70-411 Exam Cram - Configure network services and access

Configure virtual private network (VPN) and routing

Install and configure the Remote Access role

  • The Routing Windows Feature which is a Role Service of the RemoteAccess Role provides NAT routing functionality
  • A Virtual Private Network (VPN) Server must have at least 2 network adapters, one connected to the private network and one connected to the Internet

Implement Network Address Translation (NAT)

  • Network address translation (NAT) allows you to share a connection to the public Internet through a single interface with a single public IP address

Configure VPN settings

  • EAP is required to support smart cards. You can use this protocol only if you are using RADIUS authentication or if the Remote Access Server performing authentication is domain-joined
  • IKEv2 is the latest VPN tunneling protocol supported by Windows. It is the most secure and includes support for IPv6 and fast VPN reconnect
  • SSTP includes support for Windows Vista and uses port 443 making it ideal for networks that block regular VPN traffic
  • L2TP/IPSec supports smart cards and is the most secure method supported by Windows XP

Configure remote dial-in settings for users

  • You can control access through Network Policy Server (NPS) policies or through Active Directory. NPS provides greater control. To grant access without using NPS, set the User's dial-in properties to Allow access. The default setting in Windows Server 2012 R2 is to control access through NPS

Configure routing

  • route add <destination> mask <mask> <gateway> metric <cost metric, or default to 1>

Configure Web Application Proxy in pass-through mode

  • Web Application Proxy can be used to provide clientless (no special software required on the client) access to internal web applications
  • To enable authentication on Web Application Proxy (not pass-through), you will need to deploy an Active Directory Federation Services (AD FS) server

Popular posts from this blog

Get local computer UUID/GUID using Windows Powershell

Use the following syntax to get the local computer's UUID/GUID using Windows Powershell: get-wmiobject Win32_ComputerSystemProduct  | Select-Object -ExpandProperty UUID Add -computername after the WMI class to find a remote computer's UUID, example: get-wmiobject Win32_ComputerSystemProduct -computername RANTPC | Select-Object -ExpandProperty UUID
Read more

gPLink and gPOptions

gPLink is a property for sites, domains and organisational units that contains a prioritised list of GPOs linked to the node. gPOptions is a property that contains all Block Policy Inheritance settings for the node. To manage GPO links on a node, you must have read and write access to the gPLink and gPOptions properties.
Read more

PSLoggedOn Getting Started on Windows Server 2008 R2

Image
PSLoggedOn is a tool I downloaded to allow me to find out which computers a user is currently logged on to. Getting it up and running wasn’t exactly easy. I’m running a Windows Server 2008 R2 test environment. The first error I encountered was: Error browing network: The list of servers for this workgroup is not currently available. Note: I kept the spelling mistake from the error message to make it easier to find via search engines. To get past this error, you have to enable and start the “Computer Browser” service. Then I started getting the error telling me that the Administrator is not logged on. That’s simply not true because I am logged onto another server (Name: ELARA): I turned the firewall OFF OFF OFF (It is a test network after all). I enabled Network Discovery and to do that I went on a service starting frenzy: DNS Client, Function Discovery Resource Publication, SSDP Discovery, and UPnP Device Host, Computer Browser After all that, I ran the script against the se
Read more