In the details pane, right-click Automatic Certificate Request Settings, point to New, and then click Automatic Certificate Request. 6. In the Automatic Certificate Request Setup Wizard, click Next. 7. On the Certificate Template page, click Computer, click Next, and then click Finish. 8. Close the Group Policy Management Editor and close the Group Policy Management console. Task 4: Configure the network location server and DirectAccess server certificates Request a Certificate for LON-SVR1 1. On LON-SVR1, on the Start screen, type cmd, and then press Enter to open a command prompt. 2. At the command prompt, type the following command, and then press Enter: EnayatMeer02@yahoo.com 6

7 gpupdate /force 3. At the command prompt, type the following command, and then press Enter: mmc 4. Click File, and click Add/Remove Snap-in. 5. In the Available snap-ins list, click Certificates, and then click Add. 6. In the Certificates snap-in dialog box, select Computer account, and then click Next. 7. Select Local computer, click Finish, and then click OK. 8. In the console tree of the Certificates snap-in, navigate to Certificates (Local Computer)\Personal\Certificates. 9. Right-click Certificates, point to All Tasks, and then click Request New Certificate. 10. Click Next twice. 11. On the Request Certificates page, click Adatum Web Certificate, and then click More information is required to enroll for this certificate. 12. On the Subject tab in the Certificate Properties dialog box, under Subject name, under Type, select Common name. 13. In the Value box, type nls.adatum.com, and then click Add. 14. Click OK, click Enroll, and then click Finish. 15. In the details pane of the Certificates snap-in, verify that a new certificate with the name nls.adatum.com is enrolled with Intended Purposes of Server Authentication. 16. Close the console window. When you are prompted to save settings, click No. Change the HTTPS Bindings Note: In following steps you will configure the https bindings for the host name nls.adatatum.com that will be used by the clients to determine their network location. 1. In Server Manager, click Tools, and then click Internet Information Services (IIS) Manager. 2. In the Internet Information Services (IIS) Manager message box, expand LON-SVR1 (ADATUM\Administrator), and then if the Internet Information Service Manager message box appears, click No to close the message box. 3. In the console tree of Internet Information Services (IIS) Manager, navigate to LON-SVR1/Sites, and then click Default Web site. 4. In the Actions pane, click Bindings, and then click Add. 5. In the Add Site Bindings dialog box, click https, in the Host name box type nls.adatum.com, in the SSL Certificate list, click the certificate with the name nls.adatum.com, click OK, and then click Close. 6. Close the Internet Information Services (IIS) Manager console. Configure DirectAccess Server with the Appropriate Certificate 1. Switch to LON-RTR. 2. On the Start screen, type cmd, and then press Enter. 3. At the command prompt, type the following command, and then press Enter: gpupdate /force 4. At the command prompt, type mmc, open a Microsoft Management Console, and then press Enter. 5. In the Microsoft Management Console, click File, and then click Add/Remove Snap-in. 6. In the Available snap-ins list, click Certificates, and then click Add. 7. In the Certificates snap-in dialog box, select Computer account, and then click Next. 8. Select Local computer, click Finish, and then click OK. 9. In the console tree of the Certificates snap-in, navigate to Certificates (Local Computer)\Personal\Certificates. 10. Right-click Certificates, point to All Tasks, and then click Request New Certificate. 11. Click Next twice. 12. On the Request Certificates page, click Adatum Web Certificate, and then click More information is required to enroll for this certificate. 13. On the Subject tab of the Certificate Properties dialog box, under Subject name, under Type, select Common name. 14. In the Value box, type , and then click Add. 15. Click OK, click Enroll, and then click Finish EnayatMeer02@yahoo.com 7

8 16. In the details pane of the Certificates snap-in, verify that a new certificate with the name is issued with Intended Purposes of Server Authentication. 17. Right-click the certificate, and click Properties. 18. In the Friendly Name box, type IP-HTTPS Certificate, and then click OK. 19. Close the console window. If you are prompted to save settings, click No. Note: Instead of issuing a certificate with the IP address in the subject name, in a real-world environment, you can use the FQDN of the Internet facing server that will be reachable by the external client. Create a CRL Distribution Point on LON-RTR 1. Switch to Server Manager. 2. Click Tools, and then click Internet Information Services (IIS) Manager. 3. In the Internet Information Services (IIS) Manager console, in the left pane, click LON-RTR (Adatum\Administrator). 4. If the Internet Information Service Manager message box appears, click No to close the message box. 5. In the console tree, browse to LON-RTR\Sites\Default Web Site, right-click Default Web Site, and then click Add Virtual Directory. 6. In the Add Virtual Directory dialog box, in the Alias box, type CRLD. Next to Physical path, click the ellipsis ( ) button. 7. In the Browse for Folder dialog box, click Local Disk (C:), and then click Make New Folder. 8. Type CRLDist, and then press Enter. 9. In the Browse for Folder dialog box, click OK. 10. In the Add Virtual Directory dialog box, click OK. 11. In the middle pane of the console, double-click Directory Browsing, and then in the Actions pane, click Enable. 12. In the left pane, click the CRLD folder. 13. In the middle pane of the console, under the Management section, double-click the Configuration Editor icon. 14. Click the down-arrow of the Section drop-down list, and then navigate to system.webserver\security\requestfiltering. 15. In the middle pane of the console, double-click the allowdoubleescaping entry to change the value from False to True. 16. In the Actions pane, click Apply. 17. Close Internet Information Services (IIS) Manager. Note: You need to modify the value of allowdoubleescaping to allow clients to access CRL deltas that will have a plus sign (+) appended to the filename. Share and Secure the CRL Distribution Point 1. On the taskbar, click File Explorer. 2. Double-click Local Disk (C:). 3. In the details pane of File Explorer, right-click the CRLDist folder, and then click Properties. 4. In the CRLDist Properties dialog box, click the Sharing tab, and then click Advanced Sharing. 5. In the Advanced Sharing dialog box, select Share this folder. 6. In the Share name box, type a dollar sign ($) at the end so that the share name is CRLDist$. 7. In the Advanced Sharing dialog box, click Permissions. 8. In the Permissions for CRLDist$ dialog box, click Add. 9. In the Select Users, Computers, Service Accounts, or Groups dialog box, click Object Types. 10. In the Object Types dialog box, select Computers, and then click OK. 11. In the Select Users, Computers, Service Accounts, or Groups dialog box, in the Enter the object names to select box, type LON-DC1, and then click Check Names. Click OK. 12. In the Permissions for CRLDist$ dialog box, in the Group or user names list, select LON-DC1 (ADATUM\LON-DC1$). In the Permissions for LON-DC1 area, under Full control, select Allow. Click OK. 13. In the Advanced Sharing dialog box, click OK. 14. In the CRLDist Properties dialog box, click the Security tab. 15. On the Security tab, click Edit. 16. In the Permissions for CRLDist dialog box, click Add. 17. In the Select Users, Computers, Service Accounts, or Groups dialog box, click Object Types EnayatMeer02@yahoo.com 8

9 18. In the Object Types dialog box, select Computers. Click OK. 19. In the Select Users, Computers, Service Accounts, or Groups dialog box, in the Enter the object names to select box, type LON-DC1, click Check Names, and then click OK. 20. In the Permissions for CRLDist dialog box, in the Group or user names list, select LON-DC1 (ADATUM\LON-DC1$). In the Permissions for LON-DC1 area, under Full control, select Allow, and then click OK. 21. In the CRLDist Properties dialog box, click Close. 22. Close the File Explorer window. Publish the CRL to LON-RTR This step makes the CRL available on the edge server for Internet-based DirectAccess clients. 1. Switch to LON-DC1. 2. In Server Manager, click Tools, and then click Certification Authority. 3. In the console tree, expand AdatumCA, right-click Revoked Certificates, point to All Tasks, and then click Publish. 4. In the Publish CRL dialog box, click New CRL, and then click OK. 5. On the taskbar, click File Explorer, type \\LON-RTR\CRLDist$ and then press Enter. 6. In the File Explorer window, notice the AdatumCA files. 7. Close the File Explorer window. Exercise 2: Implementing the Advanced DirectAccess Infrastructure Task 1: Modify the DirectAccess deployment Configure the Remote Access Role 1. On LON-RTR, in Server Manager, on the Tools menu, click Remote Access Management. 2. In the Remote Access Management console, click DirectAccess and VPN. 3. To select which clients will use DirectAccess, in the central pane, under step 1, click Edit. 4. On the Deployment Scenario page, click Next. 5. On the Select Groups page, verify that DA_Clients (ADATUM\DA_Clients) group is listed, and then click Next. 6. On the Network Connectivity Assistant page, under the Resource column, delete the existing record by rightclicking on the arrow and selecting Delete. 7. Double-click the empty row under the Resource column. 8. In the Configure Corporate Resources for NCA page, verify that HTTP is selected, and then type Click Validate, and then click Add. 9. In the Network Connectivity Assistant page, click Finish to close configuration for step On Step 2, click Edit. 11. On the Network Topology page, verify that Edge is selected, and then type Click Next. 13. On the Network Adapters page, clear selection for Use a self-signed certificate created automatically by DirectAccess, and then click Browse. 14. On Select Certificate dialog box, notice that there are two certificates named , one that is selfsigned and the second one that is issued by Adatum.com. Ensure that you choose the certificate that is issued by AdatumCA and is used as a certificate to authenticate IP-HTTPS connections, click OK, and then click Next. 15. On the Authentication page, select Use computer certificates, click Browse, select AdatumCA, and then click OK. 16. Select Enable Windows 7 client computers to connect via DirectAccess, and then click Finish. Note: You need to enable certificate authentication with certificates issued from a trusted CA to support Windows 7 clients. 17. In the Remote Access Setup pane, under Step 3, click Edit. 18. On the Network Location Server page, select The network location server is deployed on a remote web server (recommended); in the Type in the URL of the network location server box, type and then click Validate. 19. Ensure that the URL is validated, and then click Next EnayatMeer02@yahoo.com 9

10 20. On the DNS page, double-click an empty row below nls.adatum.com. 21. In the DNS suffix box, type crl.adatum.com, click Apply to add the entry in the Name Resolution Policy Table (NRPT) table, and then click Next. 22. In the DNS Suffix Search List page, click Next. 23. On the Management page, click Finish to close configuration for Step Under step 4, click Edit. 25. On the DirectAccess Application Server Setup page, click Finish. 26. In the central pane, click Finish to apply the changes. 27. In the Remote Access Review window, click Apply. 28. In the Applying Remote Access Setup Wizard Settings dialog box, click Close. Task 2: Verify the server and GPO configuration 1. On the Start screen, type cmd, and then press Enter. 2. At the command prompt, type the following commands, and then press Enter: gpupdate /force Ipconfig 3. Verify that LON-RTR has an IPv6 address for Tunnel adapter IP-HTTPS Interface starting with Exercise 3: Validating the DirectAccess Deployment Task 1: Verify Windows 8 client connectivity Verify DirectAccess Group Policy Configuration Settings for Windows 8 Clients 1. To move the client from the public network back to the intranet, on LON-CL1, to open Control Panel, at the command prompt, type control, and then press Enter. 2. In Control Panel, click Network and Sharing Center. 3. In the Network and Sharing Center window, click Change adapter settings. 4. Right-click Ethernet 2, and then click Disable. 5. Right-click Ethernet, and then click Enable. 6. At the command prompt, type the following command and then press Enter: gpupdate /force Note: If an error message appears, restart LON-CL1, and perform step 2 again. 7. If you are still not able to connect, perform following steps: On LON-CL1, on the Start screen, type cmd, and then press Enter. In the Command Prompt window, type regedit, press Enter, and then in the User Account Control dialog box, click Yes. In the Registry Editor window, in the navigation pane, navigate to HKLM\Software\Policies\Microsoft\Windows NT\DNSClient\DNSPolicyConfig, and notice the three entries starting with DA. In the Registry Editor window, in the navigation pane, right-click each of the entries starting with DA, click Delete, and then in the Confirm Key Delete dialog box, click Yes. Close the Registry Editor window. Note: These registry settings you just deleted are from the previous labs and they might cause problems for verifying Windows 8 client connectivity. This is why you are deleting them. Restart LON-CL1 and perform steps from 2 through 4 to verify connectivity to the default IIS 8.0 web page on LON-SVR1. 8. At the command prompt, type the following command, and then press Enter: gpresult /R 9. Verify that DirectAccess Client Settings GPO is displayed in the list of the Applied Group Policy Objects for the Computer Settings. 10. If the policy is not being applied, run the gpupdate /force command again. If the policy is still not being applied, restart the computer. After the computer restarts, sign in as Adatum\Administrator and run the Gpresult /R command again. Verify Client Computer Certificate Distribution EnayatMeer02@yahoo.com 10

11 1. On LON-CL1, in the command prompt, type mmc.exe, and then press Enter. 2. Click File, and then click Add/Remove Snap-in. 3. In the Available snap-ins list, click Certificates, and then click Add. 4. In the Certificates snap-in dialog box, select Computer account, and then click Next. 5. Select Local computer, click Finish, and then click OK. 6. In the console tree of the Certificates snap-in, navigate to Certificates (Local Computer) \Personal\Certificates. 7. In the details pane, verify that a certificate with the name LON-CL1.adatum.com is present with Intended Purposes of Client Authentication and Server Authentication. If there is no certificate issued, restart LON-CL1. After LON-CL1 restarts, sign in as Adatum\Administrator and at the command prompt run the gpupdate /force command again. 8. Close the console window. When you are prompted to save settings, click No. Verify IP Address Configuration 1. On LON-CL1, on the Start screen, click the Desktop tile. 2. On the taskbar, click the Internet Explorer icon. 3. In the Address bar, type and then press Enter. If a notification appears to indicate whether to enable private network access, click Turn on. The default IIS 8.0 web page for LON-SVR1 displays. 4. In the Address bar, type and then press Enter. The default IIS 8.0 web page for LON- SVR1 displays. 5. Leave the Internet Explorer window open. 6. On the Start screen, type \\Lon-SVR1\Files, and then press Enter. A folder window with the contents of the Files folder displays. 7. Close all open windows. Move the Client Computer to the Internet Virtual Network 1. To move the client from the intranet to the public network, on LON-CL1, to open Control Panel, at the command prompt, type control, and then press Enter. 2. In Control Panel, click Network and Sharing Center. 3. In the Network and Sharing Center window, click Change adapter settings. 4. Right-click Ethernet, and then click Disable. 5. Right-click Ethernet 2, and then click Enable. 6. Close the Network Connections window. Verify Connectivity to the DirectAccess Server 1. On LON-CL1, at the command prompt, type the following command, and then press Enter: ipconfig 2. Notice the IP address for Tunnel adapter is iphttpsinterface which starts with This is an IP-HTTPS address. 3. If you notice that there is no IP address for iphttpsinterface, type the following commands, restart the computer, and then repeat steps 1 and 2: Netsh interface teredo set state disabled Netsh interface 6to4 set state disabled Note: In this lab setup, IP-HTTPS connectivity on the firewall is enabled and other connectivity methods from the client, such as the Teredo or 6to4 tunneling protocol, are disabled. If you are planning to use the Teredo or 6to4 tunneling protocol in the production environment, you do not have to disable them. 4. At the command prompt, type the following command, and then press Enter: Netsh name show effectivepolicy Verify that DNS Effective Name Resolution Policy Table Settings is present in the three entries for adatum.com, crl.adatum.com, and nls.adatum.com. 5. At the command prompt, type the following command, and then press Enter: powershell EnayatMeer02@yahoo.com 11

12 6. At the Windows PowerShell command prompt, type the following command, and then press Enter: Get-DAClientExperienceConfiguration Notice the DirectAccess client settings. Verify Connectivity to the Internal Network Resources 1. On the taskbar, click the Internet Explorer icon. 2. In the Address bar, type and then press Enter. The default IIS 8.0 web page for LON-SVR1 displays. 3. Leave the Internet Explorer window open. 4. On the taskbar, click File Explorer, type \\LON-SVR1\Files, and then press Enter. A folder window with the contents of the Files folder appears. 5. Switch to the Command Prompt window. 6. At the command prompt, type the following command and then press Enter: ping lon-dc1.adatum.com 7. Verify that you are receiving replies from lon-dc1.adatum.com. 8. At the command prompt, type the following command, and then press Enter: gpupdate /force 9. Close all open windows. 10. Switch to LON-RTR. 11. On the taskbar, click the Remote Access Management icon. 12. In the Console pane, click Remote Client Status. Notice that LON-CL1 is connected via IP-HTTPS. In the Connection Details pane, in the bottom-right of the screen, note the use of Machine Certificate, and User Kerberos. Note: When establishing the infrastructure tunnel, NTLMv2 authentication is used to authenticate the computer account that connects to the DirectAccess server. When establishing the intranet tunnel, Kerberos authentication is used for authenticating the user. 13. Close all open windows. Task 2: Verify Windows 7 client connectivity Verify DirectAccess Group Policy Configuration Settings for Windows 7 Clients 1. Switch to LON-CL3. 2. Restart LON-CL3, and then sign in as Adatum\Administrator with the password Pa$$w0rd. This is to ensure that the LON-CL3 computer connects to the domain as a member of the DA_Clients security group. 3. If a dialog box displays with information that Windows needs to be restarted for the second time, restart LON- CL3 again, and then sign in as Adatum\Administrator with the password Pa$$w0rd. 4. Click the Start button, type cmd, and then press Enter to open the Command Prompt window. 5. At the command prompt, type the following command, and then press Enter: gpupdate /force 6. At the command prompt, type the following command, and then press Enter: gpresult /R 7. Verify that the DirectAccess Client Settings GPO is displayed in the list of the Applied Group Policy Objects for the Computer Settings. 8. If the policy is not being applied, run the gpupdate /force command again. If the policy is still not being applied, restart the computer. After the computer restarts, sign in as Adatum\Administrator and run the Gpresult /R command again. Verify Client Computer Certificate Distribution 1. On LON-CL3, click the Start button, type mmc.exe, and then press Enter. 2. Click File, and then click Add/Remove Snap-in. 3. In the Available snap-ins list, click Certificates, and then click Add. 4. In the Certificates snap-in dialog box, select Computer account, and then click Next. 5. Select Local computer, click Finish, and then click OK. In the console tree of the Certificates snap-in, navigate to Certificates (Local Computer)\Personal\Certificates EnayatMeer02@yahoo.com 12

13 6. In the details pane, verify that a certificate with the name LON-CL3.adatum.com is present with Intended Purposes of Client Authentication and Server Authentication. 7. Close the console window. When you are prompted to save settings, click No. Verify IP Address Configuration 1. On LON-CL3, on the taskbar, click the Internet Explorer icon. 2. In the Address bar, type and then press Enter. If a notification appears to indicate whether to enable private network access, click Turn on. The default IIS 8.0 web page for LON-SVR1 appears. In the Address bar, type and then press Enter. The default IIS 8.0 web page for LON-SVR1 appears. 3. Leave the Internet Explorer window open. 4. On the taskbar, click File Explorer, type \\LON-SVR1\Files, and then press Enter. A folder window with the contents of the Files folder appears. 5. Close all open windows. Move the Client Computer to the Internet Virtual Network 1. To move the client from the intranet to the public network, on LON-CL3, to open Control Panel, at the command prompt, type control, and then press Enter. 2. In Control Panel, click Network and Sharing Center. 3. In the Network and Sharing Center window, click Change adapter settings. 4. Right-click Internal, and then click Disable. 5. Right-click Internet, and then click Enable. 6. Close the Network Connections window. Verify Connectivity to the DirectAccess Server 1. On LON-CL3, click Start, type cmd, and then press Enter to open the command prompt. 2. At the command prompt, type the following command, and then press Enter: ipconfig 3. Notice the IP address for Tunnel adapter iphttpsinterface, which starts with This is an IP-HTTPS address. Note: If you notice that there is no IP address for iphttpsinterface, type the following commands, and then repeat step 2: Netsh interface teredo set state disabled Netsh interface 6to4 set state disabled Verify the IP address for Tunnel adapter iphttpsinterface, which starts with This is an IP-HTTPS address. 4. At the command prompt, type the following command, and then press Enter: Netsh name show effectivepolicy Verify that DNS Effective Name Resolution Policy Table Settings is present in the three entries for adatum.com, crl.adatum.com, and nls.adatum.com. Verify Connectivity to the Internal Network Resources 1. On the taskbar, click the Internet Explorer icon. 2. In the Address bar, type and then press Enter. The default IIS 8.0 web page for LON-SVR1 displays. 3. Leave the Internet Explorer window open. 4. On the taskbar, click File Explorer, type \\LON-SVR1\Files, and then press Enter. A folder window with the contents of the Files folder appears. 5. Switch to the Command Prompt window. 6. At the command prompt, type the following command, and then press Enter: ping lon-dc1.adatum.com 7. Verify that you are receiving replies from lon-dc1.adatum.com, and notice that the IPv6 address of LON-DC1 is resolved. This is because DirectAccess configures a GPO with firewall settings that allow IPv6 Internet Control Message Protocol (ICMP) echo replies and not IPv4 ICMP echo replies. 8. At the command prompt, type the following command, and then press Enter: gpupdate /force 9. Close all open windows. 10. Switch to LON-RTR. 11. On the taskbar, click the Remote Access Management icon EnayatMeer02@yahoo.com 13

14 12. In the Console pane, click Remote Client Status, and then, from the Tasks pane, click Refresh. In the central pane, notice that LON-CL3 is connected via IP-HTTPS. If there is still information in the central pane that LON-CL3 is connected with 6to4, from the Task pane click Refresh once again. 6to4 information should disappear because 6to4 was disabled in step 4 of the previous section in this task. 13. Close all open windows. Task 3: Monitor client connectivity 1. Switch to LON-RTR. 2. Open the Remote Access Management console, and then in the left pane, click Dashboard. 3. Review the information in the central pane under DirectAccess and VPN Client Status. 4. In the left pane, click Remote Client Status, and then in the central pane, review the information under the Connected Clients list. 5. In the left pane, click Reporting, and then in the central pane, click Configure Accounting. 6. In the Configure Accounting window, under Select Accounting Method, click Use inbox accounting, click Apply, and then click Close. 7. In the central pane, under Remote Access Reporting, review the options for monitoring historical data. Note: After completing the lab, do not revert the virtual machines. This is a lab Section C: Lab C Module 08: Implementing VPN Scenario The DirectAccess deployment is working very well, but a number of computers at A. Datum cannot connect by using DirectAccess. For example, some home users are using computers that are not members of the A.Datum.com domain. Other users are running operating system versions that do not support DirectAccess. To enable remote access for these computers, you must deploy a VPN solution. Exercise 1: Implementing VPN Task 1: Review the default VPN configuration 1. Switch to LON-RTR. 2. In the Remote Access Management Console, click DirectAccess and VPN, and from the Actions pane, under the VPN section, select Enable VPN. 3. In the Enable VPN dialog box, click OK. 4. Click Close to finish the wizard. 5. In Server Manager, on the Tools menu, click Routing and Remote Access. 6. Expand LON-RTR, right-click ports, click Properties, and then verify that 128 ports exist for SSTP, IKEv2, PPTP, and L2TP. 7. Double-click WAN Miniport (SSTP). In the Maximum ports box, type 5, and then click OK. In the Routing and Remote Access message box, click Yes. 8. Repeat step 7 for IKEv2, PPTP, and L2TP. 9. To close the Ports Properties dialog box, click OK. 10. Right-click LON-RTR (local), click Properties, and in the General tab, verify that IPv4 Remote access server is selected. 11. Click Security, and then verify that Certificate is selected for SSL Certificate Binding. 12. Click Authentication Methods, and then verify that EAP is selected as the authentication protocol and then click OK EnayatMeer02@yahoo.com 14

15 13. Click the IPv4 tab, and then verify that the VPN server is configured to assign IPv4 addressing by using Dynamic Host Configuration Protocol (DHCP). 14. To close the LON-RTR (local) Properties dialog box, click OK. Task 2: Verify certificate requirements for IKEv2 and SSTP 1. Switch to LON-RTR. 2. On the Start screen, type mmc, and then press Enter. 3. On the File menu, select Add/Remove Snap-in. 4. Select Certificates, click Add, select Computer account, and then click Next. 5. Verify that Local computer is selected, and then click Finish. 6. To close the Add or Remove Snap-in, click OK. 7. Expand Certificates (Local Computer), expand Personal, and then click Certificates. 8. Notice that certificate has been issued by AdatumCA with Intended Purpose for Server Authentication (this is required for Secure Socket Tunneling Protocol (SSTP) and Internet Key Exchange version 2 (IKEv2) VPN connectivity). 9. Close the console without saving the changes. Task 3: Configure the remote access server 1. On LON-RTR, in Server Manager, on the Tools menu, click Network Policy Server. 2. In the Network Policy Server console, in the navigation pane, expand Policies, and then click Network Policies. 3. In the details pane, right-click the policy at the top of the list, and then click Disable. 4. In the details pane, right-click the policy at the bottom of the list, and then click Disable. 5. In the navigation pane, right-click Network Policies, and then click New. 6. In the New Network Policy wizard, in the Policy name box, type VPN Policy. 7. In the Type of network access server list, click Remote Access Server(VPN-Dial up), and then click Next. 8. On the Specify Conditions page, click Add. 9. In the Select condition dialog box, click Windows Groups, and then click Add. 10. In the Windows Groups dialog box, click Add Groups. 11. In the Select Group dialog box, in the Enter the object name to select (examples) box, type IT, and then click OK. 12. Click OK again, click Next, on the Specify Access Permission page, click Access granted, and then click Next. 13. On the Configure Authentication Methods page, clear the Microsoft Encrypted Authentication (MS- CHAP) check box. 14. To add EAP Types, click Add. 15. On the Add EAP Types page, select Microsoft Secured password (EAP-MSCHAP v2), and then click OK. 16. To add EAP Types, click Add. 17. On the Add EAP Types page, select Microsoft: Smart Card or other certificate, and then click OK. 18. Click Next. 19. On the Configure Constraints page, click Next. 20. On the Configure Settings page, click Next. 21. On the Completing New Network Policy page, click Finish. Exercise 2: Validating the VPN Deployment Task 1: Remove the client computer from the domain 1. Switch to LON-CL1. 2. On the Start screen, type control, and then press Enter to open Control Panel. 3. In Control Panel, click System. 4. In the System window, under Computer name, domain and workgroup settings, click Change settings. 5. In the System Properties dialog box, click Change. 6. In the Computer Name/Domain Changes dialog box, select Workgroup, type WORKGROUP, click OK, and then in the Computer Name/Domain Changes dialog box click OK. 7. If a Windows Security dialog box appears, for username type Administrator, for password type Pa$$w0rd, and then click OK EnayatMeer02@yahoo.com 15

Module 3 Remote Desktop Gateway Estimated Time: 90 minutes

Module 3 Remote Desktop Gateway Estimated Time: 90 minutes Module 3 Remote Desktop Gateway Estimated Time: 90 minutes A. Datum Corporation provided access to web intranet web applications by implementing Web Application Proxy. Now, IT management also wants to

More information

INF204x Module 1, Lab 3 - Configure Windows 10 VPN

INF204x Module 1, Lab 3 - Configure Windows 10 VPN INF204x Module 1, Lab 3 - Configure Windows 10 VPN Estimated Time: 40 minutes Your organization plans to allow Windows 10 users to connect to the internal network by using the VPN client built into the

More information

Module 1 Web Application Proxy (WAP) Estimated Time: 120 minutes

Module 1 Web Application Proxy (WAP) Estimated Time: 120 minutes Module 1 Web Application Proxy (WAP) Estimated Time: 120 minutes The remote access deployment is working well at A. Datum Corporation, but IT management also wants to enable access to some internal applications

More information

Publication date: December 17, 2012, updated Feb. 10, Product version: Windows Server 2003, Windows Server 2008, Windows Server 2012

Publication date: December 17, 2012, updated Feb. 10, Product version: Windows Server 2003, Windows Server 2008, Windows Server 2012 Certificates rely on certification authorities to maintain an updated list of revoked certificates issued by the public key infrastructure. Certificates are revoked for a number of reasons not all revocations

More information

Module 4 Network Controller Estimated Time: 90 minutes

Module 4 Network Controller Estimated Time: 90 minutes Module 4 Network Controller Estimated Time: 90 minutes A. Datum Corporation intends to deploy and use Network Controller to manage network services and devices. You need to test a deployment of Network

More information

Module 9. Configuring IPsec. Contents:

Module 9. Configuring IPsec. Contents: Configuring IPsec 9-1 Module 9 Configuring IPsec Contents: Lesson 1: Overview of IPsec 9-3 Lesson 2: Configuring Connection Security Rules 9-11 Lesson 3: Configuring IPsec NAP Enforcement 9-21 Lab: Configuring

More information

Lab: Configuring and Troubleshooting DNS

Lab: Configuring and Troubleshooting DNS Lab: Configuring and Troubleshooting DNS A. Datum is a global engineering and manufacturing company with its head office in London, UK. An IT office and a data center are located in London to support the

More information

Windows Server 2012 Immersion Experience Enabling Secure Remote Users with RemoteApp, DirectAccess, and Dynamic Access Control

Windows Server 2012 Immersion Experience Enabling Secure Remote Users with RemoteApp, DirectAccess, and Dynamic Access Control Windows Server 2012 Immersion Experience Enabling Secure Remote Users with RemoteApp, DirectAccess, and Dynamic Access Control Windows Server 2012 Hands-on lab In this experience, you will configure a

More information

This course comes with a virtual lab environment where you can practice what you learn.

This course comes with a virtual lab environment where you can practice what you learn. INF220x Security Practical Exercises Overview This course comes with a virtual lab environment where you can practice what you learn. In most cases, the userid is Adatum\Administrator and the password

More information

Step-by-step installation guide for monitoring untrusted servers using Operations Manager

Step-by-step installation guide for monitoring untrusted servers using Operations Manager Step-by-step installation guide for monitoring untrusted servers using Operations Manager Most of the time through Operations Manager, you may require to monitor servers and clients that are located outside

More information

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: November 10, 2011

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: November 10, 2011 S/MIME on Good for Enterprise MS Online Certificate Status Protocol Installation and Configuration Notes Updated: November 10, 2011 Installing the Online Responder service... 1 Preparing the environment...

More information

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server Document ID: 112175 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Windows

More information

INF204x Module 1 Lab 1: Configuring and Troubleshooting Networking Part 1

INF204x Module 1 Lab 1: Configuring and Troubleshooting Networking Part 1 INF204x Module 1 Lab 1: Configuring and Troubleshooting Networking Part 1 Estimated Time: 90 minutes Your organization plans to implement IPv6 in their existing Active Directory environment including Windows

More information

INF204x Module 1 Lab 2: Configuring and Troubleshooting Networking Part 2

INF204x Module 1 Lab 2: Configuring and Troubleshooting Networking Part 2 INF204x Module 1 Lab 2: Configuring and Troubleshooting Networking Part 2 Estimated Time: 60 minutes Your organization plans to expand the use of IPv6 in its existing Windows Server 2012 R2 Active Directory

More information

Using the Terminal Services Gateway Lesson 10

Using the Terminal Services Gateway Lesson 10 Using the Terminal Services Gateway Lesson 10 Skills Matrix Technology Skill Objective Domain Objective # Deploying a TS Gateway Server Configure Terminal Services Gateway 2.2 Terminal Services (TS) Web

More information

Course CLD221x: Enabling Office 365 Clients

Course CLD221x: Enabling Office 365 Clients Course CLD221x: Enabling Office 365 Clients Student Lab Manual Lab Design There are five exercises in this lab, each of which contains one or more tasks. For a successful outcome to the lab, the exercises

More information

Test Lab Guide: Windows Server 2012 Base Configuration

Test Lab Guide: Windows Server 2012 Base Configuration Test Lab Guide: Windows Server 2012 Base Configuration Microsoft Corporation Published: September 10, 2012 Abstract This Microsoft Test Lab Guide (TLG) provides step- by- step instructions to create the

More information

Installation and Configuration Guide

Installation and Configuration Guide Installation and Configuration Guide 1 Document Versions: Date Version Description June, 14, 2014 1.0 Initial Release March, 14, 2016 1.1 Minor Changes 2 Installing SCUP 2011: Install WSUS (If needed).

More information

Privileged Access Agent on a Remote Desktop Services Gateway

Privileged Access Agent on a Remote Desktop Services Gateway Privileged Access Agent on a Remote Desktop Services Gateway IBM SECURITY PRIVILEGED IDENTITY MANAGER User Experience and Configuration Cookbook Version 1.0 November 2017 Contents 1. Introduction 5 2.

More information

Student Lab Manual MS100.1x: Office 365 Management

Student Lab Manual MS100.1x: Office 365 Management Student Lab Manual MS100.1x: Office 365 Management Lab Scenario You are the system administrator for Adatum Corporation, and you have Office 365 deployed in a virtualized lab environment. In this lab,

More information

App Orchestration 2.6

App Orchestration 2.6 Configuring NetScaler 10.5 Load Balancing with StoreFront 3.0 and NetScaler Gateway for Last Updated: June 04, 2015 Contents Introduction... 3 Configure the NetScaler load balancer certificates... 3 To

More information

Troubleshooting smart card logon authentication on active directory

Troubleshooting smart card logon authentication on active directory Troubleshooting smart card logon authentication on active directory Version 1.0 Prepared by: "Vincent Le Toux" Date: 2014-06-11 1 Table of Contents Table of Contents Revision History Error messages The

More information

Lab - System Utilities in Windows

Lab - System Utilities in Windows Introduction In this lab, you will use Windows utilities to configure operating system settings. Recommended Equipment The following equipment is required for this exercise: A computer running Windows

More information

VMware AirWatch Certificate Authentication for EAS with ADCS

VMware AirWatch Certificate Authentication for EAS with ADCS VMware AirWatch Certificate Authentication for EAS with ADCS For VMware AirWatch Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

More information

Implementing Messaging Security for Exchange Server Clients

Implementing Messaging Security for Exchange Server Clients Implementing Messaging Security for Exchange Server Clients Objectives Scenario At the end of this lab, you will be able to: Protect e-mail messages using S/MIME signing and encryption Manage e-mail attachment

More information

Setting up Certificate Authentication for SonicWall SRA / SMA 100 Series

Setting up Certificate Authentication for SonicWall SRA / SMA 100 Series Setting up Certificate Authentication for SonicWall SRA / SMA 100 Series SonicWall SRA and SMA devices now have the option to authenticate using Client User Certificates. This is a guide on how to implement

More information

LAB 5 IMPLEMENTING WINDOWS IN AN ENTERPRISE ENVIRONMENT

LAB 5 IMPLEMENTING WINDOWS IN AN ENTERPRISE ENVIRONMENT LAB 5 IMPLEMENTING WINDOWS IN AN ENTERPRISE ENVIRONMENT THIS LAB CONTAINS THE FOLLOWING EXERCISES AND ACTIVITIES: Exercise 5.1 Exercise 5.2 Exercise 5.3 Lab Challenge Installing the Windows Assessment

More information

Supporting Networked Computers

Supporting Networked Computers CHAPTER 7 Supporting Networked Computers After completing this chapter, you will be able to: Define the main concepts of networking, including the roles of TCP/IP, IP addresses, and subnet masks. Set up

More information

Implementing Cross-Domain Kerberos Constrained Delegation Authentication An AirWatch How-To Guide

Implementing Cross-Domain Kerberos Constrained Delegation Authentication An AirWatch How-To Guide Implementing Cross-Domain Kerberos Constrained Delegation Authentication An AirWatch How-To Guide For VMware AirWatch 1 Table of Contents Chapter 1: Overview 3 Introduction 4 Prerequisites 5 Chapter 2:

More information

This PDF Document was generated for free by the Aloaha PDF Suite If you want to learn how to make your own PDF Documents visit:

This PDF Document was generated for free by the Aloaha PDF Suite If you want to learn how to make your own PDF Documents visit: INSTALLING AND CONFIGURING A WINDOWS SERVER 2003 ENTERPRISE CERTIFICATION AUTHORITY Certification Authorities can issue certificates to users and computers for a variety of purposes. In the context of

More information

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP. For VMware AirWatch

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP. For VMware AirWatch VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP For VMware AirWatch H a v e d o c u m e n t a t io n f e e d b a c k? S u b m it a D o c u m e n t a t io n F e e d b a c k s u p p o

More information

Lab - Remote Desktop in Windows 8

Lab - Remote Desktop in Windows 8 Lab - Remote Desktop in Windows 8 Introduction In this lab, you will remotely connect to another Windows 8 computer. Recommended Equipment The following equipment is required for this exercise: Two Windows

More information

ms-help://ms.technet.2004apr.1033/ad/tnoffline/prodtechnol/ad/windows2000/howto/mapcerts.htm

ms-help://ms.technet.2004apr.1033/ad/tnoffline/prodtechnol/ad/windows2000/howto/mapcerts.htm Page 1 of 8 Active Directory Step-by-Step Guide to Mapping Certificates to User Accounts Introduction The Windows 2000 operating system provides a rich administrative model for managing user accounts.

More information

Exam Questions Demo Microsoft. Exam Questions

Exam Questions Demo   Microsoft. Exam Questions Microsoft Exam Questions 70-413 Designing and Implementing a Server Infrastructure Version:Demo 1. Your network contains an Active Directory domain. All servers run Windows Server 2012 R2. The domain contains

More information

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP For VMware AirWatch Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

More information

INF204x Module 2 Lab 2: Using Encrypting File System (EFS) on Windows 10 Clients

INF204x Module 2 Lab 2: Using Encrypting File System (EFS) on Windows 10 Clients INF204x Module 2 Lab 2: Using Encrypting File System (EFS) on Windows 10 Clients Estimated Time: 30 minutes You have a standalone Windows 10 client computer that you share with your colleagues. You plan

More information

DNSSEC Deployment Guide

DNSSEC Deployment Guide DNSSEC Deployment Guide Microsoft Corporation Updated: March 2010 Author: Shyam Seshadri, Greg Lindsay Editor: Scott Somohano Reviewers: Jeff Westhead, Wai-O Hui, Marcelo Bastos, Shyam Seshadri, Vamshi

More information

Workshop on Windows Server 2012

Workshop on Windows Server 2012 Workshop on Windows Server 2012 Topics covered on Workshop DHCP Scope Splitting. A Dynamic Host Configuration Protocol (DHCP) split-scope configuration using multiple DHCP servers allows for increased

More information

Configuring Windows 7 VPN (Agile) Client for authentication to McAfee Firewall Enterprise v8. David LePage - Enterprise Solutions Architect, Firewalls

Configuring Windows 7 VPN (Agile) Client for authentication to McAfee Firewall Enterprise v8. David LePage - Enterprise Solutions Architect, Firewalls Configuring Windows 7 VPN (Agile) Client for authentication to McAfee Firewall Enterprise v8 David LePage - Enterprise Solutions Architect, Firewalls Overview: Microsoft Windows version 7 introduced a

More information

Integration Guide. SafeNet Authentication Manager. SAM using RADIUS Protocol with Microsoft DirectAccess

Integration Guide. SafeNet Authentication Manager. SAM using RADIUS Protocol with Microsoft DirectAccess SafeNet Authentication Manager Integration Guide SAM using RADIUS Protocol with Microsoft DirectAccess Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet,

More information

PEAP under Cisco Unified Wireless Networks with ACS 4.0 and Windows 2003

PEAP under Cisco Unified Wireless Networks with ACS 4.0 and Windows 2003 PEAP under Cisco Unified Wireless Networks with ACS 4.0 and Windows 2003 Document ID: 72013 Contents Introduction Prerequisites Requirements Components Used Network Diagram Conventions Windows Enterprise

More information

Installation and Configuration Guide

Installation and Configuration Guide Installation and Configuration Guide 1 Document Versions: Date Version Description June 14, 2014 1.0 Initial Release March 14, 2016 1.1 Minor Changes June 21, 2017 1.2 Added Trusted Publishers 2 Installing

More information

Configure the IM and Presence Service to Integrate with the Microsoft Exchange Server

Configure the IM and Presence Service to Integrate with the Microsoft Exchange Server Configure the IM and Presence Service to Integrate with the Microsoft Exchange Server Configure a Presence Gateway for Microsoft Exchange Integration, page 1 SAN and Wildcard Certificate Support, page

More information

Configure DHCP for Failover Step-by-Step.

Configure DHCP for Failover Step-by-Step. Configure DHCP for Failover Step-by-Step https://technet.microsoft.com/en-us/library/hh831385.aspx Dynamic Host Configuration Protocol (DHCP) failover in Windows Server 2012 is a new method for ensuring

More information

Enabling Microsoft Outlook Calendar Notifications for Meetings Scheduled from the Cisco Unified MeetingPlace End-User Web Interface

Enabling Microsoft Outlook Calendar Notifications for Meetings Scheduled from the Cisco Unified MeetingPlace End-User Web Interface Enabling Microsoft Outlook Calendar Notifications for Meetings Scheduled from the Cisco Unified MeetingPlace End-User Web Interface Release 7.1 Revised: March 5, 2013 1:53 pm This document describes the

More information

Expert Reference Series of White Papers. DirectAccess: The New VPN

Expert Reference Series of White Papers. DirectAccess: The New VPN Expert Reference Series of White Papers DirectAccess: The New VPN 1-800-COURSES www.globalknowledge.com DirectAccess: The New VPN Mark Mizrahi, MCSE, CEH, CEI Instructor, MCT, MCTS, MCITP Introduction

More information

Copyright and Trademarks

Copyright and Trademarks Copyright and Trademarks Specops Password Reset is a trademark owned by Specops Software. All other trademarks used and mentioned in this document belong to their respective owners. 2 Contents Key Components

More information

MCSE Server Infrastructure. This Training Program prepares and enables learners to Pass Microsoft MCSE: Server Infrastructure exams

MCSE Server Infrastructure. This Training Program prepares and enables learners to Pass Microsoft MCSE: Server Infrastructure exams MCSE Server Infrastructure This Training Program prepares and enables learners to Pass Microsoft MCSE: Server Infrastructure exams 1. MCSE: Server Infrastructure / Exam 70-413 (Designing and Implementing

More information

etoken Integration Guide etoken and ISA Server 2006

etoken Integration Guide etoken and ISA Server 2006 etoken Integration Guide etoken and ISA Server 2006 March 2007 Contact Information Support If you have any questions regarding this package, its documentation and content or how to obtain a valid software

More information

SCCM Plug-in User Guide. Version 3.0

SCCM Plug-in User Guide. Version 3.0 SCCM Plug-in User Guide Version 3.0 JAMF Software, LLC 2012 JAMF Software, LLC. All rights reserved. JAMF Software has made all efforts to ensure that this guide is accurate. JAMF Software 301 4th Ave

More information

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017 BROWSER-BASED SUPPORT CONSOLE USER S GUIDE 31 January 2017 Contents 1 Introduction... 2 2 Netop Host Configuration... 2 2.1 Connecting through HTTPS using Certificates... 3 2.1.1 Self-signed certificate...

More information

BitLocker: How to enable Network Unlock

BitLocker: How to enable Network Unlock BitLocker: How to enable Network Unlock 7 out of 9 rated this helpful - Rate this topic Published: August 15, 2012 Updated: August 15, 2012 Applies To: Windows Server 2012 Windows 8 and Windows Server

More information

Enabling Secure Sockets Layer for a Microsoft SQL Server JDBC Connection

Enabling Secure Sockets Layer for a Microsoft SQL Server JDBC Connection Enabling Secure Sockets Layer for a Microsoft SQL Server JDBC Connection Secure Sockets Layer (SSL) is the standard security technology for establishing an encrypted link between a web server and a browser.

More information

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit . All right reserved. For more information about Specops Deploy and other Specops products, visit www.specopssoft.com Copyright and Trademarks Specops Deploy is a trademark owned by Specops Software. All

More information

Lab - Remote Desktop in Windows 7 and Vista

Lab - Remote Desktop in Windows 7 and Vista Lab - Remote Desktop in Windows 7 and Vista Introduction In this lab, you will remotely connect to another Windows 7 or Vista computer. Recommended Equipment The following equipment is required for this

More information

Implementing Security in Windows 2003 Network (70-299)

Implementing Security in Windows 2003 Network (70-299) Implementing Security in Windows 2003 Network (70-299) Level 1 Authorization & Authentication 2h 20m 20s 1.1 Group Strategy 1.2 Group Scopes 1.3 Built-in Groups 1.4 System or Special Groups 1.5 Administrating

More information

PRAGATHI TECHNOLOGIES BTM Marathahalli Ph:

PRAGATHI TECHNOLOGIES BTM Marathahalli Ph: PRAGATHI TECHNOLOGIES BTM Marathahalli Ph: 97420-95494 Course 20413C: Designing and Implementing a Server Infrastructure Course Outline Module 1: Planning Server Upgrade and Migration This module explains

More information

SEVENMENTOR TRAINING PVT.LTD

SEVENMENTOR TRAINING PVT.LTD Installing and Configuring Windows Server 2012 Module 1: Deploying and Managing Windows Server 2012 This module introduces students to the editions of Windows Server 2012 and the new Windows Server 2012

More information

Workspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902

Workspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902 Workspace ONE UEM Certificate Authentication for EAS with ADCS VMware Workspace ONE UEM 1902 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

RPC Over HTTP Install Windows Server 2003 Configure your Exchange 2003 front-end server as an RPC Proxy server

RPC Over HTTP Install Windows Server 2003 Configure your Exchange 2003 front-end server as an RPC Proxy server RPC Over HTTP Exchange 2003 and Outlook 2003, combined with Windows Server 2003, supports the use of RPC over HTTP to access Exchange. Using the Microsoft Windows RPC over HTTP feature eliminates the need

More information

Workspace ONE UEM Integration with RSA PKI. VMware Workspace ONE UEM 1810

Workspace ONE UEM Integration with RSA PKI. VMware Workspace ONE UEM 1810 Workspace ONE UEM Integration with RSA PKI VMware Workspace ONE UEM 1810 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments

More information

Load Balancing Microsoft 2012 DirectAccess. Deployment Guide v Copyright Loadbalancer.org, Inc

Load Balancing Microsoft 2012 DirectAccess. Deployment Guide v Copyright Loadbalancer.org, Inc Load Balancing Microsoft 2012 DirectAccess Deployment Guide v1.1.2 Copyright 2002 2017 Loadbalancer.org, Inc Table of Contents 1. About this Guide...4 2. Loadbalancer.org Appliances Supported...4 3. Loadbalancer.org

More information

70-742: Identity in Windows Server Course Overview

70-742: Identity in Windows Server Course Overview 70-742: Identity in Windows Server 2016 Course Overview This course provides students with the knowledge and skills to install and configure domain controllers, manage Active Directory objects, secure

More information

VMware AirWatch Integration with SecureAuth PKI Guide

VMware AirWatch Integration with SecureAuth PKI Guide VMware AirWatch Integration with SecureAuth PKI Guide For VMware AirWatch Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

More information

Implementing Cross- Domain Kerberos Constrained Delegation Authentication. VMware Workspace ONE UEM 1810

Implementing Cross- Domain Kerberos Constrained Delegation Authentication. VMware Workspace ONE UEM 1810 Implementing Cross- Domain Kerberos Constrained Delegation Authentication VMware Workspace ONE UEM 1810 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

List of Virtual Machines Used in This Lab

List of Virtual Machines Used in This Lab INF204x Module 3 Lab1: Deploying Windows 10 to a New Computer by Using Microsoft Deployment Toolkit Lab: Using Microsoft Deployment Toolkit 2013 Update 1 Preview to Deploy Operating Systems Overview of

More information

Course CLD209.1x Microsoft Exchange Server 2016 Hybrid Topologies

Course CLD209.1x Microsoft Exchange Server 2016 Hybrid Topologies Course CLD209.1x Microsoft Exchange Server 2016 Hybrid Topologies Getting a lab for the lab exercises The lab exercises in this course require you to log on to the Microsoft Labs Online environment to

More information

The information in this document is based on these software and hardware versions:

The information in this document is based on these software and hardware versions: Contents Introduction Prerequisites Requirements Components Used Configure Generate Certificate Signed Request Sign the Certificate on the Certificate Authority Install the Certificate Copy the certificate

More information

BlackBerry Enterprise Server for Microsoft Office 365. Version: 1.0. Administration Guide

BlackBerry Enterprise Server for Microsoft Office 365. Version: 1.0. Administration Guide BlackBerry Enterprise Server for Microsoft Office 365 Version: 1.0 Administration Guide Published: 2013-01-29 SWD-20130131125552322 Contents 1 Related resources... 18 2 About BlackBerry Enterprise Server

More information

INF214x Basic Networking Practical Exercises

INF214x Basic Networking Practical Exercises INF214x Basic Networking Practical Exercises Overview This course includes practical exercises where you can try out the techniques demonstrated in the course for yourself. This guide lists the steps for

More information

How to Set Up External CA VPN Certificates

How to Set Up External CA VPN Certificates To configure a client-to-site, or site-to-site VPN using s created by External CA, you must create the following VPN s for the VPN service to be able to authenticate Before you begin Use an external CA

More information

VMware AirWatch Integration with RSA PKI Guide

VMware AirWatch Integration with RSA PKI Guide VMware AirWatch Integration with RSA PKI Guide For VMware AirWatch Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com. This product

More information

MCSA Windows Server 2012

MCSA Windows Server 2012 MCSA Windows Server 2012 This Training Program prepares and enables learners to Pass Microsoft MCSA: Windows Server 2012 exams 1. MCSA: Windows Server 2012 / 70-410 Exam (Installing and Configuring Windows

More information

AirWatch Mobile Device Management

AirWatch Mobile Device Management RSA Ready Implementation Guide for 3rd Party PKI Applications Last Modified: November 26 th, 2014 Partner Information Product Information Partner Name Web Site Product Name Version & Platform Product Description

More information

Practical Network Defense Labs

Practical Network Defense Labs Practical Network Defense Labs ABOUT This document showcases my practical hands-on engagements in the elearnsecurity HERA labs environment for the Network Defense Professional certification course. I utilized

More information

Workspace ONE UEM Certificate Authority Integration with JCCH. VMware Workspace ONE UEM 1810

Workspace ONE UEM Certificate Authority Integration with JCCH. VMware Workspace ONE UEM 1810 Workspace ONE UEM Certificate Authority Integration with JCCH VMware Workspace ONE UEM 1810 Workspace ONE UEM Certificate Authority Integration with JCCH You can find the most up-to-date technical documentation

More information

LAB MANUAL. Craig Zacker.

LAB MANUAL. Craig Zacker. Free ebooks ==> www.ebook777.com LAB MANUAL Craig Zacker www.ebook777.com Free ebooks ==> www.ebook777.com www.ebook777.com This page is intentionally left blank Free ebooks ==> www.ebook777.com Installing

More information

Exam Questions

Exam Questions Exam Questions 70-685 Pro: Windows 7, Enterprise Desktop Support Technician https://www.2passeasy.com/dumps/70-685/ 1.Portable computer users report that they can use Internet Explorer to browse Internet

More information

Using SSL to Secure Client/Server Connections

Using SSL to Secure Client/Server Connections Using SSL to Secure Client/Server Connections Using SSL to Secure Client/Server Connections, page 1 Using SSL to Secure Client/Server Connections Introduction This chapter contains information on creating

More information

Course Outline 20742B

Course Outline 20742B Course Outline 20742B Module 1: Installing and configuring domain controllers This module describes the features of AD DS and how to install domain controllers (DCs). It also covers the considerations

More information

Integrating AirWatch and VMware Identity Manager

Integrating AirWatch and VMware Identity Manager Integrating AirWatch and VMware Identity Manager VMware AirWatch 9.1.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a

More information

Monitoring Windows Systems with WMI

Monitoring Windows Systems with WMI Monitoring Windows Systems with WMI ScienceLogic version 8.8.1 Table of Contents Introduction 4 Monitoring Windows Devices in the ScienceLogic Platform 5 What is SNMP? 5 What is WMI? 5 PowerPacks 5 Configuring

More information

How to Configure IPSec Tunneling in Windows 2000

How to Configure IPSec Tunneling in Windows 2000 Home Self Support Assisted Support Custom Support Worldwide Support How to Configure IPSec Tunneling in Windows 2000 The information in this article applies to: Article ID: Q252735 Last Reviewed: February

More information

Course Content of MCSA ( Microsoft Certified Solutions Associate )

Course Content of MCSA ( Microsoft Certified Solutions Associate ) Course Content of MCSA 2012 - ( Microsoft Certified Solutions Associate ) Total Duration of MCSA : 45 Days Exam 70-410 - Installing and Configuring Windows Server 2012 (Course 20410A Duration : 40 hrs

More information

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

VMware AirWatch Certificate Authentication for Cisco IPSec VPN VMware AirWatch Certificate Authentication for Cisco IPSec VPN For VMware AirWatch Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

More information

MCSA Guide to Networking with Windows Server 2016, Exam

MCSA Guide to Networking with Windows Server 2016, Exam MCSA Guide to Networking with Windows Server 2016, Exam 70-741 First Edition Chapter 7 Implementing Network Policy Server 2018 Cengage. All Rights Reserved. May not be copied, scanned, or duplicated, in

More information

Lab Guide. Barracuda NextGen Firewall F-Series Microsoft Azure - NGF0501

Lab Guide. Barracuda NextGen Firewall F-Series Microsoft Azure - NGF0501 Barracuda NextGen Firewall F-Series Microsoft Azure - NGF0501 Lab Guide Official training material for Barracuda certified trainings and Authorized Training Centers. Edition 2018 Revision 1.0 campus.barracuda.com

More information

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810 Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN VMware Workspace ONE UEM 1810 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

AutomaTech Application Note July 2015

AutomaTech Application Note July 2015 Installing Active Directory Domain Services (AD DS), Remote Desktop Services (RDS), GE Advantage Licensing, and GE Proficy SCADA Thin Clients on Windows Server 2012 R2 SUMMARY This application note provides

More information

edp 8.2 Info Sheet - Integrating the ediscovery Platform 8.2 & Enterprise Vault

edp 8.2 Info Sheet - Integrating the ediscovery Platform 8.2 & Enterprise Vault edp 8.2 Info Sheet - Integrating the ediscovery Platform 8.2 & Enterprise Vault 12.0.1 Date: December 2017 Author: Technical Field Enablement (II-TEC@veritas.com) Applies to: ediscovery Platform 8.x and

More information

Microsoft Certified Solutions Associate (MCSA)

Microsoft Certified Solutions Associate (MCSA) Microsoft Certified Solutions Associate (MCSA) Installing and Configuring Windows Server 2012 (70-410) Module 1: Deploying and Managing Windows Server 2012 Windows Server 2012 Overview Overview of Windows

More information

Identity with Windows Server 2016 (742)

Identity with Windows Server 2016 (742) Identity with Windows Server 2016 (742) Install and Configure Active Directory Domain Services (AD DS) Install and configure domain controllers This objective may include but is not limited to: Install

More information

MOC 20411B: Administering Windows Server Course Overview

MOC 20411B: Administering Windows Server Course Overview MOC 20411B: Administering Windows Server 2012 Course Overview This course is part two in a series of three courses that provides the skills and knowledge necessary to implement a core Windows Server 2012

More information

5.5.3 Lab: Managing Administrative Settings and Snap-ins in Windows XP

5.5.3 Lab: Managing Administrative Settings and Snap-ins in Windows XP 5.5.3 Lab: Managing Administrative Settings and Snap-ins in Windows XP Introduction Print and complete this lab. In this lab, you will use administrative tools to monitor system resources. You will also

More information

MCSA Windows Server 2012

MCSA Windows Server 2012 MCSA Windows Server 2012 This course is developed for IT professionals who need to design, plan, implement, manage and support Microsoft Windows 2012 networks or who plan to take the related MCSE and MCSA

More information

Technical Overview: Always On VPN

Technical Overview: Always On VPN Technical Overview: Always On VPN Introduction Always On VPN (AOVPN) offers a single, unified remote access solution and supports domain-joined, nondomain-joined (workgroup). AOVPN provided always on connectivity

More information

This course comes with a virtual lab environment where you can practice what you learn.

This course comes with a virtual lab environment where you can practice what you learn. INF220x Security Practical Exercises Overview This course comes with a virtual lab environment where you can practice what you learn. In most cases, the userid is Adatum\Administrator and the password

More information

Configuring EAP for Wireless Network Connectivity By Victor Zapata

Configuring EAP for Wireless Network Connectivity By Victor Zapata Configuring EAP for Wireless Network Connectivity By Victor Zapata Requirements: 1. Windows 2000 Domain Controller Service Pack 2 with hotfixes Q306260 and Q304347 OR Service Pack 3 2. Enterprise Certificate

More information

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 8 Networking Essentials

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 8 Networking Essentials A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e Chapter 8 Networking Essentials Objectives Learn about the protocols and standards Windows uses for networking Learn how to connect

More information

Identity with Windows Server 2016

Identity with Windows Server 2016 Identity with Windows Server 2016 Course 20742B - 5 Days - Instructor-led, Hands on Introduction This five-day instructor-led course teaches IT Pros how to deploy and configure Active Directory Domain

More information