# Thread: 70-410 Installing and Configuring Windows Server 2012 Study Notes

1. ## 70-410 Installing and Configuring Windows Server 2012 Study Notes

Here are my study notes for this exam if anyone is interested. I will be posting as I complete, I appreciate any corrections.

70-410 Installing and Configuring Windows Server 2012
Skills Measured

Install and Configure Servers (17%)
• Install servers
• This objective may include but is not limited to: Plan for a server installation; plan for server roles; plan for a server upgrade; install Server Core; optimize resource utilization by using Features on Demand; migrate roles from previous versions of Windows Server
• Configure servers
• This objective may include but is not limited to: Configure Server Core; delegate administration; add and remove features in offline images; deploy roles on remote servers; convert Server Core to/from full GUI; configure services; configure NIC teaming
• Configure local storage
• This objective may include but is not limited to: Design storage spaces; configure basic and dynamic disks; configure MBR and GPT disks; manage volumes; create and mount virtual hard disks (VHDs); configure storage pools and disk pools
Configure Server Roles and Features (16%)
• Configure file and share access
• This objective may include but is not limited to: Create and configure shares; configure share permissions; configure offline files; configure NTFS permissions; configure access-based enumeration (ABE); configure Volume Shadow Copy Service (VSS); configure NTFS quotas
• Configure print and document services
• This objective may include but is not limited to: Configure the Easy Print print driver; configure Enterprise Print Management; configure drivers; configure printer pooling; configure print priorities; configure printer permissions
• Configure servers for remote management
• This objective may include but is not limited to: Configure WinRM; configure down-level server management; configure servers for day-to-day management tasks; configure multi-server management; configure Server Core; configure Windows Firewall
3. Configure Hyper-V (16%)
• Create and configure virtual machine settings
• This objective may include but is not limited to: Configure dynamic memory; configure smart paging; configure Resource Metering; configure guest integration services
• Create and configure virtual machine storage
• This objective may include but is not limited to: Create VHDs and VHDX; configure differencing drives; modify VHDs; configure pass-through disks; manage snapshots; implement a virtual Fibre Channel adapter
• Create and configure virtual networks
• This objective may include but is not limited to: Implement Hyper-V Network Virtualization; configure Hyper-V virtual switches; optimize network performance; configure MAC addresses; configure network isolation; configure synthetic and legacy virtual network adapters
Deploy and Configure Core Network Services (16%)
• Configure IPv4 and IPv6 addressing
• This objective may include but is not limited to: Configure IP address options; configure subnetting; configure supernetting; configure interoperability between IPv4 and IPv6; configure ISATAP; configure Teredo
• Deploy and configure Dynamic Host Configuration Protocol (DHCP) service
• This objective may include but is not limited to: Create and configure scopes; configure a DHCP reservation; configure DHCP options; configure client and server for PXE boot; configure DHCP relay agent; authorize DHCP server
• Deploy and configure DNS service
• This objective may include but is not limited to: Configure Active Directory integration of primary zones; configure forwarders; configure Root Hints; manage DNS cache; create A and PTR resource records
Install and Administer Active Directory (18%)
• Install domain controllers
• This objective may include but is not limited to: Add or remove a domain controller from a domain; upgrade a domain controller; install Active Directory Domain Services (AD DS) on a Server Core installation; install a domain controller from Install from Media (IFM); resolve DNS SRV record registration issues; configure a global catalog server
• Create and manage Active Directory users and computers
• This objective may include but is not limited to: Automate the creation of Active Directory accounts; create, copy, configure, and delete users and computers; configure templates; perform bulk Active Directory operations; configure user rights; offline domain join; manage inactive and disabled accounts
• Create and manage Active Directory groups and organizational units (OUs)
• This objective may include but is not limited to: Configure group nesting; convert groups including security, distribution, universal, domain local, and domain global; manage group membership using Group Policy; enumerate group membership; delegate the creation and management of Active Directory objects; manage default Active Directory containers; create, copy, configure, and delete groups and OUs
Create and Manage Group Policy (16%)
• Create Group Policy objects (GPOs)
• This objective may include but is not limited to: Configure a Central Store; manage starter GPOs; configure GPO links; configure multiple local group policies; configure security filtering
• Configure security policies
• This objective may include but is not limited to: Configure User Rights Assignment; configure Security Options settings; configure Security templates; configure Audit Policy; configure Local Users and Groups; configure User Account Control (UAC)
• Configure application restriction policies
• This objective may include but is not limited to: Configure rule enforcement; configure Applocker rules; configure Software Restriction Policies
• Configure Windows Firewall
• This objective may include but is not limited to: Configure rules for multiple profiles using Group Policy; configure connection security rules; configure Windows Firewall to allow or deny applications, scopes, ports, and users; configure authenticated firewall exceptions; import and export settings

2. Install and Configure Servers

Preinstallation information
Minimum Resources
· 1.4 Ghz 64 bit Processor
· 512 Mb RAM
· 32 GB Hard Drive
o Be aware that 32 GB should be considered an absolute minimum value for successful installation. The system partition will need extra space for any of the following circumstances:
§ If you install the system over a network.
§ Computers with more than 16 GB of RAM will require more disk space for paging, hibernation, and dump files.
· DVD Drive

Ensure that you have updated and digitally signed kernel-mode drivers for Windows Server 2012
If you install a Plug and Play device, you may receive a warning if the driver is not digitally signed. If you install an application that contains a driver that is not digitally signed, you will not receive an error during Setup. In both cases, Windows Server 2012 will not load the unsigned driver.
If you are not sure whether the driver is digitally signed, or if you are unable to boot into your computer after the installation, use the following procedure to disable the driver signature requirement. This procedure enables your computer to start correctly, and the unsigned driver will load successfully.
To disable the signature requirement for the current boot process:
1. Restart the computer and during startup, press F8.
3. Select Disable Driver Signature Enforcement.
4. Boot into Windows® and uninstall the unsigned driver.
Before you install Windows Server 2012, follow the steps in this section to prepare for the installation.

1. Disconnect UPS devices. If you have an uninterruptible power supply (UPS) connected to your destination computer, disconnect the serial cable before running Setup. Setup automatically attempts to detect devices that are connected to serial ports, and UPS equipment can cause issues with the detection process.

2. Back up your servers. Your backup should include all data and configuration information that is necessary for the computer to function. It is important to perform a backup of configuration information for servers, especially those that provide network infrastructure, such as Dynamic Host Configuration Protocol (DHCP) servers. When you perform the backup, be sure to include the boot and system partitions and the system state data. Another way to back up configuration information is to create a backup set for Automated System Recovery.

3. Disable your virus protection software. Virus protection software can interfere with installation. For example, it can make installation much slower by scanning every file that is copied locally to your computer.

4. Run the Windows Memory Diagnostic tool. You should run this tool to test the RAM on your computer

5. Provide mass storage drivers. If your manufacturer has supplied a separate driver file, save the file to a floppy disk, CD, DVD, or Universal Serial Bus (USB) flash drive in either the root directory of the media or the amd64 folder. To provide the driver during Setup, on the disk selection page, click Load Driver (or press F6). You can browse to locate the driver or have Setup search the media.

6. Be aware that Windows Firewall is on by default. Server applications that must receive unsolicited inbound connections will fail until you create inbound firewall rules to allow them. Check with your application vendor to determine which ports and protocols are necessary for the application to run correctly.

Upgrades to this version from Windows Server 2008 and Windows Server 2008 R2 are supported. However, only upgrades from the same server edition are supported. You will not be able to upgrade to subsequent releases from this release

You should be aware of the following issues affecting Single-Root I/O Virtualization (SR-IOV):

SR-IOV supports only 64-bit guest operating systems, either Windows Server 2012 or 64-bit versions of Windows 8 Release Preview. In addition, SR-IOV requires both hardware and firmware support. If you configure a guest operating system to use SR-IOV and either the hardware or firmware is not supported, the Network tab in Hyper-V Manager will show Degraded (SR-IOV not operational). Contact your system manufacturer to determine if your system supports SR-IOV, as well as the required BIOS version and settings to enable memory and interrupt remapping.

Even with the supported hardware and all appropriate firmware, BIOS settings, and network drivers configured, the Network tab in Hyper-V Manager for a selected virtual machine might show Degraded (SR-IOV not operational). In this circumstance, check the event log for event 12607 in Application and Services\Microsoft\Windows\Hyper-V-SynthNic\Admin with this text: ‘VMName’ Network Adapter ({GUID}) is configured to use SR-IOV but that capability is disabled by policy on this machine. (Virtual Machine ID {GUID}).

If this occurs, first check with the system manufacturer to determine if a BIOS update is available. If no update is available, run the following command from an elevated command prompt, and then restart the physical computer:

reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Virtualization" /v IOVEnableOverride /t REG_DWORD /d 1

If the Network tab in Hyper-V Manager still shows Degraded (SR-IOV not operational) and you do not find event 12607 in the event log, run the Windows PowerShell commands below from an elevated Windows PowerShell prompt to get further information on the cause:

get-vmhost

If the cause is related to the platform, the properties IovSupport and IovSupportReasons will contain further information.

get-vmswitch * | fl *

If the cause is related to the physical network adapter or driver, the properties IovSupport and IovSupportReasons will contain further information.

If the cause is related to the virtual network adapter, the properties Status and StatusDescription will contain further information.

If you install a role service or feature using a method other than Server Manager (such as DISM.exe or an Unattend.xml file) and did not install all of its dependencies and then later install a different role service or feature using Server Manager or a Server Manager Windows PowerShell cmdlet, in some cases the original role service or feature will be unintentionally uninstalled. To avoid this, use only Server Manager or Server Manager PowerShell cmdlets to install server roles, role services, and server features. If this has already occurred, use Server Manager (or Server Manager PowerShell cmdlets) to reinstall the item that was uninstalled.

After a server has been added to the Server Manager Server pool, if a Best Practices Analyzer scan has never been run on the server, Server Manager displays a red Manageability status indicator in the server’s thumbnail on the dashboard page. To resolve this issue, run a Best Practices Analyzer scan on servers after adding them to the Server Manager Server pool.

If you use storage spaces that use the parity resiliency type and then install this release of Windows Server 2012, the data in those storage spaces will not be accessible. To avoid this, back up data stored in those storage spaces and delete the storage spaces before installing this release. After installation is complete, re-create the storage spaces and restore the data

Storage spaces that are not in the “healthy” state prior to installing this release may never complete repair operations after installation. To avoid this, ensure that repair operations have completed on all storage spaces and they are in the “healthy” state prior to installation. You can check the health of a storage space with the Health Status property reported by the Get-Virtual Disk Windows PowerShell cmdlet command

If you delete a clustered storage pool, cluster resources which depend on the storage pool will go offline and may become permanently unavailable. To avoid this, only delete a clustered storage pool when it is on a node with the cluster resource for the pool in the “online” state.

Installation Options

When you install Windows Server 2012, you can choose between Server Core Installation and Server with a GUI. The “Server with a GUI” option is the Windows 8 equivalent of the Full installation option available in Windows Server 2008 R2. The “Server Core Installation” option reduces the space required on disk, the potential attack surface, and especially the servicing requirements, so we recommend that you choose the Server Core installation unless you have a particular need for the additional user interface elements and graphical management tools that are included in the “Server with a GUI” option. For this reason, the Server Core installation is now the default. Because you can freely switch between these options at any time later, one approach might be to initially install the Server with a GUI option, use the graphical tools to configure the server, and then later switch to the Server Core Installation option.

An intermediate state is possible where you start with a Server with a GUI installation and then remove Server Graphical Shell, resulting in a server that comprises the “Minimal Server Interface,” Microsoft Management Console (MMC), Server Manager, and a subset of Control Panel. See the “Minimal Server Interface” section of this document for more information.
In addition, after installation of either option is complete, you can completely remove the binary files for server roles and features that you do not need, thereby conserving disk space and reducing the attack surface still further. See the “Features on Demand” section of this document for more information.
For the smallest possible installation footprint, start with a Server Core installation and remove any server roles or features you do not need by using Features on Demand.

Server Core Installation Option

With this option, the standard user interface (the “Server Graphical Shell”) is not installed; you manage the server using the command line, Windows PowerShell, or by remote methods.

User interface: command prompt (Server Graphical Shell is not installed)

Install, configure, uninstall server roles locally: at a command prompt with Windows PowerShell.

Install, configure, uninstall server roles remotely: with Server Manager, Remote Server Administration Tools (RSAT), or Windows PowerShell.

Microsoft Management Console: not available locally.

Desktop Experience: not available.

Server roles available:
· Active Directory Certificate Services
· Active Directory Domain Services
· DHCP Server
· DNS Server
· File Services (including File Server Resource Manager)
· Active Directory Lightweight Directory Services (AD LDS)
· Hyper-V
· Print and Document Services
· Streaming Media Services
· Web Server (including a subset of ASP.NET)
· Windows Server Update Server
· Active Directory Rights Management Server
· Routing and Remote Access Server

To convert to a Server with GUI installation with Windows PowerShell: follow the steps in the procedure below:

1. Create a folder to mount a Windows Imaging File (WIM) in with the command mkdir c:\mountdir
2. Determine the index number for a Server with a GUI image (for example, SERVERDATACENTER, not SERVERDATACENTERCORE) using this command at an elevated command prompt: Dism /get-wiminfo /wimfile:<drive>:sources\install.wim
3. Mount the WIM file using this command at an elevated command prompt: Dism /mount-wim /WimFile:<drive>:\sources\install.wim /Index:<#_from_step_2> /MountDir:c:\mountdir /readonly
4. Start Windows PowerShell and run this cmdlet:

Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell –Restart –Source c:\mountdir\windows\winsxs
5. Alternatively, if you want to use Windows Update as the source instead of a WIM file, use this Windows PowerShell cmdlet:

Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell –Restart

Server with a GUI option

With this option, the standard user interface and all tools are installed. Server roles and features are installed with Server Manager or by other methods.

· User interface: standard graphical user interface (“Server Graphical Shell”). The Server Graphical Shell includes the Metro-style Start screen, but does not include support for Metro-style apps. To enable support for Metro-style apps, install the Desktop Experience feature.
· Install, configure, uninstall server roles locally: with Server Manager or with Windows PowerShell
· Install, configure, uninstall server roles remotely: with Server Manager, Remote Server, RSAT, or Windows PowerShell
· Microsoft Management Console: installed
· Desktop Experience: installable with Server Manager or Windows PowerShell
· To convert to a Server Core installation with Windows PowerShell: run the following cmdlet:
Uninstall-WindowsFeature Server-Gui-Mgmt-Infra -restart

If you initially install with the Server with a GUI option and then use the above command to convert to a Server Core installation, you can later revert to a Server with a GUI installation without specifying a source. This is because the necessary files remain stored on the disk, even though they are no longer installed. For more information, and for instructions to completely remove the Server with a GUI files from disk, see the “Features on Demand” section of this document.

If you convert to a Server Core installation, Windows features, server roles, and GUI management tools that require a Server with a GUI installation will be uninstalled automatically. You can specify the -WhatIf option in Windows PowerShell to see exactly which features will be affected by the conversion.

In Windows Server 2012, you can remove the Server Graphical Shell, resulting in the “Minimal Server Interface.” This is similar to a Server with a GUI installation, but Internet Explorer 10, Windows Explorer, the desktop, and the Start screen are not installed. Microsoft Management Console (MMC), Server Manager, and a subset of Control Panel are still present.

Starting with a Server with a GUI installation, you can convert to the Minimal Server Interface at any time using Server Manager

 To reach the installation state in each column… Minimal Server Interface Desktop Experience feature installed Server with a GUI installation option Select these features in Server Manager: Graphical Management Tools and Infrastructure Graphical Management Tools and Infrastructure, Server Graphical Shell, Desktop Experience Graphical Management Tools and Infrastructure, Server Graphical Shell Run the Windows PowerShell install/uninstall commands with these values for the Name parameter: Server-Gui-Mgmt-Infra Server-Gui-Mgmt-Infra, Server-Gui-Shell, Desktop-Experience Server-Gui-Mgmt-Infra, Server-Gui-Shell

In previous versions of Windows, even if a server role or feature was disabled, the binary files for it were still present on the disk, consuming space. In Windows Server 2012, not only can you disable a role or feature, but you can also completely remove its files, a state called “disabled with payload removed.” To reinstall a role or feature that is disabled with payload removed, you must have access to an installation source.

To completely remove a role or feature, use –Remove with the Uninstall-WindowsFeature cmdlet of Windows PowerShell. For example, to completely remove Windows Explorer, Internet Explorer, and dependent components, run the following Windows PowerShell command:

Uninstall-WindowsFeature Server-Gui-Shell -remove

To install a role or feature for which the payload has been removed, use the Windows PowerShell –Source option of the Install-WindowsFeature Server Manager cmdlet. The –Source option specifies a path to a WIM mount point. If you do not specify a –Source option, Windows will use Windows Update by default.

Only component sources from the exact same version of Windows are supported. For example, a component source derived from the Windows Server Developer Preview is not a valid installation source for a server running Windows Server 2012.

Permissions might affect the system’s ability to access Windows features for installation over a network. The Trusted Installer process runs within the machine account. If you encounter network access issues, try issuing a net use command (for example, net use * \\path\to\network) to mount the network source and then copy the source locally. Then use the local copy as the installation source.

In Windows Server 2012, the Server Core installation option is no longer an irrevocable selection that is made during setup. In Windows Server 2008 R2 and Windows Server 2008, if your requirements changed, there was no way to convert to a full installation or a Server Core installation without completely reinstalling the operating system. An administrator now has the ability to convert between a Server Core installation and a full installation as needed.

Migrating Roles

Windows Server Migration Tools, available as a feature in Windows Server 2012, allows an administrator to migrate some server roles, features, operating system settings, shares, and other data from computers that are running certain editions of Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 to computers that are running Windows Server 2012.
If you plan to migrate roles, features, or other data from computers that are running either Windows Server 2008 R2, Windows Server 2008 or Windows Server 2003, you must complete the following additional tasks after you install Windows Server Migration Tools on destination servers.

1. Create a Windows Server Migration Tools deployment folder on destination computers that are running Windows Server 2012
2. Register Windows Server Migration Tools on source computers that are running either Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003

Server Roles and Technologies in Windows Server 2012

· Active Directory Certificate Services: AD CS is the server role that allows you to build a public key infrastructure (PKI) and provide public key cryptography, digital certificates, and digital signature capabilities for your organization.
· Active Directory Domain Services: By using the Active Directory Domain Services (AD DS) server role, you can create a scalable, secure, and manageable infrastructure for user and resource management, and provide support for directory-enabled applications such as Microsoft Exchange Server.
· Active Directory Federation Services: The AD FS server role provides simplified, secured identity federation and Web single sign-on (SSO) capabilities. AD FS includes a Federation Service role service that enables browser-based Web SSO, a Federation Service Proxy role service to customize the client access experience and protect internal resources, and Web Agent role services used to provide federated users with access to internally hosted applications.
· Active Directory Rights Management Services: Active Directory Rights Management Services (AD RMS) in Windows Server 2012. AD RMS is the server role that provides you with management and development tools that work with industry security technologies—including encryption, certificates, and authentication—to help organizations create reliable information protection solutions.
· Application Server: Application Server provides an integrated environment for deploying and running custom, server-based business applications.
· Device Management and Installation: Device Management and Installation (DMI) is a group of technologies that support the installation of hardware devices and the device driver software that enables them to communicate with Windows. Features in Windows Server 2012 give you the ability to control the devices that are installed on the computers that you manage.
· Failover Clustering: Failover Clustering feature and provides links to additional guidance about creating, configuring, and managing failover clusters on up to 4,000 virtual machines or up to 64 physical nodes.
· File and Storage Services: File and Storage Services includes technologies that help you set up and manage one or more file servers, which are servers that provide central locations on your network where you can store files and share them with users. If your users need access to the same files and applications, or if centralized backup and file management are important to your organization
· Group Policy: Group Policy is an infrastructure that allows you to specify managed configurations for users and computers through Group Policy settings and Group Policy Preferences.
· Hyper-V: The Hyper-V role enables you to create and manage a virtualized computing environment by using virtualization technology that is built in to Windows Server 2012.
· Microsoft Online Backup Service: Microsoft Online Backup Service Agent a new add-on for Windows Server 2012 that you can download and install to schedule file and folder backups from your server to Microsoft Online Backup Service. Microsoft Online Backup Service is a cloud-based storage service that is managed by Microsoft.
· Network Load Balancing: By managing two or more servers as a single virtual cluster, Network Load Balancing (NLB) enhances the availability and scalability of Internet server applications such as those used on web, FTP, firewall, proxy, virtual private network (VPN), and other mission-critical servers.
· Network Policy and Access Services: Network Policy and Access Services provides the following network connectivity solutions
o Network Access Protection (NAP): NAP is a client health policy creation, enforcement, and remediation technology.
o 802.1X authenticated wired and wireless access
o Central network policy management with RADIUS server and proxy: Rather than configuring network access policy at each network access server, you can create policies in a single location that specify all aspects of network connection requests, including who is allowed to connect, when they can connect, and the level of security they must use to connect to your network.
· Print and Document Services: Print and Document Services enables you to centralize print server and network printer tasks
· Remote Desktop Services: Remote Desktop Services accelerates and extends desktop and application deployments to any device, improving remote worker efficiency, while helping to keep critical intellectual property secure and simplify regulatory compliance. Remote Desktop Services enables both a virtual desktop infrastructure (VDI) and session-based desktops, allowing users to work anywhere.
· Volume Activation: simplify the task of configuring the distribution and management of an organization’s volume software licenses
· Web Server (IIS): The Web Server (IIS) role in Windows Server 2012 provides a secure, easy-to-manage, modular and extensible platform for reliably hosting websites, services, and applications.
· Windows Deployment Services: Windows Deployment Services enables you to deploy Windows operating systems over the network, which means that you do not have to install each operating system directly from a CD or DVD.
· Windows Server Update Services: Windows Server Update Services (WSUS) enables information technology administrators to deploy the latest Microsoft product updates.
· Windows System Resource Manager: With Windows System Resource Manager for the Windows Server 2012 operating system, you can manage server processor and memory usage with standard or custom resource policies.

3. Create and configure shares

To create a new Network Share preference item

1. Open the Group Policy Management Console. Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit.

2. In the console tree under Computer Configuration, expand the Preferences folder, and then expand the Windows Settings folder.

3. Right-click the Network Shares node, point to New, and select Network Share.

4. In the New Network Share Properties dialog box, select an Action for Group Policy to perform.

5. Enter network share settings for Group Policy to configure or remove.

6. Click the Common tab, configure any options, and then type your comments in the Description box.

7. Click OK. The new preference item appears in the details pane.

Actions

This type of preference item provides a choice of four actions: Create, Replace, Update, and Delete. The behavior of the preference item varies with the action selected and whether the share already exists.

Create
- Create a new share for computers.

Delete
- Remove ("un-share") a share from computers.

Replace
- Delete and re-create a share. The net result of the Replace action is to overwrite all existing settings associated with the share. If the share does not exist, then the Replace action creates a new share.

Update
- Modify settings of a share. This action differs from Replace because it only updates settings that are defined within the preference item. All other settings remain as configured on the share. If the share does not exist, then the Update action creates a new share.

Network share settings

Share name
- Enter a name for the share. This field accepts preference processing variables. Press F3 to display a list of variables from which you can select. This option is available except when you have selected Action Modifiers and the action is Delete or Update.

Folder path
- Enter a path of an existing folder to which the share will point. This field accepts preference processing variables. Press F3 to display a list of variables from which you can select. This option is available except when you have selected Action Modifiers and the action is Delete or Update.

Comment
- Type text to be displayed in the Comment field of the share. If the action selected is Update, the share already exists, and this field is left blank, then the existing comment is left unchanged. This field accepts preference processing variables. Press F3 to display a list of variables from which you can select. This option is available only if the action selected is Create, Replace, or Update.

Action Modifiers
- You can modify or delete all shares of a particular type rather than a single share. These options are available only if the action selected is Update or Delete.

o To modify or delete all shares that are not hidden (having a name ending in $) or special (SYSVOL and NETLOGON), select Update or Delete all regular shares. o To modify or delete all hidden shares except administrative drive-letter shares, ADMIN$, FAX$, IPC$, and PRINT$, select Update or Delete all hidden non-administrative shares. o To modify or delete all administrative drive-letter shares (named with a drive letter followed by$), select Update or Delete all administrative drive-letter shares.

Note - Special shares (SYSVOL and NETLOGON) and administrative shares other than drive-letter shares (ADMIN$, FAX$, IPC$, and PRINT$) can be modified individually by selecting the Update action and specifying the share name.

User limit
- Configure the number of users allowed to be simultaneously connected to the share.

o To restrict the number of users, select Allow this number of users and enter the maximum to allow.
o To make the number of users unrestricted, select Maximum allowed.
o To leave the allowed number of users unchanged when updating a share, select No change.

Note - If creating or replacing a share, selecting No change configures the number of users as the maximum allowed.

These options are available only if the action selected is Create, Replace, or Update.

Access-based Enumeration
- Configure the visibility of folders within the share.

o To make folders within the share visible only to those who have read access, select Enable.
o To make folders within the share visible to all users, select Disable.
o To leave the visibility of folders within the share unchanged when you update a share, select No change.

This option is available only if the action selected is Create, Replace, or Update.

o Network Share items create, modify, or delete share points, but do not create or delete the folders to which they point. For a share point to be created, the folder to be shared must already exist on computers to which the Group Policy object is applied. When a share is deleted, the share point leading to the folder is removed, but the folder and its contents are not deleted.
o Access-Based Enumeration options take effect only if the computers hosting shared folders have the Windows Server® 2003 Service Pack 1 or later or Windows Server® 2008 R2 or Windows Server 2008 operating system installed.
o You can use item-level targeting to change the scope of preference items.
o Preference items are available only in domain-based GPOs.

4. Wow that is some great info, thanks! I'm bookmarking.

5. thank you SmootCIS. You are a real Alpha Geek.

6. Thanks!!

7. ## Need SmootCIS next note 70-410

Good Job SmootCIS.

8. ## Need SmootCIS next note 70-410

Good Job SmootCIS.

9. Nice Dude.................... thnks!!

10. Was there anything else that cam up on the exam apart from anything in your notes?

11. Awesome, thanks man!

12. Any More?

13. Originally Posted by horusthesun
Any More?
Yeah, What that Guy said

14. this is what i call notes. thanx.

15. Great notes, SmootCIS. Thanks for sharing them.

16. ## thank u soo much

That's an outstanding job ..I personally thank u doe to the above n beyond approach!!!!

17. Thanks.......

18. Thanks for share.

19. Nice..that is some great info..that will be my next goal 410,411 and 412