Windows Server Administration/Configuration

This lesson covers Windows Server configuration. Activities include initial configuration of a new server installation.

Objectives and Skills
Objectives and skills for the Understanding Server Installation portion of Windows Server Administration Fundamentals certification include:
 * Understand device drivers: installation; removal; disabling; update/upgrade; rollback; troubleshooting; Plug & Play; IRQ; interrupts; driver signing
 * Understand services: what services are; which statuses a service can be in; startup types; recovery options; delayed startup; Run As settings for a service; stopping or pausing a service; service accounts, dependencies

Readings

 * 1)  Microsoft Product Activation
 * 2) Windows Update: FAQ
 * 3) The Settings App in Windows 10
 * 4)  Device Manager
 * 5)  Device driver
 * 6)  Plug and play
 * 7) What is Microsoft Management Console?
 * 8) Microsoft Management Console
 * 9)  Windows service

Multimedia

 * 1) YouTube: Microsoft Windows Server 2019 - Initial Setup & Configuration

Activities

 * 1) Review Windows Server 2019 Activation. If you have a license key and are ready to activate Windows Server, proceed with activation.  Windows licenses for student use are available through Azure.
 * 2) Review Initial Configurations of Windows server. Configure a Windows Server installation by setting the time zone, networking, computer name, and domain if applicable.
 * 3) Review Youtube: Windows Server 2019 Windows Updates Settings and Options.  Enable automatic updating and download and install updates.  It is important to update your server before installing any roles or features to ensure all current security updates have been applied.
 * 4) Review Driver Signing.  Check the current driver signing policy settings.
 * 5) Review Youtube: How to use Device Manager in Windows Admin Center website.  Use the Windows Admin Center and Device Manager to check for driver updates on the display adapter and all network adapters.
 * 6) Review PnPUtil (Windows Drivers). Use PnPUtil to display third-party driver packages currently in the driver store.
 * 7) Review Services.  Open the Services console and stop and restart the Print Spooler service.

Lesson Summary

 * Microsoft Product Activation is a form of digital rights management used by Microsoft to enforce compliance with a program's end-user license agreement by transmitting information about both the product key used to install the program and the user's computer hardware to Microsoft and inhibiting or completely preventing the use of the program until the validity of its license is confirmed.


 * Windows Update is a service provided by Microsoft that provides updates for the Microsoft Windows operating system and its installed components.


 * Microsoft Update is an optional feature which replaces Windows Update and provides updates for both the operating system and Microsoft applications such as Microsoft Office.


 * Windows security updates are routinely provided on the second Tuesday of each month, but can be provided whenever a new update is urgently required to prevent a newly discovered or prevalent exploit targeting Windows users.


 * Control Panel is a part of the Microsoft Windows graphical user interface which allows users to view and manipulate basic system settings and controls via applets, such as adding hardware, adding and removing software, controlling user accounts, and changing accessibility options.


 * Device Manager is a Control Panel applet in Microsoft Windows operating systems that allows users to view and manage the hardware attached to a computer.


 * Device drivers are computer programs that operate or control a particular type of device that is attached to a computer. Device drivers may run in either kernel mode or user mode, with kernel mode having unrestricted access to the system, and user mode protecting access to other hardware and applications.


 * Drivers may be installed automatically through Plug and Play hardware detection and installed manually through Device Manager.


 * Drivers may be pre-staged by placing them in the DevicePath driver store. If a device driver is not found in the driver store, Windows will search Windows Updates for a driver.  If a device driver is not found in Windows Update, Windows will ask the user for a path to the driver on local media.


 * By default, only administrators may install drivers that are not in the driver store. This restriction may be changed through a computer policy.


 * Drivers are removed by right-clicking on the device in Device Manager and removing the device. A dialog box will appear confirming device removal and allowing driver removal from the driver store.


 * Drivers are enabled and disabled by right-clicking on the device in Device Manager.


 * Drivers are updated automatically through Windows Update and manually by right-clicking on the device in Device Manager.


 * Drivers may be rolled back to a previous version by right-clicking on the device in Device Manager and then selecting the Drivers tab under device properties.


 * Troubleshoot drivers using Device Manager or Safe Mode.


 * The driver store may also be managed using the command line utility PNPUTIL.EXE.


 * A plug and play device or computer bus is one with a specification that facilitates the discovery of a hardware component in a system without the need for physical device configuration or user intervention in resolving resource conflicts.


 * The Intel / Microsoft Plug and Play standard requires configuration of devices to be handled by system firmware, which then provides details of resources allocations to the operating system. The process is invoked at boot time. When the computer is first turned on, compatible devices are identified and assigned non-conflicting addresses and interrupt request numbers.


 * Microsoft Management Console (MMC) is a component of Windows operating systems that provides advanced users an interface for configuring and monitoring the system through snap-in components.


 * A Windows service is a computer program that operates in the background, and is similar in concept to a Unix daemon. Services are managed using the Microsoft Management Console Services snap-in.


 * Services may be started, stopped, paused, or restarted.


 * Service startup types may be set to Automatic, Automatic (Delayed), Manual, or Disabled.


 * When a service fails, recovery actions may be set on the first failure, second failure, and subsequent failures. Options include restarting the service, running a program or script, and restarting the computer.


 * Because services run in the background, they must be configured to run in a given security context. Options include the Local System account, the Local Service account, the Network Service account, or a specific user account.


 * Starting with Windows Server 2008 R2, service accounts can automatically be managed by Windows as a managed service account.


 * Service dependencies may be configured to ensure that one or more services are started before starting another service. Service dependencies may be viewed in the Services console and configured using the Registry Editor.

Key Terms

 * certificate of authenticity
 * A seal or small sticker on a proprietary computer program with a license number which verifies that the program is a genuine, legal copy.


 * denial-of-service attack
 * An attempt to make a machine or network resource unavailable to its intended users.


 * digital rights management (DRM)
 * A class of technologies that are used by hardware manufacturers, publishers, copyright holders, and individuals with the intent to control the use of digital content and devices after sale.


 * driver signing (code signing)
 * The process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed by use of a cryptographic hash.


 * end-user license agreement (EULA)
 * The contract between a licensor and purchaser, establishing the purchaser's right to use software.


 * exploit
 * A piece of software that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware, typically to gain control of a computer system or allow privilege escalation or a denial-of-service attack.


 * interrupt request (IRQ)
 * A hardware signal sent to the processor that temporarily stops a running program and allows a special program, an interrupt handler, to run instead.


 * malware
 * Malicious software used by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems.


 * privilege escalation
 * The act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.


 * System Locked Pre-installation (SLP) key
 * A master product key issued to Original Equipment Manufacturers (OEMs) to automatically activate Windows without the need for interaction from the user.


 * volume license key
 * A product key used when installing software licensed in bulk, which allows a single product key to be used for multiple installations.


 * Windows Registry
 * A hierarchical database that stores configuration settings and options on Microsoft Windows operating systems.

Flashcards

 * Test your understanding of this lesson.
 * Test your understanding of the key terms.