Todd's Blog

Todd's Tips for System Adminstrators

Connect

Installing Microsoft Forefront Client without Forefront Management Server

posted on

As part of our Microsoft School Agreement, we are licensed for Microsoft Forefront Client on the machines covered under the agreement which is all the computers. I have been using McAfee Total Protection. I like this as it doesn’t matter if the computer is connected to the domain or not, updates happen automatically. It works well I have no complaints, but no use paying for a product twice.

Deployment of Forefront Client

I hit the Microsoft page for Forefront with hopes that there would be information on how to install it. There is a deployment guide, but it is a major production. There is about 5 roles that need to be deployed. You can install all of them to the same server, but I am uncertain if Windows 2008 is supported or not. I am deploying this on a Hyper-V server as a VM guest so installing Windows Server 2003 is no big deal but I am not interested in going down that road today. I just wanted to install the client and have it pick up its up dates from the WSUS server I have deployed internally. After checking out the documentation a few times, I finally stumbled upon how to install Forefront for employees use on home computers.

Installing Forefront

The command line is pretty straight forward. In the client directory of the CD, jump to a command prompt and run CLIENTSETUP /NOMOM

That’s it. It will install the client and then if you have machine setup to check your WSUS server for updates, then it will go out, pick up the updates from the WSUS server I have deployed internally.

There are some caveats, one is you have to go to each machine to deploy this. You could script it but if you are going to go through that, then why not fully deploy the server. The second thing is you don’t get reporting back from the clients. In my case, I don’t mind, they all call me when something goes wrong. I think over the next few months when I have time, I will look at deploying the management server for this.

Save 40% on a your Microsoft Exam – Certification Week

posted on

Microsoft Learning as part of Microsoft Skills Week is providing a code for 40% off a Microsoft exam. The discount code and fine print information can be found at http://www.certificationweek.com. Basically, you need to book your exam on or before the 13th of March and need to write the exam before May 31st. If you know you are planning on writing an exam in the upcoming months, book your times now and save. I don’t know how many time you can use the code, so there is a chance you can use it for more than one exam.

I always find booking ahead always helps me prepare for an exam. When I know its coming up, I tend to focus and get studying.

Windows Server Administration 70-646 – Chapter 2 Lesson 2 – DNS

posted on

This lesson from the book covers configuring DNS.

Goals of this lesson are:

  • List and explain Windows Server 2008 DNS features
  • List and explain Windows Server 2008 enhancements to DNS
  • Configure static IPv6 DNS records
  • Configure an IPv6 Reverse Lookup Zone
  • Administer DNS using the MMC snap-in and command-line tools

mcitp-self-paced-training-kit-exam-70-646-windows-server-2008-administrator

Using Windows Server 2008 DNS

Compliance and Support

Windows 2003 retains all the features introduced in Windows Server 2003. DNS is automatically installed if you install AD DS role and a DNS server that meets AD DS requirements cannot be found. Windows Server 2008 supports stub zones. Stub zones is a copy of a zone that only contains the records needed to identify the authoritative DNS servers for that zone. (I use stub zones for identifying records on my corporate forest from the library services forest.)

Zone Replication

DNS zones are replicated between DNS servers which helps for failover and load balancing. Prior to Windows Server 2003 a full zone transfer was required replicate any changes from the primary to the secondary DNS. Introduced in Windows Server 2003 is the ability to transfer only the delta changes. You can also restrict to which servers Zone transfers are allowed.

DNS Forwarders

DNS servers to which other DNS servers forward requests are known as forwarders. you have a few options to configuring. you can forward all unresolved requests to another DNS server or you can forward a selective request. (I.e., requests for domain tailspintoys.com is forwarded to a specific server)

Administering DNS

There is several ways to administer DNS. One way is to use DNS Manager MMC Gui, another way is to use the dnscmd tool. If you need to troubleshoot, use command like nslookup or ipconfig to help with resolving the problems.

DNS Records

Common IPv4 DNS records types include A, SOA, PTR, CNAME, NS, MX. A host record for a IPv6 is AAAA. If an IPv6 client cannot create its own record then you will need to by creating a AAAA record.

New DNS Features and Enhancements

  • Background zone loading
  • Support for Read-Only Domain Controllers (RODCs)
  • Global Single Names
  • IPv6 support

Background Zone Loading

This new feature allows Windows Server 2008 DNS servers to be available to resolve DNS requests sooner than Windows Server 2003 by loading zones in the background.

Supporting RODCs

Advised to be used where the physical security of the server cannot be secured. Only keeps a read only copy of the Active Directory partitions.

Using GlobalNames DNS Zone

While WINS is still available in Windows Server 2008, the suggested replacement for WINS is to use the GlobalNames zone. Not used for peer-to-peer name resolution.

Supporting IPv6 Addresses

Fully supported in Windows Server 2008.

Planning a DNS Infrastructure

Planning a DNS Namespace

  • you can use a corporate namespace for both internal and external portions of the network.
  • you can use delegated namespaces to identify the internal namespace (Internal.tailspintoys.com). maximum length of a FQDN is 255 bytes, FQDNs for DCs  are limited to 155 bytes.
  • You can use completely seperate domain names for internal and external namespaces. tailspintoys.internal and external.tailspintoys.com

Planning DNS Zone Type

This section talks about using Active Directory integrated zones for internal name resolution. You can also use standard primary zones where access to the AD database is seen as a security risk.  Secondary zones can be used in remote locations to speed up name resolution.

Planning DNS Forwarding

Use conditional forwarding if you want to have internal name resolution forwarded to a master server. You can also configure servers to forward internet name request to one server. Exam Tip – Forwarding servers rely on recursion.

Next lesson – Active Directory and Group Policy

*Disclaimer:

My notes in helping me prepare for the 70-646 Exam, PRO: Windows Server 2008, Server Administrator are just those, notes and I am trying to help highlight what is covered in the book, not replicate it. If you want to pass the exam, you will need more than just these notes to pass. I suggest you get a good book and get familiar with the product. The expectation is that you have about one year of experience with Windows 2008 Server (your mileage may vary) when writing this exam. The book I am using  for my preparation and where I am drawing the information for these notes is the Microsoft Press book, MCITP Exam Prep 70-646: Windows Server Administration; ISBN: 0735625107.