Installing and Configuring Windows

InstallingandConfiguringWindows

Server2016(Hands-onGuide)

Copyright©2016K.G.Mark

Allrightsreserved.

ContentsCopyright

AboutThisBook

AudienceandCandidatesPrerequisites

Disclaimer

VirtualMachines

PreparingVirtualMachines

Task1:InstallingVMwareWorkstationontheHostMachine

Task2:InstallingandConfiguringtheDC1VirtualMachine

Task2.1:ConfiguringtheDC1VirtualMachine

Task2.2:PromotingtheDC1VirtualMachineasaDomainController

Task3:InstallingandConfiguringtheSERVER1VirtualMachine

Task4:InstallingandConfiguringtheCLIENT1VirtualMachine

Task5:InstallingandConfiguringtheROUTERVirtualMachine

Task6:CreatingandConfiguringtheSERVER2VirtualMachine

Task7:CreatingSnapshotsofVirtualMachines

Task8:WorkingwiththeWindowsServer2016DesktopExperience

Exercise1:InstallingandConfiguringWindowsServer2012R2CoreMachine

Task1:InstallingWindowsServer2012R2CoreMachine.

Task2:ConfiguringtheWindowsServer2016CoreMachine.

Task3:AddingCORE1toDomain

Exercise2:ManagingServersRemotely

Task1:CreatingandManagingtheServerGroup

Task2:DeployingRolesandFeaturesonCORE1Machine

Task3:ManagingServicesontheCORE1Machine

Exercise3:UsingWindowsPowerShelltoManageServers

Task1:UsingtheWindowsPowerShelltoConnectRemotelytoServersandViewInformation

Task2:UsingWindowsPowerShelltoManageRolesandFeaturesRemotely

Exercise04:InstallingandConfiguringDomainControllers

Task1:AddingtheADDSRoleonaMemberServer

Task2:ConfiguringSERVER1ServerasaDomainController

Task3:ConfiguringSERVER1asaGlobalCatalogServer

Exercise5:InstallingaDomainControllerbyUsingIFM

Task1:GeneratingaIFMDataFile

Task2:AddingtheADDSRoletotheMemberServer

Task3:ConfiguringSERVER1asaNewDomainControllerUsingtheIFMDataFile

Exercise6:ManagingOrganizationalUnitsandGroupsinADDS

Task1:ManagingOrganizationalUnitsandGroups

Task2:DelegatingthePermissions

Task3:ConfiguringHomeFoldersforUserAccounts

Task4:TestingandVerifyingtheHomeFoldersandDelegatedPermissions

Task5:ResettingtheComputerAccounts

Task6:ExaminingtheBehaviorwhenaUserLoginsonClient.

Task7:RejoiningtheDomaintoReconnecttheComputerAccount

Exercise7:UsingWindowsPowerShelltoCreateUserAccountsandGroups

Task1:CreatingaUserAccountUsingWindowsPowerShell

Task2:CreatingGroupsUsingWindowsPowerShell

Task3:ExportingUserAccountsUsingtheldifdeTool

Exercise8:InstallingandConfiguringtheDHCPServerRole

Task1:InstallingtheDHCPServerRole

Task2:ConfiguringtheDHCPScope

Task3:ConfiguringDHCPClient

Task4:ConfiguringDHCPReservation

Exercise9:InstallingandConfiguringDNS

Task1:ConfiguringSERVER1asaDomainControllerwithoutInstallingtheDNSServerRole

Task2:CreatingandConfiguringtheMyzone.localZoneonDC1

Task3:AddingtheDNSServerRoleontheSERVER1

Task4:VerifyingReplicationofthemcsalab.localZone

Task5:ConfiguringDNSForwarder

Task6:ManagingtheDNSCache

10:ImplementingLANRouting

Task1:InstallingtheLANRoutingFeatureonROUTER

Task2:ConfiguringtheLANRoutingServiceonROUTER

Task3:TestingtheConnectivitybetweenDC1andSERVER2Servers

Exercise11:ConfiguringIPv6Addressing

Task1:DisablingIPv6AddressonDC1

Task2:DisablingIPv4AddressonSERVER2

Task3:ConfiguringanIPv6NetworkonROUTER

Task4:VerifyingIPv6AddressonSERVER2

Exercise12:InstallingandConfiguringDiskStorage

Task1:AddingNewVirtualDiskstoDC1

Task2:InitializingtheAddedDisks

Task3:CreatingandFormattingSimpleVolumes

Task4:ShrinkingtheVolumes

Task5:ExtendingtheVolumes

Exercise13:ConfiguringaRedundantStorageSpace

Task1:CreatingaStoragePool

Task2:CreatingaMirroredVirtualDisk

Task3:CreatingaFileintoMirroredVolume1

Task4:RemovingaPhysicalDrive

Task5:VerifyingtheFileAvailability

Exercise14:ImplementingFileSharing

Task1:CreatingtheFolderStructurefortheNewShare

Task2:ConfiguringNTFSPermissionsontheFolderStructure

Task3:SharingtheFolder

Task4:AccessingtheSharedFolder

Task5:EnablingAccess-basedEnumeration

Task6:TestingtheAccess-basedEnumerationConfiguration

Exercise15:ImplementingShadowCopies

Task1:ConfiguringShadowCopies

Task2:RecoveringaDeletedFileUsingShadowCopy

Exercise16:ImplementingNetworkPrinting

Task1:InstallingthePrintandDocumentServicesServerRole

Task2:InstallingaNewPrinter

Task3:ConfiguringPrinterPooling

Task4:ConnectingaPrinteronaClient

Exercise17:ImplementingGroupPolicyObjects

Task1:CreatingaNewGPO

Task2:ConfiguringtheInternetExplorerGPO

Task3:CreatingaDomainUsertoTesttheGPO

Task4:TestingtheInternetExplorerGPO

Task5:ConfiguringSecurityFilteringtoExemptaUserfromtheInternetExplorerGPO

Task6:TestingtheInternetExplorerGPO

Exercise18:ImplementingAppLockerandFirewallUsingGroupPolicy

Task1:RestrictinganApplicationUsingAppLocker

Task2:ConfiguringWindowsFirewallRulesUsingGroupPolicy

CopyrightTheauthorholdsalltherightsofpublishingandreproducingtothisbook.Thecontentofthisbookcannotbereproducedorcopiedinanyformorbyanymeansorreproduced

withoutthepriorwrittenpermissionoftheauthor.

AboutThisBookThisbookcontainsthevirtuallabsetupguideandthelabexercisesforinstallingandconfiguringWindowsServer2016.Youcancreatethevirtuallabinfrastructureonyourownsystemandyoucaneasilyperformallthelabexercisesmentionedinthisbook.CandidatehavingthebasicknowledgeofWindowsoperatingsystemsandnetworkingfundamentalscanperformallthelabexerciseswithout(orleast)theneedofatrainerorfaculty.Thisbookmainlycoverstheinitialimplementationandconfigurationofcore

services,suchasADDS,networkingservices.

AudienceandCandidatesPrerequisitesThisbookisintendedforthecandidateswhohavebasicoperatingsystemknowledge,andwanttogainthehands-onpracticeskillsandknowledgenecessarytoimplementthecoreinfrastructureservices.Inaddition,thisbookisalsohelpfulforthecandidatewhoare

lookingforcertificationintheWindowsServer2016platform.

Thecandidatesshouldhavethebasicknowledgeofthenetworkingfundamentals,Windows-basedoperatingsystems,andvirtualizationplatformstoperformthehands-on

practices.

DisclaimerWemadealmosteveryefforttoavoiderrorsoromissionsinthisguide.However,errors

mayslinkin.Anymistake,errorordiscrepancynotedbythereadersarerequestedtosharewithus,whichwillbehighlyappreciable.Thecontentsandimagesinthisguidecouldincludetechnicalinaccuraciesortypographicalerrors.Author(s)orpublishermakesno

representationsabouttheaccuracyoftheinformationcontainedintheguide.

VirtualMachinesThevirtualmachinesthatwillbeusedthroughoutthisbookarelistedinthefollowing

table.

S.No. VMName OperatingSystem

1 DC1 WindowsServer2016

2 SERVER1 WindowsServer2016

3 CLIENT1 Windows8.1/10

4 ROUTER WindowsServer2016

5 SERVER2 WindowsServer2016

Topreparethevirtualmachinesmentionedintheprecedingtable,youneedISOimages.YoucandownloadtheevaluationISOimages(WindowsServer2016(TechnicalPreview)

andWindows8.1/10)fromtheMicrosoftdownloadcenter.

Toperformthestepbysteplabexercises,downloadtheISOimagesandplacethemundertheD:\ISOsfolderonthehostmachine.Youcansetupthevirtuallabinfrastructureonthe

VMwareorHyper-Vplatform.

EachvirtualmachinewillactasaseparatemachinewiththeuniqueGUID,SID,andIPaddress.ThefollowingtableliststheIPaddressesandrolesoftherespectiveVMs.

S.No.

VMName

IPAddress Role

1 DC1 10.0.0.100 Domaincontrollerofthemcsalab.local

domain.

2 SERVER1 10.0.0.101 Memberserverofthemcsalab.local

domain.

3 CLIENT1 10.0.0.102 Clientmachineof

themcsalab.localdomain.

4 ROUTER InternalSubnet:

10.0.0.1

ExternalSubnet:

192.168.0.1

RouterservertoperformtheLAN

routing.

5 SERVER2 192.168.0.2 Workgroupserverintheexternalsubnet.

PreparingVirtualMachinesTocreatethevirtualmachines,youneedtoperformthefollowingtasksonthehost

machine:

1. InstallVMwareWorkstationorPlayer.2. InstallandconfiguretheDC1virtualmachine3. InstallandconfiguretheSERVER1virtualmachine4. InstallandconfiguretheCLIENT1virtualmachine5. InstallandconfiguretheROUTERvirtualmachine6. InstallandconfiguretheSERVER2virtualmachine

Task1:InstallingVMwareWorkstationontheHostMachine

ToInstallVMwareWorkstationorVMwarePlayer,firstyouneedtodownloadit.Onceitisdownloaded,justdouble-clickthesetupfile,andfollowthesimplestepstocompletethe

installationprocess.

Task2:InstallingandConfiguringtheDC1VirtualMachineToinstallandconfiguretheDC1virtualmachine,youneedtoperformthefollowing

steps:

1. MakesurethattheVMwareconsoleisactive.2. SelectFileandthenselectNewVirtualMachine.3. OntheNewVirtualMachineWizard,clickNext.

4. OntheGuestOperatingSystemInstallationpage,selecttheInstallerdiscimagefile(iso):radiobutton,browsethelocationoftheServer2016ISOimage

file,andthenclickNext.

5.

Note:IfyouusetheVMwareplatformthatautomaticallydetectstheversionoftheWindowsserver,youmayaskedtosetthefollowingsettings:

ProductkeyOperatingsystemeditionAdministratorpassword

Otherwise,youmayskipit.

6. OntheSelectaGuestOperatingSystempage,selectthehighestsupportedversionofWindowsserver(inthiscaseWindowsServer2012butitwillstill

supportWindowsServer2016),andthenclickNext.

7. OntheNameandVirtualMachinepage,typeDC1intheVirtualmachinenamefield.

8. IntheLocationfield,navigatethelocationwhereyouwanttosavethevirtualmachine,suchasH:\VMs\2k16\DC1,andthenclickNext.

9. OntheSpecifyDiskCapacitypage,selectStorevirtualdiskasasinglefile,optionallyyoucanalsosetthedisksizeaswell,andthenclickNext.

10. OntheReadytoCreateVirtualMachinepage,clickCustomizeHardware.11. OntheHardwarewindow,selectNetworkAdapterintheleftpane.Selectthe

Hostonlyradiobutton,andthenclickClose.

12. ClickFinish.13. OntheVMwareconsole,powerontheDC1virtualmachine.14. OntheWindowsSetuppage,clickNext,andthenclickInstallNow.

15. OntheSelecttheoperatingsystemyouwanttoinstallpage,selecttheWindowsServer2016DesktopExperience,andthenclickNext.

16. OntheLicensetermspage,selecttheIacceptthelicensetermscheckbox,andthenclickNext.

17. OntheWhichtypeofinstallationdoyouwantpage,selecttheCustomoption,andthenclickNext.

18. OntheWheredoyouwanttoinstallWindowspage,clickNext.

19. TheInstallationprocesswillbegin,after10-15minutestheCustomizesettingsscreenwilldisplay.

20. SetAdministratorpasswordasPassword@123.

Task2.1:ConfiguringtheDC1VirtualMachine1. SignintoDC1withtheAdministratoraccount.2. OpentheSystemProperties(sysdm.cpl)andsetthecomputernameasDC1.

3. RestartandsignintothesystemwiththeAdministratoraccount.Aftersometime,theServerManagerconsolewilldisplay.

4. OpentheRundialogbox,typencpa.cpl,andthenpressEnter.5. Selectandright-clicktheactivenetworkadapter,andthenselectProperties.6. SetthefollowingTCP/IPsettings:

IPaddress:10.0.0.100.Subnetmask:255.0.0.0.Defaultgateway:10.0.0.1.

PreferredDNSserver:10.0.0.100.

7. ClosetheNetworkConnectionsconsole.

Task2.2:PromotingtheDC1VirtualMachineasaDomainController

TopromotetheDC1virtualmachineasadomaincontroller,youneedtoperformthefollowingsteps:

1. OpentheServerManagerconsole.2. ClicktheAddrolesandfeatureslink.3. OntheBeforeyoubeginpage,clickNext.4. OntheSelectinstallationtypepage,clickNext.5. OntheSelectdestinationserverpage,clickNext.6. OntheSelectserverrolespage,selecttheActiveDirectoryDomainServices

checkbox,asshowninthefollowingfigure.

7. Acceptthedefaultselectionsthroughrestofthewizardandcompletetheinstallationprocess.

8. ClickClose,oncetheinstallationsucceedsonDC1.9. OntheServerManagerconsole,clicktheNotificationsicon.10. ClickthePromotethisservertoadomaincontrollerlink,asshowninthe

followingfigure.

11. OntheDeploymentConfigurationpage,selecttheAddanewforestradiobutton.

12. IntheRootdomainnametextbox,typemcsalab.local,asshowninthefollowingfigure,andthenclickNext.

13. OntheDomainControllerOptionspage,makesurethattheDomainNameSystem(DNS)servercheckboxisselected,asshowninthefollowingfigure.

14. InthePasswordandConfirmpasswordtextboxes,typethePassword@123,andthenclickNext.

15. OntheDNSOptionspageandthenclickNext.16. OntheAdditionalOptionspage,clickNext.17. OnthePathspage,asshowninthefollowingfigure,reviewthedefaultlocation

fortheADDSdatabasefile,andthenclickNext.

18. OntheReviewOptionspage,clickNext.19. OnthePrerequisitesCheckpage,asshowninthefollowingfigure,reviewthe

prerequisites,andthenclickInstall.

20. Aftersometime,thesystemwillrestartautomatically,signintoDC1withtheMCSALAB\Administratoraccount.

21. DonotshutdowntheDC1virtualmachine.

Task3:InstallingandConfiguringtheSERVER1VirtualMachine

ToinstallandconfiguretheSERVER1virtualmachine,youcanfollowthesimplestepsasyouusedtoinstallandconfiguretheDC1virtualmachine.

1. DuringtheinstallingSERVER1virtualmachine,makesurethatyouusethefollowingsettingsandoptions:Virtualmachinename:SERVER1.

Operatingsystemversion:WindowsServer2016.Memory:2048MBHarddisksize:50GB

NetworkAdapter:Hostonly(clickCustomizeHardwarebeforeclickingtheFinishbutton.)

Password:Password@1232. OnceyouinstalledtheSERVER1virtualmachinewiththeprecedingsettings,

configurethefollowingTCP/IPsettings:IPaddress:10.0.0.101Subnetmask:255.0.0.0Defaultgateway:10.0.0.1

PreferredDNSserver:10.0.0.1003. OnceyouconfiguredtheprecedingTCP/IPsettings,opentheSystemProperties

dialogboxandclickChange.4. OntheComputerName/DomainChangesdialogbox,intheComputername

textbox,typeSERVER1.5. SelecttheDomainradiobutton,intheMemberofsection,andthentype

mcsalab.local,andthenclickOK.6. OntheWindowsSecuritydialogbox,providethecredentialsoftheDC1server,

andrestarttheSERVER1virtualmachine.7. SignintoSERVER1withtheAdministratoraccount.8. ShutdowntheSERVER1virtualmachine.

Task4:InstallingandConfiguringtheCLIENT1VirtualMachine

ToinstallandconfiguretheCLIENT1virtualmachine,youcanfollowthesimplestepsasyouusedtoinstallandconfiguretheDC1virtualmachine.

1. DuringtheinstallingCLIENT1virtualmachine,makesurethatyouusethefollowingsettingsandoptions:Virtualmachinename:CLIENT1.

Operatingsystemversion:Windows8.1/10.Memory:1024MBHarddisksize:50GB

NetworkAdapter:Hostonly(clickCustomizeHardwarebeforeclickingtheFinishbutton.)

Password:Password@1232. OnceyouinstalledtheCLIENT1virtualmachinewiththeprecedingsettings,

configurethefollowingTCP/IPsettings:IPaddress:10.0.0.102Subnetmask:255.0.0.0Defaultgateway:10.0.0.1

PreferredDNSserver:10.0.0.1003. OnceyouconfiguredtheprecedingTCP/IPsettings,opentheSystem

Propertiesdialogbox,andclickChange.4. OntheComputerName/DomainChangesdialogbox,intheComputername

textbox,typeCLIENT1.5. SelecttheDomainradiobuttonintheMemberofsection,typemcsalab.local,

andthenclickOK.6. OntheWindowsSecuritydialogbox,providethecredentialsoftheDC1server,

andrestarttheCLIENT1virtualmachine.7. SignintoCLIENT1withtheAdministratoraccount.8. ShutdowntheCLIENT1virtualmachine.

Task5:InstallingandConfiguringtheROUTERVirtualMachine

ToinstallandconfiguretheROUTERvirtualmachine,youcanfollowthesimplestepsasyouusedtoinstallandconfiguretheDC1virtualmachine.

1. DuringthecreatingROUTERvirtualmachine,makesurethatyouusethefollowingsettingsandoptions:Virtualmachinename:ROUTER.


NetworkAdapter:Hostonly2. OnceyoucreatedtheROUTERvirtualmachinewiththeprecedingsettings,

selecttheROUTERvirtualmachine,clickEditvirtualmachinesettings,asshowninthefollowingfigure.

3. OntheVirtualMachineSettingsdialogbox,clickAdd.4. OntheAddHardwareWizard,selectNetworkAdapter,andthenclickNext.

5. OntheNetworkAdapterTypepage,selectVMnet2undertheCustomoption.

6. ClickFinishandthenclickOKbutton.7. PowerontheROUTERvirtualmachine.8. FollowthesimplestepstoinstalltheROUTERvirtulmachine.Use

[email protected]. OnceyouinstalledtheROUTERvirtualmachinewiththeprecedingsettings,

configurethefollowingTCP/IPsettingsonthefirstnetworkadapter(connectedtotheHostonlynetwork):

IPaddress:10.0.0.1Subnetmask:255.0.0.0

PreferredDNSserver:10.0.0.100

10. ConfigurethefollowingTCP/IPsettingsonthesecondnetworkadapter(connectedtotheVMnet2network):

IPaddress:192.168.0.1Subnetmask:255.255.255.0

11. OnceyouconfiguredtheprecedingTCP/IPsettings,opentheSystemPropertiesdialogbox,setthecomputernameasROUTER,andrestartthe

ROUTERvirtualmachine.12. OpentheCommandPromptwindow,typeping10.0.0.100,andthenpress

Enter.13. Youshouldbeabletocommunicate(ping)withtheDC1server.

Note:IfyouareunabletocommunicatewiththeDC1server,youmayneedtointerchangetheTCP/IPsettingsofthenetworkadapters.

14. DonotshutdowntheROUTERvirtualmachine.

Task6:CreatingandConfiguringtheSERVER2VirtualMachine

ToinstallandconfiguretheSERVER2virtualmachine,youcanfollowthesimplestepsasyouusedtoinstallandconfiguretheDC1virtualmachine.

1. DuringtheinstallingSERVER2virtualmachine,makesurethatyouusethefollowingsettingsandoptions:Virtualmachinename:SERVER2.


NetworkAdapter:VMnet2Password:Password@123

2. OnceyouinstalledtheSERVER2virtualmachinewiththeprecedingsettings,configurethefollowingTCP/IPsettings:

IPaddress:192.168.0.2Subnetmask:255.255.255.0Defaultgateway:192.168.0.1

PreferredDNSserver:10.0.0.1003. OnceyouconfiguredtheprecedingTCP/IPsettings,opentheSystem

Propertiesdialogbox,setthecomputernameasSERVER2,andrestarttheSERVER2virtualmachine.

4. SignintoSERVER2withtheAdministratoraccount.5. ShutdowntheSERVER2virtualmachine.1. ShutdowntheDC1virtualmachine.

Task7:CreatingSnapshotsofVirtualMachinesOnceyouinstalledandconfiguredallthevirtualmachines,youneedtocreatethe

snapshots/checkpointsforeachvirtualmachine.Snapshotwillhelpyoutorevertavirtualmachinetoitspreviouslyusedstate(atthepointwhenyouhadcreatedit).

Tocreateasnapshot,youneedtoperformthefollowingtasks:

1. Makesurethattheallvirtualmachinesareturnedoff.2. Selectandright-clickanyvirtualmachine,selectSnapshot,andthenselectTake

snapshot.Afterfewseconds,thesnapshotwillbecreated.3. Usingtheprecedingmethod,createsnapshotsofallthevirtualmachines.

Task8:WorkingwithWindowsServer2016DesktopExperience

GUIinterfaceofWindowsServer2016isalmosthassimilarfunctionsasusedinwindowsServer2012R2.However,therearesomenewfeaturehavebeenaddedtomaketheuser

experiencemoreinteresting.SomeofthebasicGUIfeaturesare:

StartbuttonTaskManagerTaskView

Startbutton1. SignintoDC1andclicktheStartbutton.Itwillshowyouthevariousoptions,

suchasServerManager,Settings,PowerShell,andCalculatorthatcanbeaccesseddirectly.

2. Ifyouright-clicktheStartbutton,itwillshowyoufewmoreoptions,asshowninthefollowingfigure.

TaskManagerTheTaskManagerinWindowsServer2016ismuchsimilartotheTaskManagerthathas

beenusedinWindowsServer2012R2.

TaskViewTaskViewallowsyoutoviewandswitchbetweendifferentactivewindows.Thisfeature

wasnotavailableinWindowsServer2012R2.

Task9:What’sNewinWindowsServer2016?InWindowsServer2016,therearemanynewrolesandfeatureshavebeenadded.Some

ofthemajornewrolesandfeaturesare:

HostGuardianServiceMultipointServices

WindowsServerEssentialsExperienceSetupandBootEventCollections

SMBBandwidthLimitWindowsBiometricFrameworkBitLockerNetworkUnlock

HostGuardianServiceTheHostGuardianService(HGS)isaserverroleintroducedinWindowsServer2016.ItprovidestheAttestationandKeyProtectionservicesthatallowGuardedHoststorunshieldedvirtualmachines.TheAttestationservicevalidatesguardedhostidentityand

configuration.TheKeyProtectionserviceallowstransportkeystoenableguardedhoststounlockandrunshieldedvirtualmachines.

MultipointServicesItallowsmultipleuserstosimultaneouslyshareonecomputerandeachuserhastheirown

independentandfamiliarWindowsexperience.

WindowsServerEssentialsExperienceThisisaroleservicethatsetsuptheITinfrastructureandofferspowerfulfunctions,suchas“PCbackups”thathelpsorganizations’toprotectdata,and“RemoteWebAccess”thathelpsaccessbusinessinformationfromanywhere,virtually.Italsohelpsyoutosimply

andrapidlyconnecttocloud-basedapplicationsandservicestoextendthefunctionalityoftheservers.

SetupandBootEventCollectionsItisafeaturethatenablesthecollectionandloggingofsetupandbooteventsfromother

computersonthenetwork.

SMBBandwidthLimitThisfeatureprovidesamechanismtotrackSMBtrafficpercategoryandallowsyoutolimittheamountoftrafficallowedforagivencategory.Itiscommonlyusedtolimitthe

bandwidthusedbylivemigrationoverSMB.

WindowsBiometricFramework

ThisfeatureallowsfingerprintdevicestobeusedtoidentifyandverifyidentitiesandtosignintoWindows.

BitLockerNetworkUnlockThisfeatureenablesanetwork-basedkeyprotectortobeusedtoautomaticallyunlockBitLocker-protectedoperatingsystemdrivesindomain-joinedcomputers,whenthe

computerisrestarted.

Exercise1:InstallingandConfiguringWindowsServer2012R2CoreMachine

Inthisexercise,youwillinstallandconfigureaWindowsServer2012R2coremachine.TheinstallationprocessfortheservercoreoptionandfullGUIoptionisalmostidentical.However,servercoreoptionrequireslesshardwareresourcesanditismoresecurethan

thefullGUIoption.Inthisexercise,youwillusethefollowingvirtualmachines:

DC1CORE1

ToinstallandconfiguretheWindowsServer2012R2coremachine,youneedtoperformthefollowingtasks:

Task1:InstallingWindowsServer2012R2CoreMachine.1. Createavirtualmachinewiththefollowingsettings:2. Duringthecreatingthevirtualmachine,makesurethatyouusethefollowing

settingsandoptions:Virtualmachinename:CORE1.

Operatingsystemversion:WindowsServer2016.Memory:512MB

Harddisksize:20GBNetworkAdapter:HostonlyPassword:Password@123

3. Oncethevirtualmachineiscreated,powerontheCORE1virtualmachine.4. Aftersometime,theWindowsSetupscreenwilldisplay.5. ClickNextandthenclickInstallnow.6. IftheActivateWindowsscreenisdisplayed,clickIdon’thaveaproductkey

link.

7. OntheSelecttheoperatingsystemyouwanttoinstallpage,selectWindowsServer2016TechnicalPreview4,andthenclickNext.

8. OntheLicensetermspage,selecttheIacceptthelicensetermscheckbox,andthenclickNext.

9. OntheWhichtypeofinstallationdoyouwant?page,clickCustom:InstallWindowsonly(advanced),asshowninthefollowingfigure.

10. OntheWheredoyouwanttoinstallWindows?page,clickNext.11. Theinstallationprocesswillstart.12. Aftersometime,thesigninscreenwilldisplay,andyouwillbeaskedtochange

theAdministratorpassword.

13. SettheAdministratorpasswordasPassword@123.

Task2:ConfiguringtheWindowsServer2016CoreMachine.

ToconfiguretheWindowsServer2016coremachine,youneedtoperformthefollowingsteps:

1. SignintoCORE1withtheAdministratoraccount.2. OntheCommandPromptwindow,typesconfig.cmd,andthenpressEnter.

TheServerConfigurationoptionswilldisplay,asshowninthefollowingfigure.

3. TochangethesystemDateandTime,type9,andthenpressEnter.4. OntheDateandTimedialogbox,asshowninthefollowingfigure,click

Changetimezone.

5. Selectthedesiredtimezone,andthenclickOK.6. IntheDateandTimedialogbox,clickChangeDateandTime,andverifythe

dateandtime,andthenclickOK.7. OntheCommandPromptwindow,type8,andthenpressEntertoconfigure

NetworkSettings.8. Typetheindexnumber(inourexampleitis10)ofthenetworkadapter,asshown

inthefollowingfigure,andthenpressEnter.

9. OntheNetworkAdapterSettingspage,type1,tosettheNetworkAdapterAddress,asshowninthefollowingfigure,andthenpressEnter.

10. TosetstaticIPaddress,typeS,asshowninthefollowingfigure,andthenpressEnter.

11. AttheEnterstaticIPaddress:prompt,type10.0.0.103,andthenpressEnter.12. AttheEntersubnetmask:prompt,acceptthedefaultvalue,andthenpress

Enter.13. AttheEnterdefaultgateway:prompt,type10.0.0.1,andthenpressEnter,as

showninthefollowingfigure.

14. OntheNetworkAdapterSettingsoption,type2,toconfiguretheDNSserveraddress,andthenpressEnter.

15. AttheEnternewpreferredDNSserverprompt,type10.0.0.100,andthenpressEnter.

16. OntheNetworkSettingsmessagebox,asshowninthefollowingfigure,clickOK.

17. PressEntertonotconfigureanalternateDNSserveraddress.18. AttheSelectoption:prompt,type4,andthenpressEntertoreturntothemain

menu.19. AttheEnternumbertoselectanoption:prompt,type15,andthenpress

Entertoexitthesconfig.cmdutility.20. OntheCommandPromptwindow,typepingdc1.mcsalab.localtoverifythe

connectivitybetweenDC1andCORE1.

Task3:AddingCORE1toDomain1. OntheCommandPromptwindow,typesconfig.cmd,andthenpressEnter.2. AttheEnternumbertoselectanoption:prompt,type2,andthenpressEnter.3. AttheEnteranewcomputername:prompt,typeCORE1,andthenpress

Enter.

4. OntheRestartdialogbox,clickYes.

5. ThesystemwillrestartandaftersometimetheSigninscreenwilldisplay.6. SignintoCORE1withtheAdministratoraccount.7. OntheCommandPromptwindow,typehostname,andthenpressEnterto

verifythecomputer’sname.8. OntheCommandPromptwindow,typesconfig.cmd,andthenpressEnter.9. Type1tochangetheDomain/Workgroupsettings,andthenpressEnter.10. TypeDtojoinadomain,andthenpressEnter.11. AttheNameofdomaintojoinprompt,typemcsalab.local,andthenpress

Enter.12. AttheSpecifyanauthorizeddomain\userprompt,typeAdministrator,and

thenpressEnter.13. AttheTypethepasswordassociatedwiththedomainuserprompt,type

Password@123,andthenpressEnter.14. AttheChangeComputerNamemessagebox,asshowninthefollowing

figure,clickNo.

15. OntheRestartdialogbox,clickYes.Thesystemwillrestart.Aftersometime,thesigninscreenwilldisplay.

16. SignintoCORE1withtheMCSALAB\Administratoraccount.

Results:Aftercompletingthisexercise,youwillhaveconfiguredaWindowsServer2016servercoremachine.

DonotturnofforshutdowntheDC1and/orCORE1virtualmachine(s)asthesevirtualmachineswillberequiredtoperformthenextexercise.

Exercise2:ManagingServersRemotelyInthisexercise,youwillmanagetheservercoremachinefromtheremotelocation.In

addition,youwillalsodeployrolesandfeaturesontheservercoremachine.Further,youwillmanagetheservicesontheservercoremachine.

Beforestartingtoperformthisexercise,makesurethattheDC1andCORE1virtualmachinesarerunning,andyouhavenotrevertedtheminthepreviousexercise.

Task1:CreatingandManagingtheServerGroup1. SignintoDC1withtheMCSALAB\Administratoraccount.2. OntheServerManagerconsole,makesurethatDashboardisselectedinthe

leftpane,andthenclickCreateaservergroup.3. OntheCreateServerGroupdialogbox,clicktheActiveDirectorytab,and

thenclickFindNow.4. IntheServergroupnametextbox,selecttheCORE1andSERVER1servers,

andthenaddCORE1andSERVER1totheservergroup.5. IntheServergroupnametextbox,typeServerGroup1,asshowninthe

followingfigure.

6. ClickOKtoclosetheCreateServerGroupdialogbox.7. OntheServerManagerconsole,selectServerGroup1intheleftpane.Verify

thatthebothserversarelistedintheServerspane,asshowninthefollowingfigure.

Task2:DeployingRolesandFeaturesonCORE1Machine1. SignintoDC1withtheMCSALAB\Administratoraccount.2. OntheServerManagerconsole,clickServerGroup1intheleftpane.3. Scrolltothetopofthepane,selectandright-clickCORE1,andthenselectAdd

RolesandFeatures,asshowninthefollowingfigure.

4. OntheAddRolesandFeaturesWizard,clickNext.5. OntheSelectinstallationtypepage,clickNext.6. OntheSelectdestinationserverpage,makesurethatCORE1.mcsalab.localis

selected,asshowninthefollowingfigure,andthenclickNext.

7. OntheSelectserverrolespage,selecttheDHCPServercheckbox,asshowninthefollowingfigure,andthenclickNext.

8. OntheAddRolesandFeaturesdialogbox,clickNext.9. ClickNext,untiltheConfirminstallselectionspageisdisplayed.10. OntheConfirminstallationselectionspage,selecttheRestartthedestination

serverautomaticallyifrequiredcheckbox,asshowninthefollowingfigure,andthenclickInstall.

11. ClickClosetoclosetheAddRolesandFeaturesWizard,oncetheinstallationiscompleted.

Task3:ManagingServicesontheCORE1Machine1. SwitchtoasOtheruserandsignintoCORE1withthe

MCSALAB\Administratoraccount.2. OntheCommandPromptwindow,typethefollowingcommand,andthenpress

Enter,asshowninthefollowingfigure.

netsh.exefirewallsetserviceremoteadminenableALL

3. SwitchbackandsignintoDC1withtheMCSALAB\Administratoraccount.4. OntheServerManagerconsole,selectServerGroup1.5. Selectandright-clickCORE1,andthenclickComputerManagement.6. OntheComputerManagementconsole,expandtheServicesandApplications

node,andthenselectServices.7. Selectandright-clicktheDHCPServerservice,andthenclickProperties,as


8. OnthePropertiesdialogbox,ontheGeneraltab,makesurethattheStartuptypeissettoAutomatic.

9. SelecttheRecoverytab,configurethefollowingsettings,asshowninthefollowingfigure.

Firstfailure:RestarttheServiceSecondfailure:RestarttheService

Subsequentfailures:RestarttheComputerResetfailcountafter:1daysRestartserviceafter:1minute

10. OnthePropertiesdialogbox,clickRestartComputerOptions.

11. OntheRestartComputerOptionsdialogbox,intheRestartcomputerafterbox,type2,andthenclickOK.

12. ClickOKtoclosethePropertiesdialogbox.13. ClosetheComputerManagementconsole.

Results:Aftercompletingthisexercise,youhavecreatedaservergroup,deployedrolesandfeatures,andmanagedaserviceremotely.

ShutdownandreverttheDC1andCORE1virtualmachinestoprepareforthenextexercise.

Exercise3:UsingWindowsPowerShelltoManageServersInthisexercise,youwillusetheWindowsPowerShelltomanagetheWindowServer2016.WindowsPowerShellisacommand-lineinterfacethatissimilartocommandprompt.ItisdesignedtoexecutethescriptssimilartoUNIX/Linuxoperatingsystems.

StarttheDC1virtualmachinetoperformthisexercise.

Task1:UsingtheWindowsPowerShelltoConnectRemotelytoServersandViewInformation

1. SignintoDC1withtheMCSALAB\Administratoraccount.2. OntheServerManagerconsole,selectServerGroup1.3. Selectandright-clickCORE1,andthenselectWindowsPowerShell.4. AttheWindowsPowerShellprompt,typecd\andthenpressEnter.5. TypeImport-ModuleServerManager,andthenpressEnter.6. TypeGet-WindowsFeatureandthenpressEntertoviewtheinstalledrolesand

featuresonCORE1,asshowninthefollowingfigure.

7. TypethefollowingcommandtoviewtherunningservicesonCORE1andthenpressEnter,asshowninthefollowingfigure.

Get-service|where-object{$_.status-eq“Running”}

8. TypethefollowingcommandandthenpressEntertoviewalistofprocessesonCORE1,asshowninthefollowingfigure.

Get-Process

9. TypethefollowingcommandtoviewtheIPaddressesoftheCORE1machine,andthenpressEnter,asshowninthefollowingfigure.

Get-NetIPAddress|Format-table

10. Typethefollowingcommandtoviewthemostrecent5securitylogs,andthenpressEnter,asshowninthefollowingfigure.

Get-EventLogSecurity-Newest5

11. CloseWindowsPowerShell.

Task2:UsingWindowsPowerShelltoManageRolesandFeaturesRemotely

1. OnDC1,onthetaskbar,clicktheWindowsPowerShell icon.2. AttheWindowsPowerShellprompt,typethefollowingcommand,andthen

pressEnter.3. Import-ModuleServerManager4. ToverifythattheWINSServerfeatureisnotinstalledonCORE1,typethe

followingcommand,andthenpressEnter,asshowninthefollowingfigure.

Get-WindowsFeature-ComputerNameCORE1

5. ToinstalltheWINSServerfeatureonCORE1,typethefollowingcommand,andthenpressEnter,asshowninthefollowingfigure.

6. Install-WindowsFeatureWINS-ComputerNameCORE1

7. VerifythattheExitCodestatusdisplaysasthesuccesstext.

Results:Aftercompletingthisexercise,youhavemanagedtheserversusingWindowsPowerShell.

ShutdownandreverttheDC1andCORE1virtualmachines.

Exercise04:InstallingandConfiguringDomainControllersThesystemthatholdstheActiveDirectoryDomainServicesroleactsasadomain

controller.Adomaincontrollerisaserverthatisusedtomanageandcontroltheclientsonanetwork.

Inthisexercise,youwilllearnhowtoconfigureadomaincontrolleronWindowsServe2016.Inaddition,youwillalsolearnhowtoconfigureaserverasaGlobalCatalogserver.

StarttheDC1andSERVER1virtualmachinestoperformthisexercise.

Task1:AddingtheADDSRoleonaMemberServer1. SignintoDC1withtheMCSA\Administratoraccount.2. OntheServerManagerconsole,intheleftpane,selectandright-clickAll

Servers,andthenselectAddServers.3. OntheAddServersdialogbox,intheName(CN)textbox,typeSERVER1,

andthenclickFindNow.4. Inthenamelistarea,selectSERVER1,andthenclickthearrowtoaddthe

servertotheSelectedcolumn,asshowninthefollowingfigure.

5. ClickOKtoclosetheAddServersdialogbox.6. OntheServerManagerconsole,intheServerspane,waituntilthe

ManageabilitystatusdisplaysasOnline–Performancecountersnotstarted,asshowninthefollowingfigure.

7. Selectandright-clickSERVER1,andthenselectAddRolesandFeatures.8. OntheAddRolesandFeaturesWizard,clickNext.9. OntheSelectinstallationtypepage,clickNext.10. OntheSelectdestinationserverpage,makesurethattheSelectaserverfrom

theserverpoolradiobuttonisselected.11. IntheServerPoolarea,makesurethatSERVER1.mcsalab.localisselected,as

showninthefollowingfigure,andthenclickNext.

12. OntheSelectserverrolespage,selecttheActiveDirectoryDomainServicescheckbox.

13. OntheAddRolesandFeaturesdialogbox,clickAddFeatures,andthenclickNext.

14. TheSelectserverrolespageisreturned,makesurethattheActiveDirectoryDomainServicescheckboxisselected,asshowninthefollowingfigure,and

thenclickNext.

15. ClickNext,untiltheConfirminstallationselectionspageisdisplayed.16. OntheConfirminstallationselectionspage,selecttheRestartthedestination

serverautomaticallyifrequiredcheckbox,andthenclickInstall.17. Theinstallationprocesswillstart.ClickClosetoclosetheAddRolesand

FeaturesWizard,oncetheinstallationiscompleted.

Task2:ConfiguringSERVER1ServerasaDomainController

1. OnDC1,ontheServerManagerconsole,clicktheNotificationsbutton.2. OnthePost-deploymentConfigurationbox,clickthePromotethisservertoa

domaincontrollerlink,asshowninthefollowingfigure.

3. OntheDeploymentConfigurationpage,oftheActiveDirectoryDomainServicesConfigurationWizard,makesurethattheAddadomaincontroller

toanexistingdomainradiobuttonisselected.4. IntheDomaintextbox,makesurethatthemcsalab.localtextiswritten,as


5. IntheSupplythecredentialstoperformthisoperationsection,clickChange.6. OntheWindowsSecuritydialogbox,intheUsernametextbox,type

MCSALAB\Administrator,inthePasswordbox,typePassword@123,asshowninthefollowingfigure.

7. ClickOKandthenclickNext.8. OntheDomainControllerOptionspage,makesurethatDomainName

System(DNS)servercheckboxisselected,andthencleartheGlobalCatalog(GC)checkbox.

9. IntheTypetheDirectoryServicesRestoreMode(DSRM)passwordsection,typePassword@123,inthePasswordandConfirmpasswordtextboxes,as


10. ClickNext,untilthePrerequisitesCheckpageisdisplayed.11. OnthePrerequisitesCheckpage,reviewthewarnings,andthenclickInstall.12. Theinstallationprocesswillstart,clickClose,oncetheinstallationiscompleted.13. Theserverwillrestart.Waitforservertorestart.

Task3:ConfiguringSERVER1asaGlobalCatalogServer1. SwitchandsignintoSERVER1withtheMCSALAB\Administratoraccount2. OntheServerManagerconsole,clickTools,andthenclickActiveDirectory

SitesandServices.3. OntheActiveDirectorySitesandServicesconsole,expandSites\Default-

First-Site-Name\Servers,andthenclickSERVER1,asshowninthefollowingfigure.

4. Intheleftpane,selectandright-clickNTDSSettings,andthenselectProperties.

5. OntheNTDSSettingsPropertiesdialogbox,selecttheGlobalCatalogcheck

box,asshowninthefollowingfigure,andthenclickOK.

6. ClosetheActiveDirectorySitesandServicesconsole.

Results:Aftercompletingthisexercise,youwillhaveexploredtheServerManagerconsoleandpromotedamemberservertobeadomaincontroller.

ShutdownandreverttheDC1andSERVER1virtualmachinestoprepareforthenextexercise.

Exercise5:InstallingaDomainControllerbyUsingIFMInthisexercise,youwilllearnhowtoconfigureadomaincontrollerusingtheIFMdatafile.TheInstallFromMedia(IFM)isafeaturethatallowsyoutoconfigureaserverasadomaincontroller.Thisfeaturehelpsyoutoreducethenetworkbandwidthconsumptionusedduringtheadditionaldomaincontrollerconfiguration.IFMallowsyoutoexportthe

ActiveDirectorydatabasefile(NTDS)toanexternalmediawhichcanbeusedtoconfigureanadditionaldomaincontroller.


Task1:GeneratingaIFMDataFile1. SignintoDC1withtheMCSA\Administratoraccount.2. OpentheRundialogbox,intheOpentextbox,typecmd,andthenpressEnter.3. OntheCommandPromptwindow,typethefollowingcommands,andthen

pressEnteraftereachone,asshowninthefollowingfigure.

Ntdsutil

Activateinstancentds

IFM

CreatesysvolfullC:\IFM

Task2:AddingtheADDSRoletotheMemberServer1. SwitchandsignintoSERVER1withtheMCSALAB\Administratoraccount.2. OpentheCommandPromptwindow,typethefollowingcommand,andthen

pressEnter,asshowninthefollowingfigure.

NetuseZ:\DC1\c$\IFM

3. OpentheServerManagerconsole,ifrequired.4. Intheleftpane,selectLocalServer.5. Inthetoolbar,clickManage,andthenclickAddRolesandFeatures,asshown

inthefollowingfigure.

6. OntheBeforeyoubeginpageoftheAddRolesandFeaturesWizard,clickNext.

7. OntheSelectinstallationtypepage,makesurethattheRole-basedorfeature-basedinstallationradiobuttonisselected,andthenclickNext.

8. OntheSelectdestinationserverpage,makesurethattheSERVER1serverisselected,andthenclickNext.

9. OntheSelectserverrolespage,selecttheActiveDirectoryDomainServicescheckbox.

10. OntheAddRolesandFeaturesWizarddialogbox,clickAddFeatures,andthenclickNext.

11. OntheSelectFeaturespage,clickNext.12. OntheActiveDirectoryDomainServicespage,clickNext.13. OntheConfirminstallationselectionspage,selecttheRestartthedestination

serverautomaticallyifrequiredcheckbox.14. OntheAddRolesandFeaturesWizardmessagebox,asshowninthe

followingfigure,readthemessage,andthenclickYes.

15. OntheConfirminstallationselectionspage,clickInstall.16. Theinstallationprocesswillstart.ClickClose,oncetheinstallationis

completed.

Note:IfyouseeawarningregardingtheDNSserverdelegation,clickOK.

Task3:ConfiguringSERVER1asaNewDomainControllerUsingtheIFMDataFile

1. OnSERVER1,opentheCommandPromptwindow,ifrequired.2. OntheCommandPromptwindow,typethefollowingcommands,andthen


RobocopyZ:C:\IFM/copyall/s

3. ClosetheCommandPromptwindow,oncethecopyingprocessiscompleted.4. OntheServerManagerconsole,clicktheNotificationsbutton.5. InthePost-deploymentConfigurationbox,clickthePromotethisservertoa

domaincontrollerlink.6. OntheDeploymentConfigurationpage,makesurethattheAddadomain

controllertoanexistingdomainradiobuttonisselected.7. Makesurethatthemcsalab.localtextiswrittenintheDomaintextbox,as


8. IntheSupplythecredentialstoperformthisoperationsection,clickChange.

Note:IfyouarealreadyloggedinasMCSA\Administratoraccount,youdon’tneedtochangethecredentialsonthispage.Ifso,movedirectlytotheDomainControllerOptions

page.

9. OntheWindowsSecuritydialogbox,intheUsernametextbox,typeMCSALAB\Administrator,inthePasswordtextbox,typePassword@123.

10. ClickOK,andthenclickNext.11. OntheDomainControllerOptionspage,makesurethattheDomainName

System(DNS)serverandGlobalCatalog(GC)checkboxesareselected.

12. UndertheDSRMpasswordsection,typePassword@123inthePasswordandConfirmpasswordtextboxesandthenclickNext.

13. OntheDNSOptionspage,clickNext.14. OntheAdditionalOptionspage,selecttheInstallfrommediacheckbox.15. InthePathtextbox,typeC:\IFM,asshowninthefollowingfigure.

16. ClickVerify.Oncethepathhasbeenverified,clickNext.17. OnthePathspage,clickNext.18. OntheReviewOptionspage,clickNext.19. OnthePrerequisitesCheckpage,clickInstall.Theinstallationprocesswill

startandtheserverwillrestart,oncetheconfigurationiscompleted.Waitfortheservertorestart.

Results:Aftercompletingthisexercise,youwillhaveinstalledanadditionaldomaincontrollerforthebranchofficebyusingIFM.

ShutdownandreverttheDC1andSERVER1virtualmachinestoprepareforthenextexercise.

Exercise6:ManagingOrganizationalUnitsandGroupsinADDS

ActiveDirectoryobjectsareusedtoaccessthevariousnetworkresourcesforthevariouspurposes.Onceyouconfiguredadomaincontroller,youneedtocreateandmanageActiveDirectoryobjects,suchasOUs,groups,andusers.Youcandelegatetheadministrative

permissionstotheActiveDirectoryobjects.

Inthisexercise,youwilllearnhowtocreateActiveDirectoryobjects,howtodelegatethepermissions,andhowtoconfigurehomefolders.Inaddition,youwillalsolearnhowto

resetandrejointhecomputeraccounts.

StarttheDC1andCLIENT1virtualmachinestoperformthisexercise.

Task1:ManagingOrganizationalUnitsandGroups1. SignintoDC1withtheMCSALAB\Administratoraccount.2. OntheServerManagerconsole,clickTools,andthenclickActiveDirectory

UsersandComputers.3. OntheActiveDirectoryUsersandComputersconsole,selectandright-click

mcsalab.local,andthenselectNew,andthenclickOrganizationalUnit,asshowninthefollowingfigure.

4. OntheNewObject–OrganizationalUnitdialogbox,intheNametextbox,typeTraining,asshowninthefollowingfigure,andthenclickOK.

5. Selectandright-clicktheTrainingOUintheleftpane,andthenselectNew,andthenclickGroup.

6. OntheNewObject–Groupdialogbox,intheGroupnametextbox,typeStudents,asshowninthefollowingfigure,andthenclickOK.

7. Selectandright-clickmcsalab.local,intheleftpane,andthenselectNew,andthenclickOrganizationalUnit.

8. OntheNewObject–OrganizationalUnitdialogbox,intheNametextbox,typeDevelopment,andthenclickOK.

9. Selectandright-clicktheDevelopmentOU,andthenselectNew,andthenclickGroup.

10. OntheNewObject–Groupdialogbox,intheGroupnametextbox,typeTrainers,andthenclickOK.

11. Selectandright-clicktheDevelopmentOU,andthenselectNew,andthenclickGroup.

12. OntheNewObject–Groupdialogbox,intheGroupnametextbox,typeManagers,andthenclickOK.

13. Intherightpane,selectandright-clicktheTrainersgroup,andthenselectMove,asshowninthefollowingfigure.

14. OntheMovedialogbox,selecttheTrainingOU,asshowninthefollowingfigure,andthenclickOK.

15. Intheleftpane,selecttheTrainingOU.16. Intherightpane,selectandright-clickTrainers,andthenselectDelete.17. OntheActiveDirectoryDomainServicesmessagebox,clickYes.Makesure

thattheTrainersgroupisdeleted.

Task2:DelegatingthePermissions1. MakesurethattheActiveDirectoryUsersandComputersconsoleisactiveon

DC1.2. Intheleftpane,selectandright-clicktheTrainingOU,andthenselectDelegate

Control,asshowninthefollowingfigure.

3. OnthewelcomepageoftheDelegationofControlWizard,andclickNext.4. OntheUsersorGroupspage,clickAdd.5. OntheSelectUsers,Computers,orGroupsdialogbox,intheEntertheobject

namestoselect(examples)textbox,typeStudents,asshowninthefollowingfigure,andthenclickOK.

6. OntheUsersorGroupspage,clickNext.7. OntheTaskstoDelegatepage,makesurethattheDelegatethefollowing

commontasksradiobuttonisselected.8. SelecttheCreate,delete,andmanageuseraccountscheckbox,asshownin

thefollowingfigure,andthenclickNext.

9. OntheCompletingtheDelegationofControlWizardpage,clickFinish.10. Selectandright-clicktheTrainingOU,andthenselectNew,andthenclick

User.11. OntheNewObject-Userdialogbox,typeMarsh,intheFirstnameandUser

logonnametextboxes,asshowninthefollowingfigure,andthenclickNext.

12. InthePasswordandConfirmpasswordtextboxes,[email protected]. CleartheUsermustchangepasswordatnextlogoncheckbox,selectthe

Passwordneverexpirescheckbox,asshowninthefollowingfigure.

14. ClickNext,andthenclickFinish.15. MinimizetheActiveDirectoryUsersandComputersconsole.

Task3:ConfiguringHomeFoldersforUserAccounts1. OnDC1,createafoldernamedMarshData,undertheC:\Users\Publicfolder,

asshowninthefollowingfigure.

2. Selectandright-clicktheMarshDatafolder,andthenselectProperties.3. OntheMarshDataPropertiesdialogbox,selecttheSharingtab,asshownin

thefollowingfigure.

4. ClickAdvancedSharing.5. OntheAdvancedSharingdialogbox,selecttheSharethisfoldercheckbox,as


6. ClickPermissions.

7. OnthePermissionsforMarshDatadialogbox,inthePermissionsforEveryonesection,selecttheFullControlcheckbox,asshowninthefollowing

figure.

8. ClickApply,andthenclickOK.9. ClickOKtocloseAdvancedSharingdialogbox,andthenclickClose.10. ClosetheWindowsExplorerwindow.11. SwitchtotheActiveDirectoryUsersandComputersconsole.12. Selectandright-clicktheMarshuser,andthenselectProperties.13. OntheMarshPropertiesdialogbox,selecttheProfiletab.14. UndertheHomefoldersection,selecttheConnectradiobutton.15. IntheTotextbox,type\DC1\MarshData\Marsh,asshowninthefollowing

figure,andthenclickApply.

Note:BydefaultallthedomainusersaredeniedtosignintotheDomainControllerserver.Inthenextsteps,wearegoingtomakeMarshasthememberofPrintOperatorsgrouptosignintoDomainControllertotesttheexercise.Youwilllearnmoreaboutthe

userrightsandpermissionsintheupcomingexercises.

16. SelecttheMemberOftab,andthenclickAdd.17. OntheSelectGroupsdialogbox,intheEntertheobjectnamestoselect

(example)textbox,typePrintOperators,asshowninthefollowingfigure.

18. ClickCheckNames,andthenclickOK.19. OntheMemberOftab,andclickagainAdd.20. OntheSelectGroupsdialogbox,intheEntertheobjectnamestoselect

(example)textbox,typeStudents.21. ClickCheckNames,andthenclickOK.

Note:YouhaveaddedtheMarshusertoStudentsgrouptotestthedelegatedpermissions.

22. ClickOKtoclosetheMarshPropertiesdialogbox.23. ClosetheActiveDirectoryUsersandComputersconsole.

Task4:TestingandVerifyingtheHomeFoldersandDelegatedPermissions

1. OnDC1,opentheRundialogbox,typelogoffandthenclickOKtosignoutfromtheMCSALAB\Administratoraccount,asshowninthefollowingfigure.

2. SwitchtoOtheruserandSigninasMarshwiththepasswordasPassword@123,asshowninthefollowingfigure.

3. PresstheWindows+EkeystoopentheWindowsExplorerwindow.

4. VerifythatdriveZismappedto(\DC1\MarshData),asshowninthefollowingfigure.

5. Double-clickMarsh(\DC1\MarshData)(Z:).

Note:Youshouldbeabletoaccessthisdrivewithoutanyerrors.Ifyoureceivenoerrors,youhavebeensuccessful.

6. ClosetheWindowsExplorerwindow.7. OpentheRundialogbox,typedsa.msc,intheOpentextbox,andthenpress

Enter.8. OntheUserAccountControldialogbox,intheUsernametextbox,type

Marsh.9. InthePasswordtextbox,typePassword@123,asshowninthefollowing

figure,andthenclickYes.

10. OntheActiveDirectoryUsersandComputersconsole,expandmcsalab.local.

11. Selectandright-clickTraining,andthenclickNew,andthenclickUser.12. OntheNewObject–Userdialogbox,intheFirstnameandUserlogonname

textboxes,typeTestUser2,andthenclickNext.13. InthePasswordandConfirmpasswordtextboxes,[email protected]. ClickNext,andthenclickFinish.15. MakesurethattheTestUser1accountiscreated,undertheTrainingOU.16. Selectandright-clickDevelopment,andthenclickNew,andthenclickUser.17. OntheNewObject–Userdialogbox,intheFirstnameandUserlogonname

textboxes,typeTestUser2,andthenclickNext.18. InthePasswordandConfirmpasswordtextboxes,typePassword@123,click

Next,andthenclickFinish.19. Makesurethatyougetthefollowingerrormessage.

20. ClickOK,andthenclickCancel.21. ClosetheActiveDirectoryUsersandComputersconsole.22. SignoutfromtheMarshuser.

Task5:ResettingtheComputerAccounts1. SignintoDC1withtheMCSALAB\Marshaccount.2. OntheServerManagerconsole,clickTools,andthenclickActiveDirectory

UsersandComputers.3. OntheActiveDirectoryUsersandComputersconsole,expandmcsalab.local.4. Intheleftpane,selectComputers.5. Intherightpane,selectandright-clickCLIENT1,andthenclickReset

Account,asshowninthefollowingfigure.

6. OntheActiveDirectoryDomainServicesmessagebox,clickYes,andtheclickOK.

Task6:ExaminingtheBehaviorwhenaUserLoginsonClient.

1. TrytoSignintoCLIENT1withtheMCSALAB\Marshaccount.2. AmessagedisplaysstatingthatThetrustrelationshipbetweenthis

workstationandtheprimarydomainfailed,asshowninthefollowingfigure.

Task7:RejoiningtheDomaintoReconnecttheComputerAccount

1. SignintoCLIENTasCLIENT1\AdministratorwiththepasswordasPassword@123.

2. OpentheSystemPropertiesdialogbox,clickNetworkID.3. OntheSelecttheoptionthatdescribesyournetworkpage,asshowninthe

followingfigure,clickNext.

4. OntheIsyourcompanynetworkonadomain?page,clickNext.5. OntheYouwillneedthefollowinginformationpage,clickNext.6. OntheTypeyourusername,password,anddomainnameforyourdomain

accountpage,intheUsernametextbox,typeAdministrator.7. InthePasswordtextbox,[email protected]. IntheDomainnametextbox,typeMCSALAB.LOCAL,asshowninthe

followingfigure,andthenclickNext.

9. OntheUserAccountandDomainInformationdialogbox,clickYes.10. OntheDoyouwanttoenableadomainuseraccountonthiscomputer?

page,selecttheDonotaddadomainuseraccountradiobutton,andthenclickNext.

11. ClickFinish,andthenclickOK.12. OntheMicrosoftWindowsdialogbox,clickRestartNow.Waitforsystemto

restart.13. SigninasMCSALAB\[email protected]. Makesurethatyouareabletosignin.

Results:Afterthisexercise,youhavesuccessfullycreatedandtestedOrganizationalUnits,Groups,Users,HomeFolders,andtheDelegationofControlWizard.Inaddition,

youshouldalsohavesuccessfullyresetatrustrelationship

ShutdownandreverttheDC1andCLIENT1virtualmachinestoprepareforthenextexercise.

Exercise7:UsingWindowsPowerShelltoCreateUserAccountsandGroups

Asdiscussedearlier,WindowPowerShellisacommand-lineinterfaceusedtomanageWindowsserversandclients.YoucanalsouseWindowsPowerShelltomanagetheActive

Directoryobjects.

Inthisexercise,youwilllearnhowtomanageActiveDirectoryobjectsusingWindowPowerShell.Inaddition,youwillalsolearnhowtoexportandimporttheActiveDirectory

objectsusingWindowPowerShell.


Task1:CreatingaUserAccountUsingWindowsPowerShell1. SignintoDC1withtheMCSALAB\Administratoraccount.2. Onthetaskbar,clicktheWindowsPowerShellicon.3. AttheWindowsPowerShellprompt,typecd\andthenpressEnter.4. TocreateanOrganizationalUnitnamedBranchOffice,typethefollowing

command,andthenpressEnter:

New-ADOrganizationalUnitBranchOffice

5. TocreateausernamedPeterundertheBranchOfficeOU,typethefollowingcommand,andthenpressEnter:

New-ADUser-NamePeter-DisplayName“PeterMark”-Path“ou=BranchOffice,dc=mcsalab,dc=local”

6. TosetthepasswordforPeteruser,typethefollowingcommand,andthenpressEnter:

Set-ADAccountPasswordPeter

Whenpromptedforthecurrentpassword,pressEnter.

Whenpromptedforthedesiredpassword,typePassword@123,andthenpressEnter.

Whenpromptedtorepeatthepassword,typePassword@123,andthenpressEnter.

7. ToenablethePeteruser,typethefollowingcommand,andthenpressEnter.

Enable-ADAccountPeter

8. SwitchtotheCLIENT1virtualmachine.

9. OnCLIENT1,[email protected]. Verifythatsigninissuccessful,andthensignoutofCLIENT1.

Task2:CreatingGroupsUsingWindowsPowerShell1. SwitchbacktoDC1.2. AttheWindowsPowerShellprompt,typethefollowingcommandtocreatea

newsecurity(global)groupnamedBranchUsers,andthenpressEnter.

New-ADGroupBranchUsers-Path“ou=BranchOffice,dc=mcsalab,dc=local”

3. AttheGroupScopeprompt:typeGlobalandthenpressEnter,asshowninthefollowingfigure.

4. ToaddthePeteruserasmemberoftheBranchUsersgroup,typethefollowingcommand,andthenpressEnter.

Add-ADGroupMemberBranchUsers-MembersPeter

5. ToviewthemembersoftheBranchUsersgroup,typethefollowingcommand,andthenpressEnter.

Get-ADGroupMemberBranchUsers

Task3:ExportingUserAccountsUsingtheldifdeTool1. AttheWindowsPowerShellprompt,typethefollowingcommand,andthen


ldifde-fMyUsers

2. AttheWindowsPowerShellprompt,typenotepadMyUsersandthenpressEnter.

3. ReviewtheMyUsersfileandclosetheNotepad.

Results:Aftercompletingthisexercise,youhavemanagedADDSobjectsusingWindowsPowerShell.


Exercise8:InstallingandConfiguringtheDHCPServerRole

DynamicHostConfigurationProtocol(DHCP)isasservicethatisusedtoprovideTCP/IPsettings,suchasIPaddress,subnetmask,defaultgateway,andDNSservertotheclients,

automatically.Inalargeenterprisenetwork,itisdifficulttomanageIPaddressesmanually.Hence,DHCPcanbeausefulfeaturetomanagetheIPaddressesinalarge

enterprisenetwork.

Inthisexercise,youwilllearnhowtoinstalltheDHCPserverroleandhowtoconfiguretheDHCPscope.Inaddition,youwillalsolearnhowtousetheDHCPreservationfeature

toreserveaspecificIPaddressforaspecificclient.


Task1:InstallingtheDHCPServerRole1. SignintoDC1withMCSALAB\Administratoraccount.2. OpentheServerManagerconsole,ifrequired.3. OntheServerManagerconsole,clicktheAddrolesandfeatureslink.4. OntheAddRolesandFeaturesWizard,clickNext.5. OntheSelectinstallationtypepage,makesurethattheRole-basedorfeature-

basedinstallationradiobuttonisselected,andthenclickNext.6. OntheSelectdestinationserverpage,clickNext.7. OntheSelectserverrolespage,selecttheDHCPServercheckbox.8. OntheAddRolesandFeaturesWizarddialogbox,clickAddFeatures.9. TheSelectserverrolespageisreturned,asshowninthefollowingfigure,click

Next.

10. Completetheinstallationprocess.

Task2:ConfiguringtheDHCPScope1. OntheServerManagerconsole,clickTools,andthenclickDHCP.2. OntheDHCPconsole,intheleftpane,expanddc1.mcsalab.local.3. Selectandright-clickdc1.mcsalab.local,andthenselectAuthorize.

4. Selectandright-clickdc1.mcsalab.local,andthenclickRefresh.NoticethattheiconsnexttoIPv4IPv6changescolorfromredtogreen,asshowninthe

followingfigure.

5. OntheDHCPconsole,selectandright-clickIPv4,andthenselectNewScope.6. OnthewelcomepageoftheNewScopeWizard,clickNext.7. OntheScopeNamepage,intheNametextbox,typeDHCPScope1,asshown

inthefollowingfigure,andthenclickNext.

8. OntheIPAddressRangepage,providethefollowinginformation,asshowninthefollowingfigure,andthenclickNext.

StartIPaddress:10.0.0.225EndIPaddress:10.0.0.250

Length:8Subnetmask:255.0.0.0

9. OntheAddExclusionsandDelaypage,excludethefollowingIPaddressrange,asshowninthefollowingfigure.

StartIPaddress:10.0.0.225EndIPaddress:10.0.0.230

10. ClickAdd,andthenclickNext.11. OntheLeaseDurationpage,reviewthedefaultleasedurationlimit,andthen

clickNext.12. OntheConfigureDHCPOptionspage,makesurethattheYes,Iwantto

configuretheseoptionnowradiobuttonisselected,asshowninthefollowingfigure,andthenclickNext.

13. OntheRouter(DefaultGateway)page,intheIPaddresstextbox,type10.0.0.0.1,asshowninthefollowingfigure.

14. ClickAdd,andthenclickNext.15. OntheDomainNameandDNSServerspage,makesurethat10.0.0.100is

writtenundertheIPaddresscolumn,asshowninthefollowingfigure,andthenclickNext.

16. OntheWINSServerspage,clickNext.17. OntheActivateScopepage,makesurethattheYes,Iwanttoactivatethis

scopenowradiobuttonisselected,asshowninthefollowingfigure,andthenclickNext.

18. OntheCompletingtheNewScopeWizardpage,clickFinish.19. Selectandright-clickIPv4,andthenselectRefresh.20. MakesurethattheIPv4nodeismarkedwiththegreencolor,asshowninthe

followingfigure.

Task3:ConfiguringDHCPClient1. OpentheNetworkConnectionswindow,selectandright-clicktheactive

networkadapterandthenselectProperties.2. OnthePropertiesdialogbox,scrolldown,selectInternetProtocolVersion4

(TCP/IPv4),andthenclickProperties.3. OntheInternetProtocolVersion4(TCP/IPv4)Propertiesdialogbox,select

theObtainanIPaddressautomaticallyradiobutton,selecttheObtainDNSserveraddressautomaticallyradiobutton,asshowninthefollowingfigure.

4. ClickOK,andthenclickClose.5. OpentheRundialogbox,typecmd,andthenpressEnter.6. OntheCommandPromptwindow,typeipconfig/renew,asshowninthe

followingfigure,andthenpressEnter.

7. Typetheipconfig/allcommandandverifythatCLIENT1hasreceivedTCP/IPsettings,suchasIPaddress,subnetmask,defaultgateway,andDNSserver’sIP

address,asshowninthefollowingfigure.

Task4:ConfiguringDHCPReservation1. OnCLIENT1,ontheCommandPromptwindow,typeipconfig/all,andthen

pressEnter.2. FindandwritedownthePhysicalAddressoftheCLIENT1networkadapter,in

thiscaseitis00-15-5D-77-D6-0B,asshowninthefollowingfigure.

Note:Thephysicaladdressisaunique48bitaddress,whichisassignedbyIEEEandnetworkadapter’svendor.

3. Switchandsignin(ifrequired)toDC1withtheMCSALAB\Administratoraccount.

4. MakesurethattheDHCPconsoleisactive.Ifnot,opentheDHCPconsole.5. OntheDHCPconsole,expanddc1.mcsalab.local,andthenclickIPv4.6. Selectandright-clickReservations,andthenselectNewReservation,asshown


7. OntheNewReservationdialogbox,intheReservationNametextbox,typeCLIENT1.

8. IntheIPaddresstextbox,type10.0.0.240.9. IntheMACaddresstextbox,typethephysicaladdressoftheCLIENT1

machine(00-15-5D-77-D6-0B),asshowninthefollowingfigure.

Note:ReplacethephysicaladdresstextwiththeactualphysicaladdressofyourCLIENT1machine.

10. ClickAdd,andthenclickClose.11. SwitchbackandsignintoCLIENT1.12. OntheCommandPromptwindow,typeipconfig/release,andthenpress

EntertoreleasetheexistingIPaddress.13. OntheCommandPromptwindow,typeipconfig/renew,andthenpressEnter

toobtainanewIPaddress.14. OntheCommandPromptwindow,verifythatIPaddressofCLIENT1isnow

10.0.0.240,asshowninthefollowingfigure.

15. ClosetheCommandPromptwindow.

Results:Aftercompletingthisexercise,youshouldhaveconfiguredDHCPscope,DHCPoptions,andDHCPreservation.


Exercise9:InstallingandConfiguringDNSDomainNameSystem(DNS)isaservicethatisusedtoperformthenameresolution.

NameresolutionisaprocesstomapdomainnamesintoIPaddressesandviceversa.ThesystemscommunicatetoeachotherusingtheIPaddresses,howeveritisdifficulttoremembertheIPaddressesofeachclientinalargeenterprisenetwork.DNSservice

allowsyoutocommunicatewiththesystemsusingthedomainnames,whichiseasiertorememberthanIPaddresses.

Inthisexercise,youwilllearnhowtoinstallandconfiguretheDNSserverrole.Inaddition,youwillalsolearnhowconfigureDNSforwarderandhowtomanageDNS

cache.

StarttheDC1,SERVER1,andCLIENT1virtualmachinestoperformthisexercise.

Task1:ConfiguringSERVER1asaDomainControllerwithoutInstallingtheDNSServerRole

1. SignintoSERVER1withtheAdministratoraccount.2. OntheServerManagerconsole,clicktheAddrolesandfeatureslink.3. OntheBeforeyoubeginpageoftheAddRolesandFeaturesWizard,click

Next.4. OntheSelectinstallationtypepage,clickNext.5. OntheSelectdestinationserverpage,makesurethatSERVER1.mcsalab.local

isselected,andthenclickNext.6. OntheSelectserverrolespage,selecttheActiveDirectoryDomainServices

checkbox.7. OntheAddRolesandFeaturesWizarddialogbox,clickAddFeatures,and

thenclickNext.8. OntheSelectfeaturespage,clickNext.9. OntheActiveDirectoryDomainServicespage,clickNext.10. OntheConfirminstallationselectionspage,clickInstall.11. Theinstallationprocesswillstart.ClickClose,oncetheinstallationsucceeded.12. OntheServerManagerconsole,clicktheNotificationsicon,andthenclickthe

Promotethisservertoadomaincontrollerlink,asshowninthefollowingfigure.

13. OntheDeploymentConfigurationpageoftheActiveDirectoryDomainServicesConfigurationWizard,makesurethattheAddadomaincontroller

toanexistingdomainradiobuttonisselected.14. UndertheSupplythecredentialstoperformthisoperationsection,click

Change.15. OntheWindowsSecuritydialogbox,intheUsernametextbox,type

MCSALAB\Administrator.InthePasswordtextbox,[email protected]. TheDeploymentConfigurationpageisreturned,asshowninthefollowing

figure.Reviewtheselectedoptions,andthenclickNext.

17. OntheDomainControllerOptionspage,cleartheDomainNameSystem(DNS)servercheckbox.

18. UndertheDSRMpasswordsection,typePassword@123inthePasswordandConfirmpasswordtextboxes,asshowninthefollowingfigure,andthenclick

Next.

19. ClickNext,untilthePrerequisitesCheckpageisdisplayed.20. OnthePrerequisitesCheckpage,clickInstall.21. Theinstallationprocesswillstartandtheserverwillrestartautomatically.After

SERVER1restarts,signintoSERVER1withtheMCSALAB\Administratoraccount.

Task2:CreatingandConfiguringtheMyzone.localZoneonDC1

1. SignintoDC1withtheMCSALAB\Administratoraccount.2. OntheServerManagerconsole,clickTools,andthenclickDNS.3. OntheDNSManagerconsole,expandDC1,selectandright-clickForward

LookupZones,andthenselectNewZone,asshowninthefollowingfigure.

4. OnthewelcomepageoftheNewZoneWizard,clickNext.5. OntheZoneTypepage,makesurethatthePrimaryzoneradiobuttonis

selected.6. CleartheStorethezoneinActiveDirectorycheckbox,asshowninthe


7. OntheZoneNamepage,intheZonenametextbox,typeMyzone.local,asshowninthefollowingfigure,andthenclickNext.

8. OntheZoneFilepage,clickNext.9. OntheDynamicUpdatepage,makesurethattheDonotallowdynamic

updatesradiobuttonisselected,asshowninthefollowingfigure,andthenclickNext.

10. OntheCompletingtheNewZoneWizardpage,asshowninthefollowingfigure,reviewthezoneconfigurationoptions,andthenclickFinish.

11. OntheDNSManagerconsole,expandForwardLookupZones.12. Selectandright-clicktheMyzone.localzone,andthenselectNewHost(Aor

AAAA),asshowninthefollowingfigure.

13. OntheNewHostdialogbox,intheNametextbox,typewww.IntheIPaddresstextbox,type10.0.0.101,asshowninthefollowingfigure,andthen

clickAddHost.

14. OntheDNSmessagebox,clickOK.15. OntheNewHostdialogbox,clickDone.16. LeavetheDNSManagerconsoleactive.

Task3:AddingtheDNSServerRoleontheSERVER11. SwitchandSignintoSERVER1withtheMCSALAB\Administratoraccount.2. OntheServerManagerconsole,clicktheAddrolesandfeatureslink.3. OntheBeforeyoubeginpageoftheAddRolesandFeaturesWizard,click

Next.

4. OntheSelectinstallationtypepage,clickNext.5. OntheSelectdestinationserverpage,makesurethatSERVER1.mcsalab.local

isselected,andthenclickNext.6. OntheSelectserverrolespage,selecttheDNSServercheckbox.7. OntheAddRolesandFeaturesWizarddialogbox,clickAddFeatures.8. TheSelectServerrolespageisreturned,asshowninthefollowing,clickNext.

9. OntheSelectFeaturespage,clickNext.10. OntheDNSServerpage,clickNext.11. OntheConfirminstallationselectionspage,clickInstall.12. Theinstallationprocesswillstart.ClickClose,oncetheinstallationsucceeded.

Task4:VerifyingReplicationofthemcsalab.localZone1. OnSERVER1,ontheServerManagerconsole,clickTools,andthenclick

DNS.2. OntheDNSManagerconsole,expandSERVER1,andthenexpandForward

LookupZones.3. Right-clickForwardLookupZoneandthenselectRefresh.4. Makesurethatthe_msdcs.mcsalab.localandmcsalab.localzonesare

displayed.

Note:Ifthezonelistisempty,proceedtothenextstep,otherwiseclosetheDNSManagerconsole.

5. OnSERVER1,switchbacktotheServerManagerconsole,clickTools,andthenclickActiveDirectorySitesandServices.

6. OntheActiveDirectorySitesandServicesconsole,expandSites,andthenclickDefault-First-Site-Name,andthenclickServers,andthenclickDC1.

7. SelectNTDSSettings,intherightpane,selectandright-clicktheSERVER1replicationconnection,andselectReplicateNow,asshowninthefollowing

figure.

Note:Ifyoureceiveanerrormessage,proceedtothenextstep,andthenretrythisstepafter5minutes.

8. Intheleftpane,expandSERVER1,andthenselectNTDSSettings.9. Intherightpane,selectandright-clicktheDC1replicationconnection,select

ReplicateNow,andthenclickOK.10. SwitchbacktotheDNSManagerconsole,selectandright-clickForward

LookupZones,andthenclickRefresh.11. Makesurethatthe_msdcs.mcsalab.localandmcsalab.localzonesare

displayed.12. ClosetheDNSManagerconsole.

Task5:ConfiguringDNSForwarder1. SwitchandsignintoDC1.2. OpentheDNSManagerconsole.3. OntheDNSManagerconsole,selectandright-clickDC1,andthenselect

Properties,asshowninthefollowingfigure.

4. OntheDC1Propertiesdialogbox,selecttheForwarderstab,asshowninthefollowingfigure.

5. OntheForwarderstab,clickEdit.6. OntheEditForwardersdialogbox,type10.0.0.101,asshowninthefollowing

figure,andthenclickOK.

7. OntheDC1dialogbox,clickOK.8. OntheDNSManagerconsole,selectandright-clickDC1,andthenclickAll

Tasks,andthenclickRestart.9. SwitchandsignintoCLIENT1.10. OpentheCommandPromptwindow.11. OntheCommandPromptwindow,typepingwww.myzone.local,andthe

pressEnter.12. Makesurethatyouareabletoresolvethewww.myzone.localFQDN

successfully,asshowninthefollowingfigure.

13. OntheCommandPromptwindow,typenslookup,andthenpressEnter.14. Atthenslookupprompt,typewww.myzone.local,andthenpressEnter.15. MakesurethatyoureceiveanIPaddressforthishost,asshowninthefollowing

figure.

16. LeavetheCommandPromptwindowactive.

Task6:ManagingtheDNSCache1. OnCLIENT1,ontheCommandPromptwindow,typethefollowingcommand

andthenpressEnter,asshowninthefollowingfigure.

ipconfig/displaydns

2. ExaminetheoutputandclosetheCommandPromptwindow.3. PresstheWindowskey,andthentypecmd.4. Selectandright-clickCommandPrompt,andthenselectRunasadministrator

asshowninthefollowingfigure.

5. OntheUserAccountControldialogbox,clickYes.6. OntheCommandPromptwindow,typethefollowingcommandtoclearthe

DNScache,andthenpressEnter.

ipconfig/flushdns

7. OntheCommandPromptwindow,typethefollowingcommandandverifythattheDNScachehasbeencleared,andthenpressEnter.

ipconfig/displaydns


Results:Aftercompletingthisexercise,youshouldhavedeployedDNSserver,DNSzone,

DNSforwarder,andDNScache.

ShutdownandreverttheDC1,SERVER1,andCLIENT1virtualmachinestoprepareforthenextexercise.

10:ImplementingLANRoutingLANroutingisaWindowfeaturethatenablesyoutocommunicatebetweendifferentsubnets.Tocommunicatebetweendifferentsubnets,typicallyadevicecalledrouterisused,butyoucanalsouseaWindowsserver,suchasWindowsServer2016servertoperformtheLANrouting.However,WindowsServer2016doesnotsupportallthe

featuressupportedbyarouter.Itistypicallyhelpfulforasmallnetworkwiththelimitednumberofsubnets.

Inthisexercise,youwilllearnhowtouseaWindowsServer2016serverasasoftwareroutertoenableLANroutingbetweentwoormoresubnets.

StarttheDC1,ROUTER,andSERVER2virtualmachinestoperformthisexercise.

Task1:InstallingtheLANRoutingFeatureonROUTER1. SignintoROUTERwiththeAdministratoraccount.2. OntheServerManagerconsole,clicktheAddrolesandfeatureslink.3. OntheBeforeyoubeganpageoftheAddRolesandFeaturesWizard,click

Next.4. OntheSelectinstallationtypepage,clickNext.5. OntheSelectdestinationserverpage,clickNext.6. OntheSelectServerrolespage,selecttheRemoteAccesscheckbox,asshown


7. OntheSelectfeaturespage,clickNext.8. OntheRemoteAccesspage,clickNext.9. OntheSelectrolesservicespage,selecttheRoutingcheckbox.

10. OntheAddRolesandFeaturesWizarddialogbox,clickAddFeatures.11. TheSelectroleservicespageisreturned,asshowninthefollowingfigure,click

Next.

Note:TheDirectAccessandVPN(RAS)checkboxwillbeselectedautomatically.

12. OntheWebServerRole(IIS)page,clickNext.13. OntheSelectroleservicespage,clickNext.14. OntheConfirminstallationselectionpage,clickInstall.15. ClickClose,oncetheinstallationsucceeded.

Task2:ConfiguringtheLANRoutingServiceonROUTER1. OntheServerManagerconsole,clickTools,andthenclickRemoteand

RoutingAccess.2. OntheRoutingandRemoteAccessconsole,selectandright-clickROUTER

(local),andthenselectConfigureandEnableRoutingandRemoteAccess,asshowninthefollowingfigure.

3. OnthewelcomepageoftheRoutingandRemoteAccessServerSetupWizard,clickNext.

4. OntheConfigurationpage,selecttheCustomconfigurationradiobutton,asshowninthefollowingfigure,andthenclickNext.

5. OntheCustomConfigurationpage,selecttheLANroutingcheckbox,asshowninthefollowingfigure.

6. ClickNext,andthenclickFinish.7. Ontheservicemessagebox,clickStartService.8. MakesurethattheROUTER(local)node’scolorchangesredtogreen,as


9. ClosetheRoutingandRemoteAccessconsole.10. OntheROUTERvirtualmachine,opentheRundialogbox,typefirewall.cpl

intheOpentextbox,andthenpressEnter.11. OntheWindowsFirewallwindow,intheleftpane,clicktheTurnWindows

Firewallonorofflink.12. OntheCustomizeSettingswindow,selecttheTurnoffWindowsFirewall

(notrecommended)radiobuttonforeachprofile,asshowninthefollowingfigure.

13. ClosetheCustomizeSettingswindow.

Task3:TestingtheConnectivitybetweenDC1andSERVER2Servers

1. SwitchandsignintoSERVER2withtheAdministratoraccount.2. OpentheRundialogbox,typefirewall.cpl,intheOpentextbox,andthenpress

Enter.3. OntheWindowsFirewallwindow,intheleftpane,clicktheTurnWindows

Firewallonorofflink.4. OntheCustomizeSettingswindow,selecttheTurnoffWindowsFirewall(not

recommended)radiobuttonforeachfirewallprofiles5. ClosetheCustomizeSettingswindow.6. SwitchandsignintoDC1withMCSALAB\Administratoraccount.7. OpentheCommandPromptwindow,ontheCommandPromptwindow,type

thefollowingcommandsandthenpressEnteraftereachone.

Ping10.0.0.1

Ping192.168.0.1

Ping192.168.0.2

8. Youshouldbeabletocommunicatetoallsystemssuccessfully,asshowninthefollowingfigure.


Results:Aftercompletingthisexercise,youwillhaveconfiguredLANroutingbetweenDC1andSERVER2servers.

Donotshutdownorrevertanyvirtualmachine,asthesewillbeusedinthenextexercise.

Exercise11:ConfiguringIPv6AddressingIPv6addressingschemeprovidesmoreuniqueaddressesandismoresecurethan

traditionalIPv4addressingscheme.AnIPv6addresscomprisesofeightblocksandeachblockcancontain16(bit)hexadecimaldigits.YoucanenablecommunicationbetweenIPv4andIPv6nodesusingthevarioustechniques,suchasTeredo,ISATAP,and6to4

tunneling.

Inthisexercise,youwilllearnhowtoconfigureIPv6addressesonWindow-basedsystems.

MakesurethattheDC1,ROUTER,andSERVER2virtualmachinesarerunningbeforestartthisexercise.

Task1:DisablingIPv6AddressonDC11. SwitchandSignintoSERVER2withtheAdministratoraccount.2. Onthetaskbar,clicktheWindowsPowerShellicon.3. AttheWindowsPowerShellprompt,typeping10.0.0.100,andthenpress

Enter.4. VerifythatyouareablecommunicatewiththeDC1(10.0.0.100)server,as


5. SwitchandSignintoDC1withtheMCSALAB\Administratoraccount.6. OntheServerManagerconsole,intheleftpane,clickLocalServer.7. InthePropertiespane,clickthe10.0.0.100,IPv6enabledlink,asshowninthe

followingfigure.

8. OntheNetworkConnectionswindow,selectandright-clickyournetworkadapter,andthenselectProperties,asshowninthefollowingfigure.

9. Onthenetworkadapter’spropertiesdialogbox,cleartheInternetProtocolVersion6(TCP/IPv6)checkbox,asshowninthefollowingfigure,andthen

clickOK.

10. ClosetheNetworkConnectionswindow.11. OntheServerManagerconsole,verifythatyournetworkadapterlistsonly

10.0.0.100,asshowninthefollowingfigure.YoumayneedtorefreshtheServerManagerconsole.NoticethatDC1isnowanIPv4-onlyhost.

Task2:DisablingIPv4AddressonSERVER21. SwitchandSignintoSERVER2withtheAdministratoraccount.2. OntheServerManagerconsole,intheleftpane,clickLocalServer.3. InthePropertiespane,clickthe192.168.0.2,IPv6enabledlink.4. OntheNetworkConnectionswindow,selectandright-clickactivenetwork

adapter,andthenselectProperties.5. Onthenetworkadapter’spropertiesdialogbox,cleartheInternetProtocol

Version4(TCP/IPv4)checkbox,asshowninthefollowingfigure,andthenclickOK.

6. ClosetheNetworkConnectionswindow.7. OntheServerManagerconsole,verifythatnetworkadapternowlistsonlyIPv6

enabled,asshowninthefollowingfigure.YoumayneedtorefreshtheServerManagerconsole.NoticethatSERVER2isnowanIPv6-onlyhost.

Task3:ConfiguringanIPv6NetworkonROUTER1. SwitchandSignintoROUTERwiththeAdministratoraccount.2. Onthetaskbar,clicktheWindowsPowerShellicon.3. ToconfigureanetworkaddressthatwillbeusedontheIPv6network,atthe

WindowsPowerShellprompt,typethefollowingcmdlet,andthenpressEnter,asshowninthefollowingfigure.

New-NetRoute-InterfaceAlias“Ethernet1”-DestinationPrefix

2001:AABB:0:1::/64-PublishYes

Note:Ethernet1isthenameofthenetworkadapterconnectedtotheexternalsubnet.

4. ToallowclientstoobtaintheIPv6networkaddressautomaticallyfromROUTER,attheWindowsPowerShellprompt,typethefollowingcmdlet,and

thenpressEnter,asshowninthefollowingfigure.

Set-NetIPInterface-InterfaceAlias“Ethernet1”-AddressFamilyIPv6-AdvertisingEnabled

5. AttheWindowsPowerShellprompt,typeipconfig.exe,andthenpressEnter.NoticethatEthernet1nowhasanIPv6addressonthe2001:AABB:0:1::/64network,asshowninthefollowingfigure.Thisaddresswillbeusedfor

communicationontheIPv6-onlynetwork.

Task4:VerifyingIPv6AddressonSERVER21. SwitchandSignintoSERVER2withtheAdministratoraccount.2. Onthetaskbar,clicktheWindowsPowerShellicon.3. AttheWindowsPowerShellprompt,typeipconfig.exe,andthenpressEnter.

NoticethatyournetworkadapternowhasanIPv6addressontheonthe2001:AABB:0:1::/64network,asshowninthefollowingfigure.

4. Thenetworkaddresswasobtainedfromtherouterthroughthestatelessconfiguration.

Results:Aftercompletingtheexercise,youwillhaveconfiguredanIPv6-basednetwork.

ShutdownandreverttheDC1,SERVER2andROUTERvirtualmachinestoprepareforthenextexercise.

Exercise12:InstallingandConfiguringDiskStorageDisksareusedtostorethesystemdataaswellaspersonneldata.Therearevariousstoragetechnologies,suchasSATA,IDE,iSCSI,andFibreChannelthatcanbeusedtostorethedata.Inavirtualizedenvironment,youcanaddadditionalvirtualharddiskstothevirtual

machines,andthenyoucancreateadditionalvolumesonthesedisks.

Inthisexercise,youwilllearnhowtomanagedisksonaWindowserver.Further,youwilllearnhowtoshrinkandextendvolumes.

Task1:AddingNewVirtualDiskstoDC11. MakesurethattheDC1virtualmachineispoweredoff.2. Onyourhostmachine,ontheVMwareconsole,selectandright-clicktheDC1

virtualmachine,andthenselectSettings.3. Onthevirtualmachine’ssettingdialogbox,ensurethatHardDiskisselected,

andthenclickNext.

4. OntheSelectaDiskTypepage,acceptthedefaultselection(SCSI),andthenclickNext.

5. OntheSelectaDiskpage,makesurethattheCreateanewvirtualdiskradiobuttonisselected,andthenclickNext.

.

6. OntheSpecifyDiskCapacitypage,setthedisksizeas10GB,selecttheStorevirtualdiskasasinglefileradiobutton,andthenclickNext.

7. OntheSpecifyDiskFilepage,acceptthedefaultfilename,andthenclickFinish.

8. Addonemorenewvirtualdiskwithfollowingsettings:Storevirtualdiskasasinglefile.

Size:10GB.Filename:Acceptdefault.

Task2:InitializingtheAddedDisks1. PowerontheDC1virtualmachine.2. OpentheServerManagerconsole.3. OntheServerManagerconsole,clickTools,andthenclickComputer

Management.4. OntheComputerManagementconsole,undertheStoragenode,selectDisk

Management.

5. IntheDiskspane,selectandright-clickDisk1,andthenselectOnline,asshowninthefollowingfigure.

6. Selectandright-clickDisk1,andthenselectInitializeDisk.7. OntheInitializeDiskdialogbox,makesurethattheDisk1checkboxis

selected,selecttheGPT(GUIDPartitionTable)radiobutton,andthenclickOK.

Note:TheGPTpartitiontablesupportsmorefeaturesthanthetraditionalMBRpartitiontable.

8. IntheDiskspane,selectandright-clickDisk2,andthenselectOnline.9. Selectandright-clickDisk2,andthenselectInitializeDisk.

10. OntheInitializeDiskdialogbox,makesurethattheDisk2checkboxisselected,selecttheGPT(GUIDPartitionTable)radiobutton,andthenclick

OK.

Task3:CreatingandFormattingSimpleVolumes1. OntheComputerManagementconsole,undertheDiskManagementnode,

selectandright-clicktheUnallocatedspaceofDisk1,andthenselectNewSimpleVolume,asshowninthefollowingfigure.

2. OntheWelcometotheNewSimpleVolumeWizardpage,clickNext.3. OntheSpecifyVolumeSizepage,intheSimplevolumesizeMBvaluebox,

type5000,asshowninthefollowingfigure,andthenclickNext.

4. OntheAssignDriveLetterorPathpage,makesurethattheAssignthefollowingdrivelettercheckboxisselected,acceptthedefaultdriveletter,as


5. OntheFormatPartitionpage,intheVolumelabeltextbox,typeVolume1,asshowninthefollowingfigure,andthenclickNext.

6. OntheCompletingtheNewSimpleVolumeWizardpage,clickFinish.7. OntheDiskManagementconsole,selectandright-clicktheUnallocatedspace

ofDisk2,andthenselectNewSimpleVolume.8. OntheWelcometotheNewSimpleVolumeWizardpage,clickNext.9. OntheSpecifyVolumeSizepage,intheSimplevolumesizeinMBvaluebox,

type5000,andthenclickNext.10. OntheAssignDriveLetterorPathpage,makesurethattheAssignthe

followingdrivelettercheckboxisselected,acceptthedefaultdriveletter,and

thenclickNext.11. OntheFormatPartitionpage,intheVolumelabeltextbox,typeVolume2,

andthenclickNext.12. OntheCompletingtheNewSimpleVolumeWizardpage,clickFinish.13. LeavetheComputerManagementconsoleactive.14. PresstheWindows+EkeystoopentheWindowsExplorerwindow.15. VerifythattheVolume1andVolume2arecreated,asshowninthefollowing

figure.

16. ClosetheWindowsExplorerwindow.

Task4:ShrinkingtheVolumes1. OnDC1,switchtotheComputerManagementconsole.2. OntheComputerManagementconsole,undertheDiskManagementnode,

selectandright-clickVolume1,andthenselectShrinkVolume,asshowninthefollowingfigure.

3. Ontheshrinkdialogbox,intheEntertheamountofspacetoshrinkinMBvaluebox,type1000,asshowninthefollowingfigure,andthenclickShrink.

Task5:ExtendingtheVolumes1. OntheComputerManagementconsole,undertheDiskManagementnode,

selectandright-clickVolume2,andthenselectExtendVolume.2. OntheWelcometotheExtendedVolumeWizardpage,clickNext.3. OntheSelectDiskspage,intheSelecttheamountofspaceinMBvaluebox,

type3000,asshowninthefollowingfigure,andthenclickNext.

4. OntheCompletingtheExtendedVolumeWizardpage,clickFinish.5. PresstheWindows+EkeystoopentheWindowsExplorerwindow,verifythat

thevolumes’sizesarereflected.

Results:Aftercompletingthisexercise,youshouldhaveinitializednewdisks,andcreatedandformattedsimplevolumes.Inaddition,youshouldalsohaveshrinkandextendedthe

volumes.

DonotshutdownorreverttheDC1virtualmachine,asitwillbeusedinthenextexercise.

Exercise13:ConfiguringaRedundantStorageSpaceRedundantArrayofInexpensiveDisk(RAID)isastoragetechnologythatallowsyoutocombinemultipleharddisksinasinglelargeharddisk.Italsoprovidesredundancyandfaulttoleranceintheeventofadiskfailure.RAIDcanbeconfiguredeitherasahardwareRAID(whichrequiresahardwarecontrollerdevice)orasasoftwareRAID(whichdoesnotrequireanyspecifichardwaredevice).RAIDcanbedividedintovariousRAIDlevels

andeachRAIDlevelsupportsvariousfeaturesandlimitations.

Inthisexercise,youwilllearnhowtocreatestoragepools,howtocreateandtestamirroredvolume.

EnsurethattheDC1virtualmachineisrunningandyouhavenotreverteditinthepreviousstate.

Task1:CreatingaStoragePool1. SignintoDC1andopentheServerManagerconsole.2. OpentheDiskManagementconsole,selectandright-clickDisk1,andthen

deletethecreatedvolume.AlsodeletethevolumeforDisk2,asshowninthefollowingfigure.

3. OntheServerManagerconsole,intheleftpane,selectFileandStorageServices,andthenselectStoragePools.

4. IntheSTORAGEPOOLSpane,clickTASKS,andthenclickRescanStorage.

5. ClickagainTASKS,andthenclickNewStoragePool,asshowninthefollowingfigure.

6. OntheBeforeyoubeginpage,clickNext.7. OntheSpecifyastoragepoolnameandsubsystempage,intheNametext

box,typeMyStoragePool1,asshowninthefollowingfigure,andthenclickNext.

8. OntheSelectphysicaldisksforthestoragepoolpage,selecttheallavailablediskcheckboxes,asshowninthefollowingfigure,andthenclickNext.

9. OntheConfirmselectionspage,clickCreate.10. OntheViewresultspage,clickClose,oncethetaskiscompeted.

Task2:CreatingaMirroredVirtualDisk1. OnDC1,ontheServerManagerconsole,intheStorageSpacespane,select

MyStoragePool1.2. OntheVIRTUALDISKSpane,clickTASKS,andthenclickNewVirtual

Disk,asshowninthefollowingfigure.

3. OntheBeforeyoubeginpage,clickNext.4. OntheSelectthestoragepoolpage,makesurethatMyStoragePool1is

selected,andthenclickNext.5. OntheSpecifythevirtualdisknamepage,intheNametextbox,type

MirroredDisk1,asshowninthefollowingfigure,andthenclickNext.

6. OntheSelectthestoragelayoutpage,intheLayoutsection,selectMirror,asshowninthefollowingfigure,andthenclickNext.

7. OntheSpecifytheprovisioningtypepage,selecttheThinradiobutton,asshowninthefollowingfigure,andthenclickNext.

8. OntheSpecifythesizeofthevirtualdiskpage,intheVirtualdisksizebox,type5,asshowninthefollowingfigure,andthenclickNext.

9. OntheConfirmselectionspage,clickCreate.10. OntheViewresultspage,waituntilthetaskcompletes.11. MakesurethattheCreateavolumewhenthiswizardclosescheckboxis

selected,andthenclickClose.12. OntheBeforeyoubeginpageoftheNewVolumeWizard,clickNext.13. OntheSelecttheserveranddiskpage,intheDisksection,selectthe

MirroredDisk1virtualdisk,asshowninthefollowingfigure,andthenclickNext.

14. OntheSpecifythesizeofthevolumepage,clickNext.15. OntheAssigntoadriveletterorfolderpage,noticetheDriveletter,asshown


16. OntheSelectfilesystemsettingspage,intheFilesystemdrop-downmenu,ensurethatReFSisselected.

17. IntheVolumelabeltextbox,typeMirroredVolume1,asshowninthefollowingfigure,andthenclickNext.

Note:ReFSisanewfilesystemthatsupportsmorefeaturesthanNTFSfilesystem.

18. OntheConfirmselectionspage,clickCreate.19. OntheCompletionpage,clickClose,oncethetaskcompletes.

Task3:CreatingaFileintoMirroredVolume11. OpentheWindowsExplorerwindow,double-clickMirroredVolume1.2. CreatetheMyTextFile1fileunderMirroredVolume1,asshowninthe

followingfigure.

3. ClosetheWindowsExplorerwindow.

Task4:RemovingaPhysicalDrive

1. Onyourhostmachine,ontheVMwareconsole,selectandright-clickDC1,andthenselectSettings.

2. OntheVirtualMachineSettingsdialogbox,selectHardDisk2harddrive,asshowninthefollowingfigure.

3. Intherightpane,clickRemove,andthenclickOK.

Task5:VerifyingtheFileAvailability1. OnDC1,switchtotheComputerManagementconsoleoropenitifrequired.2. MakesurethattheDiskManagementnodeisselected,verifythattheDisk2is

disappearedfromthedisklist,asshowninthefollowingfigure.

3. OpentheWindowsExplorerwindow.4. OntheWindowsExplorerwindow,double-clickMirroredVolume1.5. VerifythattheMyTextFile1fileisstillavailable.6. ClosetheWindowsExplorerwindow.

Results:Aftercompletingthisexercise,youshouldhavecreatedastoragepoolandaddedsomediskstoit.Thenyoushouldhavecreatedamirroredvirtualdiskfromthestorage

pool.Inaddition,afterremovingaphysicaldrive,youshouldhaveverifiedthatthevirtualdiskwasstillavailableandaccessible.

ShutdownandreverttheDC1virtualmachinetoprepareforthenetexercise.

Exercise14:ImplementingFileSharingFilesharingallowsyoutoshareandaccessthefilesonanetwork.Youcanalsosetthedesiredpermissions(NTFSandsharedpermissions)onafileshareforthevarioususers.Inaddition,youcanenabletheaccess-basedenumerationfeatureonafileshare,whichallowsuserstoaccessonlythosesharedfilesforwhichtheyhavetheaccesspermission.


Task1:CreatingtheFolderStructurefortheNewShareBeforestarttothisexercise,youneedtocreatePeterandShawnuseraccountsonthe

DC1virtualmachine.Todothis,youneedtoperformthefollowingsteps:

1.SignintoDC1withtheMCSALAB\Administratoraccount.

2.OpentheActiveDirectoryUsersandComputersconsole,andthenexpandthemcsalab.localnode.

3.Selectandright-clickUsersintheleftpane,selectNew,andthenclickUser.

4.FollowthesimplestepstocreatethePeterandShawnuseraccounts.

5.ThefollowingfiguredisplaystheActiveDirectoryUsersandComputersconsole.PeterandShawnuseraccountsarelistedundertheUsersnode.

Note:Ifyoufaceproblemstocreateuseraccounts,youmayrefertheexercise6and7.

6.SwitchandSignintoSERVER1withtheMCSALAB\Administrator

account.

7.OpentheWindowsExplorerwindow,inthenavigationpane,double-clickLocalDisk(C:).

8.CreateafoldernamedMyData.

9.Double-clicktheMyDatafolder.

10.CreatetheMarketingandSalesfoldersunderit,asshowninthefollowingfigure.

Task2:ConfiguringNTFSPermissionsontheFolderStructure

1. OnSERVER1,ontheWindowsExplorerwindow,navigatetodriveLocalDrive(C:).

2. Selectandright-clicktheMyDatafolder,andthenselectProperties.3. OntheMyDataPropertiesdialogbox,selectSecurity,andthenclick

Advanced,asshowninthefollowingfigure.

4. OntheAdvancedSecuritySettingsforMyDatadialogbox,clickDisableInheritance.

5. OntheBlockInheritancedialogbox,asshowninthefollowingfigure,selecttheConvertinheritedpermissionsintoexplicitpermissionsonthisobject

option,andthenclickOK.

6. ClickOKtwicetoclosetheMyDataPropertiesdialogbox.7. OntheWindowsExplorerwindow,double-clicktheMyDatafolder.8. Selectandright-clicktheMarketingfolder,andthenselectProperties.9. OntheMarketingPropertiesdialogbox,clickSecurity,andthenclick

Advanced.

10. OntheAdvancedSecuritySettingsforMarketingdialogbox,clickDisableInheritance.

11. OntheBlockInheritancedialogbox,selecttheConvertinheritedpermissionsintoexplicitpermissionsonthisobjectoption.

12. RemovetheRead&ExecuteandSpecialpermissionsforUsers(SERVER1\Users),asshowninthefollowingfigure,andthenclickOK.

13. OntheSecuritytab,clickEdit.14. OnthePermissionsforMarketingdialogbox,clickAdd.15. OntheSelectUsers,Computers,ServiceAccounts,andGroupsdialogbox,

typePeter,clickCheckNames,asshowninthefollowingfigure,andthenclickOK.

Note:YoumayaskedtoprovideDomainadministratorcredentials.

16. OnthePermissionsforMarketingdialogbox,selecttheModifycheckboxundertheAllowsection,asshowninthefollowingfigure.

17. ClickOKtoclosethePermissionsforMarketingdialogbox.18. ClickOKtoclosetheMarketingPropertiesdialogbox.

Task3:SharingtheFolder1. OnSERVER1,selectandright-clicktheMyDatafolder,andthenselect

Properties.2. OntheMyDataPropertiesdialogbox,selecttheSharingtab,andthenclick

AdvancedSharing.3. OntheAdvancedSharingdialogbox,selecttheSharethisfoldercheckbox,as

showninthefollowingfigure,andthenclickPermissions.

4. OnthePermissionsforMyDatadialogbox,asshowninthefollowingfigure,andthenclickAdd.

5. OntheSelectUsers,Computers,ServiceAccounts,orGroupsdialogbox,intheEntertheobjectnamestoselect(examples):textarea,typeAuthenticated

Users.6. ClickCheckNames,andthenclickOK.7. OnthePermissionsforMyDatadialogbox,makesurethattheAuthenticated

UsersisselectedintheSharePermissionssection,andthenselecttheChangecheckboxundertheAllowsection,asshowninthefollowingfigure.

8. ClickOKtoclosethePermissionsforMyDatadialogbox.9. ClickOKtoclosetheAdvancedSharingwindow.10. ClickClosetoclosetheMyDataPropertiesdialogbox.

Task4:AccessingtheSharedFolder1. SwitchandSignintoCLIENT1withtheMCSALAB\Peteraccount.2. OpentheRundialogbox,type\SERVER1\MyData,andthenpressEnter.3. Double-clicktheMarketingfolder.

Note:PetershouldbeabletoaccesstotheMarketingfolder.

4. SignoutofCLIENT1.

Task5:EnablingAccess-basedEnumeration1. SwitchbackandSignintoSERVER1withtheMCSALAB\Administrator

account.2. OpentheServerManagerconsole,ontheServerManagerconsole,intheleft

pane,selectFileandStorageServices.3. OntheFileandStorageServicespage,clickShares.4. IntheSharespane,selectandright-clickMyData,andthenclickProperties,as


5. OntheMyDataPropertiesdialogbox,intheleftpane,selectSettings,andthenselecttheEnableaccess-basedenumerationcheckbox,asshowninthe

followingfigure.

6. ClickOKtoclosetheMyDataPropertiesdialogbox.7. ClosetheServerManagerconsole.

Task6:TestingtheAccess-basedEnumerationConfiguration

1. SwitchbackandsignintoCLIENT1withtheMCSALAB\Shawnaccount.2. ClicktheDesktoptile.3. OpentheRundialogbox,intheOpentextbox,type\SERVER1\MyData,and

thenpressEnter.

Note:ShawnshouldonlybeabletoviewtheSalesfolder,thefolderforwhichhehasbeenassignedpermissions.

4. SignoutofCLINET1.

Results:Aftercompletingthisexercise,youshouldhavecreatedandtestedafileshare.Inaddition,youshouldalsohavetestedtheaccess-basedenumerationfeaturefortheshared

folder.


Exercise15:ImplementingShadowCopiesShadowcopyisafeaturethatallowsyoutorecoverthefiles(includingthesharedfiles)whichareaccidentlyoverwrittenordeleted.First,youneedtoenablethisfeature(onadesireddisk)thenyoucancreatemultipleshadowcopyversionsonadisk.However,

shadowcopycannotbeconsideredasanalternateoftheWindowbackupfeature,becauseitonlyworksuntilthesystemisworkingonwhichyouhaveenabledit.Ifthesystemgoes

downorcrashedaccidently,shadowcopycannotbeusedtorecoverthesystemorsystem’sdata.

Inthisexercise,youwilllearnhowtousetheshadowcopyfeaturetorecovertheaccidentlydeletedfiles.


Task1:ConfiguringShadowCopies1. SignintoSERVER1withtheMCSALAB\Administratoraccount.2. OpentheWindowsExplorerwindow.3. Selectandright-clickLocalDisk(C:),andthenclickConfigureShadow

Copies.4. OntheShadowCopiesdialogbox,makesurethatC:\volumeisselected,and

thenclickEnable.5. OntheEnableShadowCopiesmessagebox,clickYes.6. OntheShadowCopiesdialogbox,clickSettings.7. OntheSettingsdialogbox,asshowninthefollowingfigure,clickSchedule.

8. OntheC:\scheduledialogbox,reviewthevariousscheduleoptions,andthenclickOK.

9. OntheSettingsdialogbox,clickOK.10. ClickOKtoclosetheSettingsdialogbox.11. OntheShadowCopiesdialogbox,clickOK.

Task2:RecoveringaDeletedFileUsingShadowCopy1. OnSERVER1,switchtotheWindowsExplorerwindow.2. NavigatetoLocalDisk(C:),andthenclickUsers.3. Selectandright-clickPublic,andthenclickDelete.4. AlsodeletethePublicfolderfromRecycleBin.5. OntheWindowsExplorerwindow,selectandright-clicktheUsersfolder,and

thenclickProperties.6. OntheUsersPropertiesdialogbox,clickthePreviousVersionstab,asshown


7. SelectthefolderversionfortheUsersfolder,andthenclickOpen.8. VerifythatthePublicislistedinthefolder,selectandright-clickPublic,and

thenclickCopy.9. OntheotherWindowsExplorerwindow,navigatetotheLocalDisk(C:)\Users

folder,andthenclickPaste.10. ClosetheWindowsExplorerwindow.11. ClickOKandcloseallopenwindows.

Results:Aftercompletingthisexercise,youshouldhaveconfiguredtheShadowCopiesfeaturetorecovertheaccidentlydeletedfile.

12. ShutdownandreverttheDC1andSERVER1virtualmachinestoprepareforthenextexercise.

Exercise16:ImplementingNetworkPrintingAprinterisahardwaredevicewhichtranslatethesoftcopiesintohardcopies.Asingleprintercanbesharedonanetworkandthenitcanbeaccessedbymultipleclientstosendtheprintjobs.Onceyousharedaprinteronanetwork,youneedtoconnectitoneachclientsinordertosendtheprintjobs.However,inalargeenterprisenetwork,wheremultipleprintersareusedtohandleanumberofthousandprintjobs,youmayneedto

configuretheprinterpoolforeaseprintmanagement.

Inthisexercise,youwilllearnhowtoinstall,share,andmanageanetworkprinteronaWindows-basednetwork.


Task1:InstallingthePrintandDocumentServicesServerRole

1. SignintoSERVER1asMCSALAB\Administrator.2. OntheServerManagerconsole,clickManage,andthenclickAddRolesand

Features.3. OntheBeforeyoubeginpageoftheAddRolesandFeaturesWizard,click

Next.4. OntheSelectinstallationtypepage,makesurethattheRole-basedorfeature-

basedinstallationradiobuttonisselected,andthenclickNext.5. OntheSelectdestinationserverpage,clickNext.6. OntheSelectServerRolespage,asshowninthefollowingfigure,selectthe

PrintandDocumentServicescheckbox.IftheAddRolesandFeaturesWizarddialogboxdisplays,clickAddFeatures,andthenclickNext.

7. Ontherestofthepages,clickNextuntiltheConfirmInstallationSelectionspagedisplays.

8. ClickInstalltoinstalltherequiredroleservices,andthenclickCloseoncetheinstallationsucceeded.

Task2:InstallingaNewPrinter1. OntheServerManagerconsole,clickTools,andthenclickPrint

Management.2. OnthePrintManagementconsole,expandPrinterServers,andthenclick

SERVER1(Local).3. Selectandright-clickPrinters,andthenclickAddPrinter,asshowninthe

followingfigure.

4. OntheNetworkPrinterInstallationWizardpage,selecttheAddanewprinterusinganexistingportradiobutton,asshowninthefollowingfigure,

andthenclickNext.

5. OnthePrinterDriverpage,makesurethattheInstallanewprinterradiobuttonisselected,andthenclickNext.

6. OnthePrinterInstallationpage,selectCanonintheManufacturelist.7. SelectanyoftheprintermodelinthePrinterslistintherightpane,asshownin

thefollowingfigure,andthenclickNext.

8. OnthePrinterNameandSharingSettingspage,clickNext.9. OnthePrinterFoundpage,clickNext,andthenclickFinish.

Task3:ConfiguringPrinterPooling1. OnthePrintManagementconsole,selectandright-clicktherecentlyadded

printer,andthenclickProperties.2. Ontheprinterpropertiesdialogbox,clicktheSharingtab,selecttheListinthe

directorycheckbox,asshowninthefollowingfigure,andthenclickApply.

3. Ontheprinterpropertiesdialogbox,clickthePortstab,selecttheEnableprinterpoolingcheckbox,andthenselecttheLPT2:checkboxtoselectitasan

additionalport,asshowninthefollowingfigure.

4. ClickOKtoclosetheprinterpropertiesdialogbox.5. ClosethePrintManagementconsole.

Task4:ConnectingaPrinteronaClient1. SwitchandSignintoCLIENT1asMCSALAB\Administratorwiththe

[email protected]. OpenControlPanel,ontheControlPanelwindow,clicktheAddadevicelink

underHardwareandSound.3. OntheAddadevicewindow,selectthediscoveredprinter,asshowninthe


4. OntheControlPanelwindow,clicktheViewdevicesandprinterslink,underHardwareandSound.

5. Makesurethattherecentlyaddedprinterislisted.

Results:Aftercompletingthisexercise,youshouldhaveinstalledandconfiguredanetworkprinter.Inaddition,youshouldalsohaveconfiguredtheprinterpooling.


Exercise17:ImplementingGroupPolicyObjectsAGroupPolicyObject(GPO)isacollectionofsecuritypoliciesandsettingsthatareusedtocontroltheusers’andcomputers’behavioronanetwork.YoucanusevarioussecuritypoliciestorestricttheActiveDirectoryobjectsfromaccessingtheunwantedresources,

suchasfeatures,services,files,ortools.Onceyoupromoteaserverasadomaincontroller,theDefaultDomainPolicyandDefaultDomainControllerPolicyGPOsarecreatedbydefaultonthedomaincontroller.TheseGPOscontainvariouspreconfiguredpoliciesthatareappliedonthedomaincontrollersandcomputers.However,youcan

createanewGPOwiththecustomsecuritypoliciesandsettingsusingtheGroupPolicyManagementconsole.

Inthisexercise,youwilllearnhowtocreateaGPOandhowtoconfigureaGPOtopreventActiveDirectoryobjectsfromaccessingtheresourcesonaWindows-based

domainnetwork.


Task1:CreatingaNewGPO1. SignintoDC1withtheMCSALAB\Administrator.2. OpentheServerManagerconsole,ifrequired.3. OntheServerManagerconsole,clickTools,andthenclickGroupPolicy

Management.4. OntheGroupPolicyManagementconsole,expandForest:mcsalab.local,and

thenclickDomains.5. Selectandright-clickmcsalab.local,andthenselectCreateaGPOinthis

domain,asshowninthefollowingfigure.

6. OntheNewGPOdialogbox,intheNametextbox,typeInternetExplorerGPO,andthenclickOK.

Task2:ConfiguringtheInternetExplorerGPO1. OnDC1,ontheGroupPolicyManagementconsole,selectandright-click

InternetExplorerGPO,andthenclickEdit.2. OntheGroupPolicyManagementEditorconsole,navigatetoUser

Configuration\Policies\AdministrativeTemplates.3. Selectandright-clickAllSettings,andthenselectFilterOptions,asshownin

thefollowingfigure.

4. OntheFilterOptionsdialogbox,selecttheEnableKeywordFilterscheckbox.

5. IntheFilterforword(s):textbox,typeGeneral,asshowninthefollowingfigure,andthenclickOK.

6. IntheSettingspaneintherighthand,selectandright-clickDisabletheGeneralpage,andthenselectEdit,asshowninthefollowingfigure.

7. OntheDisabletheGeneralpagedialogbox,selecttheEnabledradiobutton,andthenclickOK.

8. ClosetheGroupPolicyManagementEditorconsole.

Task3:CreatingaDomainUsertoTesttheGPO1. OnDC1,opentheCommandPromptwindow.2. Executethefollowingcommand,asshowninthefollowingfigure(type

Password@123whenyouarepromptedforpassword).

dsaddusercn=User1,”cn=users,dc=mcsalab,dc=local”–disabledno–pwd*


Task4:TestingtheInternetExplorerGPO1. SwitchandSignintoCLIENT1asMCSALAB\User1withthepasswordas

[email protected]. OpentheRundialogbox,typecontrolintheOpentextbox,andthenpress

Enter.3. OntheControlPanelwindow,clickNetworkandInternet.

4. OntheNetworkandInternetwindow,asshowninthefollowingfigure,clickChangeyourhomepage.

5. WhenyouclicktheChangeyourhomepagelink,youwillgetamessage,asshowninthefollowingfigure.

6. ClickOKtoclosetheInternetControlPanelmessagebox.7. OntheControlPanelwindow,clickInternetOptions.Noticethat,inthe

InternetPropertiesdialogbox,theGeneraltabisnotavailable,asshowninthefollowingfigure.

8. Closeallopenwindowsandsignout.

Task5:ConfiguringSecurityFilteringtoExemptaUserfromtheInternetExplorerGPO

1. SwitchandsigntoDC1.2. OpentheGroupPolicyManagementconsole,ifrequired.3. OntheGroupPolicyManagementconsole,selectandright-clickInternet

ExplorerGPO.4. Intherightpane,clicktheDelegationtab.5. OntheDelegationtab,clicktheAdvancedbutton.6. OntheInternetExplorerGPOSecuritySettingsdialogbox,clickAdd.7. OntheSelectUsers,Computers,ServiceAccounts,orGroupstextbox,type

User1,asshowninthefollowingfigure,andthenclickOK.

8. OntheInternetExplorerGPOSecuritySettingsdialogbox,intheSecuritysection,selectUser1.

9. InthePermissionsforUser1section,selecttheDenycheckbox,asshowninthefollowingfigure,andthenclickOK.

10. OntheWindowsSecuritydialogbox,clickYes.11. ClosetheGroupPolicyManagementconsole.

Task6:TestingtheInternetExplorerGPO1. SwitchandSignintoCLIENT1asMCSALAB\User1withthepasswordas

[email protected]. OpentheRundialogbox,typecontrolintheOpentextbox,andthenpress

Enter.3. OntheControlPanelwindow,clickNetworkandInternet.4. OntheNetworkandInternetdialogbox,clickChangeyourhomepage.

NoticethattheGeneraltabisavailableontheInternetPropertiesdialogbox.5. Closeallopenwindows,andsignout.

Results:Aftercompletingthisexercise,youshouldhaveconfiguredandtestedaGPO.

ShutdownandreverttheDC1andCLIENT1virtualmachines.

Exercise18:ImplementingAppLockerandFirewallUsingGroupPolicy

AppLockerisasecurityfeaturethatallowsyoutorestrictspecificapplicationsforspecificgroupsorusers.

Intheexercise,youwilllearnhowtocontrolanapplicationusingtheAppLockerfeature.Further,youwillalsolearnhowtomanageWindowsFirewallusingtheGroupPolicy

Managementconsole.

StarttheDC1virtualmachinetoperformthisexercise.

Task1:RestrictinganApplicationUsingAppLocker1. SignintoDC1asMCSALAB\Administratorwiththepasswordas

[email protected]. OpentheGroupPolicyManagementconsole.3. NavigatetoForest:mcsalab.local\Domains\mcsalab.local.4. Selectandright-clickGroupPolicyObjects,andthenselectNew.5. OntheNewGPOdialogbox,intheNametextbox,typeSoftwarePolicy,and

thenclickOK.6. Right-clickSoftwarePolicy,andthenselectEdit.7. OntheGroupPolicyManagementEditorconsole,navigatetoComputer

Configuration\Policies\WindowsSettings\SecuritySettings\ApplicationControlPolicies\AppLocker,asshowninthefollowingfigure.

8. ExpandAppLocker,right-clickExecutableRules,andthenselectCreateNewRule.

9. OntheBeforeYouBeginpage,selectNext.10. OnthePermissionspage,undertheUsersorGroupsbox,selectDeny,and

thenselectNext.11. OntheConditionspage,selectthePathradiobutton,asshowninthefollowing

figure,andthenclickNext.

12. OnthePathpage,clickBrowseFiles,browseto

C:\Windows\System32\calc.exe,clickOpen,asshowninthefollowingfigure,andthenselectNext.

13. OntheExceptionspage,selectNext.14. OntheNameandDescriptionpage,intheNametextbox,typeBlock

Calculator,andthenclickCreate.15. IftheAppLockerdialogboxappearsandpromptstocreatedefaultrules,click

Yes.16. OntheGroupPolicyManagementEditorconsole,asshowninthefollowing

figure,noticethedefaultexecutablesrules.

17. SelecttheAppLockernodeintheleftpane,andthenclicktheConfigureruleenforcementlink,asshowninthefollowingfigure.

18. OntheEnforcementtaboftheAppLockerPropertiesdialogbox,under

Executablerules,selecttheConfiguredcheckbox.19. MakesurethattheEnforcerulesoptionisselectedinthedrop-downlist,as

showninthefollowingfigure,andthenclickOK.

20. ClosetheGroupPolicyManagementEditorconsole.21. OntheGroupPolicyManagementconsole,selectandright-clickDomain

Controllers,andthenselectLinkanExistingGPO.22. OntheSelectGPOdialogbox,selectSoftwarePolicy,andthenclickOK.

23. UndertheLinkGroupPolicyObjectstab,selectSoftwarePolicy,andthenclickLinkOrdertomovethispolicytotop.

24. OpentheRundialogbox,typeservices.msc,andthenpressEnter.25. OntheServicesconsole,selectandright-clickApplicationIdentity,andthen

selectProperties.26. OntheApplicationIdentityProperties(LocalComputer)dialogbox,setthe

StartuptypeasAutomatic,clickStart,asshowninthefollowingfigure,andthenclickOK.

Note:Ifyougetanerror,justclosetheServiceManagerwindow.

27. OpentheCommandPromptwindow,typegpupdate/force,andthenpressEnter.

28. SignoutfromtoDC1andSigninbacktoDC1asMCSALAB\Administrator.29. OpentheRundialogbox,typecalc.exeintheOpentextbox,andthenpress

Enter.30. Youshouldgetanerrorasshowninthefollowingfigure.

Note:IfyouarestillabletoopentheCalculatorapplication,restarttheDC1server,andthentryagain.

Task2:ConfiguringWindowsFirewallRulesUsingGroupPolicy

1. SignintoDC1andopentheGroupPolicyManagementconsole,ifrequired.2. NavigatetoForest:mcsalab.local\Domains\mcsalab.local\GroupPolicy

Objects.

3. Right-clicktheGroupPolicyObjectsnode,andthenselectNew,asshowninthefollowingfigure.

4. IntheNametextboxtypeFirewallGPO,andthenclickOK.

5. ExpandGroupPolicyObjects,right-clickFirewallGPO,andthenselectEdit.6. OntheGroupPolicyManagementEditorconsole,navigatetoComputer

Configuration\Policies\WindowsSettings\SecuritySettings.7. UndertheSecuritySettingsnode,expandWindowsFirewallwithAdvanced

Security,andthenexpandtheWindowsFirewallwithAdvancedSecurity–LDAPnode,asshowninthefollowingfigure.

8. Selectandright-clickInboundRules,andthenselectNewRule,asshowninthefollowingfigure.

9. OntheNewInboundRuleWizard,ontheRuleTypepage,theselectPredefinedradiobutton.

10. Inthedrop-downlist,selectRemoteDesktop,asshowninthefollowingfigure,andthenclickNext.

11. OnthePredefinedRulespage,clickNext.12. OntheActionpage,selecttheBlocktheconnectionradiobutton,asshownin

thefollowingfigure,andthenclickFinishtocloseNewInboundRuleWizard.

13. ClosetheGroupPolicyManagementEditorconsole.14. OpentheCommandPromptwindowandtypegpupdate/force,andthenpress

Enter.15. ClosetheCommandPromptwindow.16. OntheGroupPolicyManagementconsole,selectFirewallGPOintheleft

pane.17. Ifdisplayed,ontheInternetExplorerdialogboxclickClose18. Intherightpane,selecttheSettingstabandverifythattheInboundRulesare

configured,asshowninthefollowingfigure.

19. ClosetheGroupPolicyManagementconsole.

Results:Aftercompletingthisexercise,youshouldhaveconfiguredAppLockerandWindowsFirewallrulesusingtheGroupPolicyManagementconsole.

ShutdownandreverttheDC1virtualmachine.

Hope,youhaveenjoyedagreatlearningexperiencewiththislearningguideandhopeyouwillprovidegreatratingtothislabguide.

Documents

Installing and Configuring Windows