1
Server 2008 R2 - Generic - Case
Day 1 Task 1
Install the following machines:
DC01 Server2008 R2 Standard Edition WEB01 Server 2008 R2 Standard Edition WEB02 Server 2003
File01 Server 2008 R2 Standard Edition Client01 Windows 7 Enterprise Edition Client02 Windows 7 Enterprise Edition
Name and configure IP addresses by following the topology drawing. Task 2
Install Active Directory on DC01. Domain name: domain.local.
Make all machines members of the domain.local domain except Client02. Day 2
Task 3
The company has the following organization. Try to make an effecient OU structure in Active Directory Users and Computers using Microsoft best practice.
Department No. employees Management 2 Production 50 Administration 6 IT 3 Sales 10
2 Users in every department must be created in their respective OU and must be member of a
domain global group in every department. (In practical create one user per department, name the users freely)
The two client machines must be placed in the management and production OU’s respectivly) The five servers must also be organized in the OU structure.
Task 4
The company has the following requirements to shared folders and groups that can access them.
Must have the following level of access to folders: Employees in
domain global groups
Administra-tion
Management Production Sales Project 1 Project 2 Project Assignments
Common files
Administration
Read and write – delete own
files
Read Read Read
Read and write – delete own
files Management
Read and write – delete own files Read and write – delete own files Production Read Read Read and write – delete own files
Sales Read Read
Read and write – delete own files Project 1 Read and write – delete own files Project 2 Read and write – delete own files
Any project Read
Furthermore, the domain administratorer must have full control to all folders.
You must
3 o Which domain local groups must be created and their name.
o Which NTFS permissions the domain local groups must be assigned.
o Which domain global groups must be member of which domain local groups. - Follow Microsoft Best Practice for Access Management.
- Create the folders and shares on file01.
Day 3 Task 5
Install the WINS feature on DC01 and configure all servers and clients to use the WINS server. Task 6
Install IIS 7.5 on WEB01
Create two new websites: website1 and website2 each with their own application pool and physical path.
On DC01 configure a DNS record for both www.website1.com and www.website2.com and point to the IP address of WEB01.
On WEB01 under IIS bindings configure so www.website1.com can be reached on port 80 and www.website2.com can be reached on port 81. Test from CLIENT01.
On WEB01 under IIS bindings set the port number back to 80 for both websites. Now configure host header so website1 can be reached by the name www.website1.com and website2 can be reached by the name www.website2.com. Test from CLIENT01
On WEB01 set authentication method for website2 to Windows authentication (Integrated). Add www.website2.com to local intranet zone on Client01. Test access from CLIENT01 and test access from CLIENT02 (Not domain joined)
Task 7
Install IIS 6.0 on WEB02
Create two new websites: website3 and website4 each with their own application pool and physical path.
On DC01 configure a DNS record for both www.website3.com and www.website4.com and point to the IP address of WEB02.
On WEB02 configure so www.website3.com can be reached on port 80 and www.website4.com can be reached on port 81. Test from CLIENT01.
On WEB02 set the port numbers back to 80 for both websites. Now configure host header so website3 can be reached by the name www.website3.com and website4 can be reached by the name www.website4.com. Test from CLIENT01
4 On WEB02 set authentication method for website4 to Integrated Windows authentication. Add
www.website4.com to local intranet zone on Client01. Test access from CLIENT01 and test access from CLIENT02 (Not domain joined)
Day 4 Task 8
Create a new service on DC01. ( e.g. sc.exe \\localhost create NewService binpath= c:\Windows\System32\calc.exe)
Configure the service to start automatically when windows starts.
In case of failure, configure the service to restart the first two times and to run a program the third time.
Try to stop and start the IIS service on WEB01 with the following commands: net, stop-service/start-service (PowerShell), sc.exe (You must identify the name of the IIS service first)
Task 9
Try to do the following via Group Policy:
The local administrator and guest account must be disabled on all client machines that are member of your domain.
User passwords must meet the following requirements:
o The password must be changed one time every month minimum. o The password length must be minimum 9 characters.
o The password must contain three of the following four categories: special characters, uppercase characters, lowercase characters or numbers.
If someone tries to brute force a user account, the account must be locked after four attempts. Only an administrator must unlock the account then.
Task 10
Enable Group Policy loopback processing (Hint. It’s a Computer Configuration policy) on FILE01 and try to see how much you can limit users who log on to FILE01. (Hint. User Configuration/Policies/Administrative Templates)
Day 5 Task 11
5 Each user must map a network drive to the shares they have access to on FILE01. Do this by creating logon scripts and placing them in the default location on DC01. From the user accounts in Active Directory Users and Computers, map the right logon script for each user. Test the logon script on CLIENT01. (Hint. Net use) Task 12
Join CLIENT02 to your domain.
To create a roaming profile for the user in the management department you must do the following. Create a GPO that applies to CLIENT01 and CLIENT02 name it Roaming Profiles Administrator
Access. Edit the policy and view the explanation for the setting Computer
Configuration\Administrative Templates\System\User Profiles\”Add the Administrators security group to roaming user profiles.” Enable the setting.
Create a new share on FILE01 and name it Profiles$. NTFS should be configured with the permissions described in Step 2 Table 1:
http://technet.microsoft.com/en-us/library/jj649079.aspx#RUP_Step2Createafileshareforroaminguserprofiles. Share permissions
with Full Control for everyone is OK.
Set the Profile path, under properties for the user account in the management OU, to \\FILE01.domain.local\Profiles$\%username%
Log on to CLIENT01 with the user from management. An empty folder should be created on \\FILE01\Profiles$\Username. On CLIENT01 create a folder on the desktop and logoff.
The user profile should be copied to the \\FILE01\Profiles$\Username folder on FILE01. Log on to CLIENT02 with the user from management and the same profile should be downloaded and the created folder should be on the desktop.
Task 13
Try to configure folder redirection for the desktop folder for the management user. Create a new share on FILE01 for this purpose, with the same NTFS and share permissions as the Profiles$ share.
