Review and upgrading Windows Server 2012 install processes.
Windows 2012 improves Active Directory Domain services for domain controller deployments and performing administrative tasks.
Installation Process:
1. Install-WindowsFeature
2. Get-WindowsFeature
3. Install-WindowsFeature FS-FileServer
Install-WindowsFeature FS-DFS-Namespace
Install-WindowsFeature FS-DFS-Replication
Install-WindowsFeature FS-NFS-Service
Install-WindowsFeature Print-InternetServices –allsubfeatures
Install-WindowsFeature Web-Server
Install-WindowsFeature Web-Windows-Auth
Install-WindowsFeature Web-Ftp-Service
LINUX
For Linux guest OSs, you must download and install the latest release of Linux Integration
Services Version 3.4 for Hyper-V from the Microsoft Download Center. As of this writing,
the latest version is 3.4 and is available at http://www.microsoft.com/en-gb/download/
details.aspx?id=34603.
Using Enhanced Session mode
In previous versions of Hyper-V, when you open a Virtual Machine Connection window in
the Hyper-V Manager console, you receive mouse and keyboard connectivity plus a limited
cut and paste functionality. To obtain any further access, such as audio or print functionality,
you could establish a Remote Desktop Services connection to the VM, but this requires the
computers to be connected to the same network, which is not always possible.
USING DYNAMIC MEMORY
In the first versions of Hyper-V, shutting down the VM was the only way to modify its memory
allocation. In the Windows Server 2012 R2 version, however, you can use a feature called Dynamic
Memory to automatically reallocate memory to the VM from a shared memory pool as
its demands change.
Configuring pass-through disks
A pass-through disk is a type of virtual disk that points to a physical disk drive installed on the host computer. When you add a hard drive to any of the controllers in a VM, you have the option of selecting a physical hard disk as opposed to a virtual one.
To add a physical hard disk to a VM, the VM must have exclusive access to it. This means
that you must first take the disk offline in the parent OS by using the Disk Management
snap-in.
Modifying virtual disks
Windows Server 2012 R2 and Hyper-V provide several ways for administrators to manage
and manipulate VHD images without mounting them in a VM. Once you have created a VHD,
whether you have attached it to a VM or not, you can manage it by using the Edit Virtual
Hard Disk Wizard in Hyper-V Manager.
1. In Server Manager, on the Tools menu, select Hyper-V Manager to open the Hyper-V
Manager console.
2. In the left pane, select a Hyper-V server.
3. In the Actions pane, select Edit Disk. The Edit Virtual Hard Disk Wizard starts, displaying
the Before You Begin page.
4. Click Next to open the Locate Disk page.
5. Type or browse to the name of the VHD or VHDX file you want to open and click Next.
The Choose Action page appears.
6. Select one of the following functions:
■■ Compact Reduces the size of a dynamically expanding or differencing disk by
deleting empty space while leaving the disk’s capacity unchanged
■■ Convert Changes the type of format of a disk by copying the data to a new disk
image file
■■ Expand Increases the capacity of the disk by adding empty storage space to the
image file
Configuring server roles and features
Objective 2.1: Configure file and share access
Creating folder shares
sharing strategy in place by the time you are ready to create your shares. This
strategy should consist of the following information:
■■ What folders you will share
■■ What names you will assign to the shares
■■ What permissions you will grant users to the shares
■■ What Offline Files settings you will use for the shares
If you have the necessary permissions for a folder, you can share it on a Windows Server
2012 R2 computer by right-clicking the folder in any File Explorer window, selecting Share
With, Specific People from the shortcut menu,
You can specify only that the share users
receive Read permissions or Read/Write permissions to the share. If you are not the Creator
Owner of the folder, you can access the Sharing tab of the folder’s Properties sheet instead.
Clicking the Share button launches the same File Sharing dialog box.
Windows Server 2012 R2 supports two types of folder shares:
■■ Server Message Blocks (SMB) SMB is the standard file sharing protocol used by all
versions of Windows.
■■ Network File System (NFS) NFS is the standard file sharing protocol used by most
UNIX and Linux distributions.
To create a folder share by using Server Manager, use the following procedure.
1. In Server Manager, click the File and Storage Services icon and, in the submenu that
appears, click Shares. The Shares home page appears.
2. From the Tasks menu, select New Share. The New Share Wizard starts, displaying the
Select The Profile For This Share page, as shown in Figure 2-3.
3. From the File Share Profile list, select one of the following options:
■■ SMB Share–Quick Provides basic SMB sharing with full share and NTFS permissions
■■ SMB Share–Advanced Provides SMB sharing with full share and NTFS permissions
and access to services provided by File Server Resource Manager
■■ SMB Share–Applications Provides SMB sharing with settings suitable for
Hyper-V and other applications
■■ NFS Share–Quick Provides basic NFS sharing with authentication and permissions
■■ NFS Share–Advanced Provides NFS sharing with authentication and permissions
and access to services provided by File Server Resource Manager
4. Click Next. The Select The Server And Path For This Share page appears.
5. Select the server on which you want to create the share and either select a volume on
the server or specify a path to the folder you want to share. Click Next. The Specify
Share Name page appears.
6. In the Share Name text box, specify the name you want to assign to the share and click Next.
7. Select any or all of the following options:
- ■ Enable Access-Based Enumeration Prevents users from seeing les and foldersthey do not have permission to access
- ■ Allow Caching Of Share Enables of ine users to access the contents of this share
-
Enable BranchCache On The File Share Enables BranchCache servers to cache les accessed from this share
Encrypt Data Access Causes the server to encrypt remote le access to this share
- Click Next to move to the Specify Permissions To Control Access page.
- Modify the default share and NTFS permissions as needed and click Next. The Confirm Selections page appears.
-
Click Create. The View Results page appears as the wizard creates the share.
11. Close the New Share Wizard.
Assigning permissions
- Share permissions Control access to folders over a network. To access a le over a network, a user must have appropriate share permissions (and appropriate NTFS permissions if the shared folder is on an NTFS volume).
- ■ NTFS permissions Control access to the les and folders stored on disk volumes formatted with the NTFS le system. To access a le, either on the local system or over a network, a user must have the appropriate NTFS permissions.Understanding the Windows permission architecture
To store permissions, Windows elements have an access control list (ACL). An ACL is a collection of individual permissions in the form of access control entries (ACEs). Each ACE consists of a security principal (that is, the name of the user, group, or computer granted the permis- sions) and the specic permissions assigned to that security principal. When you manage per- missions in any of the Windows Server 2012 R2 permission systems, you are actually creating and modifying the ACEs in an ACL.
Understanding basic and advanced permissions
The permissions protecting a particular system element are not like the keys to a lock, which provide either full access or no access at all. Permissions are designed to be granular, enabling you to grant speci c degrees of access to security principals.
EXAM TIP
Prior to Windows Server 2012, basic permissions were known as standard permissions and advanced permissions were known as special permissions. Candidates for certi cation exams should be aware of these alternative terms.
For example, the NTFS permission system has 14 advanced permissions you can assign to a folder or le. However, there are also six basic permissions, which are various combinations of the 14 advanced permissions. You can also assign both types of permissions in a single ACE, combining a basic permission with one or more advanced permissions, to create a customized combination. In most cases, however, administrators work only with basic permissions. Many administrators rarely, if ever, have reason to work directly with advanced permissions.
Allowing and denying permissions
- ■ Additive Start with no permissions and then grant Allow permissions to individual security principals to give them the access they need.
- ■ Subtractive Start by granting all possible Allow permissions to individual security principals, giving them full control over the system element, and then grant them Deny permissions for the access you don’t want them to have.
Inheriting permissions
The most important principle in permission management is that permissions tend to run downward through a hierarchy. This is called permission inheritance. Permission inheritance means that parent elements pass their permissions down to their subordinate elements.
- Turn off inheritance When you assign advanced permissions, you can con gure an ACE not to pass its permissions down to its subordinate elements. This effectively blocks the inheritance process.
- ■ Deny permissions When you assign a Deny permission to a system element, it overrides any Allow permissions that the element might have inherited from its parent objects.
- Understanding effective access
A security principal can receive permissions in many ways, and it is important for an adminis- trator to understand how these permissions combine. The combination of Allow permissions and Deny permissions a security principal receives for a given system element—whether ex- plicitly assigned, inherited, or received through a group membership—is called the effective access for that element. Because a security principal can receive permissions from so many sources, it is not unusual for those permissions to overlap.
-
Allow permissions are cumulative. When a security principal receives Allow permissions from more than one source, the permissions are combined to form the effective access permissions.
- Deny permissions override Allow permissions. When a security principal receives Allow permissions—whether explicitly, by inheritance, or from a group—you can over- ride those permissions by granting the principal Deny permissions of the same type.
-
- Explicit permissions take precedence over inherited permissions. When a security principal receives permissions by inheriting them from a parent or from group memberships, you can override those permissions by explicitly assigning contradicting permissions to the security principal itself.
-
- Setting share permissions
-
- Windows Server 2012 R2, shared folders have their own permission system, which is independent from the other Windows permission systems. For network users to access shares on a le server, you must grant them the appropriate share permissions.
-
NOTE BYPASSING SHARE PERMISSIONS
Many le server administrators simply leave the Allow Full Control share permission to the Everyone special identity in place, essentially bypassing the share permission system, and rely solely on NTFS permissions for granular le system protection. NTFS permissions con- trol access by both local and remote users, rendering share permissions redundant.
NOTE NTFS PERMISSIONS
NTFS permissions are not limited to shared folders. Every le and folder on an NTFS volume has permissions. Although this procedure describes the process of assigning permissions to a shared folder, you can open the Properties sheet for any folder in a File Explorer window, click the Security tab, and work with its NTFS permissions in the same way.