課程名稱:MCSE: Core Infrastructure (4科) 國際認可證書課程 - MCSE 2016 (Full Track) - 簡稱:MCSE Training Course (2016 Full) |
070-740 Installation, Storage, and Compute with Windows Server 2016 (72 hrs)
1. Installing Windows Server 2016 Interactively
1.1 Minimum System Requirement of Windows Server 2016
1.2 Supported In-place upgrade path from Windows Server 2012 R2
1.3 Creating a Virtual Machine suitable for installing Windows Server 2016
1.4 Desktop Experience installation
2. Common Management Task using Metro UI
2.1 To shutdown or restart the server computer
2.2 To Logoff the current user
2.3 Shortcut keys
3. Server Core
3.1 Purpose of Server Core
3.2 Installing Server Core from clean installation
3.3 Configuring a Server Core mode server with PowerShell
3.4 Configuring a Server Core mode server SCONFIG.cmd
3.5 Summary of Server Core and Server with Desktop Experience
4. Installing Active Directory Domain Services (ADDS)
4.1 Requirements of installing and running Active Directory Domain Services (ADDS)
4.2 Assigning Static IP Address for a Domain Controller
4.3 Installing ADDS by using ADDS Configuration Wizard
4.4 Verifying ADDS domain configuration
4.5 Configuring a Windows client to join domain
5. IP Address - Internet Protocol version 4 (IPv4)
5.1 Structure (結構) of IP Address
5.2 Concept of Binary Number
5.3 Network ID and Host ID
5.4 Identifying (辨認) the Network ID
5.5 重要事實
5.6 更改IP Address的步驟
6. Subnet Mask (子網路遮罩)
6.1 Use of Subnet Mask
6.2 Subnetting (子網路化)
6.3 Gateway
7. Configuring DHCP Server Role
7.1 DHCP Client and Server interaction
7.2 Installing DHCP Server Role
7.3 DHCP Scope
7.4 DHCP Address Exclusion Range
7.5 DHCP Reservation
7.6 Conflict Address Detection
7.7 DHCP Policy Based Assignment (BPA) with User Classes
7.8 DHCP Server Network Binding
8. Configuring a Windows Server Router
8.1 Two Router Forms
8.2 Routing in Windows Server 2016
8.3 DHCP Relay (接力) Agent (代理人)
9. Roaming VPN
9.1 Configuring VPN
9.2 Deploying VPN Connections using CMAK
9.3 PPTP and L2TP
10. Basic Concept of Storage Virtualization
10.1 Concepts of Storage Pool, Virtual Disk, and Storage Virtualization in Windows Server 2016
10.2 Configuring a Storage Pool
10.3 Configuring a Virtual Disk
10.4 Redundancy of Virtual Disks
10.5 Maintaining Storage Pool
10.6 Repairing a Storage Pool automatically using Hot Spare disks
11. Basic Concepts of Internet SCSI
11.1 Introduction to SCSI and Internet SCSI
11.2 Configuring iSCSI Portal
11.3 Configuring iSCSI Targets
11.4 Configuring iSCSI Initiator
12. Internet Storage Name Service (iSNS)
12.1 Introduction to iSNS
12.2 Installing and Configuring an iSNS Server
12.3 Registering iSCSI Targets
12.4 Configuring iSCSI Initiators to query an iSNS Server
13. Advanced Concepts of Storage Virtualization
13.1 Introduction to Tiered Storage Pool
13.2 Configuring a Tiered Storage Pool
13.3 Pinning files to specific storage tier
13.4 Storage Tiers Optimization Task
13.5 Dual Parity Non-Tiered Virtual Disks
14. NTFS Permissions
14.1 Standard NTFS Permissions on Folders
14.2 Standard NTFS Permissions on Files
14.3 Taking Ownership (擁有權) of Folders and Files
14.4 Giving Users the Ability to Take Ownership
14.5 To Take (取得) Ownership
14.6 More About Taking Ownership
15. Share Permissions
15.1 Configuring Share Permissions
15.2 Access-Based Enumeration (ABE)
15.3 Combining Share Permissions and NTFS Permissions
15.4 Access-Denied Assistance
16. Windows Server Role
16.1 Domain Controller (DC, 網域控制器)
16.2 Member Server (成員伺服器)
16.3 The Kerberos Authentication Protocol
17. Creating and Managing User Accounts
17.1 To Create Domain User Accounts
17.2 Deleting and Renaming User Accounts
18. Concept of Groups (群組)
18.1 Global Groups (全域群組)
18.2 Local Groups (本機群組)
18.3 General Usage (普遍用法) of a Global Group and a Local Group
18.4 Some Built-in (內置) Global Groups
18.5 Some Built-in (內置) Local Groups
18.6 Domain Local Groups (網域本機群組)
19. Concept of Active Directory
19.1 Logical Structure (企業組織架構)
19.2 Physical Structure (企業地理結構)
20. Concepts of User Accounts (使用者戶口)
20.1 Local User Accounts
20.2 Domain User Accounts
20.3 Built-in (內置) Local User Accounts
20.4 Some Built-in Domain User Accounts
21. Concepts of Windows Policy (原則)
21.1 Local Computer Policy
21.2 Site, Domain or OU Policy
21.3 Priority of Windows Policies:
21.4 Important Facts and Rules of Group Policy
21.5 More about Group Policy
21.6 Refresh Interval for Group Policy
21.7 Group Policy Security Filter
21.8 Group Policy Inheritance
21.9 Using WMI Filters in GPO
21.10 Example WMI filters
21.11 Group Policy Restricted Groups
21.12 Group Policy Administrative Templates
21.13 ADMX Central Store
21.14 Administering Group Policy Objects by using PowerShell
22. Software Deployment
22.1 Basic Concept of Software Deployment
22.2 Publishing (出版) Software to Users
22.3 Assigning (指定) Software to Users
22.4 Assigning Software to Computers
22.5 Remote Group Policy Refresh
22.6 Group Policy Startup Script
22.7 Group Policy Scripts Processing
22.8 Group Policy Slow-link detection
23. Domain Functional Level (DFL)
23.1 Understanding AD DS Domain Function Levels
23.2 Supported Domain Functional Level and Features bv Windows Server 2016
23.3 Group Types of Active Directory
23.4 Scopes (範圍) of Security Group
23.5 Common Usage (普遍用法) of Global Group, Universal Group and Local Group
23.6 Creation of a Group
23.7 Raise Domain Functional Level
23.8 Rollback Options of Domain Functional Level (Optional Knowledge)
23.9 Using Fine-Grained Password and Lockout Policy
23.10 Preparation
23.11 Creating Password Setting Objects by using ADSI Editor and ADAC
23.12 Apply PSOs to Users or Global Groups
24. NIC Teaming
24.1 Introduction to NIC Teaming
24.2 Configuring NIC Teaming
24.3 Configuring LACP
25. Patch Management and Windows Server Update Services
25.1 Automatic Updates on client computers
25.2 Group Policy regarding Automatic Updates
25.3 Introduction to Windows Server Update Services 4.0
25.4 Software Requirement of Windows Server Update Services 4.0
25.5 Installation of Software Update Services
26. High Availability Features
26.1 Failover Clusters
26.2 Cluster Aware Updating
26.3 Scale-Out File Server for Application Data
26.4 Configuring Hyper-V to use Scale-Out File Server (Optional Knowledge)
26.5 The SMB Witness protocol (Optional knowledge)
27. PowerShell Desired State Configuration
27.1 Introduction to PowerShell Desired State Configuration (DSC)
27.2 Implementing DSC by using PowerShell
27.3 Changing the Desired State Configuration
27.4 Using PowerShell DSC to recover accidental configuration drift
27.5 Using PowerShell DSC to deploy prerequisites for SharePoint Server
28. Network Load Balancing
28.1 Configuring Network load balancing in Windows Server 2016
29. Windows Server Compute and Virtualization services
29.1 Microsoft Hyper-V Server 2016 and Windows Server 2016 Hyper-V role
29.2 Hyper-V Requirements
29.3 Installing Hyper-V Role Service on Windows Server 2016
29.4 Creating a Virtual Machine and Installing a Guest OS
29.5 Installing and Configuring Windows Hyper-V Server 2016
29.6 Configuring Hyper-V Server 2016 to accept Remote Management
29.7 Managing Hyper-V Server 2016 from a remote location
30. Configure Hyper-V Settings and Virtual Networks
30.1 Configuring VHD Storage location
30.2 Upgrading Virtual Machine Configuration Version
30.3 Checkpoint (Snapshot) Location
30.4 Hot add and Hot removal of Virtual hardware
30.5 Nested Virtualization
30.6 Host Resource Protection
30.7 Windows PowerShell Direct
30.8 Managing Multiple Virtual Machines
30.9 Configuring the Virtual Network
30.10 Guest Network Load Balancing
30.11 Single Root I/O Virtualization
31. Shared Nothing Live Migration
31.1 Concepts of Live Migration
31.2 Configuring Live Migration in a Shared Nothing/Non-Clustered environment
31.3 Performing Live Migration of virtual machine in a Shared Nothing environment
31.4 More about Processor Compatibility Mode
32. Hyper-V Replica Server
32.1 Introduction to Hyper-V Replica
32.2 Configuring Hyper-V Replica
32.3 Testing Failover
32.4 Performing a Planned Failover
32.5 Performing a Un-planned Failover
33. Generation 2 Virtual Machines
33.1 Generation 2 Virtual Machine in Hyper-V 2016
33.2 Storage QoS of Hyper-V
33.3 Enhanced Session Mode
33.4 Automatic Virtual Machine Activation
33.5 Virtual Disk Online Resizing
33.6 Non-Uniform Memory Architecture (NUMA)
33.7 Resource Metering (計量)
33.8 Hyper-V Port Mirroring
33.9 Using ReFS version 2 with Hyper-V
34. Nano Server
34.1 Understanding Nano Server installation
34.2 Deploying Nano Server as a virtual machine
34.3 Nano Server remote management
34.4 Customizing a Nano Server Image
34.5 Joining a Nano Server to Active Directory domain
34.6 Deploying Nano Server Hyper-V Host
34.7 Roles and Features available in Nano Server
35. Data Deduplication
35.1 Introduction to Data Deduplication in Windows Server 2016
35.2 Installing and Configuring Data Deduplication
35.3 Data Deduplication enhancements in Window Server 2016
35.4 Additional Interoperability considerations of using Data Deduplication
36. Performance Monitoring
36.1 Reliability Analysis Component (RAC)
36.2 Data Collector Set
36.3 Performance Counter Alert
36.4 Event Trace Sessions
070-741 Networking with Windows Server 2016 (24 hrs)
1. Hyper-V Failover Clustering
1.1 Deploying a Hyper-V Failover Cluster
1.2 Cluster Shared Volume
1.3 Cluster Shared Volumes (CSV) Cache
1.4 Deploying a Highly Available Virtual Machine in Hyper-V Cluster
1.5 Testing a Planned Failover by Live Migration
1.6 Virtual Machine Drain on Shutdown
1.7 Live Migration Settings and RDMA
1.8 Virtual Machine Network Health Protection
1.9 Virtual Machine Monitoring
1.10 Hyper-V Replica Broker
1.11 Hyper-V Virtual Machine Load Balancing
1.12 Configuring RDMA Adapter and Converged Ethernet
1.13 Hyper-V Switch Embedded Teaming (SET)
2. DNS in Server Infrastructure
2.1 The Domain Name Space
2.2 Types of Windows DNS Zones
2.3 Active Directory Integrated Zone
2.4 Standard Primary Zone
2.5 Standard Secondary Zone
2.6 Three Methods to Implement a DNS Zone
2.7 Forward Lookup Zone and Host (A) Records
2.8 Reverse Lookup Zone and Pointer (PTR) Records
2.9 Forward Lookup Zone and Mail Exchanger (MX) Records
2.10 Name Server (NS) Record and the Name Servers Tab
2.11 More about Zone Transfer from Primary to Standard Secondary
2.12 DNS Sub-domains
2.13 Background zone loading
2.14 Global Names Zone
2.15 Three Tiers (三重) of Caching (緩衝)
2.16 Forwarders
2.17 Root Zone, Root Hints
3. Advanced DNS Server configuration
3.1 Round Robin Mechanism (輪流運作的技巧)
3.2 Enable Netmask Ordering
3.3 More about Zone Transfer: AXFR and IXFR
3.4 BIND Secondaries
3.5 DNS Debug Logging
3.6 Removing out-dated DNS records
3.7 Exporting Zone Files
3.8 Securing DNS resource records
3.9 Dynamic Update
3.10 Restricting DNS Server interface binding
3.11 Internet Domain Name Registration
4. DNS Client side configuration
4.1 Configuring DNS client statically
4.2 Configuring DNS client dynamically
4.3 Configuring DNS client by NRPT policy
5. DNS Security Extensions
5.1 Overview of DNSSEC
5.2 Threats of DNS Protocol
5.3 Principal of DNS Security Extension
5.4 A DNSSEC Test Lab scenario
5.5 Configuring and testing DNSSEC
5.6 More about using DNSSEC for Public Internet Domains
6. Additional Domain Controllers
6.1 Installing Additional Domain Controllers by Network
6.2 LDAP Names
6.3 Effects on Active Directory with additional domain controllers
7. DHCP High Availability
7.1 Multiple DHCP Servers on the Same Network
7.2 DHCP Failover
7.3 About DHCP Load Sharing mode
7.4 More about DHCP and DNS integration
8. IP Address Management (IPAM)
8.1 Introduction to IPAM
8.2 IPAM Architecture
8.3 IPAM Restrictions and Specification
8.4 Practical applications of IPAM in Windows Server 2016
8.5 IPAM Test Lab scenario
8.6 Address Space Management (ASM)
8.7 Multi-Server Management (MSM)
8.8 IP Address Tracking
8.9 Monitoring IP Address Space usage and utilization trend
9. IPAM Security Configuration
9.1 Security Group of Domain
9.2 Security Group of IPAM Servers
9.3 Managing IPAM Servers with RSAT
9.4 Creating Custom IPAM Roles
10. Implementing DFS-R
10.1 SYSVOL Replication Enhancements
10.2 SYSVOL replication with DFSR
10.3 Using DFS-Replication to replicate custom folder
10.4 Configuring Staging Folder Quota for DFS-Replication
070-742 Identity with Windows Server 2016 (24 hrs)
1. DFS Namespace
1.1 Introduction to DFS Namespace service
1.2 Implement DFS Namespace service
1.3 Publishing Shared Folders as Folder Targets
1.4 DFS Permission
1.5 Using Multiple DFS Namespace Servers
2. Network Address Translation (NAT)
2.1 Public or Private IP Address
2.2 TCP Sockets
2.3 Source Network Address Translation (S.NAT)
2.4 Destination NAT
3. Network Policies and Dial-in Properties
3.1 Configuring VPN as a preparation
3.2 Network Policies
3.3 Dial-in Properties
3.4 Combining (結合) Network Policies and Dial-in Properties
3.5 Ordering Network Policies
3.6 Configuring Authentication Method for RRAS and NPS
3.7 Data Encryption (資料加密)
4. Basic Concepts of IPv6
4.1 The Next Generation TCP/IP stack
4.2 IPv6 Overview
4.3 Aggregatable Global Unicast Address
4.4 Interface ID and EUI-64
4.5 Site-Local Address
4.6 Unique-Local Address
4.7 Link-Local Address
5. Global Catalog and FSMO Roles
5.1 Introduction to Global Catalog and FSMO Roles
5.2 Global Catalog (通用類別目錄)
5.3 Compacting Active Directory Database
5.4 Schema Master – Per Forest
5.5 Domain Naming Master – Per forest
5.6 PDC Emulator– Per Domain
5.7 Relative ID Master – Per Domain
5.8 Infrastructure Master – Per Domain
5.9 General Recommendation Global Catalog and FSMO Role Placement
6. Read Only Domain Controller (RODC)
6.1 Introduction to RODC
6.2 Prerequisites for Deploying RODC
6.3 Deploying RODC
6.4 Password Replication Policy
6.5 Resetting credentials when RODC is stolen
6.6 Administrator Roles Separation
6.7 Read-Only Domain Name System (DNS)
7. Domain Controller Virtualization
7.1 Overview of ADDS Domain Controller Virtualization
7.2 Cloning a Virtualized Domain Controller
8. Active Directory Recycle Bin
8.1 Deleting and Renaming User Accounts
8.2 More about deleted Active Directory Objects
8.3 Overview of Restoring Active Directory objects by Recycle Bin
8.4 Enabling the Active Directory Recycle Bin
8.5 LDAP Names
8.6 Restoring Active Directory Objects
8.7 More about restoring multiple Active Directory Objects
9. File Server Resource Manager
9.1 Introduction to FSRM
9.2 File Server Resource Manager in Quota Management
9.3 File Screening
9.4 File Management Tasks
10. Encrypting File System (EFS, 加密檔案系統)
11. Active Directory Certificate Service (ADCS)
11.1 Roles Service of ADCS
11.2 Windows Server CA Editions
11.3 Deploying ADCS - Certification Authority
11.4 Certificate Template (證書樣版)
11.5 To Manually Enroll a Recovery Agent Certificate
11.6 To Export a Recovery Certificate and Publish to Active Directory
11.7 To Assign a Recovery Agent
11.8 Certificate Templates in Windows Server 2016 CA
11.9 Requesting a V4 certificate
11.10 Enrolling Computer Account Certificates
11.11 Auto-Enrollment of Digital Certificates
11.12 Private Key Archival
11.13 Role-based Permissions
11.14 Revocation Checking Process
11.15 Revocation Check by CRL
11.16 Revoking a Certificate and configuring CRL Distribution Point
11.17 Online Certificate Status Protocol
11.18 OCSP Components
11.19 OCSP Online Responder Deployment Model
11.20 Preparing the OCSP Environment
11.21 Configuring the Online Responder
11.22 PKIView
070-744 Securing Windows Server 2016 (36 hrs)
1. Advanced Services of ADCS
1.1 Network Device Enrollment Service
1.2 Cryptography Next Generation (CNG)
1.3 Certification Authority Web Enrollment (ADCS-CAWE)
1.4 Certificate Enrollment Web Service (ADCS-EWS) & Certificate Enrollment Policy Web Service (ADCS-EPS)
1.5 Microsoft Root CA Program
1.6 Group Policy regarding “Trusted Root Certification Authorities”
1.7 Certificate Trust List (CTL) policy
2. Dynamic Access Control
2.1 Overview of Dynamic Access Control
2.2 Requirements of Dynamic Access Control
2.3 Central Access Policies
2.4 Delivering the Central Access Policy to File Servers
2.5 To enable Kerberos Compound Authentication and Armoring
2.6 Creating and Tagging data with File Classification Infrastructure
2.7 Effective Access Permission
2.8 Dynamic Access Control Staging Policy
2.9 Reference Resource Property
3. Work Folders for BYOD environment
3.1 Overview of Work Folders
3.2 Implementing Work Folders
3.3 Multi-Sync Server deployment of Work Folders
3.4 A Case Study of Performance issues when using Work Folders
4. BranchCache
4.1 Configuring BranchCache
4.2 Prehashing and Preloading Content
5. Forest Functional Level
5.1 Forest Functional Levels available in Windows Server 2016
5.2 Guidelines for raising Forest Functional Level
5.3 Alternative UPN Suffixes
6. Configuring ADDS Forest
6.1 Additional Domains in existing Forest
6.2 Configuring a new domain tree to join existing forest
6.3 Conditional DNS Forwarding
6.4 Enabling Global Catalog (GC) for xyz.com
6.5 An Example of Domain-Wide authentication and Resource assessment
6.6 Assigning Permissions in a multi-domain environment
6.7 Active Directory Migration Tool
6.8 Deploying Child Domain
7. Managing ADDS Trusts
7.1 Types of Trust within a Forest (Intra-Forest)
7.2 Types of Inter-Forest Trust (Inter-Forest)
7.3 Creating Forest Trust
7.4 Updating UPN Suffixes for Forest Trust
7.5 External Trust (Optional Knowledge)
7.6 Selective Authentication
8. Active Directory Right Management Service (ADRMS)
8.1 Introduction to AD RMS
8.2 Deploying AD RMS
8.3 Using AD RMS
8.4 Introduction to AD RMS Rights Policy Template
8.5 Implementing AD RMS Rights Policy Template
8.6 Logging and Statistics Reports
8.7 AD RMS Exclusion Policies
8.8 AD RMS Super User Group
8.9 AD RMS Trust Policies
8.10 Decommissioning AD RMS Cluster
9. Active Directory Lightweight Directory Services
9.1 Introduction to AD LDS server role
9.2 Scenarios of using AD LDS
9.3 Deploying AD LDS Server Role
9.4 Working with AD LDS Instances
9.5 AD LDS Administration Tools
9.6 Managing AD LDS Organizational Units, Groups and Users
9.7 Managing Authentication
9.8 Managing Authorization and Delegation of AD LDS
9.9 Configuring LDAP over SSL for AD LDS
9.10 More above LDP.exe and Active Directory Domain Service (AD DS) and (AD LDS)
10. Internet Protocol Security (IPSec)
10.1 Introduction to IPSec
10.2 Deploying IPSec
10.3 Viewing the three default IPSec Policies
10.4 IPsec Configuration in Windows Server 2016
11. Designing Active Directory Site Topology for MNCs
11.1 Overview of designing Active Directory services for MNCs
11.2 Locating domain controllers to different sites
11.3 Site Link and Replication
11.4 Demonstrating MNCs with Multiple Active Directory Sites
11.5 Site Link Bridge
11.6 Using Site Link Bridge
11.7 Full Dynamic RPC
11.8 Client affinity of AD Sites
11.9 Automated Site Coverage
11.10 Filtering DC Locator DNS records
12. Local Administrator Password Solutions (LAPS)
12.1 Introduction to LAPS
12.2 Deploying and Configuring LAPS
12.3 LAPS Client and Group Policy deployment
12.4 Accessing Local Administrator Password in Active Directory
13. Just Enough Administration (JEA)
13.1 Overview of Just Enough Administration in Windows Server 2016
13.2 Creating a JEA Role Capability File
13.3 Convert Role Capability File as PowerShell Module
13.4 Creating a JEA Session Configuration File
13.5 Creating a JEA Endpoint
13.6 Connecting to JEA Endpoint
14. Privileged Access Workstation (PAW)
14.1 Active Directory Administrative Tier Model
14.2 Primary responsibilities and critical restrictions
14.3 Principal of Clean Source
14.4 Managing Exposure Risk
14.5 Enhanced Security Administrative Environment (ESAE)
14.6 Tier 0 Equivalency
14.7 What is a Privileged Access Workstation (PAW)?
14.8 PAW Deployment process
15. Windows Containers
15.1 Introduction to Windows Containers
15.2 Fundamental Concepts of Windows Containers
15.3 Windows Container Typtes
15.4 Introduction to Docker
15.5 Containers for Developers
15.6 Containers for IT Professionals
15.7 Configuring Windows Container Host
15.8 A Special Reminder on Hyper-V Container Host
15.9 Deploying a Hello-World container
15.10 Building Container Images
15.11 Hyper-V Containers
15.12 More about Hyper-V isolation
15.13 Container Networking Concepts
16. Security Compliance Manager
16.1 Overview of Security Compliance Manager
16.2 Installing and Configuring Security Configuration Manager
16.3 Importing Security Baseline
16.4 Customizing a Security Baseline for Windows 10
16.5 Exporting and Applying a Security Baseline to production environement
17. Protecting and Securing Windows Credentials
17.1 Attacks to Windows Credential Store
17.2 Requirements of Credential Guard
17.3 Configuring Credential Guard
17.4 Preventing NTLM authentication protocol
17.5 Windows Defender Remote Credential Guard
18. Concept of Microsoft Advanced Threat Analytics
18.1 Introduction to Microsoft ATA
18.2 Architectural Components of Microsoft ATA
18.3 Microsoft ATA Center
18.4 Microsoft ATA Gateways
18.5 Windows Server Event Forwarding Requirement
|