Windows Server 2008

Regular backups of network data provides the best method of protecting you from data loss.

The OSI model, consisting of the application, presentation, session, transport, network, data link, and physical layers, helps describe how data is sent and received on the network by protocol stacks.

TCP/IP (v4 and v6) is the default protocol for Windows Server 2008. It is required for Active Directory implementations and provides for connectivity on heterogeneous networks.

You must provide at least the IP address and the subnet mask to configure a TCP/IP client for an IPv4 client, unless that client obtains this information from a DHCP server. For IPv6 clients, the interface ID is generated automatically from the MAC hardware address on the network adapter. IPv6 can also use DHCP as a method to configure IP clients on the network.

The ipconfig command can be used to check a computer’s IP configuration and also renew the client’s IP address if it is provided by a DHCP server. ping can be used to check the connection between the local computer and any computer on the network, using the destination computer’s IP address.

The first domain created in a tree is referred to as the root domain. Child domains created in the tree share the same namespace as the root domain.

Installing the Active Directory on a server running Windows Server 2008 provides you with the option of creating a root domain for a domain tree or of creating child domains in an existing tree. Installing Active Directory on the server makes the server a domain controller.

When the Active Directory is installed on a server (making it a domain controller), a set of Active Directory snap-ins is provided. The Active Directory Users and Computers snap-in is used to manage Active Directory objects such as user accounts, computers, and groups. The Active Directory Domains and Trusts snap-in enables you to manage the trusts that are defined between domains. The Active Directory Sites and Services snap-in provides for the management of domain sites and subnets.

The Active Directory Users and Computers snap-in provides the tools necessary for creating user accounts and managing account properties. Properties for user accounts include settings related to logon hours, the computers to which a user can log on, and the settings related to the user’s password.

A group can contain users, computers, contacts, and other nested groups.

Universal groups are not available in a mixed-mode domain. The functional level must be raised to Windows 2003 or Windows 2008 to make these groups available.

Organizational Units can hold users, groups, computers, contacts, and other OUs. The Organizational Unit provides you with a container directly below the domain level that enables you to refine the logical hierarchy of how your users and other resources are arranged in the Active Directory.

Active Directory sites are physical locations on the network’s physical topology. Each regional domain that you create is assigned to a site. Sites typically represent one or more IP subnets that are connected by IP routers. Because sites are separated from each other by a router, the domain controllers on each site periodically replicate the Active Directory to update the Global Catalog on each site segment.

Client computer accounts can be added through the Active Directory Users and Computers snap-in. You can also create client computer accounts via the client computer by joining it to the domain via the System Properties dialog box. This requires a user account that has administrative privileges, such as members of the Domain Administrator or Enterprise Administrator groups.

The Windows Firewall must allow remote administration for a computer to be managed remotely.

Servers running Windows Server 2008 can be configured to participate in a workgroup. The server can provide some services to the workgroup peers but does not provide the security and management tools provided to domain controllers.

Group Policy provides a method of controlling user and computer configuration settings for Active Directory containers such as sites, domains, and OUs. GPOs are linked to a particular container, and then individual policies and administrative templates are enabled to control the environment for the users or computers within that particular container.

GPOs are inherited down through the Active Directory tree by default. You can block the inheritance of settings from upline GPOs (for a particular container such as an OU or a local computer) by selecting Block Inheritance for that particular object. If you want to enforce a higher-level GPO so that it overrides directly linked GPOs, you can use the Enforce command on the inherited (or upline) GPO.

GPOs and their settings, links, and other information such as permissions can be viewed in the Group Policy Management snap-in.

You can configure a Network Policy Server (a service available in the Network Policy and Access Services role). The Network Policy Server can be configured to compare desktop client settings with health validators to determine the level of network access afforded to the client.