1.

Discuss all new features in Server 2012 and it importance

Data Deduplication
One of the constants of technology and the IT industry is that data storage demands and requirements
are increasing exponentially. From ballooning email inboxes to file shares overflowing with documents,
just about every enterprise has a need for more efficient. That’s where the new data deduplication
features in Windows Server 2012 come in handy.

GUI-less install options

Windows Server 2012 now includes a default installation option to install the GUI-less server core. You
can also now install Windows Server 2012 with a minimal user interface, which means that you have
even more ways than ever to install just the Windows Server files you need. This reduces disk space,
saves on administration effort, and reduces your attack surface from hackers and other digital
malcontents by restricting installed files to the absolute minimum.

Hyper-V 3.0
Windows Server 2012 is loaded with new features, but perhaps the feature that has gone through the
most radical improvement is the Hyper-V virtualization feature set. Tired of playing catch-up to VMware
on the feature front, Microsoft has loaded Hyper-V with an impressive list of improvements. Some of
the highlights include support for up to 64 processors and 1TB of RAM per virtual machine, as well as
support for up to 320 logical hardware processors and 4TB of RAM per host.

IP Address Management (IPAM)

One of the biggest headaches for many IT professionals is keeping tabs on IP addresses used on their
corporate networks. In a bid to end the time-honored practice of storing IP addresses in Excel
spreadsheets, IPAM is a new feature in Windows Server 2012 that provides a new internal framework
for locating and managing IP address spaces on networks. You can also manage and monitor servers
running Domain Name Service (DNS) and Dynamic Host Configuration Protocol (DHCP). It also does
automatic IP discovery and provides a host of other IP-related tasks focused on management,
monitoring, and auditing.

Network virtualization changes

One of the more problematic aspects of virtual machine management and provision is dealing with the
rules and limitations of IP address management. Microsoft is making a raft of improvements to network
virtualization in Windows Server 2012, all aimed at tackling problems related to IP addresses and virtual
machines. This helps pave the way for private cloud adoption, and also removes barriers for more
infrastructure as a service (IaaS) adoption easier for internal IT stakeholders and hosting customers to
implement.

Re-FS
Recent demands from virtualization and private cloud computing have pushed NTFS as far as it could go,
so Microsoft decided to add new features and revamp existing ones to NTFS. The result is an upgrade to
NTFS dubbed Re-FS for resilient file system.
Re-FS adds a bumper crop of new storage features and improvements, with some of the highlights being
increased support for larger file and directory sizes, disk scrubbing, data striping for improved
performance, enhanced virtualization support, and it takes advantages of all the new storage pool and
spaces features in Windows Server 2012.

Shared nothing live migration

One of the most impressive new features of Hyper-V 3.0 is shared nothing live migration, which allows
you to move VMs from one machine to another without the requirement of having shared storage
before making the transfer. It one of the most impressive features in Windows Server 2012, and it will
help small- to mid-size IT departments become even more agile and responsive to business and
customer needs.

Storage pools and spaces

Most IT departments have to contend with a dizzying assortment of storage hardware and medium
types, from leading-edge SSD drives and spinning disks to removable drives and legacy magnetic reel
tape. Making effective use of all those disparate storage formats can sometimes be a Herculean task,
especially when you throw in the ever-increasing storage demands that today’s workplaces place on IT
departments. Microsoft is hoping to help admins address that by introducing Storage Pools and Spaces,
two storage abstractions concepts being introduced in Windows Server 2012.

PowerShell 3.0
PowerShell has been steadily gaining in popularity over the last few years, and Microsoft pulled out all
the stops for PowerShell support in Windows Server 2012. More than 2000 PowerShell cmdlets are now
included, and the newly enhanced stable of commands allows IT professionals to automate and control
more aspects of their Windows Server 2012 environment through the PowerShell command line that
ever before. This latest update to PowerShell also included improved web access, the ability to schedule
jobs, support for disconnected sessions, enhanced and editable help files, and dozens of other new
features.

CHKDSK changes
Microsoft has responded to this productivity killer by revamping CHKDSK in Windows Server 2012.
Rather than spending vast amounts of time laboriously scanning through sectors on large disks, the new
and improved CHKDSK now scans disks in two phases: An online phase that detects errors and logs
defects (and which also can run in the background), and an actual repair phase that does the actual
fixing of corrupted drive data.

Windows Task Manager

Windows Server 2012 includes a new version of Windows Task Manager together with the old version.
In the new version the tabs are hidden by default, showing applications only. In the new Processes tab,
the processes are displayed in varying shades of yellow, with darker shades representing heavier
resource use. Information found in the older versions are now moved to the new Details tab. The
Performance tab shows "CPU", "Memory", "Disk", "Wi-Fi" and "Ethernet" graphs. Additionally, it can
display data for each non-uniform memory access (NUMA) node. When displaying data for each logical
processor for machines with more than 64 logical processors, the CPU tab now displays simple
utilization percentages on heat-mapping tiles.

Active Directory
Windows Server 2012 has a number of changes to Active Directory from the version shipped with
Windows Server 2008 R2. The Active Directory Domain Services installation wizard has been replaced by
a new section in Server Manager, and a GUI has been added to the Active Directory Recycle Bin. Multiple
password policies can be set in the same domain. Active Directory in Windows Server 2012 is now aware
of any changes resulting from virtualization, and virtualized domain controllers can be safely cloned.
Upgrades of the domain functional level to Windows Server 2012 are simplified; it can be performed
entirely in Server Manager. Active Directory Federation Services is no longer required to be downloaded
when installed as a role, and claims which can be used by the Active Directory Federation Services have
been introduced into the Kerberos token.

IIS 8.0
Windows Server 2012 includes version 8.0 of Internet Information Services (IIS). The new version
contains new features such as SNI, CPU usage caps for particular websites centralized management of
SSL certificates, Web Socket support and improved support for NUMA, but few other substantial
changes were made.

Remote Desktop Protocol 8.0

Remote Desktop Protocol has new functions such as Adaptive Graphics (progressive rendering and
related techniques), automatic selection of TCP or UDP as transport protocol, multi touch support,
DirectX 11 support for vGPU, USB redirection supported independently of vGPU support, etc. A
"connection quality" button is displayed in the RDP client connection bar for RDP 8.0 connections.

2. Explained in detail the following:

A. Group Policy is a hierarchical infrastructure that allows a network administrator in charge of

Microsoft's Active Directory to implement specific configurations for users and computers. Group Policy
is primarily a security tool, and can be used to apply security settings to users and computers. Group
Policy allows administrators to define security policies for users and for computers. These policies, which
are collectively referred to as Group Policy Objects (GPOs), are based on a collection of individual Group
Policy settings. Group Policy objects are administered from a central interface called the Group Policy
Management Console. Group Policy can also be managed with command line interface tools such as
gpresult and gpupdate.

The Group Policy hierarchy

Group Policy objects are applied in a hierarchical manner, and often multiple Group Policy objects are
combined together to form the effective policy. Local Group Policy objects are applied first, followed by
site level, domain level, and organizational unit level Group Policy objects.

Group Policy extensibility

The native collection of Group Policy settings pertains exclusively to the Windows operating system. An
administrator might for instance use these native Group Policy settings to enforce a minimum password
length, hide the Windows Control Panel from users, or force the installation of security patches.
However, Group Policy is designed to be extensible through the use of administrative templates. These
administrative templates allow various applications to be configured through Group Policy settings. One
of the best known examples of this is the collection of administrative templates for Microsoft Office.

Local vs. centralized Group Policy

Group Policy objects can be applied locally to a Windows computer through its own operating system,
or Group Policy objects can be applied through Active Directory. Local group policies allow security
settings to be applied to either standalone computers or computers managed by a domain controller,
but these policy settings cannot be centrally managed. Conversely, Active Directory based Group Policy
objects can be centrally managed, but they are only implemented if a user is logging in from a computer
joined to the domain.

B. Active Directory Domain and trust

Active Directory Domains and Trusts is the Microsoft Management Console snap-in that is used to
administer domain trusts, domain and forest functional levels, and user principal name (UPN) suffixes.

Active Directory Trusts

A trust is a relationship, which you establish between domains that makes it possible for users in the
domain to be authenticated by the other domain.
All Active Directory trusts between domains within a forest are transitive, two-way trusts. Therefore,
both domains in a trust relationship are trusted. This means that if Domain A trusts Domain B and
Domain B trusts Domain C, then users from Domain C can access resources in Domain A.
Trusted domain objects (TDO) are objects that represent each trust relationship within a particular
domain. Each time that a trust is established, a unique TDO is created and stored in its domain. Domain
trust TDO stores attributes such as trust transitivity, type, and the reciprocal domain names. Forest trust
TDO store additional attributes to identify all the trusted namespaces from its partner forest. These
attributes include domain tree names, user principal name (UPN) suffixes, service principal name (SPN)
suffixes, and security identifier (SID) namespaces.
Trust Types
External: Nontransitive. Could be one-way or two-way. External trusts provide access to resources that
are located on a domain that is located in a separate forest that is not joined by a forest trust.
External trusts are necessary when users need access to resources in a domain that is located in a
separate forest that is not joined by a forest trust.
When there is a trust between a domain in a forest and a domain outside that forest, security principals
from the external domain can access resources in the internal domain. ADDS creates a foreign security
principal object in the internal domain to represent each security principal from the trusted external
domain. These foreign security principals can become members of domain local groups in the internal
domain. Domain local groups can have members from domains outside the forest.
Realm: Transitive or nontransitive. Could be one-way or two-way. Use realm trusts to form a trust
relationship between a non-Windows Kerberos realm and an Active Directory domain. This trust
relationship allows cross-platform interoperability with security services that are based on other
versions of the Kerberos V5 protocol, for example, UNIX and MIT implementations.
Forest: Transitive. Could be one-way or two-way. Use forest trusts to share resources between forests.
If a forest trust is a two-way trust, authentication requests that are made in either forest can reach
other forest.
Shortcut: transitive. Could be one-way or two ways. Use shortcut trusts to improve user logon times
between two domains within an Active Directory forest. This is useful when two domains are separated
by two domain trees.
Trust Direction
The trust type and its assigned direction affect the trust path that is used for authentication. A trust path
is a series of trust relationships that authentication requests must follow between domains. Before a
user can access a resource in another domain, the security system on domain controllers must
determine whether the trusting domain has a trust relationship with the trusted domain. To determine
this, the security system computes the trust path between a domain controller in the trusting domain
and a domain controller in the trusted domain.
One-way trust: A one-way trust is a unidirectional authentication path that is created between two
domains. This means that in a one-way trust between Domain A and Domain B, users in Domain A can
access resources in Domain B. However, users in Domain B cannot access resources in Domain A.
Two-way trust: All domains trusts in an Active Directory forest are two-way, transitive trusts. When a
new child domain is created, a two way, transitive trust is automatically created between the new child
domain and the parent domain. In a two-way trust, Domain A Trusts Domain B and Domain B Trusts
Domain A. this means that authentication requests can be passed between the two domains in both
directions.
Trust Transitivity
Transitivity determines whether a trust can be extended outside the two domains between which the
trust was formed. You can use a transitive trust to extend trust relationships with other domains. You
can use a nontransitive trust to deny trust relationship with other domains.
Transitive trust: each time that you create a new domain in a forest, a two-way, transitive trust is
automatically created between the new domain and its parent domain. If child domains are added to
the new domain, the trust path flows upward through the domain hierarchy, extending the initial trust
path that is created between the new domain and its parent domain.
Nontransitive trust: A nontransitive trust is restricted by the two domains in the trust relationship. It
does not flow to any other domains in the forest. Nontransitive trusts are one-way by default.

C. Steps to create a group policy and apply it

The easiest way to learn how to use the Group Policy Management Console is to use it to create a simple
group policy object which you can run by clicking Start, and then choosing Administrative Tools→Group
Policy Management. The following procedure, shows you how to create a GPO that defines a group
policy that sets the browser’s home page to www.kose.com
I-Choose Start→Administrative Tools→Group Policy Management.
The Group Policy Management console appears. In the Navigation pane, drill down to the Group Policy
Objects node for your domain.
II-Right-click the Group Policy Objects node and then choose New from the menu that appears.
Type a name for the group policy object and then click OK. When you click OK, the group policy object is
created.
III-Double-click the new group policy.
The group policy opens. Note that at this stage, the Location section of the group policy does not list any
objects. As a result, this policy is not yet linked to any Active Directory domains or groups, first you must
create the policy settings.
IV-Click the Settings tab.
The group policy settings are displayed.
V-Right-click User Configuration and then choose Edit.
This opens the Group Policy Management Editor to edit the User Configuration policies.
VI-In the Navigation pane, navigate to User Configuration→Policies→Windows Settings→Internet
Explorer Maintenance→URLs.
This brings up the Internet Explorer URL settings.
VII-Double-click Important URLs.
This brings up the Important URLs dialog box. Select the Customize Home Page URL check box. Enter the
URL you want to use for the home page. For this example, https://www.kose.com was entered. Click OK.
You are returned to the Group Policy Management Editor.
VIII-Close the Group Policy Management Editor window.
This returns you to the Group Policy Management settings window you opened earlier.
VIIII-Right-click User Configuration and choose Refresh.
The IE home page policy is now visible.
X-In the navigation pane
drag the new IE Home Page object to the top-level domain
When you release the mouse button, the dialog box shown appears.
XI-Click OK.
The domain has been added to the scope, as shown.
XII-Close the Group Policy Management window.
The new group policy is now active, so the Internet Explorer home page is now set to www.Kose.com for
all users in the domain.

D. File server resource manager feature

File Server Resource Manager is a feature set in the File and Storage Services server role in Windows
Server that helps administrators classify and manage stored data in file servers.
There are five main features in FSRM. All five features can be managed and configured with PowerShell
or with the File Server Resource Manager Microsoft Management Console.
File Classification Infrastructure - automates the processes behind classification so administrators have
a more effective and insightful way to manage data.
File Management Tasks - helps administrators apply conditional actions or policies based on how they
are classified.
File screening management - helps administrators control what kinds of files end users are allowed to
store on file servers.
Quota management - helps administrators limit how much space can be used for folders and volumes
and can also be applied for new folders and volumes.
Storage reports - helps administrators identify disk usage trends and how data is classified.

E. Access-based enumeration

Access-based Enumeration (ABE) allows to hide objects (files and folders) from users who don’t have
NTFS permissions (Read or List) on a network shared folder in order to access them. Thus you can
provide additional confidentiality of data stored in a shared folder (due to hiding the structure and
names of folders and files), improve its usability since users won’t see odd data (they don’t have access
to) and, what’s more important, save a system administrator from constant questions of users “Why I
cannot access this folder!”. Let’s try to consider this technology, configuration peculiarities and use of
ABE in various Windows versions in details.

F. NTFS and FAT systems

NTFS stands for New Technology File System which is used as primary file system of Windows for its
system drive and, by default, for most non-removable drives.
FAT stands for File Allocation Table and FAT 32 is an extension which means data is stored in chunks of
32 bits. FAT32 is an older file system that’s not as good as NTFS and it doesn’t support many modern
features but does offer greater compatibility with other operating systems like Linux, Mac or Android.
NTFS
This is the newest file system created by Microsoft and is the default file system for almost every
modern internal hard drive and SSD. NTFS stands for New Technology File System. It is default file
system because it has all the technology Microsoft has on tap these days: journaling, no reasonable file
size limitations; support for file compression and long file names; file access control for server
administrators, and lots more. The problem is that NTFS can be read by Mac OS, but not can’t write
without third-party software. This means if you plug an NTFS-formatted drive into a Mac you can copy
the contents from it, but you can’t alter the contents or write to it, so it’s not good for cross-platform
sharing.
Fat32
Fat32 is a universal file system, meaning it is accepted by any operating system. This file system is
usually pre-installed on any USB drive you buy from the store. The biggest limitation of the Fat32 file
system is that it has a file size limit of 4GB, which can be a problem for high-size files. If you’re just
sharing small files between computers, however, it’s a fine system to use.

G. Active directory administrative center

The Active Directory Administrative Center (ADAC) in Windows Server includes enhanced management
experience features. These features ease the administrative burden for managing Active Directory
Domain Services (AD DS). The Active Directory Administrative Center in Windows Server includes
management features for the following:
Active Directory Recycle Bin
Fine-Grained Password Policy
Windows PowerShell History Viewer
1-Active Directory Recycle Bin
Accidental deletion of Active Directory objects is a common occurrence for users of Active Directory
Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS). In past versions
of Windows Server, prior to Windows Server 2008 R2, one could recover accidentally deleted objects in
Active Directory, but the solutions had their drawbacks.
In Windows Server 2008, you could use the Windows Server Backup feature and ntdsutil authoritative
restore command to mark objects as authoritative to ensure that the restored data was replicated
throughout the domain. The drawback to the authoritative restore solution was that it had to be
performed in Directory Services Restore Mode (DSRM). During DSRM, the domain controller being
restored had to remain offline. Therefore, it was not able to service client requests.
2-Fine-Grained Password Policy
The Windows Server 2008 operating system provides organizations with a way to define different
password and account lockout policies for different sets of users in a domain. In Active Directory
domains prior to Windows Server 2008, only one password policy and account lockout policy could be
applied to all users in the domain. These policies were specified in the Default Domain Policy for the
domain. As a result, organizations that wanted different password and account lockout settings for
different sets of users had to either create a password filter or deploy multiple domains. Both are costly
options.
3-Windows PowerShell History Viewer
ADAC is a user interface tool built on top of Windows PowerShell. In Windows Server 2012 and newer, IT
administrators can leverage ADAC to learn Windows PowerShell for Active Directory cmdlets by using
the Windows PowerShell History Viewer. As actions are executed in the user interface, the equivalent
Windows PowerShell command is shown to the user in Windows PowerShell History Viewer. This allows
administrators to create automated scripts and reduce repetitive tasks, thus increasing IT productivity.
Also, this feature reduces the time to learn Windows PowerShell for Active Directory and increases the
users' confidence in the correctness of their automation script
H-- Types of groups in Active directory

There are three types of groups in Active Directory:

Universal--- Provide a simple 'does everything' group suitable mainly for small networks. Typically,
organizations using WANs should use Universal groups only for relatively static groups in which
memberships change rarely. Changes in membership will impose global catalog replication throughout
an entire enterprise.

Global-- Provide domain-centric membership, place all user accounts into Global groups. Global groups
can be nested within other Global groups; this can be particularly useful when delegating OU
administrative functionality. It can be useful to give each Global group a name that is meaningful to the
staff involved, i.e. matching the name of a Team or a Project, particularly if the group is also to be used
as an email distribution list.

Domain Local--- Used for the direct assignment of access permissions on files, printer queues, and other
such resources. It can be useful to give each Domain Local group a name that is meaningful to the IT
Operations team e.g. if a group assigns rights to a shared folder on a specific server then the group name
might include a prefix or suffix indicating the server name.