Setup DHCP NAP: Server Side Configuration

Network Access Protection can be implemented in various mechanism. One of the easiest to setup is DHCP NAP. I get this frequent question coming to me. What is the purpose of Network Access Protection? In my personal opinion, NAP is geared towards making sure the client machines you manage in your network, has the base level protection before they get exposed onto the network. It is not meant for preventing someone from getting onto the network.

Its 2 slip sides of the coin. Say you implement DHCP NAP, with the intention of protecting your clients when they get onto the network, it serves its purpose. But if you want to prevent someone from getting an IP address because he is not part of your Domain, you may want to look into Server Domain Isolation.

Anyway, not to confuse you further, the video below shows you how to configure on Windows Server 2008, the Network Policy Server and DHCP Server to achieve DHCP NAP. The steps are actually reflected in an earlier document that I have shown. You can download the full step by step document here.
Video: Setup DHCP Nap: Server Side


What is Network Access Protection?

Also known as NAP. It provides a platform where Administrators can ensure that clients that communicates on the network has a determined level of protection before they are allowed to communicate. In a previous blog, i wrote about the 4 major pillars / processes of NAP, 4 big processes of NAP.

An IT Pro from Pluto, implemented NAP in his office. Read about it here. Know the health level of your machines on the network– Pluto does…

Well, instead of screencast containing demos and demos, i decided you should this time, listen. 😉 If you need more details about NAP, visit NAP at
Video: What is Network Access Protection?


Installing DHCP Server in Windows Server 2008

Something simple for the night – Installing a DHCP Server in Windows Server 2008. You will see how much easier it is to have a working DHCP server running in a simple network.

In the past, I used to have to add DHCP function in Add/Remove Program -> Windows Components (Windows 2003). Then go to Administrative Tools, DHCP and authorize it in the domain. Next create a scope and activate the scope before IP Address could be leased out.

In Windows Server 2008, those horrific steps has been simplified and taken care of by Server Manager. No more running all over the place to load up a working DHCP. Watch it and you will see how easy it is to load up.
Video: Installing DHCP Server for WS2008


DCPromo Server Core as a DC in existing Domain

Welcome to another dose of Sneak Peak. Chinese New Year is still on, but i have survived past the 3rd Day. Its 5am (4th Day) and i am kind of like "cannot sleep". Must have been the doses of Coke and Bak Kwa. 😉 Anyway, since i cannot sleep, i thought might as well get some stuff done.

I cranked up my machine and ended up doing this blog post with a sceencast.

Let’s get into the subject proper. We have been looking at Server Core operations in the past videos. Now it would be good to have Server Core running as a Domain Controller. It is designed for handling that role. If you have also been reading about Windows Server 2008, there is a new type of Domain Controller, known as Read-Only Domain controller aka RODC. Now this is the perfect combination. Server Core + Active Directory (Read Only). Perfect combination for having a domain controller do its work, but yet provide security to Active Directory such that physical security of that Read Only Domain Controller in the Branch Office is not possible.

It can be quite a challenge to install a DC into Server Core if you do not get any guidance or help. So here, i want to help you know how to install it. In the video, I used an answer file. To make it easy, you can copy and past the following;

ReplicaOrNewDomain=replica or readonlyreplica

Save it as a unattend.txt file and then fire off the command "dcpromo /unattend:unattend.txt" in Server Core Watch the Video for more explanation. Yawn, time to sleep.. 😉

Video: DCPromo a Server Core as DC in existing Domain 


Oh no !! I deleted an OU by accident !!

Hey, who doesn’t make mistakes. I met an IT Pro over the weekend, and he was telling me a huge pain. He deleted an OU back in his office ACCIDENTALLY. Yup, not only did he do it by accident, he has another problem. He was quick fingered.. LOL. He strike "Enter" to a yes confirmation to delete. Yes, he now has to do a AD Authoritative restore to bring back his delete OU.

Yup, painful. So, "Prevention is Better than Cure". Windows 2008 AD has a feature that help prevent that from happening. Check the video. It shows you a new "Protect from Accidental Deletion Feature", and shows you what it takes to delete such an OU.

Video: Protect Accidental OU Deletion

If you guys are interested to see certain features here on sneak peaks, please send me an email: i-dchung@microsoft. I’ll try my best to create that screencast for you.


Manage Server Core Remotely

We have been talking about Server Core recently. From Installation, setup, to Activating and now remotely managing it.

Server Core, by default has Firewall blocking all forms of access making it secure to deploy by default. Its a change of model. In the past, we have been doing the process of locking down. Windows Server 2008 took the other approach, totally locked by default, you go through the process of unlocking.

Having said this, Server Core when on the network, is totally locked. This can pose a challenge to managing server core to those who are not proficient in commands.

You can enable remote management for Server Core. In the video the following commands were used;

To enable Windows Firewall Remote Management

netsh advfirewall firewall set rule group="Windows Firewall Remote Management" new enable=yes

To enable remote Administration

netsh advfirewall firewall set rule group="Remote administration" new enable=yes


netsh advfirewall set currentprofile settings remotemanagement enable

Here are some other groups for your reference; Source

MMC Snap-In Rule Group
Event Viewer Remote Event Log Management
Services Remote Service Management
Shared Folders File and Printer Sharing
Task Schedule Remote Scheduled Tasks Management
Reliability and Performance "Performance Logs and Alerts" and "File and Printer Sharing"
Disk Management Remote Volume Management
Windows Firewall with Advanced Security Windows Firewall Remote Management
Video: Manage your Server Core remotely

Download it>>


Activating Server Core without Internet Access

Every Windows Server 2008 needs to be activated, included Server Core. However, Server Core does not have GUI to help you activate like in a full Windows Installation. therefore, it can be quick tricky to activate Windows Server 2008 installed as Server Core.

In Server Core, if you have Internet connection, use "slmgr.vbs -ato".

The video will show you how to activate Server Core if you do not have Internet connection.
Video: How to Activate Server Core


Setup Server Core onto the Network and Join a domain

Hi, in a previous video, I showed you how to install Server Core. Server Core is very easy to install. However, getting it to operate on the network might not be easy for anyone who have no experience in playing with one.

No GUI. Many people might be lost.

In this video, you will see the following activities along with the commands;
1. Set an IP and Subnet Mask

netsh interface ipv4 set address name="Local Area Connection" source=static address= mask=

2. Set a DNS Server

netsh interface ipv4 add dnsserver name="Local Area Connection" address=

3. Change the computer name


netdom renamecomputer oldcomputername /NewName:Newcomputername

4. Join the computer to the domain

netdom join Newcomputername /Userd:administrator /passwordd:*

Video: Setup Server Core onto Network and Joining Domain


Installing Server Core

This short video shows you how fast it takes to install Server Core. Server Core is a new option of installation for Windows 2008.

Server Core is a small footprint Windows Server that allows to run special workload with high performance and small footprint to run.
Running it reduces maintenance, management requirements and has a smaller surface attack area.

In this video, installation was done in a Virtual Server 2005. The installation was done in about 8 mins.

To read more about Server Core, visit here.
I have also written an article to run Server Core + IIS7 running MySQL and PHP application (WordPress), visit here to see article.

Here’s the video.
Video: Installing Server Core


DCPromo your first domain controller

Hi everyone, we all know that Windows 2008 is launching soon. This is one of multi-part series that will give you a quick peek at how things are done in Window Server 2008. They are meant to give you a quick view (in 5 mins) of how to do some things in Windows 2008. There are a lot of IT Pros i know that hasn’t got time and resources to run Windows Server 2008.

For now, this video is on doing a DC Promo on Windows 2008 for your first Domain Controller in the network.
Video: DCPromo a WS2008