logging in or signing up lala angiedelecias Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 61 Category: Education License: All Rights Reserved Like it (0) Dislike it (0) Added: May 11, 2011 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Dynamic Host Configuration Protocol (DHCP): Dynamic Host Configuration Protocol (DHCP) First TopicDHCP: DHCP The Dynamic Host Configuration Protocol (DHCP) assists administrators by automatically configuring computers with IP addresses, saving the hassle of assigning and tracking static IP addresses among multiple machines.Installing a DHCP Server : Installing a DHCP Server From Server Manager, select Add Role, and then check the DHCP Server role. You'll be asked about the name of the parent domain that clients use for name resolution and the IP addresses of the DNS servers with which clients will resolve names. You also will have an opportunity to add a scope and enable or disable DHCPv6 stateless mode. You'll be presented with the opportunity to authorize the server in Active Directory.Creating a New DHCP Scope : Creating a New DHCP Scope The New Scope Wizard appears both when you first install a DHCP server and whenever you invoke it through the DHCP administration console, which you find off the Administrative Tools menu on the Start menu.Creating a New DHCP Scope: Creating a New DHCP Scope Steps Open the DHCP administration console by selecting DHCP from the Administrative Tools folder. Right-click the appropriate DHCP server in the left pane, and select New Scope from the pop-up context menu. The New Scope Wizard appears. Click Next to move off the introductory screen. Enter a name and a friendly, useful description (for your purposes only) for the new scope and then click Next. The IP Address Range screen appears (see Figure 11-1 ). Enter a non-interrupted range of IP addresses that you want to offer to clients into the "Start IP address" and "End IP address" fields. Then, enter the subnet mask to identify the network or subnet addresses you're using. (In most cases, you can accept the defaults.) Click Next to continue.Creating a New DHCP Scope: Creating a New DHCP Scope Figure 11-1. The IP Address Range screenCreating a New DHCP Scope: Creating a New DHCP Scope 6. The Add Exclusions page appears next, depicted in Figure 11-2 . On this page, you can enter a single address or range of addresses within your scope that you want to exclude from client provisioning. Figure 11-2. The Add Exclusions screenCreating a New DHCP Scope: Creating a New DHCP Scope 7. The Lease Duration screen appears, which allows you to specify how long a DHCP-assigned address will be valid for a given scope. This is shown in Figure 11-3 . Figure 11-3. The Lease Duration screenCreating a New DHCP Scope: Creating a New DHCP Scope The Configure DHCP Options screen appears. Here, you can specify whether to simply configure the scope with the options you've specified to this point, or further customize the data transmitted in response to each DHCP request. The Router (Default Gateway) screen appears, as depicted in Figure 11-4 . Here, you can specify a list of available network gateways or routers in your order of preference. Add them using the Add buttons and adjust the list as needed using the Remove, Up, and Down buttons.Creating a New DHCP Scope: Creating a New DHCP Scope Figure 11-4. The Router (Default Gateway) screenCreating a New DHCP Scope: Creating a New DHCP Scope 10. The Domain Name and DNS Servers screen appears, shown in Figure 11-5 . On this screen, you can input the parent domain name that your client computers should use for this connection. Figure 11-5. The Domain Name and DNS Servers screenCreating a New DHCP Scope: Creating a New DHCP Scope The WINS Servers screen appears. (shown in Figure 11-6 ). On this screen, enter the WINS servers for your enterprise that clients receiving addresses from this scope should use. Figure 11-6. The WINS Servers screenCreating a New DHCP Scope: Creating a New DHCP Scope 12. Finally, the Activate Scope screen appears. When you activate a scope, you start DHCP service for it. Once inside the DHCP console, which is shown in Figure 11-7 , under the specific scope you can view the address pool, add a new exclusion range, view current IP addresses, enter reservations (more on this later), and reconfigure options for the scope.Creating a New DHCP Scope: Creating a New DHCP Scope Figure 11-7. The DHCP administration consoleAuthorizing a DHCP Server : Authorizing a DHCP Server Although you can install DHCP servers on any machine running Windows Server 2008, the first DHCP server you install must hook itself into Active Directory and needs to be on a machine that is a member of a domain. Authorized DHCP servers are listed within the directory, and each DHCP server in a domain checks this list to see whether it is authorized to provide service; if it doesn't find itself in that list, it will not respond to DHCP requests.Authorizing a DHCP Server : Authorizing a DHCP Server If you have a DHCP server that is located on a domain member machine, you can authorize it by doing the following: Log on to the machine with an account that has Enterprise Administrator credentials. Open the DHCP administration console by selecting DHCP from the Administrative Tools folder. Right-click the appropriate DHCP server in the left pane and select "Manage authorized servers" from the pop-up context menu. The Manage Authorized Servers screen appears, as shown in Figure 11-8 . The screen lists all previously authorized DHCP servers. Click Authorize to add the server to this list.Authorizing a DHCP Server : Authorizing a DHCP Server Figure 11-8. The Manage Authorized Servers screenAuthorizing a DHCP Server : Authorizing a DHCP Server On the following screen, enter the fully qualified domain name for the DHCP server or its associated IP address. Press OK. Confirm your choice on the following dialog box. Now the DHCP server is authorized and will begin serving IP addresses to clients who request them.Reservations : Reservations Reservations allow you to effectively set static IP addresses through DHCP. Although a client using reservations still will be configured to obtain a dynamic IP address, the DHCP server has a reservation in its database for that client—which is identified using the MAC address of the network card—and thus will always receive the same IP address from the DHCP server.Reservations: Reservations To create a new reservation, right-click Reservations under the appropriate scope in the lefthand pane and select New Reservation. The New Reservation screen will appear. Here, enter a friendly name for this reservation as a reference, and then the IP address to reserve. Then, enter the MAC address of the network card inside the computer that you want to have the reserved address. Enter a description of the reservation if you want, and then click OK. Figure 11-9 shows the reservations screen.Reservations: Reservations Figure 11-9. Making a DHCP reservationNetwork Access Protection (NAP): Network Access Protection (NAP) Second TopicNAP: NAP In Windows Server 2008, there is a technology that allows computers to be examined against a baseline set by an administrator, and if a machine doesn't stack up in any way against that baseline, the system can be prevented from accessing the network—quarantined, as it were, from the healthy systems until the user fixes his broken machine. This functionality is called Network Access Protection (NAP).How It Works : How It Works NAP in Windows Server 2008 can be considered in three different parts: Health policy validation Health policy compliance Limited accessHow It Works: How It Works Health policy validation Validation is the process where the machine attempting to connect to the network is examined and checked against certain health criteria that an administrator sets. This criteria can include patch state, service-pack level, presence of AV software and so on.How It Works: How It Works Health policy compliance Compliance policies can be set so that managed computers that fail the validation process can be automatically updated or fixed via Systems Management Server or some other management software.How It Works: How It Works Limited access Access limiting can be the enforcement mechanism for NAP. It's possible to run NAP in monitoring-only mode, which logs the compliance and validation state of computers connecting to the network. But in active mode, computers that fail validations are put into a limited-access area of the network, which typically blocks almost all network access and restricts traffic to a set of specially hardened servers that contain the tools most commonly needed to get machines up to snuff.How It Works: How It Works Figure 11-13. The basic architecture of NAPImplementing NAP in Phases: Implementing NAP in Phases Since NAP is so far-reaching and has the power to turn your network-connected machines into standalone, deaf PCs, it's best to deploy NAP in phases, so that (a) your users know what's happening and aren't interrupted by its enforcement, and (b) you have a sense of the effects NAP will have on the machines on your network.Implementing NAP in Phases: Implementing NAP in Phases Phase 1: Reporting only In this phase, everything NAP does—checking clients, the results of health tests, what enforcement would have been put into place—is logged centrally, but no remediation or quarantining is actually performed. In this phase, the goal is to get a sense of what portion of your clients is unhealthy, how many users your eventual enforcement policy would affect, and what types of unhealthy states your clients are in.Implementing NAP in Phases: Implementing NAP in Phases Phase 2: Reporting and remediation After at least a month, and preferably more, in Phase 1, you can now enable remediation in addition to the reporting. This will probably fix a not-insignificant portion of the clients that were reporting as unhealthy in Phase 1, limiting the pool of machines that will be cut off to a smaller number, though they are still not completely quarantined from the network.Implementing NAP in Phases: Implementing NAP in Phases Phase 3: Delayed enforcement Once you have configured auto remediation and have monitored the reporting logs for a while, you can set up NAP to allow unhealthy clients to access the network for a limited amount of time. Phase 4: Immediate enforcement After everyone has patched up and all of your regular clients have had a chance to remediate themselves and get healthy, simply remove the grace period that Phase 3 allows and make NAP cut off unhealthy clients immediately if they cannot be auto remediated.Benefits and Drawbacks: Benefits and Drawbacks Benefits: NAP is a truly great addition to Windows Server 2008. The advantages are numerous. You get very effective protection against malware before it can infiltrate your network, it is included in the licensing cost of the server product, and it presents another way for your users to take security seriously.Benefits and Drawbacks: Benefits and Drawbacks Drawbacks: There are deployment scenarios that jeopardize the effectiveness of NAP. The element of detection of network devices coming online can be difficult to implement securely, particularly solutions that rely on detecting broadcast packets. The best deployment method—802.1x protection with compatible switch or router hardware—is expensive and requires a lot of time to test and bring online.Can you rely on NAP? : Can you rely on NAP?PowerShell “Why PowerShell?”: PowerShell “Why PowerShell?” Third TopicPowerShell: PowerShell PowerShell is Microsoft's administrative scripting tool incorporated into Windows Server 2008. Windows administrators can learn PowerShell to script common management tasks. PowerShell is a download that is available for Windows XP, Server 2003, and Vista; it is included within Windows Server 2008 as a feature you add to the base OS. Under development for several years, the first public view of the product was at the Professional Developer's conference in September 2003. The first release (PowerShell on Windows XP and Windows 2003 Server) occurred in November 2006, with versions for Vista and Longhorn server coming during 2007.Why PowerShell? : Why PowerShell? The problem was that those tools did not do "everything"—thus there was occasionally a need to use VBScript or even native APIs and C#/C++. Nor did these tools integrate well—there was no way to use the output of, say, LDP as input to Regedit. Since there was no single tool that did everything, administrators ended up needing to use a variety of disparate tools to solve administrative issues.Why PowerShell? : Why PowerShell? These individual tools were totally adequate for their original purpose. However, the scope and capability of each tool was not consistent. Each tool did only part of the task and provided little integration with other tools. As many admins discovered, they would start down one path, such as writing a batch script using OS provided tools, only to find that the tools don't quite do what was needed. This meant moving to a different tool (e.g., using VBScript and COM automation) and throwing away some or all of their earlier work.Why PowerShell? : Why PowerShell? Three key aspects of PowerShell that are of interest to an admin: It is focused on the administrator. It is broad in scope and completeness. It is highly extensible. You can directly call into .NET, WMI, and COM to work with existing code. You can access just about any sort of data, and this includes PowerShell's native support for XML. And if that's not enough, you can write your own extensionsInstalling PowerShell : Installing PowerShell Forth TopicInstalling PowerShell : Installing PowerShell In Windows Server 2008, the .NET Framework is installed by default. In Windows Server 2008, PowerShell is an optional feature that you can install either using Server Manager, or as part of an unattended installation. Use the Server Manager to add the PowerShell feature as follows: Run Server Manager, and select the option to add a feature. Select the PowerShell feature and click Next. Sit back and watch the installation run.Installing PowerShell: Installing PowerShell PowerShell is a managed application, based on the .NET Framework. To speed up load times, the PowerShell installer also installs PowerShell's core binaries into the .NET Global Assembly Cache. Installing PowerShell also updates the Registry as follows: Three new file types are added to HKEY_CLASSES_ROOT. They are .ps1 (PowerShell script files), .ps1xml (PowerShell display XML), and .psc1 (PowerShell Console). The installation process also populates the Registry key: KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1 . The installer modifies the system path to include %systemroot%\system32\WindowsPowerShell\v1.0 .PowerShell and Security : PowerShell and Security Fifth TopicPowerShell and Security: PowerShell and Security PowerShell, like any powerful admin tool, has the potential to do a lot of damage to a system if used incorrectly. You can use PowerShell to remove key files, remove or modify Registry settings, delete certificates, and so on—all of which can be dangerous.PowerShell and Security: PowerShell and Security To minimize the risks, the PowerShell team took the following steps: PowerShell is not installed by default—there's no "backdoor" installations that malware vendors could rely on. The PowerShell script file with the . PS1 extension is associated with Notepad rather than with PowerShell. Double-clicking on a script opens Notepad with the script to edit as opposed to executing script that could otherwise be malware. PowerShell's execution policy is set by default to "restricted". This means you cannot run any script from inside PowerShell. You can easily change this by using the set-executionpolicy cmdlet to a less secure setting. To stop local admins or users from setting the execution policy to unrestricted and running malevolent scripts, you can use Group Policy to set PowerShell's execution policy.Thank you for watching: Thank you for watching You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
lala angiedelecias Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 61 Category: Education License: All Rights Reserved Like it (0) Dislike it (0) Added: May 11, 2011 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Dynamic Host Configuration Protocol (DHCP): Dynamic Host Configuration Protocol (DHCP) First TopicDHCP: DHCP The Dynamic Host Configuration Protocol (DHCP) assists administrators by automatically configuring computers with IP addresses, saving the hassle of assigning and tracking static IP addresses among multiple machines.Installing a DHCP Server : Installing a DHCP Server From Server Manager, select Add Role, and then check the DHCP Server role. You'll be asked about the name of the parent domain that clients use for name resolution and the IP addresses of the DNS servers with which clients will resolve names. You also will have an opportunity to add a scope and enable or disable DHCPv6 stateless mode. You'll be presented with the opportunity to authorize the server in Active Directory.Creating a New DHCP Scope : Creating a New DHCP Scope The New Scope Wizard appears both when you first install a DHCP server and whenever you invoke it through the DHCP administration console, which you find off the Administrative Tools menu on the Start menu.Creating a New DHCP Scope: Creating a New DHCP Scope Steps Open the DHCP administration console by selecting DHCP from the Administrative Tools folder. Right-click the appropriate DHCP server in the left pane, and select New Scope from the pop-up context menu. The New Scope Wizard appears. Click Next to move off the introductory screen. Enter a name and a friendly, useful description (for your purposes only) for the new scope and then click Next. The IP Address Range screen appears (see Figure 11-1 ). Enter a non-interrupted range of IP addresses that you want to offer to clients into the "Start IP address" and "End IP address" fields. Then, enter the subnet mask to identify the network or subnet addresses you're using. (In most cases, you can accept the defaults.) Click Next to continue.Creating a New DHCP Scope: Creating a New DHCP Scope Figure 11-1. The IP Address Range screenCreating a New DHCP Scope: Creating a New DHCP Scope 6. The Add Exclusions page appears next, depicted in Figure 11-2 . On this page, you can enter a single address or range of addresses within your scope that you want to exclude from client provisioning. Figure 11-2. The Add Exclusions screenCreating a New DHCP Scope: Creating a New DHCP Scope 7. The Lease Duration screen appears, which allows you to specify how long a DHCP-assigned address will be valid for a given scope. This is shown in Figure 11-3 . Figure 11-3. The Lease Duration screenCreating a New DHCP Scope: Creating a New DHCP Scope The Configure DHCP Options screen appears. Here, you can specify whether to simply configure the scope with the options you've specified to this point, or further customize the data transmitted in response to each DHCP request. The Router (Default Gateway) screen appears, as depicted in Figure 11-4 . Here, you can specify a list of available network gateways or routers in your order of preference. Add them using the Add buttons and adjust the list as needed using the Remove, Up, and Down buttons.Creating a New DHCP Scope: Creating a New DHCP Scope Figure 11-4. The Router (Default Gateway) screenCreating a New DHCP Scope: Creating a New DHCP Scope 10. The Domain Name and DNS Servers screen appears, shown in Figure 11-5 . On this screen, you can input the parent domain name that your client computers should use for this connection. Figure 11-5. The Domain Name and DNS Servers screenCreating a New DHCP Scope: Creating a New DHCP Scope The WINS Servers screen appears. (shown in Figure 11-6 ). On this screen, enter the WINS servers for your enterprise that clients receiving addresses from this scope should use. Figure 11-6. The WINS Servers screenCreating a New DHCP Scope: Creating a New DHCP Scope 12. Finally, the Activate Scope screen appears. When you activate a scope, you start DHCP service for it. Once inside the DHCP console, which is shown in Figure 11-7 , under the specific scope you can view the address pool, add a new exclusion range, view current IP addresses, enter reservations (more on this later), and reconfigure options for the scope.Creating a New DHCP Scope: Creating a New DHCP Scope Figure 11-7. The DHCP administration consoleAuthorizing a DHCP Server : Authorizing a DHCP Server Although you can install DHCP servers on any machine running Windows Server 2008, the first DHCP server you install must hook itself into Active Directory and needs to be on a machine that is a member of a domain. Authorized DHCP servers are listed within the directory, and each DHCP server in a domain checks this list to see whether it is authorized to provide service; if it doesn't find itself in that list, it will not respond to DHCP requests.Authorizing a DHCP Server : Authorizing a DHCP Server If you have a DHCP server that is located on a domain member machine, you can authorize it by doing the following: Log on to the machine with an account that has Enterprise Administrator credentials. Open the DHCP administration console by selecting DHCP from the Administrative Tools folder. Right-click the appropriate DHCP server in the left pane and select "Manage authorized servers" from the pop-up context menu. The Manage Authorized Servers screen appears, as shown in Figure 11-8 . The screen lists all previously authorized DHCP servers. Click Authorize to add the server to this list.Authorizing a DHCP Server : Authorizing a DHCP Server Figure 11-8. The Manage Authorized Servers screenAuthorizing a DHCP Server : Authorizing a DHCP Server On the following screen, enter the fully qualified domain name for the DHCP server or its associated IP address. Press OK. Confirm your choice on the following dialog box. Now the DHCP server is authorized and will begin serving IP addresses to clients who request them.Reservations : Reservations Reservations allow you to effectively set static IP addresses through DHCP. Although a client using reservations still will be configured to obtain a dynamic IP address, the DHCP server has a reservation in its database for that client—which is identified using the MAC address of the network card—and thus will always receive the same IP address from the DHCP server.Reservations: Reservations To create a new reservation, right-click Reservations under the appropriate scope in the lefthand pane and select New Reservation. The New Reservation screen will appear. Here, enter a friendly name for this reservation as a reference, and then the IP address to reserve. Then, enter the MAC address of the network card inside the computer that you want to have the reserved address. Enter a description of the reservation if you want, and then click OK. Figure 11-9 shows the reservations screen.Reservations: Reservations Figure 11-9. Making a DHCP reservationNetwork Access Protection (NAP): Network Access Protection (NAP) Second TopicNAP: NAP In Windows Server 2008, there is a technology that allows computers to be examined against a baseline set by an administrator, and if a machine doesn't stack up in any way against that baseline, the system can be prevented from accessing the network—quarantined, as it were, from the healthy systems until the user fixes his broken machine. This functionality is called Network Access Protection (NAP).How It Works : How It Works NAP in Windows Server 2008 can be considered in three different parts: Health policy validation Health policy compliance Limited accessHow It Works: How It Works Health policy validation Validation is the process where the machine attempting to connect to the network is examined and checked against certain health criteria that an administrator sets. This criteria can include patch state, service-pack level, presence of AV software and so on.How It Works: How It Works Health policy compliance Compliance policies can be set so that managed computers that fail the validation process can be automatically updated or fixed via Systems Management Server or some other management software.How It Works: How It Works Limited access Access limiting can be the enforcement mechanism for NAP. It's possible to run NAP in monitoring-only mode, which logs the compliance and validation state of computers connecting to the network. But in active mode, computers that fail validations are put into a limited-access area of the network, which typically blocks almost all network access and restricts traffic to a set of specially hardened servers that contain the tools most commonly needed to get machines up to snuff.How It Works: How It Works Figure 11-13. The basic architecture of NAPImplementing NAP in Phases: Implementing NAP in Phases Since NAP is so far-reaching and has the power to turn your network-connected machines into standalone, deaf PCs, it's best to deploy NAP in phases, so that (a) your users know what's happening and aren't interrupted by its enforcement, and (b) you have a sense of the effects NAP will have on the machines on your network.Implementing NAP in Phases: Implementing NAP in Phases Phase 1: Reporting only In this phase, everything NAP does—checking clients, the results of health tests, what enforcement would have been put into place—is logged centrally, but no remediation or quarantining is actually performed. In this phase, the goal is to get a sense of what portion of your clients is unhealthy, how many users your eventual enforcement policy would affect, and what types of unhealthy states your clients are in.Implementing NAP in Phases: Implementing NAP in Phases Phase 2: Reporting and remediation After at least a month, and preferably more, in Phase 1, you can now enable remediation in addition to the reporting. This will probably fix a not-insignificant portion of the clients that were reporting as unhealthy in Phase 1, limiting the pool of machines that will be cut off to a smaller number, though they are still not completely quarantined from the network.Implementing NAP in Phases: Implementing NAP in Phases Phase 3: Delayed enforcement Once you have configured auto remediation and have monitored the reporting logs for a while, you can set up NAP to allow unhealthy clients to access the network for a limited amount of time. Phase 4: Immediate enforcement After everyone has patched up and all of your regular clients have had a chance to remediate themselves and get healthy, simply remove the grace period that Phase 3 allows and make NAP cut off unhealthy clients immediately if they cannot be auto remediated.Benefits and Drawbacks: Benefits and Drawbacks Benefits: NAP is a truly great addition to Windows Server 2008. The advantages are numerous. You get very effective protection against malware before it can infiltrate your network, it is included in the licensing cost of the server product, and it presents another way for your users to take security seriously.Benefits and Drawbacks: Benefits and Drawbacks Drawbacks: There are deployment scenarios that jeopardize the effectiveness of NAP. The element of detection of network devices coming online can be difficult to implement securely, particularly solutions that rely on detecting broadcast packets. The best deployment method—802.1x protection with compatible switch or router hardware—is expensive and requires a lot of time to test and bring online.Can you rely on NAP? : Can you rely on NAP?PowerShell “Why PowerShell?”: PowerShell “Why PowerShell?” Third TopicPowerShell: PowerShell PowerShell is Microsoft's administrative scripting tool incorporated into Windows Server 2008. Windows administrators can learn PowerShell to script common management tasks. PowerShell is a download that is available for Windows XP, Server 2003, and Vista; it is included within Windows Server 2008 as a feature you add to the base OS. Under development for several years, the first public view of the product was at the Professional Developer's conference in September 2003. The first release (PowerShell on Windows XP and Windows 2003 Server) occurred in November 2006, with versions for Vista and Longhorn server coming during 2007.Why PowerShell? : Why PowerShell? The problem was that those tools did not do "everything"—thus there was occasionally a need to use VBScript or even native APIs and C#/C++. Nor did these tools integrate well—there was no way to use the output of, say, LDP as input to Regedit. Since there was no single tool that did everything, administrators ended up needing to use a variety of disparate tools to solve administrative issues.Why PowerShell? : Why PowerShell? These individual tools were totally adequate for their original purpose. However, the scope and capability of each tool was not consistent. Each tool did only part of the task and provided little integration with other tools. As many admins discovered, they would start down one path, such as writing a batch script using OS provided tools, only to find that the tools don't quite do what was needed. This meant moving to a different tool (e.g., using VBScript and COM automation) and throwing away some or all of their earlier work.Why PowerShell? : Why PowerShell? Three key aspects of PowerShell that are of interest to an admin: It is focused on the administrator. It is broad in scope and completeness. It is highly extensible. You can directly call into .NET, WMI, and COM to work with existing code. You can access just about any sort of data, and this includes PowerShell's native support for XML. And if that's not enough, you can write your own extensionsInstalling PowerShell : Installing PowerShell Forth TopicInstalling PowerShell : Installing PowerShell In Windows Server 2008, the .NET Framework is installed by default. In Windows Server 2008, PowerShell is an optional feature that you can install either using Server Manager, or as part of an unattended installation. Use the Server Manager to add the PowerShell feature as follows: Run Server Manager, and select the option to add a feature. Select the PowerShell feature and click Next. Sit back and watch the installation run.Installing PowerShell: Installing PowerShell PowerShell is a managed application, based on the .NET Framework. To speed up load times, the PowerShell installer also installs PowerShell's core binaries into the .NET Global Assembly Cache. Installing PowerShell also updates the Registry as follows: Three new file types are added to HKEY_CLASSES_ROOT. They are .ps1 (PowerShell script files), .ps1xml (PowerShell display XML), and .psc1 (PowerShell Console). The installation process also populates the Registry key: KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1 . The installer modifies the system path to include %systemroot%\system32\WindowsPowerShell\v1.0 .PowerShell and Security : PowerShell and Security Fifth TopicPowerShell and Security: PowerShell and Security PowerShell, like any powerful admin tool, has the potential to do a lot of damage to a system if used incorrectly. You can use PowerShell to remove key files, remove or modify Registry settings, delete certificates, and so on—all of which can be dangerous.PowerShell and Security: PowerShell and Security To minimize the risks, the PowerShell team took the following steps: PowerShell is not installed by default—there's no "backdoor" installations that malware vendors could rely on. The PowerShell script file with the . PS1 extension is associated with Notepad rather than with PowerShell. Double-clicking on a script opens Notepad with the script to edit as opposed to executing script that could otherwise be malware. PowerShell's execution policy is set by default to "restricted". This means you cannot run any script from inside PowerShell. You can easily change this by using the set-executionpolicy cmdlet to a less secure setting. To stop local admins or users from setting the execution policy to unrestricted and running malevolent scripts, you can use Group Policy to set PowerShell's execution policy.Thank you for watching: Thank you for watching