Upload
others
View
51
Download
0
Embed Size (px)
Citation preview
InstallingandConfiguringWindows
Server2016(Hands-onGuide)
Copyright©2016K.G.Mark
Allrightsreserved.
ContentsCopyright
AboutThisBook
AudienceandCandidatesPrerequisites
Disclaimer
VirtualMachines
PreparingVirtualMachines
Task1:InstallingVMwareWorkstationontheHostMachine
Task2:InstallingandConfiguringtheDC1VirtualMachine
Task2.1:ConfiguringtheDC1VirtualMachine
Task2.2:PromotingtheDC1VirtualMachineasaDomainController
Task3:InstallingandConfiguringtheSERVER1VirtualMachine
Task4:InstallingandConfiguringtheCLIENT1VirtualMachine
Task5:InstallingandConfiguringtheROUTERVirtualMachine
Task6:CreatingandConfiguringtheSERVER2VirtualMachine
Task7:CreatingSnapshotsofVirtualMachines
Task8:WorkingwiththeWindowsServer2016DesktopExperience
Exercise1:InstallingandConfiguringWindowsServer2012R2CoreMachine
Task1:InstallingWindowsServer2012R2CoreMachine.
Task2:ConfiguringtheWindowsServer2016CoreMachine.
Task3:AddingCORE1toDomain
Exercise2:ManagingServersRemotely
Task1:CreatingandManagingtheServerGroup
Task2:DeployingRolesandFeaturesonCORE1Machine
Task3:ManagingServicesontheCORE1Machine
Exercise3:UsingWindowsPowerShelltoManageServers
Task1:UsingtheWindowsPowerShelltoConnectRemotelytoServersandViewInformation
Task2:UsingWindowsPowerShelltoManageRolesandFeaturesRemotely
Exercise04:InstallingandConfiguringDomainControllers
Task1:AddingtheADDSRoleonaMemberServer
Task2:ConfiguringSERVER1ServerasaDomainController
Task3:ConfiguringSERVER1asaGlobalCatalogServer
Exercise5:InstallingaDomainControllerbyUsingIFM
Task1:GeneratingaIFMDataFile
Task2:AddingtheADDSRoletotheMemberServer
Task3:ConfiguringSERVER1asaNewDomainControllerUsingtheIFMDataFile
Exercise6:ManagingOrganizationalUnitsandGroupsinADDS
Task1:ManagingOrganizationalUnitsandGroups
Task2:DelegatingthePermissions
Task3:ConfiguringHomeFoldersforUserAccounts
Task4:TestingandVerifyingtheHomeFoldersandDelegatedPermissions
Task5:ResettingtheComputerAccounts
Task6:ExaminingtheBehaviorwhenaUserLoginsonClient.
Task7:RejoiningtheDomaintoReconnecttheComputerAccount
Exercise7:UsingWindowsPowerShelltoCreateUserAccountsandGroups
Task1:CreatingaUserAccountUsingWindowsPowerShell
Task2:CreatingGroupsUsingWindowsPowerShell
Task3:ExportingUserAccountsUsingtheldifdeTool
Exercise8:InstallingandConfiguringtheDHCPServerRole
Task1:InstallingtheDHCPServerRole
Task2:ConfiguringtheDHCPScope
Task3:ConfiguringDHCPClient
Task4:ConfiguringDHCPReservation
Exercise9:InstallingandConfiguringDNS
Task1:ConfiguringSERVER1asaDomainControllerwithoutInstallingtheDNSServerRole
Task2:CreatingandConfiguringtheMyzone.localZoneonDC1
Task3:AddingtheDNSServerRoleontheSERVER1
Task4:VerifyingReplicationofthemcsalab.localZone
Task5:ConfiguringDNSForwarder
Task6:ManagingtheDNSCache
10:ImplementingLANRouting
Task1:InstallingtheLANRoutingFeatureonROUTER
Task2:ConfiguringtheLANRoutingServiceonROUTER
Task3:TestingtheConnectivitybetweenDC1andSERVER2Servers
Exercise11:ConfiguringIPv6Addressing
Task1:DisablingIPv6AddressonDC1
Task2:DisablingIPv4AddressonSERVER2
Task3:ConfiguringanIPv6NetworkonROUTER
Task4:VerifyingIPv6AddressonSERVER2
Exercise12:InstallingandConfiguringDiskStorage
Task1:AddingNewVirtualDiskstoDC1
Task2:InitializingtheAddedDisks
Task3:CreatingandFormattingSimpleVolumes
Task4:ShrinkingtheVolumes
Task5:ExtendingtheVolumes
Exercise13:ConfiguringaRedundantStorageSpace
Task1:CreatingaStoragePool
Task2:CreatingaMirroredVirtualDisk
Task3:CreatingaFileintoMirroredVolume1
Task4:RemovingaPhysicalDrive
Task5:VerifyingtheFileAvailability
Exercise14:ImplementingFileSharing
Task1:CreatingtheFolderStructurefortheNewShare
Task2:ConfiguringNTFSPermissionsontheFolderStructure
Task3:SharingtheFolder
Task4:AccessingtheSharedFolder
Task5:EnablingAccess-basedEnumeration
Task6:TestingtheAccess-basedEnumerationConfiguration
Exercise15:ImplementingShadowCopies
Task1:ConfiguringShadowCopies
Task2:RecoveringaDeletedFileUsingShadowCopy
Exercise16:ImplementingNetworkPrinting
Task1:InstallingthePrintandDocumentServicesServerRole
Task2:InstallingaNewPrinter
Task3:ConfiguringPrinterPooling
Task4:ConnectingaPrinteronaClient
Exercise17:ImplementingGroupPolicyObjects
Task1:CreatingaNewGPO
Task2:ConfiguringtheInternetExplorerGPO
Task3:CreatingaDomainUsertoTesttheGPO
Task4:TestingtheInternetExplorerGPO
Task5:ConfiguringSecurityFilteringtoExemptaUserfromtheInternetExplorerGPO
Task6:TestingtheInternetExplorerGPO
Exercise18:ImplementingAppLockerandFirewallUsingGroupPolicy
Task1:RestrictinganApplicationUsingAppLocker
Task2:ConfiguringWindowsFirewallRulesUsingGroupPolicy
CopyrightTheauthorholdsalltherightsofpublishingandreproducingtothisbook.Thecontentofthisbookcannotbereproducedorcopiedinanyformorbyanymeansorreproduced
withoutthepriorwrittenpermissionoftheauthor.
AboutThisBookThisbookcontainsthevirtuallabsetupguideandthelabexercisesforinstallingandconfiguringWindowsServer2016.Youcancreatethevirtuallabinfrastructureonyourownsystemandyoucaneasilyperformallthelabexercisesmentionedinthisbook.CandidatehavingthebasicknowledgeofWindowsoperatingsystemsandnetworkingfundamentalscanperformallthelabexerciseswithout(orleast)theneedofatrainerorfaculty.Thisbookmainlycoverstheinitialimplementationandconfigurationofcore
services,suchasADDS,networkingservices.
AudienceandCandidatesPrerequisitesThisbookisintendedforthecandidateswhohavebasicoperatingsystemknowledge,andwanttogainthehands-onpracticeskillsandknowledgenecessarytoimplementthecoreinfrastructureservices.Inaddition,thisbookisalsohelpfulforthecandidatewhoare
lookingforcertificationintheWindowsServer2016platform.
Thecandidatesshouldhavethebasicknowledgeofthenetworkingfundamentals,Windows-basedoperatingsystems,andvirtualizationplatformstoperformthehands-on
practices.
DisclaimerWemadealmosteveryefforttoavoiderrorsoromissionsinthisguide.However,errors
mayslinkin.Anymistake,errorordiscrepancynotedbythereadersarerequestedtosharewithus,whichwillbehighlyappreciable.Thecontentsandimagesinthisguidecouldincludetechnicalinaccuraciesortypographicalerrors.Author(s)orpublishermakesno
representationsabouttheaccuracyoftheinformationcontainedintheguide.
VirtualMachinesThevirtualmachinesthatwillbeusedthroughoutthisbookarelistedinthefollowing
table.
S.No. VMName OperatingSystem
1 DC1 WindowsServer2016
2 SERVER1 WindowsServer2016
3 CLIENT1 Windows8.1/10
4 ROUTER WindowsServer2016
5 SERVER2 WindowsServer2016
Topreparethevirtualmachinesmentionedintheprecedingtable,youneedISOimages.YoucandownloadtheevaluationISOimages(WindowsServer2016(TechnicalPreview)
andWindows8.1/10)fromtheMicrosoftdownloadcenter.
Toperformthestepbysteplabexercises,downloadtheISOimagesandplacethemundertheD:\ISOsfolderonthehostmachine.Youcansetupthevirtuallabinfrastructureonthe
VMwareorHyper-Vplatform.
EachvirtualmachinewillactasaseparatemachinewiththeuniqueGUID,SID,andIPaddress.ThefollowingtableliststheIPaddressesandrolesoftherespectiveVMs.
S.No.
VMName
IPAddress Role
1 DC1 10.0.0.100 Domaincontrollerofthemcsalab.local
domain.
2 SERVER1 10.0.0.101 Memberserverofthemcsalab.local
domain.
3 CLIENT1 10.0.0.102 Clientmachineof
themcsalab.localdomain.
4 ROUTER InternalSubnet:
10.0.0.1
ExternalSubnet:
192.168.0.1
RouterservertoperformtheLAN
routing.
5 SERVER2 192.168.0.2 Workgroupserverintheexternalsubnet.
PreparingVirtualMachinesTocreatethevirtualmachines,youneedtoperformthefollowingtasksonthehost
machine:
1. InstallVMwareWorkstationorPlayer.2. InstallandconfiguretheDC1virtualmachine3. InstallandconfiguretheSERVER1virtualmachine4. InstallandconfiguretheCLIENT1virtualmachine5. InstallandconfiguretheROUTERvirtualmachine6. InstallandconfiguretheSERVER2virtualmachine
Task1:InstallingVMwareWorkstationontheHostMachine
ToInstallVMwareWorkstationorVMwarePlayer,firstyouneedtodownloadit.Onceitisdownloaded,justdouble-clickthesetupfile,andfollowthesimplestepstocompletethe
installationprocess.
Task2:InstallingandConfiguringtheDC1VirtualMachineToinstallandconfiguretheDC1virtualmachine,youneedtoperformthefollowing
steps:
1. MakesurethattheVMwareconsoleisactive.2. SelectFileandthenselectNewVirtualMachine.3. OntheNewVirtualMachineWizard,clickNext.
4. OntheGuestOperatingSystemInstallationpage,selecttheInstallerdiscimagefile(iso):radiobutton,browsethelocationoftheServer2016ISOimage
file,andthenclickNext.
5.
Note:IfyouusetheVMwareplatformthatautomaticallydetectstheversionoftheWindowsserver,youmayaskedtosetthefollowingsettings:
ProductkeyOperatingsystemeditionAdministratorpassword
Otherwise,youmayskipit.
6. OntheSelectaGuestOperatingSystempage,selectthehighestsupportedversionofWindowsserver(inthiscaseWindowsServer2012butitwillstill
supportWindowsServer2016),andthenclickNext.
7. OntheNameandVirtualMachinepage,typeDC1intheVirtualmachinenamefield.
8. IntheLocationfield,navigatethelocationwhereyouwanttosavethevirtualmachine,suchasH:\VMs\2k16\DC1,andthenclickNext.
9. OntheSpecifyDiskCapacitypage,selectStorevirtualdiskasasinglefile,optionallyyoucanalsosetthedisksizeaswell,andthenclickNext.
10. OntheReadytoCreateVirtualMachinepage,clickCustomizeHardware.11. OntheHardwarewindow,selectNetworkAdapterintheleftpane.Selectthe
Hostonlyradiobutton,andthenclickClose.
12. ClickFinish.13. OntheVMwareconsole,powerontheDC1virtualmachine.14. OntheWindowsSetuppage,clickNext,andthenclickInstallNow.
15. OntheSelecttheoperatingsystemyouwanttoinstallpage,selecttheWindowsServer2016DesktopExperience,andthenclickNext.
16. OntheLicensetermspage,selecttheIacceptthelicensetermscheckbox,andthenclickNext.
17. OntheWhichtypeofinstallationdoyouwantpage,selecttheCustomoption,andthenclickNext.
18. OntheWheredoyouwanttoinstallWindowspage,clickNext.
19. TheInstallationprocesswillbegin,after10-15minutestheCustomizesettingsscreenwilldisplay.
20. SetAdministratorpasswordasPassword@123.
Task2.1:ConfiguringtheDC1VirtualMachine1. SignintoDC1withtheAdministratoraccount.2. OpentheSystemProperties(sysdm.cpl)andsetthecomputernameasDC1.
3. RestartandsignintothesystemwiththeAdministratoraccount.Aftersometime,theServerManagerconsolewilldisplay.
4. OpentheRundialogbox,typencpa.cpl,andthenpressEnter.5. Selectandright-clicktheactivenetworkadapter,andthenselectProperties.6. SetthefollowingTCP/IPsettings:
IPaddress:10.0.0.100.Subnetmask:255.0.0.0.Defaultgateway:10.0.0.1.
PreferredDNSserver:10.0.0.100.
7. ClosetheNetworkConnectionsconsole.
Task2.2:PromotingtheDC1VirtualMachineasaDomainController
TopromotetheDC1virtualmachineasadomaincontroller,youneedtoperformthefollowingsteps:
1. OpentheServerManagerconsole.2. ClicktheAddrolesandfeatureslink.3. OntheBeforeyoubeginpage,clickNext.4. OntheSelectinstallationtypepage,clickNext.5. OntheSelectdestinationserverpage,clickNext.6. OntheSelectserverrolespage,selecttheActiveDirectoryDomainServices
checkbox,asshowninthefollowingfigure.
7. Acceptthedefaultselectionsthroughrestofthewizardandcompletetheinstallationprocess.
8. ClickClose,oncetheinstallationsucceedsonDC1.9. OntheServerManagerconsole,clicktheNotificationsicon.10. ClickthePromotethisservertoadomaincontrollerlink,asshowninthe
followingfigure.
11. OntheDeploymentConfigurationpage,selecttheAddanewforestradiobutton.
12. IntheRootdomainnametextbox,typemcsalab.local,asshowninthefollowingfigure,andthenclickNext.
13. OntheDomainControllerOptionspage,makesurethattheDomainNameSystem(DNS)servercheckboxisselected,asshowninthefollowingfigure.
14. InthePasswordandConfirmpasswordtextboxes,typethePassword@123,andthenclickNext.
15. OntheDNSOptionspageandthenclickNext.16. OntheAdditionalOptionspage,clickNext.17. OnthePathspage,asshowninthefollowingfigure,reviewthedefaultlocation
fortheADDSdatabasefile,andthenclickNext.
18. OntheReviewOptionspage,clickNext.19. OnthePrerequisitesCheckpage,asshowninthefollowingfigure,reviewthe
prerequisites,andthenclickInstall.
20. Aftersometime,thesystemwillrestartautomatically,signintoDC1withtheMCSALAB\Administratoraccount.
21. DonotshutdowntheDC1virtualmachine.
Task3:InstallingandConfiguringtheSERVER1VirtualMachine
ToinstallandconfiguretheSERVER1virtualmachine,youcanfollowthesimplestepsasyouusedtoinstallandconfiguretheDC1virtualmachine.
1. DuringtheinstallingSERVER1virtualmachine,makesurethatyouusethefollowingsettingsandoptions:Virtualmachinename:SERVER1.
Operatingsystemversion:WindowsServer2016.Memory:2048MBHarddisksize:50GB
NetworkAdapter:Hostonly(clickCustomizeHardwarebeforeclickingtheFinishbutton.)
Password:Password@1232. OnceyouinstalledtheSERVER1virtualmachinewiththeprecedingsettings,
configurethefollowingTCP/IPsettings:IPaddress:10.0.0.101Subnetmask:255.0.0.0Defaultgateway:10.0.0.1
PreferredDNSserver:10.0.0.1003. OnceyouconfiguredtheprecedingTCP/IPsettings,opentheSystemProperties
dialogboxandclickChange.4. OntheComputerName/DomainChangesdialogbox,intheComputername
textbox,typeSERVER1.5. SelecttheDomainradiobutton,intheMemberofsection,andthentype
mcsalab.local,andthenclickOK.6. OntheWindowsSecuritydialogbox,providethecredentialsoftheDC1server,
andrestarttheSERVER1virtualmachine.7. SignintoSERVER1withtheAdministratoraccount.8. ShutdowntheSERVER1virtualmachine.
Task4:InstallingandConfiguringtheCLIENT1VirtualMachine
ToinstallandconfiguretheCLIENT1virtualmachine,youcanfollowthesimplestepsasyouusedtoinstallandconfiguretheDC1virtualmachine.
1. DuringtheinstallingCLIENT1virtualmachine,makesurethatyouusethefollowingsettingsandoptions:Virtualmachinename:CLIENT1.
Operatingsystemversion:Windows8.1/10.Memory:1024MBHarddisksize:50GB
NetworkAdapter:Hostonly(clickCustomizeHardwarebeforeclickingtheFinishbutton.)
Password:Password@1232. OnceyouinstalledtheCLIENT1virtualmachinewiththeprecedingsettings,
configurethefollowingTCP/IPsettings:IPaddress:10.0.0.102Subnetmask:255.0.0.0Defaultgateway:10.0.0.1
PreferredDNSserver:10.0.0.1003. OnceyouconfiguredtheprecedingTCP/IPsettings,opentheSystem
Propertiesdialogbox,andclickChange.4. OntheComputerName/DomainChangesdialogbox,intheComputername
textbox,typeCLIENT1.5. SelecttheDomainradiobuttonintheMemberofsection,typemcsalab.local,
andthenclickOK.6. OntheWindowsSecuritydialogbox,providethecredentialsoftheDC1server,
andrestarttheCLIENT1virtualmachine.7. SignintoCLIENT1withtheAdministratoraccount.8. ShutdowntheCLIENT1virtualmachine.
Task5:InstallingandConfiguringtheROUTERVirtualMachine
ToinstallandconfiguretheROUTERvirtualmachine,youcanfollowthesimplestepsasyouusedtoinstallandconfiguretheDC1virtualmachine.
1. DuringthecreatingROUTERvirtualmachine,makesurethatyouusethefollowingsettingsandoptions:Virtualmachinename:ROUTER.
Operatingsystemversion:WindowsServer2016.Memory:1024MBHarddisksize:50GB
NetworkAdapter:Hostonly2. OnceyoucreatedtheROUTERvirtualmachinewiththeprecedingsettings,
selecttheROUTERvirtualmachine,clickEditvirtualmachinesettings,asshowninthefollowingfigure.
3. OntheVirtualMachineSettingsdialogbox,clickAdd.4. OntheAddHardwareWizard,selectNetworkAdapter,andthenclickNext.
5. OntheNetworkAdapterTypepage,selectVMnet2undertheCustomoption.
6. ClickFinishandthenclickOKbutton.7. PowerontheROUTERvirtualmachine.8. FollowthesimplestepstoinstalltheROUTERvirtulmachine.Use
[email protected]. OnceyouinstalledtheROUTERvirtualmachinewiththeprecedingsettings,
configurethefollowingTCP/IPsettingsonthefirstnetworkadapter(connectedtotheHostonlynetwork):
IPaddress:10.0.0.1Subnetmask:255.0.0.0
PreferredDNSserver:10.0.0.100
10. ConfigurethefollowingTCP/IPsettingsonthesecondnetworkadapter(connectedtotheVMnet2network):
IPaddress:192.168.0.1Subnetmask:255.255.255.0
11. OnceyouconfiguredtheprecedingTCP/IPsettings,opentheSystemPropertiesdialogbox,setthecomputernameasROUTER,andrestartthe
ROUTERvirtualmachine.12. OpentheCommandPromptwindow,typeping10.0.0.100,andthenpress
Enter.13. Youshouldbeabletocommunicate(ping)withtheDC1server.
Note:IfyouareunabletocommunicatewiththeDC1server,youmayneedtointerchangetheTCP/IPsettingsofthenetworkadapters.
14. DonotshutdowntheROUTERvirtualmachine.
Task6:CreatingandConfiguringtheSERVER2VirtualMachine
ToinstallandconfiguretheSERVER2virtualmachine,youcanfollowthesimplestepsasyouusedtoinstallandconfiguretheDC1virtualmachine.
1. DuringtheinstallingSERVER2virtualmachine,makesurethatyouusethefollowingsettingsandoptions:Virtualmachinename:SERVER2.
Operatingsystemversion:WindowsServer2016.Memory:1024MBHarddisksize:50GB
NetworkAdapter:VMnet2Password:Password@123
2. OnceyouinstalledtheSERVER2virtualmachinewiththeprecedingsettings,configurethefollowingTCP/IPsettings:
IPaddress:192.168.0.2Subnetmask:255.255.255.0Defaultgateway:192.168.0.1
PreferredDNSserver:10.0.0.1003. OnceyouconfiguredtheprecedingTCP/IPsettings,opentheSystem
Propertiesdialogbox,setthecomputernameasSERVER2,andrestarttheSERVER2virtualmachine.
4. SignintoSERVER2withtheAdministratoraccount.5. ShutdowntheSERVER2virtualmachine.1. ShutdowntheDC1virtualmachine.
Task7:CreatingSnapshotsofVirtualMachinesOnceyouinstalledandconfiguredallthevirtualmachines,youneedtocreatethe
snapshots/checkpointsforeachvirtualmachine.Snapshotwillhelpyoutorevertavirtualmachinetoitspreviouslyusedstate(atthepointwhenyouhadcreatedit).
Tocreateasnapshot,youneedtoperformthefollowingtasks:
1. Makesurethattheallvirtualmachinesareturnedoff.2. Selectandright-clickanyvirtualmachine,selectSnapshot,andthenselectTake
snapshot.Afterfewseconds,thesnapshotwillbecreated.3. Usingtheprecedingmethod,createsnapshotsofallthevirtualmachines.
Task8:WorkingwithWindowsServer2016DesktopExperience
GUIinterfaceofWindowsServer2016isalmosthassimilarfunctionsasusedinwindowsServer2012R2.However,therearesomenewfeaturehavebeenaddedtomaketheuser
experiencemoreinteresting.SomeofthebasicGUIfeaturesare:
StartbuttonTaskManagerTaskView
Startbutton1. SignintoDC1andclicktheStartbutton.Itwillshowyouthevariousoptions,
suchasServerManager,Settings,PowerShell,andCalculatorthatcanbeaccesseddirectly.
2. Ifyouright-clicktheStartbutton,itwillshowyoufewmoreoptions,asshowninthefollowingfigure.
TaskManagerTheTaskManagerinWindowsServer2016ismuchsimilartotheTaskManagerthathas
beenusedinWindowsServer2012R2.
TaskViewTaskViewallowsyoutoviewandswitchbetweendifferentactivewindows.Thisfeature
wasnotavailableinWindowsServer2012R2.
Task9:What’sNewinWindowsServer2016?InWindowsServer2016,therearemanynewrolesandfeatureshavebeenadded.Some
ofthemajornewrolesandfeaturesare:
HostGuardianServiceMultipointServices
WindowsServerEssentialsExperienceSetupandBootEventCollections
SMBBandwidthLimitWindowsBiometricFrameworkBitLockerNetworkUnlock
HostGuardianServiceTheHostGuardianService(HGS)isaserverroleintroducedinWindowsServer2016.ItprovidestheAttestationandKeyProtectionservicesthatallowGuardedHoststorunshieldedvirtualmachines.TheAttestationservicevalidatesguardedhostidentityand
configuration.TheKeyProtectionserviceallowstransportkeystoenableguardedhoststounlockandrunshieldedvirtualmachines.
MultipointServicesItallowsmultipleuserstosimultaneouslyshareonecomputerandeachuserhastheirown
independentandfamiliarWindowsexperience.
WindowsServerEssentialsExperienceThisisaroleservicethatsetsuptheITinfrastructureandofferspowerfulfunctions,suchas“PCbackups”thathelpsorganizations’toprotectdata,and“RemoteWebAccess”thathelpsaccessbusinessinformationfromanywhere,virtually.Italsohelpsyoutosimply
andrapidlyconnecttocloud-basedapplicationsandservicestoextendthefunctionalityoftheservers.
SetupandBootEventCollectionsItisafeaturethatenablesthecollectionandloggingofsetupandbooteventsfromother
computersonthenetwork.
SMBBandwidthLimitThisfeatureprovidesamechanismtotrackSMBtrafficpercategoryandallowsyoutolimittheamountoftrafficallowedforagivencategory.Itiscommonlyusedtolimitthe
bandwidthusedbylivemigrationoverSMB.
WindowsBiometricFramework
ThisfeatureallowsfingerprintdevicestobeusedtoidentifyandverifyidentitiesandtosignintoWindows.
BitLockerNetworkUnlockThisfeatureenablesanetwork-basedkeyprotectortobeusedtoautomaticallyunlockBitLocker-protectedoperatingsystemdrivesindomain-joinedcomputers,whenthe
computerisrestarted.
Exercise1:InstallingandConfiguringWindowsServer2012R2CoreMachine
Inthisexercise,youwillinstallandconfigureaWindowsServer2012R2coremachine.TheinstallationprocessfortheservercoreoptionandfullGUIoptionisalmostidentical.However,servercoreoptionrequireslesshardwareresourcesanditismoresecurethan
thefullGUIoption.Inthisexercise,youwillusethefollowingvirtualmachines:
DC1CORE1
ToinstallandconfiguretheWindowsServer2012R2coremachine,youneedtoperformthefollowingtasks:
Task1:InstallingWindowsServer2012R2CoreMachine.1. Createavirtualmachinewiththefollowingsettings:2. Duringthecreatingthevirtualmachine,makesurethatyouusethefollowing
settingsandoptions:Virtualmachinename:CORE1.
Operatingsystemversion:WindowsServer2016.Memory:512MB
Harddisksize:20GBNetworkAdapter:HostonlyPassword:Password@123
3. Oncethevirtualmachineiscreated,powerontheCORE1virtualmachine.4. Aftersometime,theWindowsSetupscreenwilldisplay.5. ClickNextandthenclickInstallnow.6. IftheActivateWindowsscreenisdisplayed,clickIdon’thaveaproductkey
link.
7. OntheSelecttheoperatingsystemyouwanttoinstallpage,selectWindowsServer2016TechnicalPreview4,andthenclickNext.
8. OntheLicensetermspage,selecttheIacceptthelicensetermscheckbox,andthenclickNext.
9. OntheWhichtypeofinstallationdoyouwant?page,clickCustom:InstallWindowsonly(advanced),asshowninthefollowingfigure.
10. OntheWheredoyouwanttoinstallWindows?page,clickNext.11. Theinstallationprocesswillstart.12. Aftersometime,thesigninscreenwilldisplay,andyouwillbeaskedtochange
theAdministratorpassword.
13. SettheAdministratorpasswordasPassword@123.
Task2:ConfiguringtheWindowsServer2016CoreMachine.
ToconfiguretheWindowsServer2016coremachine,youneedtoperformthefollowingsteps:
1. SignintoCORE1withtheAdministratoraccount.2. OntheCommandPromptwindow,typesconfig.cmd,andthenpressEnter.
TheServerConfigurationoptionswilldisplay,asshowninthefollowingfigure.
3. TochangethesystemDateandTime,type9,andthenpressEnter.4. OntheDateandTimedialogbox,asshowninthefollowingfigure,click
Changetimezone.
5. Selectthedesiredtimezone,andthenclickOK.6. IntheDateandTimedialogbox,clickChangeDateandTime,andverifythe
dateandtime,andthenclickOK.7. OntheCommandPromptwindow,type8,andthenpressEntertoconfigure
NetworkSettings.8. Typetheindexnumber(inourexampleitis10)ofthenetworkadapter,asshown
inthefollowingfigure,andthenpressEnter.
9. OntheNetworkAdapterSettingspage,type1,tosettheNetworkAdapterAddress,asshowninthefollowingfigure,andthenpressEnter.
10. TosetstaticIPaddress,typeS,asshowninthefollowingfigure,andthenpressEnter.
11. AttheEnterstaticIPaddress:prompt,type10.0.0.103,andthenpressEnter.12. AttheEntersubnetmask:prompt,acceptthedefaultvalue,andthenpress
Enter.13. AttheEnterdefaultgateway:prompt,type10.0.0.1,andthenpressEnter,as
showninthefollowingfigure.
14. OntheNetworkAdapterSettingsoption,type2,toconfiguretheDNSserveraddress,andthenpressEnter.
15. AttheEnternewpreferredDNSserverprompt,type10.0.0.100,andthenpressEnter.
16. OntheNetworkSettingsmessagebox,asshowninthefollowingfigure,clickOK.
17. PressEntertonotconfigureanalternateDNSserveraddress.18. AttheSelectoption:prompt,type4,andthenpressEntertoreturntothemain
menu.19. AttheEnternumbertoselectanoption:prompt,type15,andthenpress
Entertoexitthesconfig.cmdutility.20. OntheCommandPromptwindow,typepingdc1.mcsalab.localtoverifythe
connectivitybetweenDC1andCORE1.
Task3:AddingCORE1toDomain1. OntheCommandPromptwindow,typesconfig.cmd,andthenpressEnter.2. AttheEnternumbertoselectanoption:prompt,type2,andthenpressEnter.3. AttheEnteranewcomputername:prompt,typeCORE1,andthenpress
Enter.
4. OntheRestartdialogbox,clickYes.
5. ThesystemwillrestartandaftersometimetheSigninscreenwilldisplay.6. SignintoCORE1withtheAdministratoraccount.7. OntheCommandPromptwindow,typehostname,andthenpressEnterto
verifythecomputer’sname.8. OntheCommandPromptwindow,typesconfig.cmd,andthenpressEnter.9. Type1tochangetheDomain/Workgroupsettings,andthenpressEnter.10. TypeDtojoinadomain,andthenpressEnter.11. AttheNameofdomaintojoinprompt,typemcsalab.local,andthenpress
Enter.12. AttheSpecifyanauthorizeddomain\userprompt,typeAdministrator,and
thenpressEnter.13. AttheTypethepasswordassociatedwiththedomainuserprompt,type
Password@123,andthenpressEnter.14. AttheChangeComputerNamemessagebox,asshowninthefollowing
figure,clickNo.
15. OntheRestartdialogbox,clickYes.Thesystemwillrestart.Aftersometime,thesigninscreenwilldisplay.
16. SignintoCORE1withtheMCSALAB\Administratoraccount.
Results:Aftercompletingthisexercise,youwillhaveconfiguredaWindowsServer2016servercoremachine.
DonotturnofforshutdowntheDC1and/orCORE1virtualmachine(s)asthesevirtualmachineswillberequiredtoperformthenextexercise.
Exercise2:ManagingServersRemotelyInthisexercise,youwillmanagetheservercoremachinefromtheremotelocation.In
addition,youwillalsodeployrolesandfeaturesontheservercoremachine.Further,youwillmanagetheservicesontheservercoremachine.
Beforestartingtoperformthisexercise,makesurethattheDC1andCORE1virtualmachinesarerunning,andyouhavenotrevertedtheminthepreviousexercise.
Task1:CreatingandManagingtheServerGroup1. SignintoDC1withtheMCSALAB\Administratoraccount.2. OntheServerManagerconsole,makesurethatDashboardisselectedinthe
leftpane,andthenclickCreateaservergroup.3. OntheCreateServerGroupdialogbox,clicktheActiveDirectorytab,and
thenclickFindNow.4. IntheServergroupnametextbox,selecttheCORE1andSERVER1servers,
andthenaddCORE1andSERVER1totheservergroup.5. IntheServergroupnametextbox,typeServerGroup1,asshowninthe
followingfigure.
6. ClickOKtoclosetheCreateServerGroupdialogbox.7. OntheServerManagerconsole,selectServerGroup1intheleftpane.Verify
thatthebothserversarelistedintheServerspane,asshowninthefollowingfigure.
Task2:DeployingRolesandFeaturesonCORE1Machine1. SignintoDC1withtheMCSALAB\Administratoraccount.2. OntheServerManagerconsole,clickServerGroup1intheleftpane.3. Scrolltothetopofthepane,selectandright-clickCORE1,andthenselectAdd
RolesandFeatures,asshowninthefollowingfigure.
4. OntheAddRolesandFeaturesWizard,clickNext.5. OntheSelectinstallationtypepage,clickNext.6. OntheSelectdestinationserverpage,makesurethatCORE1.mcsalab.localis
selected,asshowninthefollowingfigure,andthenclickNext.
7. OntheSelectserverrolespage,selecttheDHCPServercheckbox,asshowninthefollowingfigure,andthenclickNext.
8. OntheAddRolesandFeaturesdialogbox,clickNext.9. ClickNext,untiltheConfirminstallselectionspageisdisplayed.10. OntheConfirminstallationselectionspage,selecttheRestartthedestination
serverautomaticallyifrequiredcheckbox,asshowninthefollowingfigure,andthenclickInstall.
11. ClickClosetoclosetheAddRolesandFeaturesWizard,oncetheinstallationiscompleted.
Task3:ManagingServicesontheCORE1Machine1. SwitchtoasOtheruserandsignintoCORE1withthe
MCSALAB\Administratoraccount.2. OntheCommandPromptwindow,typethefollowingcommand,andthenpress
Enter,asshowninthefollowingfigure.
netsh.exefirewallsetserviceremoteadminenableALL
3. SwitchbackandsignintoDC1withtheMCSALAB\Administratoraccount.4. OntheServerManagerconsole,selectServerGroup1.5. Selectandright-clickCORE1,andthenclickComputerManagement.6. OntheComputerManagementconsole,expandtheServicesandApplications
node,andthenselectServices.7. Selectandright-clicktheDHCPServerservice,andthenclickProperties,as
showninthefollowingfigure.
8. OnthePropertiesdialogbox,ontheGeneraltab,makesurethattheStartuptypeissettoAutomatic.
9. SelecttheRecoverytab,configurethefollowingsettings,asshowninthefollowingfigure.
Firstfailure:RestarttheServiceSecondfailure:RestarttheService
Subsequentfailures:RestarttheComputerResetfailcountafter:1daysRestartserviceafter:1minute
10. OnthePropertiesdialogbox,clickRestartComputerOptions.
11. OntheRestartComputerOptionsdialogbox,intheRestartcomputerafterbox,type2,andthenclickOK.
12. ClickOKtoclosethePropertiesdialogbox.13. ClosetheComputerManagementconsole.
Results:Aftercompletingthisexercise,youhavecreatedaservergroup,deployedrolesandfeatures,andmanagedaserviceremotely.
ShutdownandreverttheDC1andCORE1virtualmachinestoprepareforthenextexercise.
Exercise3:UsingWindowsPowerShelltoManageServersInthisexercise,youwillusetheWindowsPowerShelltomanagetheWindowServer2016.WindowsPowerShellisacommand-lineinterfacethatissimilartocommandprompt.ItisdesignedtoexecutethescriptssimilartoUNIX/Linuxoperatingsystems.
StarttheDC1virtualmachinetoperformthisexercise.
Task1:UsingtheWindowsPowerShelltoConnectRemotelytoServersandViewInformation
1. SignintoDC1withtheMCSALAB\Administratoraccount.2. OntheServerManagerconsole,selectServerGroup1.3. Selectandright-clickCORE1,andthenselectWindowsPowerShell.4. AttheWindowsPowerShellprompt,typecd\andthenpressEnter.5. TypeImport-ModuleServerManager,andthenpressEnter.6. TypeGet-WindowsFeatureandthenpressEntertoviewtheinstalledrolesand
featuresonCORE1,asshowninthefollowingfigure.
7. TypethefollowingcommandtoviewtherunningservicesonCORE1andthenpressEnter,asshowninthefollowingfigure.
Get-service|where-object{$_.status-eq“Running”}
8. TypethefollowingcommandandthenpressEntertoviewalistofprocessesonCORE1,asshowninthefollowingfigure.
Get-Process
9. TypethefollowingcommandtoviewtheIPaddressesoftheCORE1machine,andthenpressEnter,asshowninthefollowingfigure.
Get-NetIPAddress|Format-table
10. Typethefollowingcommandtoviewthemostrecent5securitylogs,andthenpressEnter,asshowninthefollowingfigure.
Get-EventLogSecurity-Newest5
11. CloseWindowsPowerShell.
Task2:UsingWindowsPowerShelltoManageRolesandFeaturesRemotely
1. OnDC1,onthetaskbar,clicktheWindowsPowerShell icon.2. AttheWindowsPowerShellprompt,typethefollowingcommand,andthen
pressEnter.3. Import-ModuleServerManager4. ToverifythattheWINSServerfeatureisnotinstalledonCORE1,typethe
followingcommand,andthenpressEnter,asshowninthefollowingfigure.
Get-WindowsFeature-ComputerNameCORE1
5. ToinstalltheWINSServerfeatureonCORE1,typethefollowingcommand,andthenpressEnter,asshowninthefollowingfigure.
6. Install-WindowsFeatureWINS-ComputerNameCORE1
7. VerifythattheExitCodestatusdisplaysasthesuccesstext.
Results:Aftercompletingthisexercise,youhavemanagedtheserversusingWindowsPowerShell.
ShutdownandreverttheDC1andCORE1virtualmachines.
Exercise04:InstallingandConfiguringDomainControllersThesystemthatholdstheActiveDirectoryDomainServicesroleactsasadomain
controller.Adomaincontrollerisaserverthatisusedtomanageandcontroltheclientsonanetwork.
Inthisexercise,youwilllearnhowtoconfigureadomaincontrolleronWindowsServe2016.Inaddition,youwillalsolearnhowtoconfigureaserverasaGlobalCatalogserver.
StarttheDC1andSERVER1virtualmachinestoperformthisexercise.
Task1:AddingtheADDSRoleonaMemberServer1. SignintoDC1withtheMCSA\Administratoraccount.2. OntheServerManagerconsole,intheleftpane,selectandright-clickAll
Servers,andthenselectAddServers.3. OntheAddServersdialogbox,intheName(CN)textbox,typeSERVER1,
andthenclickFindNow.4. Inthenamelistarea,selectSERVER1,andthenclickthearrowtoaddthe
servertotheSelectedcolumn,asshowninthefollowingfigure.
5. ClickOKtoclosetheAddServersdialogbox.6. OntheServerManagerconsole,intheServerspane,waituntilthe
ManageabilitystatusdisplaysasOnline–Performancecountersnotstarted,asshowninthefollowingfigure.
7. Selectandright-clickSERVER1,andthenselectAddRolesandFeatures.8. OntheAddRolesandFeaturesWizard,clickNext.9. OntheSelectinstallationtypepage,clickNext.10. OntheSelectdestinationserverpage,makesurethattheSelectaserverfrom
theserverpoolradiobuttonisselected.11. IntheServerPoolarea,makesurethatSERVER1.mcsalab.localisselected,as
showninthefollowingfigure,andthenclickNext.
12. OntheSelectserverrolespage,selecttheActiveDirectoryDomainServicescheckbox.
13. OntheAddRolesandFeaturesdialogbox,clickAddFeatures,andthenclickNext.
14. TheSelectserverrolespageisreturned,makesurethattheActiveDirectoryDomainServicescheckboxisselected,asshowninthefollowingfigure,and
thenclickNext.
15. ClickNext,untiltheConfirminstallationselectionspageisdisplayed.16. OntheConfirminstallationselectionspage,selecttheRestartthedestination
serverautomaticallyifrequiredcheckbox,andthenclickInstall.17. Theinstallationprocesswillstart.ClickClosetoclosetheAddRolesand
FeaturesWizard,oncetheinstallationiscompleted.
Task2:ConfiguringSERVER1ServerasaDomainController
1. OnDC1,ontheServerManagerconsole,clicktheNotificationsbutton.2. OnthePost-deploymentConfigurationbox,clickthePromotethisservertoa
domaincontrollerlink,asshowninthefollowingfigure.
3. OntheDeploymentConfigurationpage,oftheActiveDirectoryDomainServicesConfigurationWizard,makesurethattheAddadomaincontroller
toanexistingdomainradiobuttonisselected.4. IntheDomaintextbox,makesurethatthemcsalab.localtextiswritten,as
showninthefollowingfigure.
5. IntheSupplythecredentialstoperformthisoperationsection,clickChange.6. OntheWindowsSecuritydialogbox,intheUsernametextbox,type
MCSALAB\Administrator,inthePasswordbox,typePassword@123,asshowninthefollowingfigure.
7. ClickOKandthenclickNext.8. OntheDomainControllerOptionspage,makesurethatDomainName
System(DNS)servercheckboxisselected,andthencleartheGlobalCatalog(GC)checkbox.
9. IntheTypetheDirectoryServicesRestoreMode(DSRM)passwordsection,typePassword@123,inthePasswordandConfirmpasswordtextboxes,as
showninthefollowingfigure,andthenclickNext.
10. ClickNext,untilthePrerequisitesCheckpageisdisplayed.11. OnthePrerequisitesCheckpage,reviewthewarnings,andthenclickInstall.12. Theinstallationprocesswillstart,clickClose,oncetheinstallationiscompleted.13. Theserverwillrestart.Waitforservertorestart.
Task3:ConfiguringSERVER1asaGlobalCatalogServer1. SwitchandsignintoSERVER1withtheMCSALAB\Administratoraccount2. OntheServerManagerconsole,clickTools,andthenclickActiveDirectory
SitesandServices.3. OntheActiveDirectorySitesandServicesconsole,expandSites\Default-
First-Site-Name\Servers,andthenclickSERVER1,asshowninthefollowingfigure.
4. Intheleftpane,selectandright-clickNTDSSettings,andthenselectProperties.
5. OntheNTDSSettingsPropertiesdialogbox,selecttheGlobalCatalogcheck
box,asshowninthefollowingfigure,andthenclickOK.
6. ClosetheActiveDirectorySitesandServicesconsole.
Results:Aftercompletingthisexercise,youwillhaveexploredtheServerManagerconsoleandpromotedamemberservertobeadomaincontroller.
ShutdownandreverttheDC1andSERVER1virtualmachinestoprepareforthenextexercise.
Exercise5:InstallingaDomainControllerbyUsingIFMInthisexercise,youwilllearnhowtoconfigureadomaincontrollerusingtheIFMdatafile.TheInstallFromMedia(IFM)isafeaturethatallowsyoutoconfigureaserverasadomaincontroller.Thisfeaturehelpsyoutoreducethenetworkbandwidthconsumptionusedduringtheadditionaldomaincontrollerconfiguration.IFMallowsyoutoexportthe
ActiveDirectorydatabasefile(NTDS)toanexternalmediawhichcanbeusedtoconfigureanadditionaldomaincontroller.
StarttheDC1andSERVER1virtualmachinestoperformthisexercise.
Task1:GeneratingaIFMDataFile1. SignintoDC1withtheMCSA\Administratoraccount.2. OpentheRundialogbox,intheOpentextbox,typecmd,andthenpressEnter.3. OntheCommandPromptwindow,typethefollowingcommands,andthen
pressEnteraftereachone,asshowninthefollowingfigure.
Ntdsutil
Activateinstancentds
IFM
CreatesysvolfullC:\IFM
Task2:AddingtheADDSRoletotheMemberServer1. SwitchandsignintoSERVER1withtheMCSALAB\Administratoraccount.2. OpentheCommandPromptwindow,typethefollowingcommand,andthen
pressEnter,asshowninthefollowingfigure.
NetuseZ:\DC1\c$\IFM
3. OpentheServerManagerconsole,ifrequired.4. Intheleftpane,selectLocalServer.5. Inthetoolbar,clickManage,andthenclickAddRolesandFeatures,asshown
inthefollowingfigure.
6. OntheBeforeyoubeginpageoftheAddRolesandFeaturesWizard,clickNext.
7. OntheSelectinstallationtypepage,makesurethattheRole-basedorfeature-basedinstallationradiobuttonisselected,andthenclickNext.
8. OntheSelectdestinationserverpage,makesurethattheSERVER1serverisselected,andthenclickNext.
9. OntheSelectserverrolespage,selecttheActiveDirectoryDomainServicescheckbox.
10. OntheAddRolesandFeaturesWizarddialogbox,clickAddFeatures,andthenclickNext.
11. OntheSelectFeaturespage,clickNext.12. OntheActiveDirectoryDomainServicespage,clickNext.13. OntheConfirminstallationselectionspage,selecttheRestartthedestination
serverautomaticallyifrequiredcheckbox.14. OntheAddRolesandFeaturesWizardmessagebox,asshowninthe
followingfigure,readthemessage,andthenclickYes.
15. OntheConfirminstallationselectionspage,clickInstall.16. Theinstallationprocesswillstart.ClickClose,oncetheinstallationis
completed.
Note:IfyouseeawarningregardingtheDNSserverdelegation,clickOK.
Task3:ConfiguringSERVER1asaNewDomainControllerUsingtheIFMDataFile
1. OnSERVER1,opentheCommandPromptwindow,ifrequired.2. OntheCommandPromptwindow,typethefollowingcommands,andthen
pressEnter,asshowninthefollowingfigure.
RobocopyZ:C:\IFM/copyall/s
3. ClosetheCommandPromptwindow,oncethecopyingprocessiscompleted.4. OntheServerManagerconsole,clicktheNotificationsbutton.5. InthePost-deploymentConfigurationbox,clickthePromotethisservertoa
domaincontrollerlink.6. OntheDeploymentConfigurationpage,makesurethattheAddadomain
controllertoanexistingdomainradiobuttonisselected.7. Makesurethatthemcsalab.localtextiswrittenintheDomaintextbox,as
showninthefollowingfigure.
8. IntheSupplythecredentialstoperformthisoperationsection,clickChange.
Note:IfyouarealreadyloggedinasMCSA\Administratoraccount,youdon’tneedtochangethecredentialsonthispage.Ifso,movedirectlytotheDomainControllerOptions
page.
9. OntheWindowsSecuritydialogbox,intheUsernametextbox,typeMCSALAB\Administrator,inthePasswordtextbox,typePassword@123.
10. ClickOK,andthenclickNext.11. OntheDomainControllerOptionspage,makesurethattheDomainName
System(DNS)serverandGlobalCatalog(GC)checkboxesareselected.
12. UndertheDSRMpasswordsection,typePassword@123inthePasswordandConfirmpasswordtextboxesandthenclickNext.
13. OntheDNSOptionspage,clickNext.14. OntheAdditionalOptionspage,selecttheInstallfrommediacheckbox.15. InthePathtextbox,typeC:\IFM,asshowninthefollowingfigure.
16. ClickVerify.Oncethepathhasbeenverified,clickNext.17. OnthePathspage,clickNext.18. OntheReviewOptionspage,clickNext.19. OnthePrerequisitesCheckpage,clickInstall.Theinstallationprocesswill
startandtheserverwillrestart,oncetheconfigurationiscompleted.Waitfortheservertorestart.
Results:Aftercompletingthisexercise,youwillhaveinstalledanadditionaldomaincontrollerforthebranchofficebyusingIFM.
ShutdownandreverttheDC1andSERVER1virtualmachinestoprepareforthenextexercise.
Exercise6:ManagingOrganizationalUnitsandGroupsinADDS
ActiveDirectoryobjectsareusedtoaccessthevariousnetworkresourcesforthevariouspurposes.Onceyouconfiguredadomaincontroller,youneedtocreateandmanageActiveDirectoryobjects,suchasOUs,groups,andusers.Youcandelegatetheadministrative
permissionstotheActiveDirectoryobjects.
Inthisexercise,youwilllearnhowtocreateActiveDirectoryobjects,howtodelegatethepermissions,andhowtoconfigurehomefolders.Inaddition,youwillalsolearnhowto
resetandrejointhecomputeraccounts.
StarttheDC1andCLIENT1virtualmachinestoperformthisexercise.
Task1:ManagingOrganizationalUnitsandGroups1. SignintoDC1withtheMCSALAB\Administratoraccount.2. OntheServerManagerconsole,clickTools,andthenclickActiveDirectory
UsersandComputers.3. OntheActiveDirectoryUsersandComputersconsole,selectandright-click
mcsalab.local,andthenselectNew,andthenclickOrganizationalUnit,asshowninthefollowingfigure.
4. OntheNewObject–OrganizationalUnitdialogbox,intheNametextbox,typeTraining,asshowninthefollowingfigure,andthenclickOK.
5. Selectandright-clicktheTrainingOUintheleftpane,andthenselectNew,andthenclickGroup.
6. OntheNewObject–Groupdialogbox,intheGroupnametextbox,typeStudents,asshowninthefollowingfigure,andthenclickOK.
7. Selectandright-clickmcsalab.local,intheleftpane,andthenselectNew,andthenclickOrganizationalUnit.
8. OntheNewObject–OrganizationalUnitdialogbox,intheNametextbox,typeDevelopment,andthenclickOK.
9. Selectandright-clicktheDevelopmentOU,andthenselectNew,andthenclickGroup.
10. OntheNewObject–Groupdialogbox,intheGroupnametextbox,typeTrainers,andthenclickOK.
11. Selectandright-clicktheDevelopmentOU,andthenselectNew,andthenclickGroup.
12. OntheNewObject–Groupdialogbox,intheGroupnametextbox,typeManagers,andthenclickOK.
13. Intherightpane,selectandright-clicktheTrainersgroup,andthenselectMove,asshowninthefollowingfigure.
14. OntheMovedialogbox,selecttheTrainingOU,asshowninthefollowingfigure,andthenclickOK.
15. Intheleftpane,selecttheTrainingOU.16. Intherightpane,selectandright-clickTrainers,andthenselectDelete.17. OntheActiveDirectoryDomainServicesmessagebox,clickYes.Makesure
thattheTrainersgroupisdeleted.
Task2:DelegatingthePermissions1. MakesurethattheActiveDirectoryUsersandComputersconsoleisactiveon
DC1.2. Intheleftpane,selectandright-clicktheTrainingOU,andthenselectDelegate
Control,asshowninthefollowingfigure.
3. OnthewelcomepageoftheDelegationofControlWizard,andclickNext.4. OntheUsersorGroupspage,clickAdd.5. OntheSelectUsers,Computers,orGroupsdialogbox,intheEntertheobject
namestoselect(examples)textbox,typeStudents,asshowninthefollowingfigure,andthenclickOK.
6. OntheUsersorGroupspage,clickNext.7. OntheTaskstoDelegatepage,makesurethattheDelegatethefollowing
commontasksradiobuttonisselected.8. SelecttheCreate,delete,andmanageuseraccountscheckbox,asshownin
thefollowingfigure,andthenclickNext.
9. OntheCompletingtheDelegationofControlWizardpage,clickFinish.10. Selectandright-clicktheTrainingOU,andthenselectNew,andthenclick
User.11. OntheNewObject-Userdialogbox,typeMarsh,intheFirstnameandUser
logonnametextboxes,asshowninthefollowingfigure,andthenclickNext.
12. InthePasswordandConfirmpasswordtextboxes,[email protected]. CleartheUsermustchangepasswordatnextlogoncheckbox,selectthe
Passwordneverexpirescheckbox,asshowninthefollowingfigure.
14. ClickNext,andthenclickFinish.15. MinimizetheActiveDirectoryUsersandComputersconsole.
Task3:ConfiguringHomeFoldersforUserAccounts1. OnDC1,createafoldernamedMarshData,undertheC:\Users\Publicfolder,
asshowninthefollowingfigure.
2. Selectandright-clicktheMarshDatafolder,andthenselectProperties.3. OntheMarshDataPropertiesdialogbox,selecttheSharingtab,asshownin
thefollowingfigure.
4. ClickAdvancedSharing.5. OntheAdvancedSharingdialogbox,selecttheSharethisfoldercheckbox,as
showninthefollowingfigure.
6. ClickPermissions.
7. OnthePermissionsforMarshDatadialogbox,inthePermissionsforEveryonesection,selecttheFullControlcheckbox,asshowninthefollowing
figure.
8. ClickApply,andthenclickOK.9. ClickOKtocloseAdvancedSharingdialogbox,andthenclickClose.10. ClosetheWindowsExplorerwindow.11. SwitchtotheActiveDirectoryUsersandComputersconsole.12. Selectandright-clicktheMarshuser,andthenselectProperties.13. OntheMarshPropertiesdialogbox,selecttheProfiletab.14. UndertheHomefoldersection,selecttheConnectradiobutton.15. IntheTotextbox,type\DC1\MarshData\Marsh,asshowninthefollowing
figure,andthenclickApply.
Note:BydefaultallthedomainusersaredeniedtosignintotheDomainControllerserver.Inthenextsteps,wearegoingtomakeMarshasthememberofPrintOperatorsgrouptosignintoDomainControllertotesttheexercise.Youwilllearnmoreaboutthe
userrightsandpermissionsintheupcomingexercises.
16. SelecttheMemberOftab,andthenclickAdd.17. OntheSelectGroupsdialogbox,intheEntertheobjectnamestoselect
(example)textbox,typePrintOperators,asshowninthefollowingfigure.
18. ClickCheckNames,andthenclickOK.19. OntheMemberOftab,andclickagainAdd.20. OntheSelectGroupsdialogbox,intheEntertheobjectnamestoselect
(example)textbox,typeStudents.21. ClickCheckNames,andthenclickOK.
Note:YouhaveaddedtheMarshusertoStudentsgrouptotestthedelegatedpermissions.
22. ClickOKtoclosetheMarshPropertiesdialogbox.23. ClosetheActiveDirectoryUsersandComputersconsole.
Task4:TestingandVerifyingtheHomeFoldersandDelegatedPermissions
1. OnDC1,opentheRundialogbox,typelogoffandthenclickOKtosignoutfromtheMCSALAB\Administratoraccount,asshowninthefollowingfigure.
2. SwitchtoOtheruserandSigninasMarshwiththepasswordasPassword@123,asshowninthefollowingfigure.
3. PresstheWindows+EkeystoopentheWindowsExplorerwindow.
4. VerifythatdriveZismappedto(\DC1\MarshData),asshowninthefollowingfigure.
5. Double-clickMarsh(\DC1\MarshData)(Z:).
Note:Youshouldbeabletoaccessthisdrivewithoutanyerrors.Ifyoureceivenoerrors,youhavebeensuccessful.
6. ClosetheWindowsExplorerwindow.7. OpentheRundialogbox,typedsa.msc,intheOpentextbox,andthenpress
Enter.8. OntheUserAccountControldialogbox,intheUsernametextbox,type
Marsh.9. InthePasswordtextbox,typePassword@123,asshowninthefollowing
figure,andthenclickYes.
10. OntheActiveDirectoryUsersandComputersconsole,expandmcsalab.local.
11. Selectandright-clickTraining,andthenclickNew,andthenclickUser.12. OntheNewObject–Userdialogbox,intheFirstnameandUserlogonname
textboxes,typeTestUser2,andthenclickNext.13. InthePasswordandConfirmpasswordtextboxes,[email protected]. ClickNext,andthenclickFinish.15. MakesurethattheTestUser1accountiscreated,undertheTrainingOU.16. Selectandright-clickDevelopment,andthenclickNew,andthenclickUser.17. OntheNewObject–Userdialogbox,intheFirstnameandUserlogonname
textboxes,typeTestUser2,andthenclickNext.18. InthePasswordandConfirmpasswordtextboxes,typePassword@123,click
Next,andthenclickFinish.19. Makesurethatyougetthefollowingerrormessage.
20. ClickOK,andthenclickCancel.21. ClosetheActiveDirectoryUsersandComputersconsole.22. SignoutfromtheMarshuser.
Task5:ResettingtheComputerAccounts1. SignintoDC1withtheMCSALAB\Marshaccount.2. OntheServerManagerconsole,clickTools,andthenclickActiveDirectory
UsersandComputers.3. OntheActiveDirectoryUsersandComputersconsole,expandmcsalab.local.4. Intheleftpane,selectComputers.5. Intherightpane,selectandright-clickCLIENT1,andthenclickReset
Account,asshowninthefollowingfigure.
6. OntheActiveDirectoryDomainServicesmessagebox,clickYes,andtheclickOK.
Task6:ExaminingtheBehaviorwhenaUserLoginsonClient.
1. TrytoSignintoCLIENT1withtheMCSALAB\Marshaccount.2. AmessagedisplaysstatingthatThetrustrelationshipbetweenthis
workstationandtheprimarydomainfailed,asshowninthefollowingfigure.
Task7:RejoiningtheDomaintoReconnecttheComputerAccount
1. SignintoCLIENTasCLIENT1\AdministratorwiththepasswordasPassword@123.
2. OpentheSystemPropertiesdialogbox,clickNetworkID.3. OntheSelecttheoptionthatdescribesyournetworkpage,asshowninthe
followingfigure,clickNext.
4. OntheIsyourcompanynetworkonadomain?page,clickNext.5. OntheYouwillneedthefollowinginformationpage,clickNext.6. OntheTypeyourusername,password,anddomainnameforyourdomain
accountpage,intheUsernametextbox,typeAdministrator.7. InthePasswordtextbox,[email protected]. IntheDomainnametextbox,typeMCSALAB.LOCAL,asshowninthe
followingfigure,andthenclickNext.
9. OntheUserAccountandDomainInformationdialogbox,clickYes.10. OntheDoyouwanttoenableadomainuseraccountonthiscomputer?
page,selecttheDonotaddadomainuseraccountradiobutton,andthenclickNext.
11. ClickFinish,andthenclickOK.12. OntheMicrosoftWindowsdialogbox,clickRestartNow.Waitforsystemto
restart.13. SigninasMCSALAB\[email protected]. Makesurethatyouareabletosignin.
Results:Afterthisexercise,youhavesuccessfullycreatedandtestedOrganizationalUnits,Groups,Users,HomeFolders,andtheDelegationofControlWizard.Inaddition,
youshouldalsohavesuccessfullyresetatrustrelationship
ShutdownandreverttheDC1andCLIENT1virtualmachinestoprepareforthenextexercise.
Exercise7:UsingWindowsPowerShelltoCreateUserAccountsandGroups
Asdiscussedearlier,WindowPowerShellisacommand-lineinterfaceusedtomanageWindowsserversandclients.YoucanalsouseWindowsPowerShelltomanagetheActive
Directoryobjects.
Inthisexercise,youwilllearnhowtomanageActiveDirectoryobjectsusingWindowPowerShell.Inaddition,youwillalsolearnhowtoexportandimporttheActiveDirectory
objectsusingWindowPowerShell.
StarttheDC1andCLIENT1virtualmachinestoperformthisexercise.
Task1:CreatingaUserAccountUsingWindowsPowerShell1. SignintoDC1withtheMCSALAB\Administratoraccount.2. Onthetaskbar,clicktheWindowsPowerShellicon.3. AttheWindowsPowerShellprompt,typecd\andthenpressEnter.4. TocreateanOrganizationalUnitnamedBranchOffice,typethefollowing
command,andthenpressEnter:
New-ADOrganizationalUnitBranchOffice
5. TocreateausernamedPeterundertheBranchOfficeOU,typethefollowingcommand,andthenpressEnter:
New-ADUser-NamePeter-DisplayName“PeterMark”-Path“ou=BranchOffice,dc=mcsalab,dc=local”
6. TosetthepasswordforPeteruser,typethefollowingcommand,andthenpressEnter:
Set-ADAccountPasswordPeter
Whenpromptedforthecurrentpassword,pressEnter.
Whenpromptedforthedesiredpassword,typePassword@123,andthenpressEnter.
Whenpromptedtorepeatthepassword,typePassword@123,andthenpressEnter.
7. ToenablethePeteruser,typethefollowingcommand,andthenpressEnter.
Enable-ADAccountPeter
8. SwitchtotheCLIENT1virtualmachine.
9. OnCLIENT1,[email protected]. Verifythatsigninissuccessful,andthensignoutofCLIENT1.
Task2:CreatingGroupsUsingWindowsPowerShell1. SwitchbacktoDC1.2. AttheWindowsPowerShellprompt,typethefollowingcommandtocreatea
newsecurity(global)groupnamedBranchUsers,andthenpressEnter.
New-ADGroupBranchUsers-Path“ou=BranchOffice,dc=mcsalab,dc=local”
3. AttheGroupScopeprompt:typeGlobalandthenpressEnter,asshowninthefollowingfigure.
4. ToaddthePeteruserasmemberoftheBranchUsersgroup,typethefollowingcommand,andthenpressEnter.
Add-ADGroupMemberBranchUsers-MembersPeter
5. ToviewthemembersoftheBranchUsersgroup,typethefollowingcommand,andthenpressEnter.
Get-ADGroupMemberBranchUsers
Task3:ExportingUserAccountsUsingtheldifdeTool1. AttheWindowsPowerShellprompt,typethefollowingcommand,andthen
pressEnter,asshowninthefollowingfigure.
ldifde-fMyUsers
2. AttheWindowsPowerShellprompt,typenotepadMyUsersandthenpressEnter.
3. ReviewtheMyUsersfileandclosetheNotepad.
Results:Aftercompletingthisexercise,youhavemanagedADDSobjectsusingWindowsPowerShell.
ShutdownandreverttheDC1andCLIENT1virtualmachinestoprepareforthenextexercise.
Exercise8:InstallingandConfiguringtheDHCPServerRole
DynamicHostConfigurationProtocol(DHCP)isasservicethatisusedtoprovideTCP/IPsettings,suchasIPaddress,subnetmask,defaultgateway,andDNSservertotheclients,
automatically.Inalargeenterprisenetwork,itisdifficulttomanageIPaddressesmanually.Hence,DHCPcanbeausefulfeaturetomanagetheIPaddressesinalarge
enterprisenetwork.
Inthisexercise,youwilllearnhowtoinstalltheDHCPserverroleandhowtoconfiguretheDHCPscope.Inaddition,youwillalsolearnhowtousetheDHCPreservationfeature
toreserveaspecificIPaddressforaspecificclient.
StarttheDC1andCLIENT1virtualmachinestoperformthisexercise.
Task1:InstallingtheDHCPServerRole1. SignintoDC1withMCSALAB\Administratoraccount.2. OpentheServerManagerconsole,ifrequired.3. OntheServerManagerconsole,clicktheAddrolesandfeatureslink.4. OntheAddRolesandFeaturesWizard,clickNext.5. OntheSelectinstallationtypepage,makesurethattheRole-basedorfeature-
basedinstallationradiobuttonisselected,andthenclickNext.6. OntheSelectdestinationserverpage,clickNext.7. OntheSelectserverrolespage,selecttheDHCPServercheckbox.8. OntheAddRolesandFeaturesWizarddialogbox,clickAddFeatures.9. TheSelectserverrolespageisreturned,asshowninthefollowingfigure,click
Next.
10. Completetheinstallationprocess.
Task2:ConfiguringtheDHCPScope1. OntheServerManagerconsole,clickTools,andthenclickDHCP.2. OntheDHCPconsole,intheleftpane,expanddc1.mcsalab.local.3. Selectandright-clickdc1.mcsalab.local,andthenselectAuthorize.
4. Selectandright-clickdc1.mcsalab.local,andthenclickRefresh.NoticethattheiconsnexttoIPv4IPv6changescolorfromredtogreen,asshowninthe
followingfigure.
5. OntheDHCPconsole,selectandright-clickIPv4,andthenselectNewScope.6. OnthewelcomepageoftheNewScopeWizard,clickNext.7. OntheScopeNamepage,intheNametextbox,typeDHCPScope1,asshown
inthefollowingfigure,andthenclickNext.
8. OntheIPAddressRangepage,providethefollowinginformation,asshowninthefollowingfigure,andthenclickNext.
StartIPaddress:10.0.0.225EndIPaddress:10.0.0.250
Length:8Subnetmask:255.0.0.0
9. OntheAddExclusionsandDelaypage,excludethefollowingIPaddressrange,asshowninthefollowingfigure.
StartIPaddress:10.0.0.225EndIPaddress:10.0.0.230
10. ClickAdd,andthenclickNext.11. OntheLeaseDurationpage,reviewthedefaultleasedurationlimit,andthen
clickNext.12. OntheConfigureDHCPOptionspage,makesurethattheYes,Iwantto
configuretheseoptionnowradiobuttonisselected,asshowninthefollowingfigure,andthenclickNext.
13. OntheRouter(DefaultGateway)page,intheIPaddresstextbox,type10.0.0.0.1,asshowninthefollowingfigure.
14. ClickAdd,andthenclickNext.15. OntheDomainNameandDNSServerspage,makesurethat10.0.0.100is
writtenundertheIPaddresscolumn,asshowninthefollowingfigure,andthenclickNext.
16. OntheWINSServerspage,clickNext.17. OntheActivateScopepage,makesurethattheYes,Iwanttoactivatethis
scopenowradiobuttonisselected,asshowninthefollowingfigure,andthenclickNext.
18. OntheCompletingtheNewScopeWizardpage,clickFinish.19. Selectandright-clickIPv4,andthenselectRefresh.20. MakesurethattheIPv4nodeismarkedwiththegreencolor,asshowninthe
followingfigure.
Task3:ConfiguringDHCPClient1. OpentheNetworkConnectionswindow,selectandright-clicktheactive
networkadapterandthenselectProperties.2. OnthePropertiesdialogbox,scrolldown,selectInternetProtocolVersion4
(TCP/IPv4),andthenclickProperties.3. OntheInternetProtocolVersion4(TCP/IPv4)Propertiesdialogbox,select
theObtainanIPaddressautomaticallyradiobutton,selecttheObtainDNSserveraddressautomaticallyradiobutton,asshowninthefollowingfigure.
4. ClickOK,andthenclickClose.5. OpentheRundialogbox,typecmd,andthenpressEnter.6. OntheCommandPromptwindow,typeipconfig/renew,asshowninthe
followingfigure,andthenpressEnter.
7. Typetheipconfig/allcommandandverifythatCLIENT1hasreceivedTCP/IPsettings,suchasIPaddress,subnetmask,defaultgateway,andDNSserver’sIP
address,asshowninthefollowingfigure.
Task4:ConfiguringDHCPReservation1. OnCLIENT1,ontheCommandPromptwindow,typeipconfig/all,andthen
pressEnter.2. FindandwritedownthePhysicalAddressoftheCLIENT1networkadapter,in
thiscaseitis00-15-5D-77-D6-0B,asshowninthefollowingfigure.
Note:Thephysicaladdressisaunique48bitaddress,whichisassignedbyIEEEandnetworkadapter’svendor.
3. Switchandsignin(ifrequired)toDC1withtheMCSALAB\Administratoraccount.
4. MakesurethattheDHCPconsoleisactive.Ifnot,opentheDHCPconsole.5. OntheDHCPconsole,expanddc1.mcsalab.local,andthenclickIPv4.6. Selectandright-clickReservations,andthenselectNewReservation,asshown
inthefollowingfigure.
7. OntheNewReservationdialogbox,intheReservationNametextbox,typeCLIENT1.
8. IntheIPaddresstextbox,type10.0.0.240.9. IntheMACaddresstextbox,typethephysicaladdressoftheCLIENT1
machine(00-15-5D-77-D6-0B),asshowninthefollowingfigure.
Note:ReplacethephysicaladdresstextwiththeactualphysicaladdressofyourCLIENT1machine.
10. ClickAdd,andthenclickClose.11. SwitchbackandsignintoCLIENT1.12. OntheCommandPromptwindow,typeipconfig/release,andthenpress
EntertoreleasetheexistingIPaddress.13. OntheCommandPromptwindow,typeipconfig/renew,andthenpressEnter
toobtainanewIPaddress.14. OntheCommandPromptwindow,verifythatIPaddressofCLIENT1isnow
10.0.0.240,asshowninthefollowingfigure.
15. ClosetheCommandPromptwindow.
Results:Aftercompletingthisexercise,youshouldhaveconfiguredDHCPscope,DHCPoptions,andDHCPreservation.
ShutdownandreverttheDC1andCLIENT1virtualmachinestoprepareforthenextexercise.
Exercise9:InstallingandConfiguringDNSDomainNameSystem(DNS)isaservicethatisusedtoperformthenameresolution.
NameresolutionisaprocesstomapdomainnamesintoIPaddressesandviceversa.ThesystemscommunicatetoeachotherusingtheIPaddresses,howeveritisdifficulttoremembertheIPaddressesofeachclientinalargeenterprisenetwork.DNSservice
allowsyoutocommunicatewiththesystemsusingthedomainnames,whichiseasiertorememberthanIPaddresses.
Inthisexercise,youwilllearnhowtoinstallandconfiguretheDNSserverrole.Inaddition,youwillalsolearnhowconfigureDNSforwarderandhowtomanageDNS
cache.
StarttheDC1,SERVER1,andCLIENT1virtualmachinestoperformthisexercise.
Task1:ConfiguringSERVER1asaDomainControllerwithoutInstallingtheDNSServerRole
1. SignintoSERVER1withtheAdministratoraccount.2. OntheServerManagerconsole,clicktheAddrolesandfeatureslink.3. OntheBeforeyoubeginpageoftheAddRolesandFeaturesWizard,click
Next.4. OntheSelectinstallationtypepage,clickNext.5. OntheSelectdestinationserverpage,makesurethatSERVER1.mcsalab.local
isselected,andthenclickNext.6. OntheSelectserverrolespage,selecttheActiveDirectoryDomainServices
checkbox.7. OntheAddRolesandFeaturesWizarddialogbox,clickAddFeatures,and
thenclickNext.8. OntheSelectfeaturespage,clickNext.9. OntheActiveDirectoryDomainServicespage,clickNext.10. OntheConfirminstallationselectionspage,clickInstall.11. Theinstallationprocesswillstart.ClickClose,oncetheinstallationsucceeded.12. OntheServerManagerconsole,clicktheNotificationsicon,andthenclickthe
Promotethisservertoadomaincontrollerlink,asshowninthefollowingfigure.
13. OntheDeploymentConfigurationpageoftheActiveDirectoryDomainServicesConfigurationWizard,makesurethattheAddadomaincontroller
toanexistingdomainradiobuttonisselected.14. UndertheSupplythecredentialstoperformthisoperationsection,click
Change.15. OntheWindowsSecuritydialogbox,intheUsernametextbox,type
MCSALAB\Administrator.InthePasswordtextbox,[email protected]. TheDeploymentConfigurationpageisreturned,asshowninthefollowing
figure.Reviewtheselectedoptions,andthenclickNext.
17. OntheDomainControllerOptionspage,cleartheDomainNameSystem(DNS)servercheckbox.
18. UndertheDSRMpasswordsection,typePassword@123inthePasswordandConfirmpasswordtextboxes,asshowninthefollowingfigure,andthenclick
Next.
19. ClickNext,untilthePrerequisitesCheckpageisdisplayed.20. OnthePrerequisitesCheckpage,clickInstall.21. Theinstallationprocesswillstartandtheserverwillrestartautomatically.After
SERVER1restarts,signintoSERVER1withtheMCSALAB\Administratoraccount.
Task2:CreatingandConfiguringtheMyzone.localZoneonDC1
1. SignintoDC1withtheMCSALAB\Administratoraccount.2. OntheServerManagerconsole,clickTools,andthenclickDNS.3. OntheDNSManagerconsole,expandDC1,selectandright-clickForward
LookupZones,andthenselectNewZone,asshowninthefollowingfigure.
4. OnthewelcomepageoftheNewZoneWizard,clickNext.5. OntheZoneTypepage,makesurethatthePrimaryzoneradiobuttonis
selected.6. CleartheStorethezoneinActiveDirectorycheckbox,asshowninthe
followingfigure,andthenclickNext.
7. OntheZoneNamepage,intheZonenametextbox,typeMyzone.local,asshowninthefollowingfigure,andthenclickNext.
8. OntheZoneFilepage,clickNext.9. OntheDynamicUpdatepage,makesurethattheDonotallowdynamic
updatesradiobuttonisselected,asshowninthefollowingfigure,andthenclickNext.
10. OntheCompletingtheNewZoneWizardpage,asshowninthefollowingfigure,reviewthezoneconfigurationoptions,andthenclickFinish.
11. OntheDNSManagerconsole,expandForwardLookupZones.12. Selectandright-clicktheMyzone.localzone,andthenselectNewHost(Aor
AAAA),asshowninthefollowingfigure.
13. OntheNewHostdialogbox,intheNametextbox,typewww.IntheIPaddresstextbox,type10.0.0.101,asshowninthefollowingfigure,andthen
clickAddHost.
14. OntheDNSmessagebox,clickOK.15. OntheNewHostdialogbox,clickDone.16. LeavetheDNSManagerconsoleactive.
Task3:AddingtheDNSServerRoleontheSERVER11. SwitchandSignintoSERVER1withtheMCSALAB\Administratoraccount.2. OntheServerManagerconsole,clicktheAddrolesandfeatureslink.3. OntheBeforeyoubeginpageoftheAddRolesandFeaturesWizard,click
Next.
4. OntheSelectinstallationtypepage,clickNext.5. OntheSelectdestinationserverpage,makesurethatSERVER1.mcsalab.local
isselected,andthenclickNext.6. OntheSelectserverrolespage,selecttheDNSServercheckbox.7. OntheAddRolesandFeaturesWizarddialogbox,clickAddFeatures.8. TheSelectServerrolespageisreturned,asshowninthefollowing,clickNext.
9. OntheSelectFeaturespage,clickNext.10. OntheDNSServerpage,clickNext.11. OntheConfirminstallationselectionspage,clickInstall.12. Theinstallationprocesswillstart.ClickClose,oncetheinstallationsucceeded.
Task4:VerifyingReplicationofthemcsalab.localZone1. OnSERVER1,ontheServerManagerconsole,clickTools,andthenclick
DNS.2. OntheDNSManagerconsole,expandSERVER1,andthenexpandForward
LookupZones.3. Right-clickForwardLookupZoneandthenselectRefresh.4. Makesurethatthe_msdcs.mcsalab.localandmcsalab.localzonesare
displayed.
Note:Ifthezonelistisempty,proceedtothenextstep,otherwiseclosetheDNSManagerconsole.
5. OnSERVER1,switchbacktotheServerManagerconsole,clickTools,andthenclickActiveDirectorySitesandServices.
6. OntheActiveDirectorySitesandServicesconsole,expandSites,andthenclickDefault-First-Site-Name,andthenclickServers,andthenclickDC1.
7. SelectNTDSSettings,intherightpane,selectandright-clicktheSERVER1replicationconnection,andselectReplicateNow,asshowninthefollowing
figure.
Note:Ifyoureceiveanerrormessage,proceedtothenextstep,andthenretrythisstepafter5minutes.
8. Intheleftpane,expandSERVER1,andthenselectNTDSSettings.9. Intherightpane,selectandright-clicktheDC1replicationconnection,select
ReplicateNow,andthenclickOK.10. SwitchbacktotheDNSManagerconsole,selectandright-clickForward
LookupZones,andthenclickRefresh.11. Makesurethatthe_msdcs.mcsalab.localandmcsalab.localzonesare
displayed.12. ClosetheDNSManagerconsole.
Task5:ConfiguringDNSForwarder1. SwitchandsignintoDC1.2. OpentheDNSManagerconsole.3. OntheDNSManagerconsole,selectandright-clickDC1,andthenselect
Properties,asshowninthefollowingfigure.
4. OntheDC1Propertiesdialogbox,selecttheForwarderstab,asshowninthefollowingfigure.
5. OntheForwarderstab,clickEdit.6. OntheEditForwardersdialogbox,type10.0.0.101,asshowninthefollowing
figure,andthenclickOK.
7. OntheDC1dialogbox,clickOK.8. OntheDNSManagerconsole,selectandright-clickDC1,andthenclickAll
Tasks,andthenclickRestart.9. SwitchandsignintoCLIENT1.10. OpentheCommandPromptwindow.11. OntheCommandPromptwindow,typepingwww.myzone.local,andthe
pressEnter.12. Makesurethatyouareabletoresolvethewww.myzone.localFQDN
successfully,asshowninthefollowingfigure.
13. OntheCommandPromptwindow,typenslookup,andthenpressEnter.14. Atthenslookupprompt,typewww.myzone.local,andthenpressEnter.15. MakesurethatyoureceiveanIPaddressforthishost,asshowninthefollowing
figure.
16. LeavetheCommandPromptwindowactive.
Task6:ManagingtheDNSCache1. OnCLIENT1,ontheCommandPromptwindow,typethefollowingcommand
andthenpressEnter,asshowninthefollowingfigure.
ipconfig/displaydns
2. ExaminetheoutputandclosetheCommandPromptwindow.3. PresstheWindowskey,andthentypecmd.4. Selectandright-clickCommandPrompt,andthenselectRunasadministrator
asshowninthefollowingfigure.
5. OntheUserAccountControldialogbox,clickYes.6. OntheCommandPromptwindow,typethefollowingcommandtoclearthe
DNScache,andthenpressEnter.
ipconfig/flushdns
7. OntheCommandPromptwindow,typethefollowingcommandandverifythattheDNScachehasbeencleared,andthenpressEnter.
ipconfig/displaydns
8. ClosetheCommandPromptwindow.
Results:Aftercompletingthisexercise,youshouldhavedeployedDNSserver,DNSzone,
DNSforwarder,andDNScache.
ShutdownandreverttheDC1,SERVER1,andCLIENT1virtualmachinestoprepareforthenextexercise.
10:ImplementingLANRoutingLANroutingisaWindowfeaturethatenablesyoutocommunicatebetweendifferentsubnets.Tocommunicatebetweendifferentsubnets,typicallyadevicecalledrouterisused,butyoucanalsouseaWindowsserver,suchasWindowsServer2016servertoperformtheLANrouting.However,WindowsServer2016doesnotsupportallthe
featuressupportedbyarouter.Itistypicallyhelpfulforasmallnetworkwiththelimitednumberofsubnets.
Inthisexercise,youwilllearnhowtouseaWindowsServer2016serverasasoftwareroutertoenableLANroutingbetweentwoormoresubnets.
StarttheDC1,ROUTER,andSERVER2virtualmachinestoperformthisexercise.
Task1:InstallingtheLANRoutingFeatureonROUTER1. SignintoROUTERwiththeAdministratoraccount.2. OntheServerManagerconsole,clicktheAddrolesandfeatureslink.3. OntheBeforeyoubeganpageoftheAddRolesandFeaturesWizard,click
Next.4. OntheSelectinstallationtypepage,clickNext.5. OntheSelectdestinationserverpage,clickNext.6. OntheSelectServerrolespage,selecttheRemoteAccesscheckbox,asshown
inthefollowingfigure,andthenclickNext.
7. OntheSelectfeaturespage,clickNext.8. OntheRemoteAccesspage,clickNext.9. OntheSelectrolesservicespage,selecttheRoutingcheckbox.
10. OntheAddRolesandFeaturesWizarddialogbox,clickAddFeatures.11. TheSelectroleservicespageisreturned,asshowninthefollowingfigure,click
Next.
Note:TheDirectAccessandVPN(RAS)checkboxwillbeselectedautomatically.
12. OntheWebServerRole(IIS)page,clickNext.13. OntheSelectroleservicespage,clickNext.14. OntheConfirminstallationselectionpage,clickInstall.15. ClickClose,oncetheinstallationsucceeded.
Task2:ConfiguringtheLANRoutingServiceonROUTER1. OntheServerManagerconsole,clickTools,andthenclickRemoteand
RoutingAccess.2. OntheRoutingandRemoteAccessconsole,selectandright-clickROUTER
(local),andthenselectConfigureandEnableRoutingandRemoteAccess,asshowninthefollowingfigure.
3. OnthewelcomepageoftheRoutingandRemoteAccessServerSetupWizard,clickNext.
4. OntheConfigurationpage,selecttheCustomconfigurationradiobutton,asshowninthefollowingfigure,andthenclickNext.
5. OntheCustomConfigurationpage,selecttheLANroutingcheckbox,asshowninthefollowingfigure.
6. ClickNext,andthenclickFinish.7. Ontheservicemessagebox,clickStartService.8. MakesurethattheROUTER(local)node’scolorchangesredtogreen,as
showninthefollowingfigure.
9. ClosetheRoutingandRemoteAccessconsole.10. OntheROUTERvirtualmachine,opentheRundialogbox,typefirewall.cpl
intheOpentextbox,andthenpressEnter.11. OntheWindowsFirewallwindow,intheleftpane,clicktheTurnWindows
Firewallonorofflink.12. OntheCustomizeSettingswindow,selecttheTurnoffWindowsFirewall
(notrecommended)radiobuttonforeachprofile,asshowninthefollowingfigure.
13. ClosetheCustomizeSettingswindow.
Task3:TestingtheConnectivitybetweenDC1andSERVER2Servers
1. SwitchandsignintoSERVER2withtheAdministratoraccount.2. OpentheRundialogbox,typefirewall.cpl,intheOpentextbox,andthenpress
Enter.3. OntheWindowsFirewallwindow,intheleftpane,clicktheTurnWindows
Firewallonorofflink.4. OntheCustomizeSettingswindow,selecttheTurnoffWindowsFirewall(not
recommended)radiobuttonforeachfirewallprofiles5. ClosetheCustomizeSettingswindow.6. SwitchandsignintoDC1withMCSALAB\Administratoraccount.7. OpentheCommandPromptwindow,ontheCommandPromptwindow,type
thefollowingcommandsandthenpressEnteraftereachone.
Ping10.0.0.1
Ping192.168.0.1
Ping192.168.0.2
8. Youshouldbeabletocommunicatetoallsystemssuccessfully,asshowninthefollowingfigure.
9. ClosetheCommandPromptwindow.
Results:Aftercompletingthisexercise,youwillhaveconfiguredLANroutingbetweenDC1andSERVER2servers.
Donotshutdownorrevertanyvirtualmachine,asthesewillbeusedinthenextexercise.
Exercise11:ConfiguringIPv6AddressingIPv6addressingschemeprovidesmoreuniqueaddressesandismoresecurethan
traditionalIPv4addressingscheme.AnIPv6addresscomprisesofeightblocksandeachblockcancontain16(bit)hexadecimaldigits.YoucanenablecommunicationbetweenIPv4andIPv6nodesusingthevarioustechniques,suchasTeredo,ISATAP,and6to4
tunneling.
Inthisexercise,youwilllearnhowtoconfigureIPv6addressesonWindow-basedsystems.
MakesurethattheDC1,ROUTER,andSERVER2virtualmachinesarerunningbeforestartthisexercise.
Task1:DisablingIPv6AddressonDC11. SwitchandSignintoSERVER2withtheAdministratoraccount.2. Onthetaskbar,clicktheWindowsPowerShellicon.3. AttheWindowsPowerShellprompt,typeping10.0.0.100,andthenpress
Enter.4. VerifythatyouareablecommunicatewiththeDC1(10.0.0.100)server,as
showninthefollowingfigure.
5. SwitchandSignintoDC1withtheMCSALAB\Administratoraccount.6. OntheServerManagerconsole,intheleftpane,clickLocalServer.7. InthePropertiespane,clickthe10.0.0.100,IPv6enabledlink,asshowninthe
followingfigure.
8. OntheNetworkConnectionswindow,selectandright-clickyournetworkadapter,andthenselectProperties,asshowninthefollowingfigure.
9. Onthenetworkadapter’spropertiesdialogbox,cleartheInternetProtocolVersion6(TCP/IPv6)checkbox,asshowninthefollowingfigure,andthen
clickOK.
10. ClosetheNetworkConnectionswindow.11. OntheServerManagerconsole,verifythatyournetworkadapterlistsonly
10.0.0.100,asshowninthefollowingfigure.YoumayneedtorefreshtheServerManagerconsole.NoticethatDC1isnowanIPv4-onlyhost.
Task2:DisablingIPv4AddressonSERVER21. SwitchandSignintoSERVER2withtheAdministratoraccount.2. OntheServerManagerconsole,intheleftpane,clickLocalServer.3. InthePropertiespane,clickthe192.168.0.2,IPv6enabledlink.4. OntheNetworkConnectionswindow,selectandright-clickactivenetwork
adapter,andthenselectProperties.5. Onthenetworkadapter’spropertiesdialogbox,cleartheInternetProtocol
Version4(TCP/IPv4)checkbox,asshowninthefollowingfigure,andthenclickOK.
6. ClosetheNetworkConnectionswindow.7. OntheServerManagerconsole,verifythatnetworkadapternowlistsonlyIPv6
enabled,asshowninthefollowingfigure.YoumayneedtorefreshtheServerManagerconsole.NoticethatSERVER2isnowanIPv6-onlyhost.
Task3:ConfiguringanIPv6NetworkonROUTER1. SwitchandSignintoROUTERwiththeAdministratoraccount.2. Onthetaskbar,clicktheWindowsPowerShellicon.3. ToconfigureanetworkaddressthatwillbeusedontheIPv6network,atthe
WindowsPowerShellprompt,typethefollowingcmdlet,andthenpressEnter,asshowninthefollowingfigure.
New-NetRoute-InterfaceAlias“Ethernet1”-DestinationPrefix
2001:AABB:0:1::/64-PublishYes
Note:Ethernet1isthenameofthenetworkadapterconnectedtotheexternalsubnet.
4. ToallowclientstoobtaintheIPv6networkaddressautomaticallyfromROUTER,attheWindowsPowerShellprompt,typethefollowingcmdlet,and
thenpressEnter,asshowninthefollowingfigure.
Set-NetIPInterface-InterfaceAlias“Ethernet1”-AddressFamilyIPv6-AdvertisingEnabled
5. AttheWindowsPowerShellprompt,typeipconfig.exe,andthenpressEnter.NoticethatEthernet1nowhasanIPv6addressonthe2001:AABB:0:1::/64network,asshowninthefollowingfigure.Thisaddresswillbeusedfor
communicationontheIPv6-onlynetwork.
Task4:VerifyingIPv6AddressonSERVER21. SwitchandSignintoSERVER2withtheAdministratoraccount.2. Onthetaskbar,clicktheWindowsPowerShellicon.3. AttheWindowsPowerShellprompt,typeipconfig.exe,andthenpressEnter.
NoticethatyournetworkadapternowhasanIPv6addressontheonthe2001:AABB:0:1::/64network,asshowninthefollowingfigure.
4. Thenetworkaddresswasobtainedfromtherouterthroughthestatelessconfiguration.
Results:Aftercompletingtheexercise,youwillhaveconfiguredanIPv6-basednetwork.
ShutdownandreverttheDC1,SERVER2andROUTERvirtualmachinestoprepareforthenextexercise.
Exercise12:InstallingandConfiguringDiskStorageDisksareusedtostorethesystemdataaswellaspersonneldata.Therearevariousstoragetechnologies,suchasSATA,IDE,iSCSI,andFibreChannelthatcanbeusedtostorethedata.Inavirtualizedenvironment,youcanaddadditionalvirtualharddiskstothevirtual
machines,andthenyoucancreateadditionalvolumesonthesedisks.
Inthisexercise,youwilllearnhowtomanagedisksonaWindowserver.Further,youwilllearnhowtoshrinkandextendvolumes.
Task1:AddingNewVirtualDiskstoDC11. MakesurethattheDC1virtualmachineispoweredoff.2. Onyourhostmachine,ontheVMwareconsole,selectandright-clicktheDC1
virtualmachine,andthenselectSettings.3. Onthevirtualmachine’ssettingdialogbox,ensurethatHardDiskisselected,
andthenclickNext.
4. OntheSelectaDiskTypepage,acceptthedefaultselection(SCSI),andthenclickNext.
5. OntheSelectaDiskpage,makesurethattheCreateanewvirtualdiskradiobuttonisselected,andthenclickNext.
.
6. OntheSpecifyDiskCapacitypage,setthedisksizeas10GB,selecttheStorevirtualdiskasasinglefileradiobutton,andthenclickNext.
7. OntheSpecifyDiskFilepage,acceptthedefaultfilename,andthenclickFinish.
8. Addonemorenewvirtualdiskwithfollowingsettings:Storevirtualdiskasasinglefile.
Size:10GB.Filename:Acceptdefault.
Task2:InitializingtheAddedDisks1. PowerontheDC1virtualmachine.2. OpentheServerManagerconsole.3. OntheServerManagerconsole,clickTools,andthenclickComputer
Management.4. OntheComputerManagementconsole,undertheStoragenode,selectDisk
Management.
5. IntheDiskspane,selectandright-clickDisk1,andthenselectOnline,asshowninthefollowingfigure.
6. Selectandright-clickDisk1,andthenselectInitializeDisk.7. OntheInitializeDiskdialogbox,makesurethattheDisk1checkboxis
selected,selecttheGPT(GUIDPartitionTable)radiobutton,andthenclickOK.
Note:TheGPTpartitiontablesupportsmorefeaturesthanthetraditionalMBRpartitiontable.
8. IntheDiskspane,selectandright-clickDisk2,andthenselectOnline.9. Selectandright-clickDisk2,andthenselectInitializeDisk.
10. OntheInitializeDiskdialogbox,makesurethattheDisk2checkboxisselected,selecttheGPT(GUIDPartitionTable)radiobutton,andthenclick
OK.
Task3:CreatingandFormattingSimpleVolumes1. OntheComputerManagementconsole,undertheDiskManagementnode,
selectandright-clicktheUnallocatedspaceofDisk1,andthenselectNewSimpleVolume,asshowninthefollowingfigure.
2. OntheWelcometotheNewSimpleVolumeWizardpage,clickNext.3. OntheSpecifyVolumeSizepage,intheSimplevolumesizeMBvaluebox,
type5000,asshowninthefollowingfigure,andthenclickNext.
4. OntheAssignDriveLetterorPathpage,makesurethattheAssignthefollowingdrivelettercheckboxisselected,acceptthedefaultdriveletter,as
showninthefollowingfigure,andthenclickNext.
5. OntheFormatPartitionpage,intheVolumelabeltextbox,typeVolume1,asshowninthefollowingfigure,andthenclickNext.
6. OntheCompletingtheNewSimpleVolumeWizardpage,clickFinish.7. OntheDiskManagementconsole,selectandright-clicktheUnallocatedspace
ofDisk2,andthenselectNewSimpleVolume.8. OntheWelcometotheNewSimpleVolumeWizardpage,clickNext.9. OntheSpecifyVolumeSizepage,intheSimplevolumesizeinMBvaluebox,
type5000,andthenclickNext.10. OntheAssignDriveLetterorPathpage,makesurethattheAssignthe
followingdrivelettercheckboxisselected,acceptthedefaultdriveletter,and
thenclickNext.11. OntheFormatPartitionpage,intheVolumelabeltextbox,typeVolume2,
andthenclickNext.12. OntheCompletingtheNewSimpleVolumeWizardpage,clickFinish.13. LeavetheComputerManagementconsoleactive.14. PresstheWindows+EkeystoopentheWindowsExplorerwindow.15. VerifythattheVolume1andVolume2arecreated,asshowninthefollowing
figure.
16. ClosetheWindowsExplorerwindow.
Task4:ShrinkingtheVolumes1. OnDC1,switchtotheComputerManagementconsole.2. OntheComputerManagementconsole,undertheDiskManagementnode,
selectandright-clickVolume1,andthenselectShrinkVolume,asshowninthefollowingfigure.
3. Ontheshrinkdialogbox,intheEntertheamountofspacetoshrinkinMBvaluebox,type1000,asshowninthefollowingfigure,andthenclickShrink.
Task5:ExtendingtheVolumes1. OntheComputerManagementconsole,undertheDiskManagementnode,
selectandright-clickVolume2,andthenselectExtendVolume.2. OntheWelcometotheExtendedVolumeWizardpage,clickNext.3. OntheSelectDiskspage,intheSelecttheamountofspaceinMBvaluebox,
type3000,asshowninthefollowingfigure,andthenclickNext.
4. OntheCompletingtheExtendedVolumeWizardpage,clickFinish.5. PresstheWindows+EkeystoopentheWindowsExplorerwindow,verifythat
thevolumes’sizesarereflected.
Results:Aftercompletingthisexercise,youshouldhaveinitializednewdisks,andcreatedandformattedsimplevolumes.Inaddition,youshouldalsohaveshrinkandextendedthe
volumes.
DonotshutdownorreverttheDC1virtualmachine,asitwillbeusedinthenextexercise.
Exercise13:ConfiguringaRedundantStorageSpaceRedundantArrayofInexpensiveDisk(RAID)isastoragetechnologythatallowsyoutocombinemultipleharddisksinasinglelargeharddisk.Italsoprovidesredundancyandfaulttoleranceintheeventofadiskfailure.RAIDcanbeconfiguredeitherasahardwareRAID(whichrequiresahardwarecontrollerdevice)orasasoftwareRAID(whichdoesnotrequireanyspecifichardwaredevice).RAIDcanbedividedintovariousRAIDlevels
andeachRAIDlevelsupportsvariousfeaturesandlimitations.
Inthisexercise,youwilllearnhowtocreatestoragepools,howtocreateandtestamirroredvolume.
EnsurethattheDC1virtualmachineisrunningandyouhavenotreverteditinthepreviousstate.
Task1:CreatingaStoragePool1. SignintoDC1andopentheServerManagerconsole.2. OpentheDiskManagementconsole,selectandright-clickDisk1,andthen
deletethecreatedvolume.AlsodeletethevolumeforDisk2,asshowninthefollowingfigure.
3. OntheServerManagerconsole,intheleftpane,selectFileandStorageServices,andthenselectStoragePools.
4. IntheSTORAGEPOOLSpane,clickTASKS,andthenclickRescanStorage.
5. ClickagainTASKS,andthenclickNewStoragePool,asshowninthefollowingfigure.
6. OntheBeforeyoubeginpage,clickNext.7. OntheSpecifyastoragepoolnameandsubsystempage,intheNametext
box,typeMyStoragePool1,asshowninthefollowingfigure,andthenclickNext.
8. OntheSelectphysicaldisksforthestoragepoolpage,selecttheallavailablediskcheckboxes,asshowninthefollowingfigure,andthenclickNext.
9. OntheConfirmselectionspage,clickCreate.10. OntheViewresultspage,clickClose,oncethetaskiscompeted.
Task2:CreatingaMirroredVirtualDisk1. OnDC1,ontheServerManagerconsole,intheStorageSpacespane,select
MyStoragePool1.2. OntheVIRTUALDISKSpane,clickTASKS,andthenclickNewVirtual
Disk,asshowninthefollowingfigure.
3. OntheBeforeyoubeginpage,clickNext.4. OntheSelectthestoragepoolpage,makesurethatMyStoragePool1is
selected,andthenclickNext.5. OntheSpecifythevirtualdisknamepage,intheNametextbox,type
MirroredDisk1,asshowninthefollowingfigure,andthenclickNext.
6. OntheSelectthestoragelayoutpage,intheLayoutsection,selectMirror,asshowninthefollowingfigure,andthenclickNext.
7. OntheSpecifytheprovisioningtypepage,selecttheThinradiobutton,asshowninthefollowingfigure,andthenclickNext.
8. OntheSpecifythesizeofthevirtualdiskpage,intheVirtualdisksizebox,type5,asshowninthefollowingfigure,andthenclickNext.
9. OntheConfirmselectionspage,clickCreate.10. OntheViewresultspage,waituntilthetaskcompletes.11. MakesurethattheCreateavolumewhenthiswizardclosescheckboxis
selected,andthenclickClose.12. OntheBeforeyoubeginpageoftheNewVolumeWizard,clickNext.13. OntheSelecttheserveranddiskpage,intheDisksection,selectthe
MirroredDisk1virtualdisk,asshowninthefollowingfigure,andthenclickNext.
14. OntheSpecifythesizeofthevolumepage,clickNext.15. OntheAssigntoadriveletterorfolderpage,noticetheDriveletter,asshown
inthefollowingfigure,andthenclickNext.
16. OntheSelectfilesystemsettingspage,intheFilesystemdrop-downmenu,ensurethatReFSisselected.
17. IntheVolumelabeltextbox,typeMirroredVolume1,asshowninthefollowingfigure,andthenclickNext.
Note:ReFSisanewfilesystemthatsupportsmorefeaturesthanNTFSfilesystem.
18. OntheConfirmselectionspage,clickCreate.19. OntheCompletionpage,clickClose,oncethetaskcompletes.
Task3:CreatingaFileintoMirroredVolume11. OpentheWindowsExplorerwindow,double-clickMirroredVolume1.2. CreatetheMyTextFile1fileunderMirroredVolume1,asshowninthe
followingfigure.
3. ClosetheWindowsExplorerwindow.
Task4:RemovingaPhysicalDrive
1. Onyourhostmachine,ontheVMwareconsole,selectandright-clickDC1,andthenselectSettings.
2. OntheVirtualMachineSettingsdialogbox,selectHardDisk2harddrive,asshowninthefollowingfigure.
3. Intherightpane,clickRemove,andthenclickOK.
Task5:VerifyingtheFileAvailability1. OnDC1,switchtotheComputerManagementconsoleoropenitifrequired.2. MakesurethattheDiskManagementnodeisselected,verifythattheDisk2is
disappearedfromthedisklist,asshowninthefollowingfigure.
3. OpentheWindowsExplorerwindow.4. OntheWindowsExplorerwindow,double-clickMirroredVolume1.5. VerifythattheMyTextFile1fileisstillavailable.6. ClosetheWindowsExplorerwindow.
Results:Aftercompletingthisexercise,youshouldhavecreatedastoragepoolandaddedsomediskstoit.Thenyoushouldhavecreatedamirroredvirtualdiskfromthestorage
pool.Inaddition,afterremovingaphysicaldrive,youshouldhaveverifiedthatthevirtualdiskwasstillavailableandaccessible.
ShutdownandreverttheDC1virtualmachinetoprepareforthenetexercise.
Exercise14:ImplementingFileSharingFilesharingallowsyoutoshareandaccessthefilesonanetwork.Youcanalsosetthedesiredpermissions(NTFSandsharedpermissions)onafileshareforthevarioususers.Inaddition,youcanenabletheaccess-basedenumerationfeatureonafileshare,whichallowsuserstoaccessonlythosesharedfilesforwhichtheyhavetheaccesspermission.
StarttheDC1,SERVER1,andCLIENT1virtualmachinestoperformthisexercise.
Task1:CreatingtheFolderStructurefortheNewShareBeforestarttothisexercise,youneedtocreatePeterandShawnuseraccountsonthe
DC1virtualmachine.Todothis,youneedtoperformthefollowingsteps:
1.SignintoDC1withtheMCSALAB\Administratoraccount.
2.OpentheActiveDirectoryUsersandComputersconsole,andthenexpandthemcsalab.localnode.
3.Selectandright-clickUsersintheleftpane,selectNew,andthenclickUser.
4.FollowthesimplestepstocreatethePeterandShawnuseraccounts.
5.ThefollowingfiguredisplaystheActiveDirectoryUsersandComputersconsole.PeterandShawnuseraccountsarelistedundertheUsersnode.
Note:Ifyoufaceproblemstocreateuseraccounts,youmayrefertheexercise6and7.
6.SwitchandSignintoSERVER1withtheMCSALAB\Administrator
account.
7.OpentheWindowsExplorerwindow,inthenavigationpane,double-clickLocalDisk(C:).
8.CreateafoldernamedMyData.
9.Double-clicktheMyDatafolder.
10.CreatetheMarketingandSalesfoldersunderit,asshowninthefollowingfigure.
Task2:ConfiguringNTFSPermissionsontheFolderStructure
1. OnSERVER1,ontheWindowsExplorerwindow,navigatetodriveLocalDrive(C:).
2. Selectandright-clicktheMyDatafolder,andthenselectProperties.3. OntheMyDataPropertiesdialogbox,selectSecurity,andthenclick
Advanced,asshowninthefollowingfigure.
4. OntheAdvancedSecuritySettingsforMyDatadialogbox,clickDisableInheritance.
5. OntheBlockInheritancedialogbox,asshowninthefollowingfigure,selecttheConvertinheritedpermissionsintoexplicitpermissionsonthisobject
option,andthenclickOK.
6. ClickOKtwicetoclosetheMyDataPropertiesdialogbox.7. OntheWindowsExplorerwindow,double-clicktheMyDatafolder.8. Selectandright-clicktheMarketingfolder,andthenselectProperties.9. OntheMarketingPropertiesdialogbox,clickSecurity,andthenclick
Advanced.
10. OntheAdvancedSecuritySettingsforMarketingdialogbox,clickDisableInheritance.
11. OntheBlockInheritancedialogbox,selecttheConvertinheritedpermissionsintoexplicitpermissionsonthisobjectoption.
12. RemovetheRead&ExecuteandSpecialpermissionsforUsers(SERVER1\Users),asshowninthefollowingfigure,andthenclickOK.
13. OntheSecuritytab,clickEdit.14. OnthePermissionsforMarketingdialogbox,clickAdd.15. OntheSelectUsers,Computers,ServiceAccounts,andGroupsdialogbox,
typePeter,clickCheckNames,asshowninthefollowingfigure,andthenclickOK.
Note:YoumayaskedtoprovideDomainadministratorcredentials.
16. OnthePermissionsforMarketingdialogbox,selecttheModifycheckboxundertheAllowsection,asshowninthefollowingfigure.
17. ClickOKtoclosethePermissionsforMarketingdialogbox.18. ClickOKtoclosetheMarketingPropertiesdialogbox.
Task3:SharingtheFolder1. OnSERVER1,selectandright-clicktheMyDatafolder,andthenselect
Properties.2. OntheMyDataPropertiesdialogbox,selecttheSharingtab,andthenclick
AdvancedSharing.3. OntheAdvancedSharingdialogbox,selecttheSharethisfoldercheckbox,as
showninthefollowingfigure,andthenclickPermissions.
4. OnthePermissionsforMyDatadialogbox,asshowninthefollowingfigure,andthenclickAdd.
5. OntheSelectUsers,Computers,ServiceAccounts,orGroupsdialogbox,intheEntertheobjectnamestoselect(examples):textarea,typeAuthenticated
Users.6. ClickCheckNames,andthenclickOK.7. OnthePermissionsforMyDatadialogbox,makesurethattheAuthenticated
UsersisselectedintheSharePermissionssection,andthenselecttheChangecheckboxundertheAllowsection,asshowninthefollowingfigure.
8. ClickOKtoclosethePermissionsforMyDatadialogbox.9. ClickOKtoclosetheAdvancedSharingwindow.10. ClickClosetoclosetheMyDataPropertiesdialogbox.
Task4:AccessingtheSharedFolder1. SwitchandSignintoCLIENT1withtheMCSALAB\Peteraccount.2. OpentheRundialogbox,type\SERVER1\MyData,andthenpressEnter.3. Double-clicktheMarketingfolder.
Note:PetershouldbeabletoaccesstotheMarketingfolder.
4. SignoutofCLIENT1.
Task5:EnablingAccess-basedEnumeration1. SwitchbackandSignintoSERVER1withtheMCSALAB\Administrator
account.2. OpentheServerManagerconsole,ontheServerManagerconsole,intheleft
pane,selectFileandStorageServices.3. OntheFileandStorageServicespage,clickShares.4. IntheSharespane,selectandright-clickMyData,andthenclickProperties,as
showninthefollowingfigure.
5. OntheMyDataPropertiesdialogbox,intheleftpane,selectSettings,andthenselecttheEnableaccess-basedenumerationcheckbox,asshowninthe
followingfigure.
6. ClickOKtoclosetheMyDataPropertiesdialogbox.7. ClosetheServerManagerconsole.
Task6:TestingtheAccess-basedEnumerationConfiguration
1. SwitchbackandsignintoCLIENT1withtheMCSALAB\Shawnaccount.2. ClicktheDesktoptile.3. OpentheRundialogbox,intheOpentextbox,type\SERVER1\MyData,and
thenpressEnter.
Note:ShawnshouldonlybeabletoviewtheSalesfolder,thefolderforwhichhehasbeenassignedpermissions.
4. SignoutofCLINET1.
Results:Aftercompletingthisexercise,youshouldhavecreatedandtestedafileshare.Inaddition,youshouldalsohavetestedtheaccess-basedenumerationfeaturefortheshared
folder.
ShutdownandreverttheDC1,SERVER1,andCLIENT1virtualmachinestoprepareforthenextexercise.
Exercise15:ImplementingShadowCopiesShadowcopyisafeaturethatallowsyoutorecoverthefiles(includingthesharedfiles)whichareaccidentlyoverwrittenordeleted.First,youneedtoenablethisfeature(onadesireddisk)thenyoucancreatemultipleshadowcopyversionsonadisk.However,
shadowcopycannotbeconsideredasanalternateoftheWindowbackupfeature,becauseitonlyworksuntilthesystemisworkingonwhichyouhaveenabledit.Ifthesystemgoes
downorcrashedaccidently,shadowcopycannotbeusedtorecoverthesystemorsystem’sdata.
Inthisexercise,youwilllearnhowtousetheshadowcopyfeaturetorecovertheaccidentlydeletedfiles.
StarttheDC1andSERVER1virtualmachinestoperformthisexercise.
Task1:ConfiguringShadowCopies1. SignintoSERVER1withtheMCSALAB\Administratoraccount.2. OpentheWindowsExplorerwindow.3. Selectandright-clickLocalDisk(C:),andthenclickConfigureShadow
Copies.4. OntheShadowCopiesdialogbox,makesurethatC:\volumeisselected,and
thenclickEnable.5. OntheEnableShadowCopiesmessagebox,clickYes.6. OntheShadowCopiesdialogbox,clickSettings.7. OntheSettingsdialogbox,asshowninthefollowingfigure,clickSchedule.
8. OntheC:\scheduledialogbox,reviewthevariousscheduleoptions,andthenclickOK.
9. OntheSettingsdialogbox,clickOK.10. ClickOKtoclosetheSettingsdialogbox.11. OntheShadowCopiesdialogbox,clickOK.
Task2:RecoveringaDeletedFileUsingShadowCopy1. OnSERVER1,switchtotheWindowsExplorerwindow.2. NavigatetoLocalDisk(C:),andthenclickUsers.3. Selectandright-clickPublic,andthenclickDelete.4. AlsodeletethePublicfolderfromRecycleBin.5. OntheWindowsExplorerwindow,selectandright-clicktheUsersfolder,and
thenclickProperties.6. OntheUsersPropertiesdialogbox,clickthePreviousVersionstab,asshown
inthefollowingfigure.
7. SelectthefolderversionfortheUsersfolder,andthenclickOpen.8. VerifythatthePublicislistedinthefolder,selectandright-clickPublic,and
thenclickCopy.9. OntheotherWindowsExplorerwindow,navigatetotheLocalDisk(C:)\Users
folder,andthenclickPaste.10. ClosetheWindowsExplorerwindow.11. ClickOKandcloseallopenwindows.
Results:Aftercompletingthisexercise,youshouldhaveconfiguredtheShadowCopiesfeaturetorecovertheaccidentlydeletedfile.
12. ShutdownandreverttheDC1andSERVER1virtualmachinestoprepareforthenextexercise.
Exercise16:ImplementingNetworkPrintingAprinterisahardwaredevicewhichtranslatethesoftcopiesintohardcopies.Asingleprintercanbesharedonanetworkandthenitcanbeaccessedbymultipleclientstosendtheprintjobs.Onceyousharedaprinteronanetwork,youneedtoconnectitoneachclientsinordertosendtheprintjobs.However,inalargeenterprisenetwork,wheremultipleprintersareusedtohandleanumberofthousandprintjobs,youmayneedto
configuretheprinterpoolforeaseprintmanagement.
Inthisexercise,youwilllearnhowtoinstall,share,andmanageanetworkprinteronaWindows-basednetwork.
StarttheDC1,SERVER1,andCLIENT1virtualmachinestoperformthisexercise.
Task1:InstallingthePrintandDocumentServicesServerRole
1. SignintoSERVER1asMCSALAB\Administrator.2. OntheServerManagerconsole,clickManage,andthenclickAddRolesand
Features.3. OntheBeforeyoubeginpageoftheAddRolesandFeaturesWizard,click
Next.4. OntheSelectinstallationtypepage,makesurethattheRole-basedorfeature-
basedinstallationradiobuttonisselected,andthenclickNext.5. OntheSelectdestinationserverpage,clickNext.6. OntheSelectServerRolespage,asshowninthefollowingfigure,selectthe
PrintandDocumentServicescheckbox.IftheAddRolesandFeaturesWizarddialogboxdisplays,clickAddFeatures,andthenclickNext.
7. Ontherestofthepages,clickNextuntiltheConfirmInstallationSelectionspagedisplays.
8. ClickInstalltoinstalltherequiredroleservices,andthenclickCloseoncetheinstallationsucceeded.
Task2:InstallingaNewPrinter1. OntheServerManagerconsole,clickTools,andthenclickPrint
Management.2. OnthePrintManagementconsole,expandPrinterServers,andthenclick
SERVER1(Local).3. Selectandright-clickPrinters,andthenclickAddPrinter,asshowninthe
followingfigure.
4. OntheNetworkPrinterInstallationWizardpage,selecttheAddanewprinterusinganexistingportradiobutton,asshowninthefollowingfigure,
andthenclickNext.
5. OnthePrinterDriverpage,makesurethattheInstallanewprinterradiobuttonisselected,andthenclickNext.
6. OnthePrinterInstallationpage,selectCanonintheManufacturelist.7. SelectanyoftheprintermodelinthePrinterslistintherightpane,asshownin
thefollowingfigure,andthenclickNext.
8. OnthePrinterNameandSharingSettingspage,clickNext.9. OnthePrinterFoundpage,clickNext,andthenclickFinish.
Task3:ConfiguringPrinterPooling1. OnthePrintManagementconsole,selectandright-clicktherecentlyadded
printer,andthenclickProperties.2. Ontheprinterpropertiesdialogbox,clicktheSharingtab,selecttheListinthe
directorycheckbox,asshowninthefollowingfigure,andthenclickApply.
3. Ontheprinterpropertiesdialogbox,clickthePortstab,selecttheEnableprinterpoolingcheckbox,andthenselecttheLPT2:checkboxtoselectitasan
additionalport,asshowninthefollowingfigure.
4. ClickOKtoclosetheprinterpropertiesdialogbox.5. ClosethePrintManagementconsole.
Task4:ConnectingaPrinteronaClient1. SwitchandSignintoCLIENT1asMCSALAB\Administratorwiththe
[email protected]. OpenControlPanel,ontheControlPanelwindow,clicktheAddadevicelink
underHardwareandSound.3. OntheAddadevicewindow,selectthediscoveredprinter,asshowninthe
followingfigure,andthenclickNext.
4. OntheControlPanelwindow,clicktheViewdevicesandprinterslink,underHardwareandSound.
5. Makesurethattherecentlyaddedprinterislisted.
Results:Aftercompletingthisexercise,youshouldhaveinstalledandconfiguredanetworkprinter.Inaddition,youshouldalsohaveconfiguredtheprinterpooling.
ShutdownandreverttheDC1,SERVER1,andCLIENT1virtualmachinestoprepareforthenextexercise.
Exercise17:ImplementingGroupPolicyObjectsAGroupPolicyObject(GPO)isacollectionofsecuritypoliciesandsettingsthatareusedtocontroltheusers’andcomputers’behavioronanetwork.YoucanusevarioussecuritypoliciestorestricttheActiveDirectoryobjectsfromaccessingtheunwantedresources,
suchasfeatures,services,files,ortools.Onceyoupromoteaserverasadomaincontroller,theDefaultDomainPolicyandDefaultDomainControllerPolicyGPOsarecreatedbydefaultonthedomaincontroller.TheseGPOscontainvariouspreconfiguredpoliciesthatareappliedonthedomaincontrollersandcomputers.However,youcan
createanewGPOwiththecustomsecuritypoliciesandsettingsusingtheGroupPolicyManagementconsole.
Inthisexercise,youwilllearnhowtocreateaGPOandhowtoconfigureaGPOtopreventActiveDirectoryobjectsfromaccessingtheresourcesonaWindows-based
domainnetwork.
StarttheDC1andCLIENT1virtualmachinestoperformthisexercise.
Task1:CreatingaNewGPO1. SignintoDC1withtheMCSALAB\Administrator.2. OpentheServerManagerconsole,ifrequired.3. OntheServerManagerconsole,clickTools,andthenclickGroupPolicy
Management.4. OntheGroupPolicyManagementconsole,expandForest:mcsalab.local,and
thenclickDomains.5. Selectandright-clickmcsalab.local,andthenselectCreateaGPOinthis
domain,asshowninthefollowingfigure.
6. OntheNewGPOdialogbox,intheNametextbox,typeInternetExplorerGPO,andthenclickOK.
Task2:ConfiguringtheInternetExplorerGPO1. OnDC1,ontheGroupPolicyManagementconsole,selectandright-click
InternetExplorerGPO,andthenclickEdit.2. OntheGroupPolicyManagementEditorconsole,navigatetoUser
Configuration\Policies\AdministrativeTemplates.3. Selectandright-clickAllSettings,andthenselectFilterOptions,asshownin
thefollowingfigure.
4. OntheFilterOptionsdialogbox,selecttheEnableKeywordFilterscheckbox.
5. IntheFilterforword(s):textbox,typeGeneral,asshowninthefollowingfigure,andthenclickOK.
6. IntheSettingspaneintherighthand,selectandright-clickDisabletheGeneralpage,andthenselectEdit,asshowninthefollowingfigure.
7. OntheDisabletheGeneralpagedialogbox,selecttheEnabledradiobutton,andthenclickOK.
8. ClosetheGroupPolicyManagementEditorconsole.
Task3:CreatingaDomainUsertoTesttheGPO1. OnDC1,opentheCommandPromptwindow.2. Executethefollowingcommand,asshowninthefollowingfigure(type
Password@123whenyouarepromptedforpassword).
dsaddusercn=User1,”cn=users,dc=mcsalab,dc=local”–disabledno–pwd*
3. ClosetheCommandPromptwindow.
Task4:TestingtheInternetExplorerGPO1. SwitchandSignintoCLIENT1asMCSALAB\User1withthepasswordas
[email protected]. OpentheRundialogbox,typecontrolintheOpentextbox,andthenpress
Enter.3. OntheControlPanelwindow,clickNetworkandInternet.
4. OntheNetworkandInternetwindow,asshowninthefollowingfigure,clickChangeyourhomepage.
5. WhenyouclicktheChangeyourhomepagelink,youwillgetamessage,asshowninthefollowingfigure.
6. ClickOKtoclosetheInternetControlPanelmessagebox.7. OntheControlPanelwindow,clickInternetOptions.Noticethat,inthe
InternetPropertiesdialogbox,theGeneraltabisnotavailable,asshowninthefollowingfigure.
8. Closeallopenwindowsandsignout.
Task5:ConfiguringSecurityFilteringtoExemptaUserfromtheInternetExplorerGPO
1. SwitchandsigntoDC1.2. OpentheGroupPolicyManagementconsole,ifrequired.3. OntheGroupPolicyManagementconsole,selectandright-clickInternet
ExplorerGPO.4. Intherightpane,clicktheDelegationtab.5. OntheDelegationtab,clicktheAdvancedbutton.6. OntheInternetExplorerGPOSecuritySettingsdialogbox,clickAdd.7. OntheSelectUsers,Computers,ServiceAccounts,orGroupstextbox,type
User1,asshowninthefollowingfigure,andthenclickOK.
8. OntheInternetExplorerGPOSecuritySettingsdialogbox,intheSecuritysection,selectUser1.
9. InthePermissionsforUser1section,selecttheDenycheckbox,asshowninthefollowingfigure,andthenclickOK.
10. OntheWindowsSecuritydialogbox,clickYes.11. ClosetheGroupPolicyManagementconsole.
Task6:TestingtheInternetExplorerGPO1. SwitchandSignintoCLIENT1asMCSALAB\User1withthepasswordas
[email protected]. OpentheRundialogbox,typecontrolintheOpentextbox,andthenpress
Enter.3. OntheControlPanelwindow,clickNetworkandInternet.4. OntheNetworkandInternetdialogbox,clickChangeyourhomepage.
NoticethattheGeneraltabisavailableontheInternetPropertiesdialogbox.5. Closeallopenwindows,andsignout.
Results:Aftercompletingthisexercise,youshouldhaveconfiguredandtestedaGPO.
ShutdownandreverttheDC1andCLIENT1virtualmachines.
Exercise18:ImplementingAppLockerandFirewallUsingGroupPolicy
AppLockerisasecurityfeaturethatallowsyoutorestrictspecificapplicationsforspecificgroupsorusers.
Intheexercise,youwilllearnhowtocontrolanapplicationusingtheAppLockerfeature.Further,youwillalsolearnhowtomanageWindowsFirewallusingtheGroupPolicy
Managementconsole.
StarttheDC1virtualmachinetoperformthisexercise.
Task1:RestrictinganApplicationUsingAppLocker1. SignintoDC1asMCSALAB\Administratorwiththepasswordas
[email protected]. OpentheGroupPolicyManagementconsole.3. NavigatetoForest:mcsalab.local\Domains\mcsalab.local.4. Selectandright-clickGroupPolicyObjects,andthenselectNew.5. OntheNewGPOdialogbox,intheNametextbox,typeSoftwarePolicy,and
thenclickOK.6. Right-clickSoftwarePolicy,andthenselectEdit.7. OntheGroupPolicyManagementEditorconsole,navigatetoComputer
Configuration\Policies\WindowsSettings\SecuritySettings\ApplicationControlPolicies\AppLocker,asshowninthefollowingfigure.
8. ExpandAppLocker,right-clickExecutableRules,andthenselectCreateNewRule.
9. OntheBeforeYouBeginpage,selectNext.10. OnthePermissionspage,undertheUsersorGroupsbox,selectDeny,and
thenselectNext.11. OntheConditionspage,selectthePathradiobutton,asshowninthefollowing
figure,andthenclickNext.
12. OnthePathpage,clickBrowseFiles,browseto
C:\Windows\System32\calc.exe,clickOpen,asshowninthefollowingfigure,andthenselectNext.
13. OntheExceptionspage,selectNext.14. OntheNameandDescriptionpage,intheNametextbox,typeBlock
Calculator,andthenclickCreate.15. IftheAppLockerdialogboxappearsandpromptstocreatedefaultrules,click
Yes.16. OntheGroupPolicyManagementEditorconsole,asshowninthefollowing
figure,noticethedefaultexecutablesrules.
17. SelecttheAppLockernodeintheleftpane,andthenclicktheConfigureruleenforcementlink,asshowninthefollowingfigure.
18. OntheEnforcementtaboftheAppLockerPropertiesdialogbox,under
Executablerules,selecttheConfiguredcheckbox.19. MakesurethattheEnforcerulesoptionisselectedinthedrop-downlist,as
showninthefollowingfigure,andthenclickOK.
20. ClosetheGroupPolicyManagementEditorconsole.21. OntheGroupPolicyManagementconsole,selectandright-clickDomain
Controllers,andthenselectLinkanExistingGPO.22. OntheSelectGPOdialogbox,selectSoftwarePolicy,andthenclickOK.
23. UndertheLinkGroupPolicyObjectstab,selectSoftwarePolicy,andthenclickLinkOrdertomovethispolicytotop.
24. OpentheRundialogbox,typeservices.msc,andthenpressEnter.25. OntheServicesconsole,selectandright-clickApplicationIdentity,andthen
selectProperties.26. OntheApplicationIdentityProperties(LocalComputer)dialogbox,setthe
StartuptypeasAutomatic,clickStart,asshowninthefollowingfigure,andthenclickOK.
Note:Ifyougetanerror,justclosetheServiceManagerwindow.
27. OpentheCommandPromptwindow,typegpupdate/force,andthenpressEnter.
28. SignoutfromtoDC1andSigninbacktoDC1asMCSALAB\Administrator.29. OpentheRundialogbox,typecalc.exeintheOpentextbox,andthenpress
Enter.30. Youshouldgetanerrorasshowninthefollowingfigure.
Note:IfyouarestillabletoopentheCalculatorapplication,restarttheDC1server,andthentryagain.
Task2:ConfiguringWindowsFirewallRulesUsingGroupPolicy
1. SignintoDC1andopentheGroupPolicyManagementconsole,ifrequired.2. NavigatetoForest:mcsalab.local\Domains\mcsalab.local\GroupPolicy
Objects.
3. Right-clicktheGroupPolicyObjectsnode,andthenselectNew,asshowninthefollowingfigure.
4. IntheNametextboxtypeFirewallGPO,andthenclickOK.
5. ExpandGroupPolicyObjects,right-clickFirewallGPO,andthenselectEdit.6. OntheGroupPolicyManagementEditorconsole,navigatetoComputer
Configuration\Policies\WindowsSettings\SecuritySettings.7. UndertheSecuritySettingsnode,expandWindowsFirewallwithAdvanced
Security,andthenexpandtheWindowsFirewallwithAdvancedSecurity–LDAPnode,asshowninthefollowingfigure.
8. Selectandright-clickInboundRules,andthenselectNewRule,asshowninthefollowingfigure.
9. OntheNewInboundRuleWizard,ontheRuleTypepage,theselectPredefinedradiobutton.
10. Inthedrop-downlist,selectRemoteDesktop,asshowninthefollowingfigure,andthenclickNext.
11. OnthePredefinedRulespage,clickNext.12. OntheActionpage,selecttheBlocktheconnectionradiobutton,asshownin
thefollowingfigure,andthenclickFinishtocloseNewInboundRuleWizard.
13. ClosetheGroupPolicyManagementEditorconsole.14. OpentheCommandPromptwindowandtypegpupdate/force,andthenpress
Enter.15. ClosetheCommandPromptwindow.16. OntheGroupPolicyManagementconsole,selectFirewallGPOintheleft
pane.17. Ifdisplayed,ontheInternetExplorerdialogboxclickClose18. Intherightpane,selecttheSettingstabandverifythattheInboundRulesare
configured,asshowninthefollowingfigure.
19. ClosetheGroupPolicyManagementconsole.
Results:Aftercompletingthisexercise,youshouldhaveconfiguredAppLockerandWindowsFirewallrulesusingtheGroupPolicyManagementconsole.
ShutdownandreverttheDC1virtualmachine.
Hope,youhaveenjoyedagreatlearningexperiencewiththislearningguideandhopeyouwillprovidegreatratingtothislabguide.