Hands-On Test (chapters 1-6) ITNET-112Rev 1.0Requirements:This is based on chapters 1-6For this activity you will need two clean installs of Server 2008. This can be done in Virtual PC, VMWareor with the Virtual Online Machines. If youre using the online machines, send me an email and I canreset your existing machines.You will be expected to document each step below, with one or more screenshots. The screenshots willserve as proof that you completed each step. You should only need one or two screnshots for eachactivity. The best way to complete this is to copy this document into a Word document and add yourscreenshots after each activity. Make sure to include a couple of sentences describing what each screenshot is showing me. There are several questions that you will need to answer below as well. Make sureto submit this in Blackboard. You can work on this with a partner. You will need two Server 2008 machines for this activity. Start with this document and add a screenshot to each item below, proving that you completed theactivity. You can use the Snipping Tool in Vista or Windows 7 to capture screenshots Make sure to answer any questions below as well.
Each step below is worth 5 points.This activity requires two servers. Onc machine will eventually become a domain controller and thesecond will become a member server.1. Start with 2 clean installs of Server 2008. Change the computer name on one server to ‘DomainCtrl’and the other to ‘MemberServer’
2. Assign the following to DomainCtrlIP Address: 192.168.2.1Subnet Mask: 255.255.255.0DNS 192.168.2.1(theres no need to configure the Default Gateway)
3. Assign the following to MemberServerIP Address: 192.168.2.2Subnet Mask: 255.255.255.0DNS 192.168.2.1(theres no need to configure the Default Gateway)
Once you have the IP settings configured on both machines, turn off the Windows Firewall on both andverify that they can ping each other. If you cant ping, troubleshoot this problem.
4. Install Active Directory (with a domain name of itnet112.pri) on to DomainCtrl
5. Make MemberServer a member of your domain.6. Create a User in Active Directory called Pat Feder. Demonstrate/document that he can logon locallyto your member server.
7. Pat Feder will not be able to logon to your domain controller, until you grant Pat Feder the “AllowLogon Locally” for your domain controller. Refer to Activity 3-10 in your text for information on how todo this. Now demonstate/document that Pat Feder can logon locally to your domain controller.
8. Chapter 4 discussed various OU structures. Create a multi-level OU structure that satisfies thefollowing requirements:Create a Top Level OU structure with the following OUs: IT, Management, AdmissionsCreate the following OUs in the IT OU (created above): Network Specialist, Information SecuritySpecialist and Programmer Analyst
9. Create a User, Nancy Network, and place her user account in the Network Specialist OU
10. Create a User, Sam Security, and place his account in the Information Security Specialist OU11. Delegate the “Reset User Passwords and force change at next logon” control to Pat Feder on theNetwork Specialist OU. Demonstrate with a couple of screenshots that Pat Feder can reset passwordsfor users in the Network Specialists OU (like Nancy Network), and cannot reset passwords for otherusers like Sam Security.
12. Configure Sam Securitys account to use a roaming profile. The basic steps are outlined belowCreate a shared folder on MemberServer called profiles. You will need to verify that this folder has theappropriate Share & NTFS permissions.Change Sam Securitys Profile path to point to the shared folder(MemberServerprofiles%username%)After you have logged on and logged off of the MemberServer to test the roaming profile, OpenWindows Explorer on MemberServer and document with a screenshot that the users profile has beencreated in the profiles folder.
13. Can Sam Security logon to the Domain Controller with his roaming profile (Make sure to test/verifyyour answer)? (Why/Why Not)no, because the profile wasn’t delegated control to do so.The following 3 questions are based on NTFS permissions, Share Permissions and the A-G-DL-P method.There was a lot of content that we covered on this including chapter 5, chapter 6, the File Services Part 1CBT Nugget in Exam Pack 70-642 and http://en.wikipedia.org/wiki/AGDLP14. Create the following folder on your Domain Controller, C:AGDLP. Share the folder, and give allUsers the "Co-owner" or “Full Control” share permission.
15. Using NTFS permissions with the A-G-DL-P method, configure the following: Give Sam Security and Nancy Network read & write control of the folder created above. Make sure to include one screenshot showing that one of your users (such as Sam Security) can accessthis shared resource. All others users (except administrators) should not be able to access this resource. Hint, you should not use the DENY permission to implement this. Theres a great CBT Nugget onconfiguring shares & NTFS permissions in CBT Nuggets Exam-Pack 70-642: MCTS: Windows 2008Network Infrastructure, Configuring: File Services Part 1 (NTFS and share permissions, ownership, etc.)Great content!!!!
16. Explain how you used the A-G-DL-P method above to implement the scenario above. (i.e. what isthe A, G, DL and P in your implementation)By changing the permissions to a group as a whole.