Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
283 Cards in this Set
- Front
- Back
|
App-V |
App-V - Application Virtualization
ACT - Application Compatibility Toolkit USMT - User State Migration Tool ACM - Application Compatibility Manager BCD - Boot Configuration Data DISM - Deployment Image Service and Management VHD - Virtual Hard Disk pwcreator.exe - Workspace to Go Creator |
|
|
App-V ACT USMT ACM BCD DISM VHD pwcreator.exe |
App-V - Application Virtualization ACT - Application Compatibility Toolkit USMT - User State Migration Tool ACM - Application Compatibility Manager BCD - Boot Configuration Data DISM - Deployment Image Service and Management VHD - Virtual Hard Disk pwcreator.exe - Workspace to Go Creator |
|
|
GPO gpmc.msc MDOP MED-V RDP USV UE-V VDI |
GPO - Group Policy Object gpmc.msc - Group Policy Management Console MDOP - Microsoft Desktop Optimization Pack MED-V - Microosft Enterprise Desktop Virtualization RDP - Remote Desktop Service USV - User State Virtualization UE-V - User Experience Virtualizaion VDI - Virtual Desktop Infrastructure |
|
|
Windows To Go |
Windows To Go is feature in Win 8 Enterprise that allows you to create a Windows To Go workspace on a USB drive. Managed in the same manner as corporate desktop or laptop. The USB must be connected to a PC with at least Win 7 |
|
|
pwcreator.exe |
The Workspace to Go Creator is used to create Windows To Go workspaces.
To create a Windows To Go workspace, you will need: |
|
|
BitLocker To Go |
BitLocker To Go allows you to encrypt a |
|
|
To create a Windows to Go workspace, log on as an administrator to a computer running Windows 8 Enterprise edition and then perform the following steps: |
1. Connect a Windows To Go USB certifi ed device to the host. 8 . Click Create to setup the Windows To Go workspace. |
|
|
CHANGE WINDOWS TO GO STARTUP OPTIONS |
To change Windows to Go startup options, perform the following steps: |
|
|
Hardware Requirements for Windows To Go Workspace Hosts |
Must support boot from USB No USB hub 1GHz ++ 2 GB ++ DirectX 9+ 32GB USB |
|
|
The settings that are applicable to Windows To Go workspace can be found in the following |
1)Allow hibernate (S4) when starting from a Windows To G o workspace : Specifies whether Windows To Go Default Startup Options : This policy controls whether the PC will boot |
|
|
Desktop virtualization focuses on three key deployment models: |
• Operating system virtualization (VDI, Client Hyper V, and MED-V) |
|
|
Operating system virtualization
Application virtualization
User State virtualization (UE-V) |
Operating system virtualization is designed to provide your users with the ability to use a
Application virtualization (App-
User State virtualization (UE-V) allows your |
|
|
VIRTUAL DESKTOP INFRASTRUCTURE (VDI) |
Virtual Desktop Infrastructure (VDI) is desktop delivery model that allows users to access |
|
|
VDI can be deployed by in the form of a |
personal virtual desktop (PVD) or a virtual desktop pool (VDP)
PVD deployment, each of your users, within Active Directory, will be assigned their own dedicated virtual desktop. The user can customize this desktop and it is for their
VDP deployment, users share a pool of virtual desktops that identical in configuration. VDP are dynamically assigned from the pool to
|
|
|
Microsoft Desktop Optimization Pack |
MDOP is a suite of monitoring, perform emergency recovery, application and desktop virtualization tools . |
|
|
session virtualization |
your users can access individual applications (RemoteApps) or entire desktops (remote desktops or “sessions”) |
|
|
RemoteApps def |
RemoteApps are programs that are accessed |
|
|
The typical components of a session-based deployment include the following |
RD Session Host servers |
|
|
The typical components of a session-based deployment include the following |
RD Session Host servers RD Licensing servers RD Connection Broker servers RD Gateway servers |
|
|
RD Session Host servers (part of session-based deployment) |
RD Session Host servers: Servers running this role host RemoteApp programs or session-based desktops. Users connect a RD Session Host server to run programs, save their files and use other resources on those servers. |
|
|
RD Licensing servers (part of session-based deployment) |
RD Licensing servers: Servers running this role manage the licenses required to connect ot the RD Session Host server or a virtual desktop. |
|
|
RD Connection Broker servers (part of session-based deployment) |
RD Connection Broker servers: Servers running this role are used to distribute the load across multiple RD Session Host servers and allow users to reconnect to their RemoteApp programs, session-based desktops, and virtual desktops. |
|
|
RD Gateway servers (part of session-based deployment) |
RD Gateway servers: Servers running this role allow authorized users connecting from the Internet to gain access to their virtual desktops, RemoteApp programs, and sessionbased desktops located on the internal network. |
|
|
RD Web Access servers (part of session-based deployment) |
Servers running this role provide the ability for users to access RemoteApp and desktop connection through the Start menu on Windows 7/8 or through a web browser. Both RemoteApp and Desktop Connection provide a custom |
|
|
MED-V def |
Microsoft Enterprise Desktop Virtualization (MED-V) , another desktop delivery model, |
|
|
MED-V workspace def |
MED-V workspace is the desktop environment your user interacts with and |
|
|
The typical components of Med-V include: |
MED-V Management Server MED-V Management console MED-V Image Repository MED-V Client |
|
|
MED-V Management Server def |
MED-V Management Server associates virtual images (located in the Image Repository) |
|
|
MED-V def |
MED-V Management console is used by administrators to control the management |
|
|
MED-V Image Repository |
MED-V Image Repository stores the virtual images on a standard Internet Information |
|
|
MED-V Client |
MED-V Client allows you to start, stop and lock virtual machines and runs seamlessly |
|
|
Hyper-V role in Windows Server 2012 |
Hyper-V role in Windows Server 2012 provides you with the tools needed to create |
|
|
guest operating system def |
The operating system that runs inside the virtual machine is called a guest operating system . |
|
|
virtual machine def |
is a software implementation of a computer that executes programs just |
|
|
hypervisor |
hypervisor |
|
|
Client Hyper-V def |
Client Hyper-V is available in Windows 8 Professional/Enterprise (64-bit version only) provides the same virtualization capabilities found in Windows Server 2012.
Client Hyper-V enables you to create and manage virtual machines (VMs) using a virtual |
|
|
INSTALL THE CLIENT HYPER-V FEATURE IN WINDOWS 8 |
As admin 1. Press the Windows logo key 1 q . |
|
|
User State Virtualization (USV) |
With the mobility of today’s workforce, it is critical that employees can access their files |
|
|
User Experience Virtualization (UE-V) def |
User Experience Virtualization (UE-V) provides a similar approach to roaming profiles |
|
|
Application Virtualization (App-V) def |
Application Virtualization (App-V) is a set of products that provides virtualization at |
|
|
Virtual Hard Disk (VHD) def |
is single file on your disk that functions like a separate drive. It can host native file systems function as a boot disk, and support standard disk and file operations. This allows virtual disks to run on a computer that doesn’t have a VM or hypervisor and simplifies the image management |
|
|
Native VHD boot def |
Native VHD boot means |
|
|
There are two VHD formats to choose from when creating a VHD boot file |
• VHD format supports virtual disks up to 2TB in size. |
|
|
In VHD there are two hard disk types available: |
• Fixed Size is allocated to its maximum size when the VHD is created. It works well with |
|
|
diskmgmt.msc |
Disk Management c onsole (diskmgmt.msc)
To create a VHD file, you can use the Disk Management c onsole (diskmgmt.msc) and/ |
|
|
Installing win 8 on VHD |
Windows 8 setup will take you through the normal setup screens, prompting you for the |
|
|
command line cmd to use to attach a VHD |
Attaching the VHD ensures it appears on the host as a drive and not a static file.
X:\Sources > diskpart |
|
|
Deployment Image Servic ing and Management (DISM) |
DISM is a command-line tool used to |
|
|
.wim file |
Windows 8 image .wim file. |
|
|
bcdedit and bcdboot |
bcde dit and bcdb oot are command-line utilities used to control the boot process and manage the boot configuration store. |
|
|
BCD |
The Windows startup process is controlled by parameters located in the Boot Configuration |
|
|
The location of BCD store |
The location of the store is based |
|
|
BCD Editor (bcdedit.exe) |
a command-line utility, to view and manage |
|
|
CHANGE THE DEFAULT TIMEOUT VALUE USING BCDEDIT |
To change the default timeout value using bcdedit , log on as an administrator to a |
|
|
bcdedit commands /createstore /export /import |
/createstore - Creates a new empty boot configuration store. |
|
|
bcdedit commands /copy /create /delete /mirror |
/copy - Makes copies of the entries of the store. |
|
|
bcdedit commands /bootsequence /default /displayorder /timeout |
/bootsequence - Sets the one-time boot sequence for the boot manager. |
|
|
BCDboot (bcdboot.exe) |
BCDboot (bcdboot.exe) is a command-line utility that allows you to set up a system partition |
|
|
bcdboot command <source> /l <locale> /s <volume letter> /f <firmware type> /v /m [{OS Loader GUID}] |
<source> - Specifies the location of the Windows directory to use as the |
|
|
Windows 8 System Requirements |
Processor 1 GHz + PAE + NX processor bit + SSE2 Memory 1 GB for 32bit, 2 GB for 64bit Disk Space - 16 GB for 32bit, 20 GB for 64bit Graphics - DirectX 9 + WDDM driver |
|
|
PAE ACT USMT |
Physical Address Extension (PAE) Application Compatibility Toolkit (ACT) User State Migration Tool (USMT)
|
|
|
Microsoft provides the following tools to streamline your move to Windows 8: |
• Application Compatibility Toolkit (ACT) |
|
|
Application Compatibility Toolkit (ACT) |
The ACT Application Compatibility Toolkit (ACT) kit is used to determine whether or |
|
|
Application Compatibility Toolk it (ACT) 6.0, includeds |
Application Compatibility Manager (ACM) Inventory-collector package Runtime-analysis package ACT Log Processing Service (LPS) ACT LPS share ACT database Microsoft Compatibility Exchange |
|
|
Application Compatibility Manager (ACM) (part of ACT) |
Application Compatibility Manager (ACM): This is used to create your data-collection |
|
|
Inventory-collector package (part of ACT) |
Inventory-collector package: This package is deployed to computers in a test environment |
|
|
Runtime-analysis package (part of ACT) |
Runtime-analysis package: This is a data-collection package that can be deployed |
|
|
ACT Log Processing Service (LPS) (part of ACT) |
ACT Log Processing Service (LPS): This is a service used to process the ACT log files |
|
|
ACT LPS share (part of ACT) |
ACT LPS share: This is a file share accessed by the ACT LPS to store the log files. The |
|
|
ACT database (part of ACT) |
ACT database: A This is a Microsoft SQL Server database used to store the collected |
|
|
Microsoft Compatibility Exchange (part of ACT) |
Microsoft Compatibility Exchange: This is a web service that broadcasts applicationcompatibility |
|
|
CREATE AN INVENTORY COLLECTOR PACKAGE |
To create an inventory collector package, log on as an administrator to a computer 5. Click Create . |
|
|
User State Migration Tool (USMT) 5.0 |
User State Migration Tool (USMT) 5.0 is a command-line tool that migrates user USMT captures user accounts, user files, operating system settings, and application settings to The USMT 5.0 includes three command-line toolsmigrate to your new Windows installation. |
|
|
The USMT 5.0 includes three command-line tools |
ScanState.exe scans the source |
|
|
hardlink folder def |
hardlink folder provides a way for the New Technology File System (NTFS) to point |
|
|
USMT also includes the following modifiable .xml files. These files can be used with ScanState and LoadState to perform a targeted migration |
MigApp.xml includes rules to migrate application settings. |
|
|
Windows Easy Transfer def |
When are migrating information from only a few computers, use Windows Easy Transfer , |
|
|
Windows Easy Transfer can use one of the following to transfer files |
• A Windows Easy Transfer cable |
|
|
Client Hyper-V can run only on |
Win 8 64-bit but can emulate 32 and 64 bit VM
To run Hyper-V, you need the following: |
|
|
ENABLE THE HYPER-V FEATURE |
1. Press the Windows logo key + w. Select the check box next to Hyper-V and then click OK. |
|
|
Hyper-V Manager def |
This is the management console for creating and |
|
|
Hyper-V Virtual Machine Connection def |
This is used when working with a single VM |
|
|
Hyper-V includes three types of virtual switches |
• External : Creates a virtual switch that binds to the physical network adapter. This |
|
|
The Windows server running the RDS role includes the following services: |
RD Virtualization Host RD Session Host RD Connection Broker RD Web Access RD Licensing RD Gateway |
|
|
RD Virtualization Host
RD Session Host |
RD Virtualization Host : Integrates with Hyper-V to enable users to connect to a VM
|
|
|
RD Connection Broker
RD Web Access
|
RD Connection Broker : Used for session load balancing; enables users to reconnect to
RD Web Access : Enables users to access RemoteApps and desktop connection via the |
|
|
RD Licensing
RD Gateway |
RD Licensing : Manages licenses needed to connect to the RD Session Host.
RD Gateway : Enables users to connect to virtual desktops, RemoteApp programs, and |
|
|
ADK |
Assessment and Development Kit (ADK), The Application Compatibility Toolkit (ACT) 6.0, included with the Windows Assessment and |
|
|
Creating App-V Programs |
Creating applications that can run in a virtualized environment enables you to isolate the |
|
|
App-V components: |
• App-V Management server : Provides the overall management functions for the App-V |
|
|
SCCM
Microsoft provides several tools and programs to help keep your applications current and |
System Center Configuration Manager (SCCM)
Group Policy, Windows Intune, and SCCM |
|
|
Windows Intune |
Windows Intune is Microsoft’s integrated, cloud-based client management solution for |
|
|
When deploying software using Windows Intune, you have two installation types: |
• A required install automatically installs or pushes the software to the managed computer |
|
|
SCCM def |
System Center 2012 Configuration Manager
System Center 2012 Configuration Manager (SCCM) provides tools to deploy and |
|
|
Windows SmartScreen def |
Windows SmartScreen was a feature introduced in Internet Explorer 8 to help detect phishing |
|
|
IEAK def |
The Windows Internet Explorer Administration Kit (IEAK) 10 enables you to customize, |
|
|
Windows Apps def |
Windows Apps, also called packaged apps, are available from the Windows Store. These applications differ from traditional applications in that they are designed to run in a single, full window display across multiple form factor devices (desktops, laptops, tablets). |
|
|
LOB def |
Line of Business (LOB) apps . LOB apps include apps that are critical to running the business of the company as well as apps that are unique to the main business of the company |
|
|
Sideloading Windows Apps |
Sideloading Windows Apps provides you with a way to enjoy the look/feel of Windows
Sideloading is installing a Windows App |
|
|
To use sideloading, you need to make sure the following are in place with your computers |
• A Windows 8 Enterprise/Professional computer joined to an Active Directory domain ( sideloading product activation key if the Windows 8 Enterprise/Windows 8 |
|
|
You can sideload Windows Apps only on |
You can sideload Windows Apps only on Windows Server 2012, Windows 8 Enterprise, and Windows 8 Professional devices that are joined to a domain. |
|
|
VLSC DISM Appx |
Volume Licensing Service Center (VLSC) Deployment Imaging Servicing and Management (DISM) Appx (Packaged apps and Packaged app installers) (.appx) – This includes Windows |
|
|
If you receive an activation key from the VLSC, you can add it by using the following commands, |
To add the key: |
|
|
(Sideloading)
After the computer is prepared, you can install the package on a per-user basis with the following Windows PowerShell command: |
Add-appxpackage –Path c:\<directory>\<Winappv1.appx> |
|
|
(Sideloading)
To update the package at a later date, you can manually update the Windows App with the |
Add-appxpackage –Path |
|
|
There are two ways to prevent users from installing and using Apps from the Windows Store |
• Use Group Policies |
|
|
When working with Group Policy settings, you should be aware of the order in which they |
1. Local G roup Policy object. |
|
|
AppLocker |
AppLocker is a feature found in Windows Server 2012, Windows 7, and Windows 8 that
AppLocker uses rules and file properties to determine the programs and files that are |
|
|
Main funticonality that MSA account allows |
Microsoft user accounts |
|
|
Main functionality that MSA allows |
Microsoft user accounts enable you to synchronize your desktop across multiple Windows 8 devices. |
|
|
The following accounts are installed by default on Windows 8: |
• Administrator: The administrator account provides complete access to the system. This account is hidden and disabled by default. When you first install Windows 8 you are prompted to create a new user account, which becomes a member of the built-in Administrators group. |
|
|
UAC def |
User Account Control (UAC)
The UAC is a feature designed to |
|
|
User profiles |
User profiles contain network environment settings as well as desktop configurations. |
|
|
Folder Redirection |
Folder Redirection : Replicates user data to a centralized folder stored on a server in the |
|
|
Offline Files /Folders |
Offline Files /Folders : Takes files and folders located on a server and makes them accessible |
|
|
Roaming User Profiles |
Roaming User Profiles : Enables users to store their choices in personalization in a |
|
|
Windows 8 introduces a new feature that controls on which computers the user can use |
These assigned systems are called primary |
|
|
UE-V |
With UE-V, a user can make changes to his personal settings (operating system or applications)
UE-V does not virtualize system and application settings, but instead monitors those changes using XML templates and then saves them to a file. |
|
|
UE- V Agent |
UE- V Agent : Watches the applications and operating system processes identified within |
|
|
UE-V Generator |
A tool used to create your own custom templates. It works by monitoring |
|
|
To determine when a computer is on another network, your computer uses the subnet mask and a process called logical |
ANDing |
|
|
When a network card is configured In Windows 8, it automatically has both an IPv4 and |
dual stack. |
|
|
Resolve-DNSName |
Type PowerShell . |
|
|
Windows 8 can use three protocols for name resolution |
The Windows operating system supports three name resolution systems: |
|
|
record types you will find in a zone database file SOA NS A AAAA PTR MX |
• Start of Authority (SOA) records are the first records added to a zone. They define • Pointer (PTR) records associate an IP address to a host name. |
|
|
DNSSEC def |
DNS SECURITY EXTENSIONS
In its original configuration, DNS was not designed with security in mind. When a local |
|
|
DNSSEC uses public key cryptography to digitally sign a zone that in turn signs all the |
resource record signature (RRSIG), DNS public key (DNSKey), delegation signer (DS), and next secure (NSEC). These records are called resource record signature (RRSIG) records. The public key is stored inside the DNSKey resource records. The resolver uses the public key to validate the signatures and thus authenticate them. |
|
|
WINS |
Windows Internet Name Services (WINS)
another name resolution service on some networks to help pre–Windows 2000 computers to resolve a computer name to These older systems use NetBIOS over TCP/IP, which requires either a static LMHOSTS file (located on each computer) or a WINS server to resolve the names. Without a WINS server, these systems rely on broadcast messages to communicate. |
|
|
LLMNR |
USING LINK LOCAL MULTICAST NAME RESOLUTION (LLMNR)
fallback name resolution technique when DNS or WINS is not available LLMNR works only on the local subnet, so it does not resolve names for systems that are located on another network. |
|
|
There are two ways to configure DHCP when using it for IPv6 implementations: |
stateless address configuration and stateful address configuration .
If you are using DHCP to assign IPv6 addresses to stateful mode clients, they work similarly
Stateless mode clients work a little differently; they assign both a link local address and additional |
|
|
WEP def |
Wireless Equivalent Privacy (WEP) was designed to provide the same level of |
|
|
WPA def |
Wi-Fi Protected Access (WPA) was created to improve upon the encrypting and |
|
|
Wi-Fi Protected Access (WPA) v2 |
Wi-Fi Protected Access (WPA) v2 : In 2006, WPA v2 replaced WPA. WPA v2 |
|
|
WPA devices can operate in the following modes |
Personal mode: This mode uses a preshared key or password Enterprise mode: This mode uses two sets of keys: a session key, changed each time the |
|
|
EAP def |
The Extensible Authentication Protocol (EAP) is used in wireless networks to expand the |
|
|
WFAS |
Windows Firewall with Advanced Security (WFAS) combines a stateful host-based firewall |
|
|
WFAS profiles |
A domain profile is used when your computer is connected to its corporate domain and
A private profile is used when your computer is connected to a private network location and is located behind a firewall and/or a device that performs NAT.
public profile is used when your computer is connected to a public network
|
|
|
PPTP L2TP SSTP
|
• Point to Point Tunneling Protocol (PPTP) |
|
|
There are four types of VPN Tunneling protocols you will encounter: |
• Point to Point Tunneling Protocol (PPTP) |
|
|
PNs can provide the following capabilities: |
• Data encryption (confidentiality) |
|
|
PPTP def |
Point to Point Tunneling Protocol (PPTP) has widespread support with nearly all versions
PPTP provides confidentiality but no integrity |
|
|
L2TP/IPSEC |
PPTP supports authentication of the user only, L2TP/IPsec requires that the
L2TP provides a support mechanism for pre-shared keys, digital certificates or Kerberos for mutual authentication.
L2TP/IPsec provides data |
|
|
abr PPP PKI MPPE NAP |
PPP - Point to Point Protocol PKI - Public Key Infrastructure MPPE - Microsoft Point to Point Encryption ESP - Encapsulating Security Payload NAP - Network Access Compliance |
|
|
SSTP def |
Secure Socket Tunneling Protocol ( SSTP )
works by sending PPP or L2TP traffic through an SSL 3.0 channel. The SSTP protocol uses SSL and TCP port 443 to relay traffic By using TCP port 443, it ill work in environments with highly restricitve firewall |
|
|
VPN Reconnect (IKEv2) |
introduced with Routing and Remote Access Services (RRAS) in Windows Server 2008 R2 and Windows 7. It is designed to provide users with consistent VPN connectivity and automatically reestablish a VPN when users temporarily lose their Internet connection. |
|
|
DirectAccess |
DirectAccess allows your remote users to connect automatically whenever their clients
DirectAccess is designed for use by domain-based clients (Windows 7 (Enterprise and Ultimate), Windows 8 (Enterprise), Windows Server 2008 R2, and Windows Server 2012) while Routing and Remote Access Services (RRAS) provides traditional VPN access for legacy clients, non-domain clients, third party VPN clients and site-to-site connections between servers. |
|
|
Force tunneling |
Force tunneling (sends all traffic through the Direct Access connection) |
|
|
DirectAccess works by |
DirectAccess works by establishing two IPsec tunnels from the client to the DirectAccess
The first is an infrastructure tunnel that is used to communicate with the DNS server |
|
|
NLS |
Network Location Server (NLS)
NLS plays a critical role in whether the DirectAccess client components are enabled. In fact, NLS is basically a web server used by the client to determine if it is on the corporate network. If it detects that it is on the corporate network, the DA client components are not enabled. If it cannot connect to the NLS, it assumes it is not on the corporate network and enables DirectAccess. |
|
|
WMI filter |
WMI filter is used to control the application of the GPO. The WMI filter is evaluated on |
|
|
For OTP authentication |
You can use one-time password (OTP) for user authentication. OTP requires thet Remote Access server to be already deployerd. |
|
|
Network Access Protection (NAP) |
Network Access Protection (NAP) is a feature that combines client and server elements. NAP |
|
|
CMAK |
Connection Manager Administration Kit (CMAK) Connection Manager is a client network connection tool that helps administrators to
You use the Connection Manager Administration Kit (CMAK) to create and customize the profiles for Connection Manager and to distribute them to users. The profile, once completed, contains all the settings necessary for the user to connect including the IP address of the VPN server. |
|
|
PowerShell cmd to create vpn connection |
PS C:\Add-VpnConnection –Name MyPSVPN –ServerAddress |
|
|
PowerShell cmd to Remove split-tunneling for VPN |
C:\Set-VpnConnection –name VPNInt –Server RemoteServer. |
|
|
RSAT |
The Remote Server Administration Tools (RSAT) allow you to manage roles and features |
|
|
Windows PowerShell Remoting |
Windows PowerShell Remoting is a server-client application that allows you to securely |
|
|
Authentication def |
Authentication : Represents the way that security principals (users, computers, and |
|
|
Authorization def |
Authorization : After security principals prove their identity, authorization determines |
|
|
Confidentiality def |
Confidentiality: This process is about preventing people from reading information they |
|
|
Integrity def |
Integrity: This is the ability to guarantee that the information has not been arbitrarily changed from the time it was sent from the original source and received by the other party. |
|
|
Nonrepudiation def |
Nonrepudiation: This is a method used to provide proof that a security principal (user, |
|
|
Windows 8 supports the following |
passwords, picture passwords, digital certificates, smart cards, and biometrics. |
|
|
VSC |
virtual smart cards (VSCs), which makes additional hardware (smart card readers and smart cards) unnecessary. These cards emulate the functionality of regular smart cards but require a Trusted Platform Module (TPM) chip to protect the private keys |
|
|
WBF def |
Fortunately, Microsoft introduced |
|
|
SAM def |
Security Accounts Manager (SAM) , contains user accounts and their associated passwords |
|
|
LSA def |
Local Security Authority (LSA )
When you enter your user name and password on a Windows computer, a process called the Local Security Authority (LSA ) queries the SAM database to determine whether an account with the user name and password you used exists. If it does, you will be granted |
|
|
Global Catalog |
When you implement multiple domains, a feature called the Global Catalog is used to find users, computers, and resources throughout the other domains |
|
|
NTLM |
WINDOWS NT LAN MANAGER (NTLM) v2
NTLM is a family of authentication protocols first introduced with Windows NT. It is a based on a challenge/response mechanism used to authenticate users and computers. |
|
|
TLS Handshake protocol
TLS Record protocol |
• TLS Handshake protocol : Establishes the encryption/decryption keys and algorithm, |
|
|
SNI def |
Windows 8/Windows Server have introduced new features including TLS support for Server |
|
|
Forest trusts def |
can be created between two forest root domains if the forest functional level is Windows Server 2003 or later. For example, if Contoso acquires Acme and both are running Windows Server 2003 or later forests, you can create a forest trust to allow access for users in both forests. |
|
|
Realm trusts def |
are used to form relationships between an Active Directory domain and a non–Windows Kerberos realm. For example, if Contoso acquired another company that was running a UNIX network, you could create a realm trust to provide users at |
|
|
Shortcut trusts def |
can be used to optimize the authentication process. Even if domains within a forest trust each other, authentication has to walk a trust path from the child domain to the parent domain. A shortcut trust can be made between two domains within the forest to optimize this process. This works well when users have to cross multiple domains to access resources or if a parent domain is located across a slower wide area network (WAN) link. |
|
|
Disk quotas requirments |
• Quotas can be configured only on NTFS volumes. |
|
|
diskmgmt.msc
BITS |
Disk Management
Background Intelligent Transfer Service (BITS) |
|
|
File Server Resource Manager def |
File Server Resource Manager , a feature in Windows Server 2012, provides a |
|
|
Storage Spaces def |
Storage S paces is a feature in Windows 8/Windows Server 2012 that allows you to |
|
|
storage pool |
When the drives are combined, Windows places them into a storage pool . These storage |
|
|
When creating storage spaces, there are four resiliency types to select from. |
• Simple (no resiliency) : Writes one copy of your data but doesn’t protect against drive |
|
|
thin provisioning |
you can create a storage space that is larger |
|
|
BranchCache |
a feature available in Windows 8 and Windows Server 2012
designed to optimize the link between branch offices and main offices |
|
|
BranchCache- enabled server , also called a c ontent server |
Content obtained from a BranchCache- enabled server , also called a c ontent server , can |
|
|
operating modes for BranchCache |
hosted-cache mode and distributedcache |
|
|
ENABLE BRANCHCACHE ON A WINDOWS 8 |
Execute the following Windows PowerShell command: |
|
|
Share permissions |
Share permissions are the permissions you set for folders when you share them either on |
|
|
List share permissions |
read change full control |
|
|
NTFS permissions differ from share permissions in two ways |
• They apply to files and folders on NTFS volumes. |
|
|
NTFS Permissions |
read, read & execute, write, modify, list folder contents, full control |
|
|
certmgr.msc |
Certification snap-in (certmgr.msc) |
|
|
ERA def |
When EFS is used, an EFS recovery agent (ERA) is automatically created, whether the |
|
|
gpmc.msc |
GPOs are associated with Active Directory containers (sites, domains, and organizational units [OUs]) and are managed from the Group Policy Management Console (GPMC). The GPMC (gpmc.msc) provides a single interface for managing GPOs across your entire organization. |
|
|
LGPE RSAT GPMC TPM |
Local Group Policy Editor (LGPE; gpedit.msc) Remote Server Administration Tools Group Policy Management Console Trusted Platform Module |
|
|
MBAM |
Microsoft BitLocker Administration and Monitoring (MBAM) is a simple administrative |
|
|
When you combine share and NTFS permissions, the more _____________ of the two wins. |
restrictive |
|
|
Certified drivers are stored in the Windows 8 driver store. This store can be found in the |
%systemroot%\system23\driverstore |
|
|
Exchange ActiveSync (mobile management) |
Exchange ActiveSync: Exchange Server 2013 enables you to manage which mobile |
|
|
System Center Configuration Manager (SCCM) 2012 (mobile management) |
System Center Configuration Manager (SCCM) 2012: SCCM 2012 comes with an |
|
|
Exchange ActiveSync |
Exchange ActiveSync is a client synchronization protocol based on XML that enables you to |
|
|
CAS AD CS NFC SIM |
Client Access Server (CAS) Active Directory Certificate Services (AD CS) Near field communication (NFC) Subscriber Identity Module (SIM) |
|
|
System Center Configuration Manager (SCCM) 2012 provides an Exchange connector |
SCCM 2012 comes with an Exchange Server connector, which enables you to manage |
|
|
Two mobile device management types are available when using SCCM 2012: |
• Light mobile device management |
|
|
Light Mobile Device Management |
This type of mobile device management works through the Exchange Server connector and |
|
|
In-Depth Mobile Device Management |
In-depth mobile device management, handled through SCCM 2012, enables you to |
|
|
PC Reset |
Removes everything and reinstalls Windows
A PC Reset is used when you want to return the computer back to its original state when |
|
|
PC Refresh |
Refreshes your PC without affecting your files
PC Refresh is a little less intrusive than a PC Reset. It enables you to keep your personal |
|
|
recimg.exe |
recimg.exe: Creates an image that can include traditional desktop applications. Traditional |
|
|
File History |
File History is designed to only back up your personal files. If you need to back up your applications and system files, consider using either PC Reset or PC Refresh. If these tools do not meet your needs for managing your system and application files, the Windows 7 File Recovery tool can be used in Windows 8 as an alternative to a third-party backup program. |
|
|
Windows 8 System Restore |
Windows 8 System Restore saves information about your drivers, registry settings, programs, |
|
|
File History |
In Windows 8, File History simplifies the process of protecting your personal files. It eliminates |
|
|
recimg.exe |
If you want to keep your settings and traditional desktop applications, use a utility called |
|
|
WSUS SCEP WID |
Windows Server Update Services (WSUS) System Center Endpoint Protection (SCEP) Windows Internal Database (WID) |
|
|
Application Reputation |
Application Reputation provides protection from downloading malware through the use of |
|
|
WSUS def |
Windows Server Update Services |
|
|
upstream server |
When multiple servers are used, the server that obtains updates from Microsoft is called the |
|
|
downstream servers |
The server(s) that obtain their updates from the upstream server are called |
|
|
WSUS uses port |
WSUS uses port 8530 for the HTTP protocol and port 8531 for HTTPS to obtain updates from the Microsoft Update |
|
|
MAPS |
Microsoft Active Protection Service (MAPS)
MAPS is an online community that can |
|
|
SCEP |
System Center Endpoint Protection (SCEP) client, a product in the Microsoft System Center 2012 suite, is designed to protect clients and servers from malware threats. Although many of the products were offered as standalone versions in previous releases, SCEP is now integrated with the System Center Configuration Manager. |
|
|
Action Center |
Action Center provides a central location for viewing notifications regarding problems |
|
|
WSUS supports both replica mode and autonomous mode configurations |
WSUS supports both replica mode and autonomous mode configurations. Replica |
|
|
DaRT |
Microsoft Diagnostics and Recovery Toolset (DaRT) 8 is part of the Microsoft Desktop |
|
|
DEM |
System Center Desktop Error Monitoring (DEM ) a core component of the Microsoft |
|
|
App-V Client |
Through the App-V Client Management console you can update and download virtual applications, view the packages for the current user, and see the applications that make up a virtual package. |
|
|
App-V components include the following: |
App-V 5 Sequencer App-V 5 Client App-V 5 Shared Content Store App-V 5 Server |
|
|
App-V 5 Sequencer |
The App-V Sequencer is software that converts applications into virtual packages.
The App-V Sequencer should be installed on a computer running a virtual machine. This process involves installing the sequencer pre-requisites, installing the App-V Sequencer tool and then taking a snapshot. By taking a snapshot of the machine, you can sequence an application and then return to a clean starting point before sequencing your next application. |
|
|
App-V 5 Client |
App-V 5 Client : The App-V Client is used to run the virtualized application on the |
|
|
App-V 5 Shared Content Store |
App-V 5 Shared Content Store : The App-V Client typically obtains the virtual application |
|
|
App-V 5 Server |
App-V 5 Server : The App-V server is comprised of five roles: Management Server, |
|
|
You need to allow iOS devices to access file servers that are members of the domain |
You should use Workplace Join.
It allows iOs, Windwos Phone 8/8.1 to access domain resources. To implement it you need to configure an AD FS 2.0 server with Device Registration Service. In addition tom implementing Workplace Join, you will need to make additional changes to allow iOS devices to access the file share, including an app that accesses the Windows file system on the iOS device. |
|
|
Dynamic Access Control |
Dynamic Access Control allows you to classify files and apply policies that limit who can access them and the auditing that should be applied.
Device claims can be used to restrict file access to specific computer running Windows 8/8.1 |
|
|
Offline domain join |
Offline domain join can be used to join a remote computer to an AD domain |
|
|
Windows Intune |
Windows Intune can be used to manage iOS devices, but not allow them to connect to domain resources |
|
|
Direct access |
direct access is used to provide remote access to domain resources for computers running Win 7/8/8.1 |
|
|
System Center 2012 R2 def |
System Center 2012 R2 def cam be used to manage domain members |
|
|
Work folders def |
Work folders is a synchronization technology that allows users to synchronize their files across devices, while ensuring that the files are locating on-premises storage |
|
|
Windows Intune Stand-Alone Cloud configuration |
Windows Intune Stand-Alone Cloud configuration administer devices and computers through the Administrator console. Does not support the dicovery of mobile devices. |
|
|
Windows Intune Cloud + On-premise Configuration |
Windows Intune Cloud + On-premise Configuration
Integrates windows intune with the existing AD and exchange environments You can discover mobile devices using Exchange ActiveSync, sync with user accounts in AD. |
|
|
Windows Intune + System Center Configuration Manager |
Windows Intune + System Center Configuration Manager This configuration allows you to manage your computers and mobile devices from the SCCM |
|
|
To deploy an .ipa package you need to |
select software link on the Software Setup page. oOS app packages require a manifest so you need to specify the path to the iOS app's manifest |
|
|
Windows Intune can distribute Windows Phone packages in the ___________ file format |
.xap To deploy .xap pacakge you need to select software link on the Software setup page. You also need to enter the code signing certificate provided when you configure Mobile Device Management |
|
|
External link and application deployment |
External links are used to deploy application form an app store or browser0based applications |
|
|
Location aware printing |
is only used in scenarios where the client computer is used in multiple location and you need to be able to choose which printer should be the default printer in that location |
|
|
When should you run AgentSetup.exe with SyncMethod set to none.
|
The UE-V 2 Agent uses SyncProvider by default. The SyncProvider synchronizes settings every 30 minutes. To cause setting to be synchronized immediately, you need to change the SynchMethods to None.
For pooled VDI images, the inly way to configure the SyncMethods is to run AgentSetup with the SyncMethod set to None. |
|
|
You are configuring client computers in your company. The computers are running a mix of MS Win 8.1 Ent and Win 8.1 RT. The company has purchased a Windows Intune. How can you prevent users from using a pic password. |
Mobile Device Security Policy
|
|
|
When upgrading 32 bit Windows to 64-bit Win 8.1 what items will be preserer |
Nothing fresh install
Same applies for XP 64 to Win 8.1 64 |
|
|
How can you prevent users from synching application settings, browsing history, favorites, and passwords among devices using their MSA |
Configure the Security Options under Computer Configuration\Windows Settings\Security Settings\Local Policies node of Group Policy |
|
|
Windows Intunes client software needs to be installed on desktop versions of Windows such as |
Win 8 ent and pro Win 7 ent, ultimate, & pro Vista ent, ultimate, & business XP Pro SP3 |
|
|
Windows Intune does not require client software to be installed on mobile device such as |
Win RT Win RT 8.1 Win Phone 8/8.1 Win 8.1 pro & ent iOS 5 & up Androind 2.3.4 & up |
|
|
When directory synch is configured between Office 365 and an Active Directory, you can only delete a user account from ____________ |
AD The change is then synch to Office 365 You can delete a user account form AD either via Remove-ADUser or Active Directory Users and Computers |
|
|
Before deploying UE-V to the Win 8.1 environment, you should prevent users from enabling ... |
the Sync Your Settings feature on Win 8.1. You can do this by configuring the Do not sync policy setting under the Computer Configuration\Administrative Templates\Windows Components\Sync settings node of Group Policy |
|
|
To deploy a DaRT image to the WDS server you need to |
extract boot.wim from the ISO image. You can dp this by mounting the ISO image or burning the image to a CD or DVD, and then copying the boot.wim file |
|
|
What storage solution should you use to store UE-V settings |
Active Directory Home Dir Network Share on a file server
OneDrive is not supported by UE-V for the settings storage location |
|
|
Workplace Join def |
workers can join their personal devices with their company's workplace computers to access company resources and services. When you join your personal device to your workplace, it becomes a known device and provides seamless second factor authentication and Single Sign-On to workplace resources and applications. When a device is joined by Workplace Join, attributes of the device can be retrieved from the directory to drive conditional access for the purpose of authorizing issuance of security tokens for applications. With Windows Server 2012 R2, Windows 8.1 and iOS devices can be joined by using Workplace Join. |
|
|
DRS |
Workplace Join is made possible by Device Registration Service (DRS) that is included with the Active Directory Federation Services role in Windows Server 2012 R2. When a device is joined by Workplace Join, DRS provisions a device object in Active Directory and sets a certificate on the consumer device that is used to represent the device identity. DRS is meant to face both internal and external resources. Companies that deploy both DRS and the Web Application Proxy can join devices that use Workplace Join from any Internet-connected location. |
|
|
To ensure that the IMA{4 connection to MS Office 365 is secured using SSL encryption you should use TCP port |
993 |
|
|
App-V publishing servers are automatically removed from an App-V client when Configuration manager deploys virtual application. App-V 5.0 clients can be managed by |
App-V server or System Center 2012 Configuration Manager, but they cannot be managed by both at the same time |
|
|
You can use the Windows Intune Administrator console to customize a wide range of the elements in the Windows Intune company portal such as |
support website URL company privacy statement URL company name, IT department contacts and company logo |
|
|
You plan to create a DaRT 8.1 recovery image by using the DaRT Recovery Image Wizard what you install first on the computer that is used to create the image |
You should install the ADK to use the DaRT Recovery Image wizard. ADK contains the deployment tolls required to customize, deploy, and service Windows Images |
|
|
List the filtering configuration types are supported by the Directory Synch tool |
OU - based allows you to select which OUs are synchronized
AD DS domain based allows you to select which domains are synchronized.
User-attribute-based allows you to control which objects are synchronized based on attribute-based filter for user objects. |
|
|
Tools that can be user to streamline the upgrade and migration to Windows 8 |
ACT - used to determine if application, devices and computers will work with windows 8 USMT - is a cmd line tool that can help you migrate user data to Win 8 Windwos Easy Transfer provides a solution for migrating files and setting from win 7 to win 8 |
|
|
One of your users has been promoted to a new position and has been given a new computer. The user needs the new apps that the job requires. The user also needs to have the documents and settings from the old Windows 7 computer transferred to the new computer. How should you perform the Windows 8.1 installation? Clean installation
|
Side-by-side migration |
|
|
What is the recommended minimum physical memory for an installation of a 64-bit edition of Windows 8.1 Enterprise? 512 MB
|
2 gb |
|
|
Which of the following editions of Windows support the Workplace Join feature? Windows 7 Ultimate
|
Windows 8.1 Enterprise |
|
|
Steps to deploy a third-party plug-in for MS Outlook via App-V |
1. Sequence the plug in 2. Create a new App-V package that contains the plug in 3. Create a Connection Group that includes the Office 2013 App-V package and the plug-in |
|
|
Realibility monitor use and def |
realibility monitor uses event viewer to display events related to system stability in a graphical format |
|
|
An infrastructure using MS Office 365 is configured with Single sign-on (SSO) for Office 365 by using Active Directory Federation Service wit def config. Some mail enabled groups are not synched to MS Windows Azure Active Directory. What are the possible reasons. |
DisplayName attribute is empty ProxyAddress does not have a primary SMTP address and mail attribute is not present or is invalid Group has more than 15000 immediate members |
|
|
mandatory user profile |
A mandatory user profile is a special type of pre-configured roaming user profile that administrators can use to specify settings for users. With mandatory user profiles, a user can modify his or her desktop, but the changes are not saved when the user logs off. The next time the user logs on, the mandatory user profile created by the administrator is downloaded.
There are two types of mandatory profiles: normal mandatory profiles and super-mandatory profiles. User profiles become mandatory profiles when the administrator renames the NTuser.dat file (the registry hive) on the server to NTuser.man. The .man extension causes the user profile to be a read-only profile. |
|
|
super-mandatory user profile |
User profiles become super-mandatory when the folder name of the profile path ends in .man; for example, \\server\share\mandatoryprofile.man\. Super-mandatory user profiles are similar to normal mandatory profiles, with the exception that users who have super-mandatory profiles cannot log on when the server that stores the mandatory profile is unavailable. Users with normal mandatory profiles can log on with the locally cached copy of the mandatory profile. Only system administrators can make changes to mandatory user profiles. |
|
|
Workplace Join as a seamless second factor authentication |
Companies can manage the risk that is related to information access and drive governance and compliance while granting consumer devices access to corporate resources. Workplace Join on devices provides the following capabilities to administrators: * Provides a more seamless sign-in experience for users to access company resources from trusted devices. |
|
|
Roaming User Profiles |
If a computer is running Windows 2000 Server or later on a network, users can store their profiles on the server. These profiles are called roaming user profiles. Roaming user profiles have the following advantages: * Automatic resource availability.* Simplified computer replacement and backup. |
|
|
Are roaming user profiles supported on Win RT |
No
Windows XP and Windows Server 2003 support Roaming User Profiles only when set up on user accounts by using AD DS - they don’t support enabling Roaming User Profiles on a per-computer basis by using Group Policy. |
|
|
How can I manage Storage Spaces? |
The Storage Spaces item in Control Panel The File and Storage Services section of Server Manager The Storage module in Windows PowerShell |
|
|
ReFS SSO |
ReFS - Resilient File System SSO - Single Sing-On |
|
|
In case that you have MS Exchange Active Sync policy setting to manage mobile devices and you want to supplement it with Windows Intune direct management in addition the Intune Exchange connector is not used.
How conflicts between the two will be resovled? |
If user device is controlled by both Exchange ActiveSync polict settings and Windows Intune direct management and the Intune Exchange connector is not used, the more settings in the last policy applied will win |
|
|
There are several way to enable Client Hyper-V feature in Windows 8 Pro, you can use |
PS, Programs and Features Control Panel applet, DISM utility |
|
|
UEFI |
Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware. UEFI is a more secure replacement for the older basic input/output system (BIOS) firmware interface present in some personal computers, which is vulnerable to malware that performs attacks during the boot or power on self-test processes |
|
|
SRP |
Software Restriction Policies
Software Restriction Policies are a security feature that enables you to specify exactly which applications are allowed to run on user desktops. |
|
|
What Is AppLocker? |
AppLocker is a security feature that enables you to specify exactly which applications are allowed to run on user desktops.
Benefits of AppLocker: Controls how users can access and run all types of applications Ensures that user desktops are running only approved, licensed software Provides much better granularity and control than SRP Can restrict Windows Store apps Only works on Windows 7 and later operating systems |
|
|
PowerShell cmdlet command-line equivalent
ping ipconfig route print net use netstat netsh advfirewall
|
Test-Connection - ping |
|
|
DNSSEC RRSIG DNSKey DS NSEC
|
DNS Security Extensions adds four new DNS source records
RRSIG - resource signature record DNSKey - DNS public key DS - delegation signer NSEC - next secure |
|
|
IPv6 APIPA equivalent address |
IPv4 - 169.254.0.0 255.255.255.0 IPv6 - FE80:: /64 |
|
|
What cmd should you use set up a virtual smart card |
TpmVscMgr.exe |
