Windows Sever Interview Questions part 2

AD

·        What is Active Directory ?
Active Directory is a Meta Data. Active Directory is a data base which store a data base like your user information, computer information and also other network object info. It has capabilities to manage and administor the complite Network which connect with AD.

·        What is domain ?
Windows NT and Windows 2000, a domain is a set of network resources (applications, printers, and so forth) for a group of users. The user need only to log in to the domain to gain access to the resources, which may be located on a number of different servers in the network. The 'domain' is simply your computer address not to confused with an URL. A domain address might look something like 211.170.469.

·        What is domain controller ?
A Domain controller (DC) is a server that responds to security authentication requests (logging in, checking permissions, etc.) within the Windows Server domain. A domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer resources with the use of a single username and password combination.

·        What is LDAP ?
Lightweight Directory Access Protocol LDAP is the industry standard directory access protocol, making Active Directory widely accessible to management and query applications. Active Directory supports LDAPv3 and LDAPv2.

·        What is KCC ?
KCC ( knowledge consistency checker ) is used to generate replication topology for inter site replication and for intrasite replication.with in a site replication traffic is done via remote procedure calls over ip, while between site it is done through either RPC or SMTP.

·        Where is the AD database held? What other folders are related to AD?
The AD data base is store in c:\windows\ntds\NTDS.DIT.

·        What is the SYSVOL folder?
The sysVOL folder stores the server's copy of the domain's public files. The contents such as group policy, users etc of the sysvol folder are replicated to all domain controllers in the domain.

·        Where are the Windows NT Primary Domain Controller (PDC) and its Backup Domain Controller (BDC) in Server 2003 ?
The Active Directory replaces them. Now all domain controllers share a multimaster peer-to-peer read and write relationship that hosts copies of the Active Directory.

·        I am trying to create a new universal user group. Why can’t I ?
Universal groups are allowed only in native-mode Windows Server 2003 environments. Native mode requires that all domain controllers be promoted to Windows Server 2003 Active Directory.

·        What is LSDOU ?
 It’s group policy inheritance model, where the policies are applied toLocal machines, Sites, Domains and Organizational Units.

·        Why doesn’t LSDOU work under Windows NT ?
If the NTConfig.pol file exist, it has the highest priority among the numerous policies.

·        What’s the number of permitted unsuccessful logons on Administrator account? Unlimited. Remember, though, that it’s the Administrator account, not any account that’s part of the Administrators group.

·        What System State data contains ?
Contains Startup files,
Registry
Com + Registration Database
Memory Page file
System files
AD information
Cluster Service information
SYSVOL Folder

DNS

·        What is the main purpose of a DNS server?
DNS servers are used to resolve FQDN hostnames into IP addresses and vice versa.

·        What is the port no of dns ?
53.

·        What is a Forward Lookup?
Resolving Host Names to IP Addresses.

·        What is Reverse Lookup?
It?s a file contains host names to IP mapping information.

·        What is a Resource Record?
It is a record provides the information about the resources available in the N/W infrastructure.

·        What are the diff. DNS Roles?
Standard Primary, Standard Secondary, & AD Integrated.

·        What is a Zone?
Zone is a sub tree of DNS database.

·        Secure services in your network require reverse name resolution to make it more difficult to launch successful attacks against the services. To set this up, you configure a reverse lookup zone and proceed to add records. Which record types do you need to create?
PTR Records

·        SOA records must be included in every zone. What are they used for ?
SOA records contain a TTL value, used by default in all resource records in the zone. SOA records contain the e-mail address of the person who is responsible for maintaining the zone. SOA records contain the current serial number of the zone, which is used in zone transfers.

·        By default, if the name is not found in the cache or local hosts file, what is the first step the client takes to resolve the FQDN name into an IP address ?
Performs a recursive search through the primary DNS server based on the network interface configuration .

DHCP

·        What is dhcp ?
Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e., a scope) configured for a given network.

·        What is the dhcp process for client machine?
1. A user turns on a computer with a DHCP client.
2. The client computer sends a broadcast request (called a DISCOVER or DHCPDISCOVER), looking for a DHCP server to answer.
3. The router directs the DISCOVER packet to the correct DHCP server.
4. The server receives the DISCOVER packet. Based on availability and usage policies set on the server, the server determines an appropriate address (if any) to give to the client. The server then temporarily reserves that address for the client and sends back to the client an OFFER (or DHCPOFFER) packet, with that address information. The server also configures the client's DNS servers, WINS servers, NTP servers, and sometimes other services as well.
5. The client sends a REQUEST (or DHCPREQUEST) packet, letting the server know that it intends to use the address.
6. The server sends an ACK (or DHCPACK) packet, confirming that the client has a been given a lease on the address for a server-specified period of time.

·        What is dhcp scope ?
DHCP scopes are used to define ranges of addresses from which a DHCP server can assign IP addresses to clients.

·        Types of scopes in windows dhcp ?
Normal Scope - Allows A, B and C Class IP address ranges to be specified including subnet masks, exclusions and reservations. Each normal scope defined must exist within its own subnet.

o   Multicast Scope - Used to assign IP address ranges for Class D networks. Multicast scopes do not have subnet masks, reservation or other TCP/IP options.

o   Multicast scope address ranges require that a Time To Live (TTL) value be specified (essentially the number of routers a packet can pass through on the way to its destination).

o   Superscope - Essentially a collection of scopes grouped together such that they can be enabled and disabled as a single entity.

·        What is Authorizing DHCP Servers in Active Directory ?
If a DHCP server is to operate within an Active Directory domain (and is not running on a domain controller) it must first be authorized.
This can be achieved either as part of the DHCP Server role installation, or subsequently using either DHCP console or at the command prompt using the netsh tool.
If the DHCP server was not authorized during installation, invoke the DHCP console (Start -> All Programs -> Administrative Tools -> DHCP),
right click on the DHCP to be authorized and select Authorize. To achieve the same result from the command prompt, enter the following command:
netsh dhcp server serverID initiate auth
In the above command syntax, serverID is replaced by the IP address or full UNC name of system on which the DHCP server is installed.

                                                  

Read More

Windows Server 2008 Interview Questions And Answers

1. What are some of the new tools and features provided by Windows Server 2008?
Windows Server 2008 now provides a desktop environment similar to Microsoft Windows Vista and includes tools also found in Vista, such as the new backup snap-in and the BitLocker drive encryption feature. Windows Server 2008 also provides the new IIS7 web server and the Windows Deployment Service.

2. What are the different editions of Windows Server 2008?
The entry-level version of Windows Server 2008 is the Standard Edition. The Enterprise Edition provides a platform for large enterprisewide networks. The Datacenter Edition provides support for unlimited Hyper-V virtualization and advanced clustering services. The Web Edition is a scaled-down version of Windows Server 2008 intended for use as a dedicated web server. The Standard, Enterprise, and Datacenter Editions can be purchased with or without the Hyper-V virtualization technology.

3. What two hardware considerations should be an important part of the planning process for a Windows Server 2008 deployment?
Any server on which you will install Windows Server 2008 should have at least the minimum hardware requirement for running the network operating system. Server hardware should also be on the Windows Server 2008 Hardware Compatibility List to avoid the possibility of hardware and network operating system incompatibility.

4. What are the options for installing Windows Server 2008?
You can install Windows Server 2008 on a server not currently configured with NOS, or you can upgrade existing servers running Windows 2000 Server and Windows Server 2003.

5. How do you configure and manage a Windows Server 2008 core installation?
This stripped-down version of Windows Server 2008 is managed from the command line.

6. Which Control Panel tool enables you to automate the running of server utilities and other applications?
The Task Scheduler enables you to schedule the launching of tools such as Windows Backup and Disk Defragmenter.

7. What are some of the items that can be accessed via the System Properties dialog box?
You can access virtual memory settings and the Device Manager via the System Properties dialog box.

8. When a child domain is created in the domain tree, what type of trust relationship exists between the new child domain and the trees root domain?
Child domains and the root domain of a tree are assigned transitive trusts. This means that the root domain and child domain trust each other and allow resources in any domain in the tree to be accessed by users in any domain in the tree.

9. What is the primary function of domain controllers?
The primary function of domain controllers is to validate users to the network. However, domain controllers also provide the catalog of Active Directory objects to users on the network.

10. What are some of the other roles that a server running Windows Server 2008 could fill on the network?
A server running Windows Server 2008 can be configured as a domain controller, a file server, a print server, a web server, or an application server. Windows servers can also have roles and features that provide services such as DNS, DHCP, and Routing and Remote Access.

11. Which Windows Server 2008 tools make it easy to manage and configure a servers roles and features?
The Server Manager window enables you to view the roles and features installed on a server and also to quickly access the tools used to manage these various roles and features. The Server Manager can be used to add and remove roles and features as needed.

12. What Windows Server 2008 service is used to install client operating systems over the network?
Windows Deployment Services (WDS) enables you to install client and server operating systems over the network to any computer with a PXE-enabled network interface.

13. What domain services are necessary for you to deploy the Windows Deployment Services on your network?
Windows Deployment Services requires that a DHCP server and a DNS server be installed in the domain

14. How is WDS configured and managed on a server running Windows Server 2008?
The Windows Deployment Services snap-in enables you to configure the WDS server and add boot and install images to the server.

15. What is the difference between a basic and dynamic drive in the Windows Server 2008 environment?
A basic disk embraces the MS-DOS disk structure; a basic disk can be divided into partitions (simple volumes).
Dynamic disks consist of a single partition that can be divided into any number of volumes. Dynamic disks also support Windows Server 2008 RAID implementations.

16. What is RAID in Windows Server 2008?
RAID, or Redundant Array of Independent Disks, is a strategy for building fault tolerance into your file servers. RAID enables you to combine one or more volumes on separate drives so that they are accessed by a single drive letter. Windows Server 2008 enables you to configure RAID 0 (a striped set), RAID 1 (a mirror set), and RAID 5 (disk striping with parity).

17. What conceptual model helps provide an understanding of how network protocol stacks such as TCP/IP work?
The OSI model, consisting of the application, presentation, session, transport, network, data link, and physical layers, helps describe how data is sent and received on the network by protocol stacks.

18. What protocol stack is installed by default when you install Windows Server 2008 on a network server?
TCP/IP (v4 and v6) is the default protocol for Windows Server 2008. It is required for Active Directory implementations and provides for connectivity on heterogeneous networks.

19. How is a server running Windows Server 2008 configured as a domain controller, such as the domain controller for the root domain or a child domain?
Installing the Active Directory on a server running Windows Server 2008 provides you with the option of creating a root domain for a domain tree or of creating child domains in an existing tree. Installing Active Directory on the server makes the server a domain controller.

20. What are some of the tools used to manage Active Directory objects in a Windows Server 2008 domain?
When the Active Directory is installed on a server (making it a domain controller), a set of Active Directory snap-ins is provided. The Active Directory Users and Computers snap-in is used to manage Active Directory objects such as user accounts, computers, and groups. The Active Directory Domains and Trusts snap-in enables you to manage the trusts that are defined between domains. The Active Directory Sites and Services snap-in provides for the management of domain sites and subnets.

21. How are domain user accounts created and managed?
The Active Directory Users and Computers snap-in provides the tools necessary for creating user accounts and managing account properties. Properties for user accounts include settings related to logon hours, the computers to which a user can log on, and the settings related to the user's password.

22. What type of Active Directory objects can be contained in a group?
A group can contain users, computers, contacts, and other nested groups.

23. What type of group is not available in a domain that is running at the mixed-mode functional level?
Universal groups are not available in a mixed-mode domain. The functional level must be raised to Windows 2003 or Windows 2008 to make these groups available.

24. What types of Active Directory objects can be contained in an Organizational Unit?
Organizational Units can hold users, groups, computers, contacts, and other OUs. The Organizational Unit provides you with a container directly below the domain level that enables you to refine the logical hierarchy of how your users and other resources are arranged in the Active Directory.

25. What are Active Directory sites in Windows Server 2008?
Active Directory sites are physical locations on the network's physical topology. Each regional domain that you create is assigned to a site. Sites typically represent one or more IP subnets that are connected by IP routers. Because sites are separated from each other by a router, the domain controllers on each site periodically replicate the Active Directory to update the Global Catalog on each site segment.

26. Can servers running Windows Server 2008 provide services to clients when they are not part of a domain?
Servers running Windows Server 2008 can be configured to participate in a workgroup. The server can provide some services to the workgroup peers but does not provide the security and management tools provided to domain controllers.

27. What does the use of Group Policy provide you as a network administrator?
Group Policy provides a method of controlling user and computer configuration settings for Active Directory containers such as sites, domains, and OUs. GPOs are linked to a particular container, and then individual policies and administrative templates are enabled to control the environment for the users or computers within that particular container.

28. What tools are involved in managing and deploying Group Policy?
GPOs and their settings, links, and other information such as permissions can be viewed in the Group Policy Management snap-in.

29. How do you deal with Group Policy inheritance issues?
GPOs are inherited down through the Active Directory tree by default. You can block the inheritance of settings from upline GPOs (for a particular container such as an OU or a local computer) by selecting Block Inheritance for that particular object. If you want to enforce a higher-level GPO so that it overrides directly linked GPOs, you can use the Enforce command on the inherited (or upline) GPO.

30. How can you make sure that network clients have the most recent Windows updates installed and have other important security features such as the Windows Firewall enabled before they can gain full network access?
You can configure a Network Policy Server (a service available in the Network Policy and Access Services role). The Network Policy Server can be configured to compare desktop client settings with health validators to determine the level of network access afforded to the client.

31. What is the purpose of deploying local DNS servers?
A domain DNS server provides for the local mapping of fully qualified domain names to IP addresses. Because the DNS is a distributed database, the local DNS servers can provide record information to remote DNS servers to help resolve remote requests related to fully qualified domain names on your network.

In terms of DNS, what is a caching-only server?
A caching-only DNS server supplies information related to queries based on the data it contains in its DNS cache. Caching-only servers are often used as DNS forwarders. Because they are not configured with any zones, they do not generate network traffic related to zone transfers.

How the range of IP addresses is defined for a Windows Server 2008 DHCP server?
The IP addresses supplied by the DHCP server are held in a scope. A scope that contains more than one subnet of IP addresses is called a superscope. IP addresses in a scope that you do not want to lease can be included in an exclusion range.

Read More

Networking Interview Questions!

Q:What is Networking?

Inter connection between the two or more computers is called the networking. Using three types of network are Intranet, Internet and Extranet (Eg. LAN, WAN & MAN)

Q:What is Bandwidth?

Every line has an upper limit and a lower limit on the frequency of signals it can carry. This limited range is called the bandwidth. Every line has a capacity of transmission of data, The maximum amount of data that can be transferred in a single line is called Bandwidth.

Q:What is VLAN?

VLAN Stand for Virtual Local Area Network. It is a logical grouping of network users and resources connected to administratively defined ports on a switch.
Uses of VLAN are as follows:-

1. It is securied connection.
2. It increases flexibility.
3. It creates separate broadcast domain.

Q:What is CIDR?

CIDR Stands for classless inter domain routing. It helps in preventing the wasting of IP address and nowadays we are facing the shortage of the IP address.So this CIDR helps to prevent the waste of IP address.Shortly IPV6 will come into exist.

Q:What is VLSM?

VLSM stands for Variable length subnet mask, when try to separate a major subnet into minor ones, then that process is called VLSM. We can subnet in various lengths.
Eg: 1.1.1.0-/24 can be separated into 1.1.1.0-/30 and 1.1.1.4-/28

Q:What is unicast?

Unicast is one type of transmission in which information is sent from one host to another host (i.e Source to Destination). In another words, Unicast transmission is between one-to-one nodes

Unicast ---> A transmission to a single interface card.

Q:What is Multicast?

Multicast is such differ from Unicast. It is another type of transmission or communication in which there may be more than host and the information sent is meant for a set of host.(i.e one source to group of destination

Multicast ---> A transmission to a group of interface cards on the network.

Q:What is Broadcast?

Broadcast is one type of transmission in which information is transfer from just one host but is received by all the host connected to the network. (i.e one source to all destination)

Broadcast ---> A transmission to all interface cards on the network.

 

 

Read More

Installing and configuration Distributed File System

The Distributed File System (DFS) technologies offer wide area network (WAN)-friendly replication as well as simplified, highly available access to geographically dispersed files. In Windows Server® 2008, DFS is implemented as a role service of the File Services role. The Distributed File System role service consists of two child role services:

• DFS Namespaces
• DFS Replication

Installing DFS

Start on the Live Server Click Start\Administrative Tools\Services

Click Server Manager\Roles\File Services\Add Role Services

Select Distributed File System Select DFS Namespaces Select DFS Replication Click Next

Select Create a namespace now using this wizard Enter a name for this name space: S1S2 Click Next

Select Domain based namespace Select Enable Windows 2008 Server mode Click Next

Click Next

Click Install

Click Close

Configuring File Shares

Click Start\Administrative Tools\Share and Storage Management

Click Provision Share in Right Column

Select Shared Folder or Make New Folder if not done already Click OK

Click Next

Click Yes, change NTFS permissions Click Next

Under Users select Full Control Click OK

Click Next

Click Users and groups have custom share permissions Click Permissions

Click Full Control Click OK

Click Next

Select \\Adatum9.com\S1S2 Click Next

New folder name: Servershare Click Next

Click Create

Click Close Repeat 'Create File Share' on the Virtual Server Note: New Folder Name: VServershare

Mapping a Drive Letter to Distributed Shared Files

Open My Computer

Click Map Network Drive

Select s1s2 under V9SERVER Click OK

Select S from the Drive Letters

You should see both Servershare and Vservershare folders untder this drive letter. Although they are on different servers, they do not show up that way to the end user Repeat these steps on all workstations that will require being mapped to these files

Read More

DHCP Step-by-Step Guide

Software requirements

---

The following are required components of the test lab:

• The product disc for Windows Server 2008 R2.
  
• The product disc for Windows Server 2003 with Service Pack 2 (SP2).
  
• The product disc for Windows 7.
  
  This lab demonstrates link layer-based filtering with a DHCP server in a domain with Active Directory® directory services and Windows Server 2003 installed. You can also make the domain controller in this lab run Windows Server 2008 R2.
  

Steps for configuring the test lab

---

The following are the installation, configuration, and post-installation configuration stages required to set up this test lab:

• Configure DC1.
  
  DC1 is a server running the Windows Server 2003 Standard Edition operating system. DC1 is configured as a domain controller with Active Directory. It is also configured as the primary DNS server for the intranet subnet.
  
• Configure DHCP Server 1.
  
  DHCP Server 1 is a server running Windows Server 2008 R2. DHCP Server 1 is configured with the DHCP Server service, and functions as a DHCP server in the domain.
  
• Configure Windows-based DHCP clients
  
  DHCP Client 1, DHCP Client 2, and DHCP Client 3 are client computers running Windows 7. DHCP Client 1, DHCP Client 2, and DHCP Client 3 are configured to request IP addresses from DHCP Server 1.
  

After all the components are configured, this guide will provide steps to demonstrate how link layer-based filtering gives you the control to allow or deny network access to the three clients based on MAC address.

Configure DC1

---

DC1 is a computer running Windows Server 2003 Standard Edition with SP2 that provides the following services:

• A domain controller for the Contoso.com Active Directory domain.
  
• A DNS server for the Contoso.com DNS domain.
  

To configure DC1 complete the following tasks:

• Install the operating system.
  
• Configure Transmission Control Protocol/Internet Protocol (TCP/IP)
  
• Install Active Directory and DNS.
  
• Create a user account and group in Active Directory.
  

The following sections explain these tasks in detail.

Install the operating system on DC1

---

Install Windows Server 2003 SP2 as a stand-alone server.

To install the operating system on DC1

---

1. Start your computer using the Windows Server 2003 product disc.
   
2. When prompted for a computer name, type DC1.
   

Configure TCP/IP on DC1

---

Configure TCP/IP with a static IP address of 172.16.1.1 and the subnet mask of 255.255.255.0.

To configure TCP/IP on DC1

---

1. Click Start, click Control Panel, and then double-click Network Connections.
   
2. Right-click Local Area Connection, and then click Properties.
   
3. Click Internet Protocol (TCP/IP), and then click Properties.
   
4. Select Use the following IP address. Type 172.16.1.1 next to IP address and 255.255.255.0 next to Subnet mask.
   
5. Verify that Preferred DNS server is blank.
   
6. Click OK, click Close, and then close the Network Connections window.
   

Configure DC1 as a domain controller and DNS server

---

DC1 will serve as the only domain controller and DNS server for the Contoso.com domain.

To configure DC1 as a domain controller and DNS server

---

1. To start the Active Directory Installation Wizard, click Start, click Run, type dcpromo, and then press ENTER.
   
2. In the Active Directory Installation Wizard dialog box, click Next.
   
3. Operating system compatibility information is displayed. Click Next again.
   
4. Verify that Domain controller for a new domain is selected, and then click Next.
   
5. Verify that Domain in a new forest is selected, and then click Next two times.
   
6. On the Install or Configure DNS page, select No, just install and configure DNS on this computer, and then click Next.
   
7. Type Contoso.com next to Full DNS name for new domain, and then click Next.
   
8. Confirm that the Domain NetBIOS name shown is CONTOSO, and then click Next.
   
9. Accept the default Database Folder and Log Folder directories, and then click Next.
   
10. Accept the default folder location for Shared System Volume, and then click Next.
    
11. Verify that Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems is selected, and then click Next.
    
12. Leave the Restore Mode Password and Confirm Password text boxes blank, and then click Next.
    
13. View the summary information provided, and then click Next.
    
14. Wait while the wizard completes configuration of Active Directory and DNS services, and then click Finish.
    
15. When prompted to restart the computer, click Restart Now.
    
16. After the computer is restarted, log on to the CONTOSO domain using the Administrator account.
    

Create a user account in Active Directory

---

Next, create a user account in Active Directory. This account will be used when logging in to DHCP Server 1 and DHCP Server 2.

To create a user account in Active Directory

---

1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
   
2. In the console tree, double-click Contoso.com, right-click Users, point to New, and then click User.
   
3. In the New Object - User dialog box, next to Full name, type User1, and in User logon name, type User1.
   
4. Click Next.
   
5. In Password, type the password that you want to use for this account, and in Confirm password, type the password again.
   
6. Clear the User must change password at next logon check box, and select the Password never expires check box.
   
7. Click Next, and then click Finish.
   
8. Leave the Active Directory Users and Computers console open for the following procedure.
   

Add user1 to the DHCP Administrators group

---

Next, add the newly created user to the DHCP Administrators group and use it for all of the configuration activities.

To add a user to the DHCP Administrators group

---

1. In the Active Directory Users and Computers console tree, click Users.
   
2. In the details pane, double-click DHCP Administrators.
   
3. In the DHCP Administrators Properties dialog box, click the Members tab, and then click Add.
   
4. Under Enter the object names to select (examples), type User1, the user name that you created in the previous procedure, click OK, and then click OK again.
   
5. Leave the Active Directory Users and Computers console open for the following procedure.
   

Configure DHCP Server 1

---

For the test lab, DHCP Server 1 will be running Windows Server 2008 R2, with the DHCP Server service, which provides IP addresses and leases for the requesting DHCP clients. To configure DHCP Server 1, complete the following tasks:

• Install the operating system.
  
• Configure TCP/IP.
  
• Join the computer to the domain.
  
• Install DHCP server roles.
  
• Configure DHCP.
  

Install Windows Server 2008 R2

---

To install Windows Server 2008 R2

---

1. Start your computer using the Windows Server 2008 R2 product CD.
   
2. When prompted for the installation type, select Custom.
   
3. Follow the instructions that appear on your screen to finish the installation.
   

Install the DHCP server role

---

1. Click Start, and then click Server Manager.
   
2. Under Roles Summary, click Add roles, and then click Next.
   
3. On the Select Server Roles page, select the DHCP server, and then click Next two times.
   
4. On the Select Network Connection Bindings page, verify that 172.16.1.2 is selected, and then click Next on DHCP Server 1. Similarly, on the Select Network Connection Bindings page, verify that 172.16.1.3 is selected, and then click Next on DHCP Server 2.
   
5. On the Specify IPv4 DNS Server Settings page, verify that contoso.com is listed under Parent domain.
   
6. Type 172.16.1.1 under Preferred DNS server IP address, and then click Validate. Verify that the result returned is valid, and then click Next.
   
7. On the Specify WINS Server Settings page, accept the default setting of WINS is not required on this network, and then click Next.
   
8. On the Add or Edit DHCP Scopes page, click Add.
   
9. In the Add Scope dialog box, type SS Scope next to Scope Name. Next to Starting IP Address, type 172.16.1.4, next to Ending IP Address, type 172.16.1.204, and next to Subnet Mask, type 255.255.255.0.
   
10. Select the Activate this scope check box, click OK, and then click Next.
    
11. On the Configure DHCPv6 Stateless Mode page, select Disable DHCPv6 stateless mode for this server, and then click Next.
    
12. On the Authorize DHCP Server page, select Use current credentials. Verify that CONTOSO\user1 is displayed next to Username, and then click Next.
    
13. On the Confirm Installation Selections page, click Install.
    
14. Verify that the installation was successful, and then click Close.
    

Configure DHCP on DHCP Server 1

---

DHCP Server 1 is the member servers that will provide DHCP addressing. The DHCP service was partially configured during installation with Server Manager on both of these servers.
We will configure scope options further for DHCP Server 1.

Open the DHCP console

---

To open the DHCP console

---

1. Click Start, click Run, type dhcpmgmt.msc, and then press ENTER.
   
2. Leave this window open for all DHCP configuration tasks.
   

Configure the default user class on DHCP Server 1

---

Next, configure scope options for the default user class. These server options are used when a client computer attempts to access the network and obtain an IP address from the DHCP server.

To configure default user class scope options

---

1. In the DHCP console tree, under Scope [172.16.0.0] SS Scope, right-click Scope Options, and then click Configure Options.
   
2. On the Advanced tab, verify that Default User Class is selected next to User class.
   
3. Select the 006 DNS Servers check box, in IP Address, under Data entry, type 172.16.1.1, and then click Add.
   
4. Select the 015 DNS Domain Name check box, in String value, under Data entry, type contoso.com, and then click OK.
   

   Note
   The 003 Router option is configured in the default user class if a default gateway is required for client computers. Because all computers in the test lab are located on the same subnet, this option is not required.

   
   

Configure the DHCP Clients

---

DHCP Client 1, DHCP Client 2, and DHCP Client 3 are computers running Windows Server 2008 R2 that you will use to demonstrate DHCP clients requesting IP Addresses from the DHCP Server in the domain. To configure the DHCP clients, complete the following steps:

• Install the operating system.
  
• Configure TCP/IP.
  
• Verify network connectivity.
  
• Join the computer to the domain and restart the computer.
  

Install Windows 7 Client on DHCP Clients

---

To install the operating system on DHCP Client 1, DHCP Client 2, and DHCP Client 3

---

1. Start your computer using the product discs for Windows 7.
   
2. When prompted for the installation type, select Custom Installation.
   
3. When prompted for a computer name, type DHCP Client 1, DHCP Client 2, and DHCP Client 3.
   
4. On the Select your computer's current location page, click Work.
   
5. Follow the rest of the instructions that appear on your screen to finish the installation.
   

Configure TCP/IP on the 3 DHCP Clients

---

Complete all of the following steps on each of the three client computers.

To configure TCP/IP on DHCP Client 1, DHCP Client 2, and DHCP Client 3

---

1. Click Start, and then click Control Panel.
   
2. Click Network and Internet, click Network and Sharing Center, and then click Manage network connections.
   
3. Right-click Local Area Connection, and then click Properties.
   
4. In the Local Area Connection Properties dialog box, clear the Internet Protocol Version 6 (TCP/IPv6) check box. This will reduce the complexity of the lab, particularly for those who are not familiar with IPv6.
   
5. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.
   
6. Verify that Obtain an IP address automatically and Obtain DNS server address automatically are selected.
   
7. Click OK, and then click Close to close the Local Area Connection Properties dialog box.
   
8. Close the Network Connections and Network and Sharing Center windows.
   

Join DHCP Clients to the Contoso.com domain

---

Because the DHCP clients now have access to domain services, they can be joined to the domain. Complete all of the following steps on each of the three client computers.

To join DHCP Client 1, DHCP Client 2, and DHCP Client 3 to the Contoso.com domain

---

1. Click Start, right-click Computer, and then click Properties.
   
2. Under Computer name, domain, and workgroup settings, click Change settings.
   
3. In the System Properties dialog box, click Change.
   
4. In the Computer Name/Domain Changes dialog box, select Domain, type Contoso.com, and then, in Computer Name, type enggmachine1.contoso.com.
   
5. Click More, and then, in Primary DNS suffix of this computer, type Contoso.com.
   
6. Click OK two times.
   
7. When prompted for a user name and password, type the user name and password for the User1 account, and then click OK.
   
8. When you see a dialog box that welcomes you to the Contoso.com domain, click OK.
   
9. When you see a dialog box that tells you that you must restart the computer to apply changes, click OK.
   
10. In the System Properties dialog box, click Close.
    
11. In the dialog box that prompts you to restart the compute, click Restart the computer now.
    

Release and Renew IP addresses on the DHCP Clients

---

Next, obtain a new IP address profile for the DHCP clients from DHCP. Complete all of the following steps on each of the three client computers

To renew IP addressing on the DHCP Clients

---

• On a DHCP client, in the Administrator: Command Prompt window, type ipconfig /renew, and then press ENTER.
  
• In the Command Prompt window, type ping 172.16.1.1, and then press ENTER.
  
• Verify that the response reads Reply from 172.16.1.1.
  
• In the Command Prompt window, type ipconfig, and then press ENTER.
  
• In the command output, verify that the value of Connection-specific DNS Suffix is contoso.com and that the value of Subnet Mask is 255.255.255.0.
  
• In the Command Prompt window, type route print -4, and then press ENTER.
  
• In the command output, below Active Routes, verify that a Network Destination of 172.16.1.1 is displayed.
  
• Close the Command Prompt window.
  

All three clients should have unrestricted access to the network at this point. In the next steps, we will add clients to the link layer-based filtering on the DHCP Server 1 allow and deny lists and demonstrate that one client retains access while the other two clients are denied access.

Configure DHCP on DHCP Server 1 to allow and deny DHCP clients

---

You may remember that our clients represent domain-joined DHCP clients configured to dynamically obtain IP addresses from the DHCP server in the domain

• DHCP Client 1 is a healthy network authorized client computer that is active and has an IP address from the DHCP server.
  
• DHCP Client 2 is a malicious unauthorized client computer that is active and has an IP address from the DHCP Server 1.
  
• DHCP Client 3 is a new client computer that is inactive and does not have network connectivity.
  

Open the DHCP console

---

Next, we will add DHCP Client 1 to the allow list and DHCP Client 2 to the deny list. DHCP Client 3 will not be added to any list and therefore will be denied network access as well.

To open the DHCP console

---

1. Click Start, click Run, type dhcpmgmt.msc, and then press ENTER.
   
2. Leave this window open for all DHCP configuration tasks.
   

Configure the Allow filter on DHCP Server 1

---

Next, configure the Allow filter under the IPv4 node by adding the MAC address of DHCP Client 1. A DHCP server offers its services to the DHCP clients based on the availability of MAC address filtering. Once the Allow filter is set, all DHCP operations are based on the access controls (allow/deny).

Note
You can add a valid MAC address to either the Allow or Deny filters, but not both.

To configure the Allow filter

---

1. In the DHCP console tree of DHCP Server 1, under IPv4, click Filters, under Filters right-click Allow, and then click New Filter.
   
2. In the New Allow Filter dialog box, in MAC Address, enter a six hexadecimal number representing the MAC or physical address of DHCP Client 1, and then click Add.
   
3. Under Filters right-click the Allow node, and then click the Enable pop-up menu item.
   

Configure the Deny filter on DHCP Server 1

---

Next, configure the Deny filter under the IPv4 node by adding the MAC address of DHCP Client 2.

To configure the Deny filter

---

1. In the DHCP console tree of DHCP Server 1, under IPv4, click Filters, right-click Deny under Filters, and then click New Filter.
   
2. In the New Deny Filter dialog box, in MAC Address, enter a six hexadecimal number representing the MAC or physical address of DHCP Client 2, click Add, and then click Close.
   
3. Under Filters right-click the Deny node, and then click the Enable pop-up menu item.
   

Release and Renew IP addresses on the DHCP clients

---

Now that the Allow and Deny filters are set, renew the IP addresses on the client computers and notice that DHCP Client 1 retains network connectivity while DHCP clients 2 and 3 are denied access. Repeat the following steps on each of the DHCP clients.

To renew IP addressing on the DHCP clients

---

• On DHCP Client 1, in the Administrator: Command Prompt window, type ipconfig /renew, and then press ENTER.
  
• In the Command Prompt window, type ping 172.16.1.1, and then press ENTER.
  
• Verify that the response reads Reply from 172.16.1.1 on DHCP Client 1 and Response timed out for DHCP clients 2 and 3.
  
• In the Command Prompt window, type ipconfig, and then press ENTER.
  
• In the command output, verify that the value of Connection-specific DNS Suffix is contoso.com and that the value of Subnet Mask is 255.255.255.0 for DHCP Client 1 and that these filed are blank for DHCP clients 2 and 3.
  
• In the Command Prompt window, type route print -4, and then press ENTER.
  
• In the command output, below Active Routes, verify that a Network Destination of 172.16.1.1 is displayed for DHCP Client 1, and that there is no route displayed for DHCP clients 2 and 3.
  
• Close the Command Prompt window.
  

Read More