Lab3 questions - Instructions for Lab 3 PDF

Preview

Summary

Instructions for Lab 3...

Description

OBJECTIVES This lab contains two Virtual Machines (VMs), which are to be networked together. Join DESKTOP1 to the AD domain and move DESKTOP1 into the SLC OU. Properly create a file share and limit sharing of certain folders with certain users. Create and define GPOs for file sharing and security settings on DESKTOP1. Install a web server on DC1 and modify the home page.

LOGIN INFORMATION DESKTOP1 Accounts Username: Administrator Password: DESKTOP1 Local (notice the space! It's a "passphrase") Active Directory Accounts Username: u0123456.corp\Administrator (Domain Admin) Password: DC1 Local (notice the space! It's a "passphrase") Username: u0123456.corp\bgates Password: Changeme! (the first time you use this account you will be prompted to change your password! Write it down!)

STEPS Reservation 1 (begin this process under new reservation to make sure you have time to complete)

1.

Rename the Windows 8.1 operating system name (a.k.a. Computer Name) to DESKTOP1-NJ

Open system

2.

Join a workstation to the domain Rename the Windows 8.1 operating system name to DESKTOP1XX (use your initials in place of XX (e.g., CD for Chris Dansie)) 2. Join DESKTOP1-XX to the u0123456.corp domain 1.

Username: u0123456.corp\Administrator (Domain Admin) Password: DC1 Local (notice the space! It's a "passphrase")

3. On DC1 move the DESKTOP1-XX object in Active Directory into the SLC OU (organizational unit) Login to DC1 server

4. 1.

Create a shared network folder On DC1 create the folder “C:\Data” with the domain “Users” having “Full Control” of the folder

2.

Share the folder giving the u0123456.corp domain "Users” share permissions of “Read/Write” on the folder share

3.

4.

Create the folder “C:\Data\Finance”

Allow the User Account “bgates” (and Administrators) to have “Full Control” of the "Finance" folder and remove the domain "Users" permissions (HINT: consider inherited permissions)

Click users and then disable inheritance and then again remove

5.

Turn on “Network Discovery and File Sharing” on DC1 and on DESKTOP1-XX (do so by trying to explore the network from Windows Explorer and it will prompt you...click "Yes") (make sure you are logged on DESKTOP as DESKTOP-XX\Administrator when enabling this setting)

6.

Logoff DESKTOP1-XX and log back on DESKTOP-XX using the "u0123456.corp\bgates" username and the password above. It will prompt you to change your password (write it down!). After logging on, open Window Explorer and click "Network" and confirm that you can see two computers (DC1 and DESKTOP1-CD).

Newuser123 as new pw for bgates user.

7.

Double-click DC1 and the "Data" folder share. If you cannot get to this point, then figure out what you did wrong, because the remaining steps will not work if you can't click into the "Data" folder on DC1.

8.

In Active Directory Users and Computers (from DC1), rick-click the SLC OU and create a "Shared Folder" object in teh OU that references “\\DC1\Data” and call it “SLC Files”

9.

Using the Group Policy Management console, create a "SLC" OU Group Policy Object (right-click the OU) called “SLC Policy” so that all user’s desktop accounts in the SLC OU have the Z:\ drive automatically

mapped to “\\DC1\Data” at login (use the Active Directory Shared Folder above) (HINT: Read this document! , check "reconnect" and Google "GPO Mapped Drives" for help!)

Apply ok

10.

Logon to DESKTOP1-XX using the "bgates" account and confirm that the Z:\ drive is mapped to \\DC1\Data Log off and login again

11. Create a file called “FirstName LastName Salary.txt” in the “Finance” folder (use your name (e.g., Chris Dansie Salary.txt))

5.

Using the "SLC Policy" configure the following: 1. Set the minimum password length to 8 characters

In DC1

2.

Force the screen to lock after 15 minutes of idle time

3.

Prompt the user logging on with the follow message "Only Chris Dansie can use this computer!" (use your name (e.g., Chris Dansie))

4.

Set the window title to "WARNING"

5.

Prevent the last username from appearing in the login window

6.

Run "gpupdate" from the command-line of DESKTOP1-XX to apply the new GPO settings to DESKTOP1-XX. Logout and back in to see the results of the GPO that was applied.

Reservation 2 (begin this process under new reservation to make sure you have time to complete) 1. 1.

Install a website on DC1 Install the Web Server Role on DC1

2.

Create a DNS entry ("A" record) in the DNS Server on DC1 (under the u0123456.corp Forward Lookup Zone) that points "helpdesk.u0123456.corp" to the IP address of DC1 (The Default Website runs on the IP address of DC1)

Create new host

3.

Delete "iisstart.html" in the root folder of the website. Create an index.html page in the root folder (see http://www.w3schools.com (Links to an external site.)Links to an external site.) for a basic HTML page structure) and put in the following using an tag: "Welcome to the Help Desk user FirstName LastName" (use your name (e.g., Chris Dansie)). NOTE: Make sure the file extension is correct, as by default Windows Explorer will hide the file extension)

Select IIS manager

4.

Connect to "http://helpdesk.u0123456.corp" from Internet Explorer on DC1 to confirm that you can connect to the Help Desk website.

SUBMISSION REQUIREMENTS Provide the following screen shots and answers in a single PDF file properly labeled similarly to “u0123456 Lab 3 - Snapshot.pdf” (substitute your uNID) and submit to Canvas. Please don’t just screen grab the entire desktop, as it is very hard to read the details in an inline PDF on Canvas. 1.

On DC1 (at conclusion of Reservation 1) (20 points) 1. Screenshot: “SLC” OU in Active Directory Users and Computers UI showing the Users, DESKTOP1-XX and "SLC Files" in the OU (5 points)

2.

Screenshot: Permissions tab on the “C:\Data” folder (“Advanced Security Settings for Data” window) (5 points) AND the permissions tab on the “C:\ Data\Finance” folder (“Advanced Security Settings for Finance” window) (5 points)

3.

Screenshot: Effective Permissions Tab on the “C:\ Data\Finance” folder (“Advanced Security Settings for Finance” window) for the User accounts "bgates" and "sjobs") (2 screen shots) (5 points)

1.

2.

Provide a screenshot (cropped) of EACH of the Group Policy Objects that you set (screenshot the Window with the setting applied) (5 points)

7.

In DC1

Set the minimum password length to 8 characters

8.

Force the screen to lock after 15 minutes of idle time

9.

Prompt the user logging on with the follow message "Only Chris Dansie can use this computer!" (use your name (e.g., Chris Dansie))

10.

Set the window title to "WARNING"

11.

Prevent the last username from appearing in the login window

2. 1.

On DESKTOP1-XX (at conclusion of Reservation 1) (15 points) Screenshot: Command prompt that has run “ipconfig /all” (5 points)

2.

Screenshot: Z:\Finance folder opened in Explorer showing the "FirstName LastName Salary.txt” file residing in the folder (you do not need to open the file)(it must show the Z:\ drive and full path at the top of the window for full credit) (5 points)

3.

Screenshot: Logging into DESKTOP-XX showing the "warning" message before you hit submit (5 points)

3. 1.

On DC1 (at conclusion of Reservation 2)(5 points) Screenshot: The entire desktop which is running Internet Explorer connected to http://helpdesk.u0123456.corp

4.

Questions (10 points) When you restricted access to the C:\Data\Finance" folder, you had to "remove" a default setting. What was removed? (2 points) 2. Give two examples of why you'd prefer to use a GPO to automatically map a shared folder to a specific local drive, rather than doing so manually. (2 points) 3. Had you not set the minimum password length to 8 characters for the "SLC Policy", what minimum password length would have been enforced by "Default" on the domain? (3 points) 4. Assume that your IT Security team required you to enable auditing of object access (successful or failed) on all data in "C:\Data\Finance". Where could you enable that auditing and where would you go in the UI to see and review the activity. (3 points) 1....