6407: First Look: Getting Started with Security and Policy Control in Windows Server 2008 Hands on Lab (1 Day)
About This Hands-On Lab
Note This is a companion lab for Clinic 6406B - First Look: Getting Started with Security and Policy Control in Windows Server 2008.
This one and one-half hour lab provides hands-on experience with the following security and policy enforcement functionality in Windows Server 2008: Security Enhancements in Windows Server 2008, Network Access Protection in Windows Server 2008.
Audience Profile
IT professionals currently experienced on the technologies included in Microsoft Windows Server 2000 and/or Microsoft Windows Server 2003, and who hold a Microsoft Certified Systems Engineer (MCSE) or Microsoft Certified Systems Administrator (MCSA) certification and/or equivalent knowledge.
At Hands-On Lab Completion
After completing this lab, you will be able to:
- Use Windows Firewall with Advanced Security to configure domain isolation with IPsec.
- Enforce network communications policy using Policy-based QOS.
- Implement Network Access Protection to enforce minimum standards for computers before they connect to the corporate network.
Hands-On Lab Outline
Exercise 1: Creating a Communications Security Policy for Roaming Users
After completing this module, students will be able to:
- Create a Policy for roaming users.
- Configure Windows Firewall with Advanced Security.
- Create Inbound Rule for Management Application in Domain Profile.
- Create Firewall Exemption for Domain Administrators.
- Verify that the Roaming User Policy is Applied.
- Configure Domain Isolation using WFAS
- Apply the New Group Policy Settings
- Test the Domain Isolation Policy
- Configure the Connection Security Rule to Encrypt IPsec Connections
- Configure WFAS to Require Secure Encrypted Connections
- Clear all WFAS Settings
- Refresh WFAS
Exercise 2: Managing Network Bandwidth using Windows Quality of Service (QOS)
After completing this module, students will be able to:
- Create a Custom Administrative Tool to Monitor the Effects of QOS
- Create and Share a folder
- Perform a Test Upload
- Create a QOS Policy for Managed Desktops
- Perform a New Test
Exercise 3: Network Access Protection with Windows Server 2008
After completing this module, students will be able to:
- Review the Membership of the IPsec NAP Exemptions Global Group
- Create a Certificate Template for NAP Exemptions
- Enable Certificate AutoEnrollment for Domain Members
- Configure the Network Policy Server to Issue Health Certificates
- Configure the Health Registration Authority to Request Certificates from the Subordinate CA
- Add a System Health Validation Certificate to the Network Policy Server
- Configure the Network Policy Server
- Configure Group Policy to Ensure Client Computers are Configured to Implement NAP
- Update Client Computers to Enforce NAP Policy
- Verify Network Access Protection
Prerequisites
- An understanding of network protocols and communication including IPsec.
- An understanding of firewalls.
- An understanding of Microsoft Active Directory.
- An understanding of Group Policy.