Skip to main content

Windows Server Fundamentals

Duration: 2 hours | Foundation Track

Learning Objectives

  • Navigate Windows Server interface and understand Server Manager
  • Explain Active Directory and its role in business networks
  • Configure basic file sharing and permissions
  • Understand Windows Server roles and features
  • Set up user accounts and group management
  • Implement basic security and monitoring

Windows Server Architecture

Server Manager - Your Control Center

When you log into Windows Server, instead of a normal desktop, you see Server Manager - think of it as the control panel for your entire business network.

Server Manager Functions:

  • Dashboard: Overview of server health and status
  • Roles and Features: Install services like web server, file sharing
  • Local Server: Configure this specific server
  • All Servers: Manage multiple servers from one location
  • File and Storage Services: Manage disks and shared folders

Server Roles vs Features

Server Roles: Complete services that provide specific business functions Features: Additional tools and capabilities that support roles

Common Business Roles:

Active Directory Domain Services (AD DS):
- Like a company phonebook and security guard combined
- Manages all user accounts and passwords
- Controls access to files and applications

File and Storage Services:
- Centralized file storage and sharing
- Replaces individual USB drives and local storage
- Provides backup and security for business files

Print and Document Services:
- Manages network printers
- Allows printing from any computer to any printer
- Tracks printing costs and usage

Web Server (IIS):
- Hosts company websites and web applications
- Provides customer portals and internal web tools
- Supports business web applications

DHCP Server:
- Automatically assigns IP addresses to devices
- Eliminates manual network configuration
- Ensures proper network connectivity for all devices

Active Directory - The Heart of Windows Networks

What is Active Directory?

Simple Explanation: Active Directory (AD) is like a master list of everyone and everything in your company, along with rules about what each person can access.

Real-World Analogy: Like a hotel key card system:

  • Hotel guest (User) gets a key card
  • Key card (Account) has permissions for specific floors/rooms
  • Hotel manager (Administrator) controls what each card can access
  • Security system (Active Directory) enforces the rules

Active Directory Components

1. Users

Example User Account:
Name: John Smith
Username: jsmith
Department: Marketing
Email: jsmith@company.com
Phone: 555-1234
Groups: Marketing, Email Users, VPN Users

User Account Benefits:

  • Single login for all company systems
  • Centralized password management
  • Automatic access to appropriate resources
  • Easy to add/remove permissions when roles change

2. Groups

Marketing Group Members:
- Can access Marketing shared folder
- Can use color printer
- Can access social media websites
- Cannot access Finance folders

IT Group Members:
- Can access all shared folders
- Can modify user accounts
- Can install software on any computer
- Can access server rooms

Why Groups Matter:

  • Easier than managing individual permissions
  • Consistent access across similar roles
  • Simplified security management
  • Audit compliance and tracking

3. Computers

  • Every company computer is registered in AD
  • Policies control what users can do on each computer
  • Software can be installed automatically
  • Security settings enforced centrally

4. Organizational Units (OUs)

Company.com Domain Structure:
├── Departments
│   ├── Marketing
│   ├── Finance  
│   ├── IT
│   └── HR
├── Computers
│   ├── Laptops
│   ├── Desktops
│   └── Servers
└── Service Accounts
    ├── Backup Account
    └── Database Account

Business Benefits of Active Directory

  1. Single Sign-On: One password for all systems
  2. Centralized Management: Control all users from one place
  3. Security: Consistent security policies across organization
  4. Compliance: Audit trails and access controls
  5. Scalability: Easily add users as company grows

File Sharing and Permissions

Shared Folders - Controlled Access

Business Problem: How do you share files securely among employees?
Solution: Shared folders with permissions

Example Setup:

Marketing Shared Folder:
├── Public (Everyone can read)
├── Team Files (Marketing team can read/write)
├── Campaigns (Marketing managers can read/write)
└── Budget (Marketing director only)

NTFS Permissions Explained Simply

Permission Types:

  • Read: Can see and open files
  • Write: Can modify and save files
  • Full Control: Can do everything, including change permissions
  • Modify: Can read, write, and delete files
  • List Folder Contents: Can see what's in a folder

Permission Planning:

Finance Department Example:
- All Finance staff: Read access to policies folder
- Finance analysts: Modify access to reports folder
- Finance manager: Full control over all folders
- Other departments: No access to Finance folders

Best Practices for File Sharing

  1. Use Groups, Not Individual Permissions

    • Create groups like "Finance_Users" and "Marketing_Users"
    • Assign permissions to groups, not individual users
    • Add/remove users from groups as needed

  2. Follow Principle of Least Privilege

    • Give users minimum access needed for their job
    • Regular review and cleanup of permissions
    • Document who has access to what

  3. Organize by Department and Function

    • Separate folders for each department
    • Common areas for company-wide information
    • Archive areas for old files

User and Group Management

Creating User Accounts

Information Needed for New Employee:

Personal Information:
- Full name: John Smith
- Username: jsmith (follow company naming convention)
- Department: Marketing
- Job title: Marketing Coordinator
- Manager: Mary Johnson (Marketing Manager)

Account Settings:
- Password: Temporary password, must change on first login
- Account expires: Set if temporary/contract employee
- Login hours: Restrict if needed (e.g., business hours only)
- Groups: Add to appropriate department and function groups

Group Strategy for Business

Types of Groups:

  1. Department Groups: Marketing, Finance, IT, HR
  2. Function Groups: Managers, Executives, Contractors
  3. Resource Groups: Printer_Users, VPN_Users, Remote_Workers
  4. Security Groups: File_Admins, Backup_Operators

Example Group Structure:

Marketing Department:
- Marketing_All (all marketing staff)
- Marketing_Managers (department managers)
- Marketing_Contractors (temporary staff)
- Marketing_Creative (design team)

IT Department:
- IT_All (all IT staff)
- IT_Admins (server administrators)
- IT_Helpdesk (support staff)
- IT_Network (network administrators)

User Lifecycle Management

New Employee Process:

  1. Create user account with temporary password
  2. Add to appropriate groups based on job role
  3. Set up email account and distribution lists
  4. Configure home folder and file access
  5. Provide login credentials and initial training

Employee Changes:

  1. Promotion: Add to new groups, maintain old access temporarily
  2. Department transfer: Move to new department groups
  3. Role change: Adjust groups and permissions accordingly
  4. Temporary leave: Disable account, keep for return

Employee Departure:

  1. Disable user account immediately
  2. Change passwords for shared accounts if known
  3. Remove from all groups and distribution lists
  4. Archive or transfer files to manager
  5. Delete account after appropriate retention period

Windows Server Management Tools

Event Viewer - Your Server's Diary

What it does: Records everything that happens on the server
Why it matters: Helps troubleshoot problems and monitor security

Common Event Types:

  • Information: Normal operations (user logged in)
  • Warning: Potential issues (disk space low)
  • Error: Problems occurred (service failed to start)
  • Security: Login attempts, permission changes

Business Use Cases:

Security Monitoring:
- Failed login attempts (potential attacks)
- Account lockouts (password issues or attacks)
- Permission changes (audit compliance)
- Service failures (system reliability)

Performance Monitoring:
- System startup and shutdown events
- Application crashes or hangs
- Resource shortage warnings
- Hardware failure notifications

Services - Background Workers

What are services: Programs that run in the background
Examples of important services:

  • Active Directory Domain Services: User authentication
  • DNS Server: Name resolution
  • DHCP Server: IP address assignment
  • Windows Update: Automatic patching

Service Management:

  • Start/Stop/Restart: Control service operation
  • Startup Type: Automatic, Manual, or Disabled
  • Dependencies: Some services require others to function
  • Recovery: What to do if service fails

Performance Monitor

What it monitors:

  • CPU usage and performance
  • Memory utilization and availability
  • Disk I/O and free space
  • Network utilization and errors

Business Applications:

  • Capacity planning for growth
  • Performance troubleshooting
  • Resource optimization
  • Service level monitoring

Hands-on Activity: Windows Server Setup

Time: 35 minutes

Objective

Experience Windows Server administration

Prerequisites

Windows Server 2022 virtual machine or trial version

Part A: Server Manager Exploration (10 minutes)

  1. Log into Windows Server
  2. Explore Server Manager interface:
    • Dashboard overview
    • Local Server settings
    • Roles and Features
  3. Check system information:
    • Computer name
    • Network settings
    • Windows updates status

Part B: Active Directory Installation (15 minutes)

  1. Install Active Directory Domain Services:

    • Open Server Manager
    • Add Roles and Features
    • Select Active Directory Domain Services
    • Complete installation wizard

  2. Promote server to Domain Controller:

    • Follow post-deployment configuration
    • Create new forest: company.local
    • Set Directory Services Restore Mode password
    • Complete configuration and restart

Part C: User and Group Management (10 minutes)

  1. Open Active Directory Users and Computers

  2. Create Organizational Units:

    • Departments
    • Computers
    • Service Accounts

  3. Create user accounts:

    • Marketing user: msmith
    • Finance user: bjones
    • IT Admin: itadmin

  4. Create security groups:

    • Marketing Team
    • Finance Team
    • IT Administrators

Reflection Questions

  • How does centralized user management benefit a business?
  • What would happen if the domain controller fails?
  • How does this compare to managing users on individual computers?

Knowledge Check

6 questions, 10 minutes

  1. A new employee starts Monday. Using Active Directory, what's the most efficient way to give them access to all systems they need?

    • a) Manually configure each computer
    • b) Add them to appropriate security groups
    • c) Give them the administrator password
    • d) Set up a new server for them

  2. The Marketing department needs access to shared files but Finance should not see them. What's the best approach?

    • a) Email files to Marketing team
    • b) Put files on everyone's desktop
    • c) Create shared folder with Marketing group permissions
    • d) Give everyone full access

  3. A server starts acting slow. What Windows Server tool should you check first?

    • a) Calculator
    • b) Event Viewer
    • c) Paint
    • d) Notepad

  4. What happens if the DHCP service stops working?

    • a) All computers stop working
    • b) New devices can't get IP addresses automatically
    • c) All printers break
    • d) The internet stops working everywhere

  5. Why is Active Directory called the "heart" of Windows networks?

    • a) It's red in color
    • b) It pumps blood
    • c) It centrally manages users, computers, and permissions
    • d) It makes noise like a heartbeat

  6. A user forgot their password. Where would an administrator reset it?

    • a) On the user's computer
    • b) In Active Directory Users and Computers
    • c) By calling Microsoft
    • d) On every computer in the building

Answers

  1. b) Add them to appropriate security groups
  2. c) Create shared folder with Marketing group permissions
  3. b) Event Viewer
  4. b) New devices can't get IP addresses automatically
  5. c) It centrally manages users, computers, and permissions
  6. b) In Active Directory Users and Computers

Key Takeaways

What You Learned

✅ Windows Server provides enterprise-grade services for businesses
✅ Active Directory centralizes user and computer management
✅ File sharing with proper permissions protects business data
✅ Server Manager is the central control panel for Windows servers
✅ Groups simplify permission management for large organizations

Business Value

  • Centralized Control: Manage all users and computers from one location
  • Enhanced Security: Consistent security policies and access controls
  • Improved Productivity: Single sign-on and shared resources
  • Simplified Management: Group-based permissions and automated tasks
  • Audit Compliance: Complete logging and access tracking

Practical Skills

  • Navigate Windows Server interface efficiently
  • Install and configure Active Directory
  • Create and manage user accounts and groups
  • Set up file sharing with appropriate permissions
  • Monitor server health and performance
  • Troubleshoot common Windows Server issues

Next Steps

In the next section, we'll explore Linux fundamentals, including command-line navigation, file permissions, and system administration tasks that are essential for managing Linux servers in business environments.