Labs 6-15
8.7.4 Configure Restricted Groups You are the IT security administrator for a small corporate network. A group of desktop administrators needs administrative rights to all of the workstations in the domain. The workstations are located in the Workstations OU. In this lab, your task is to perform the following on CorpDC: Create a global security group named Desktop Admins in the Admins OU. (Members of the group will be added later.) Configure a restricted group policy in the WorkstationGPO object that adds the domain Desktop Admins group to the local Administrators group on all the workstations.
Create a group as follows: 1. From Hyper-V Manager, select CORPSERVER.Right-click CorpDC and select Connect. 2. From Server Manager, select Tools > Active Directory Users and Computers. 3. Browse the Active Directory structure to the appropriate OU. 4. Right-click the OU and select New > Group. 5. In the Group name field, enter the name of the group 6. Select a group scope. 7. Select a group type; then click OK. 8. Close Active Directory Users and Computers. Create a restricted group as follows: 1. From Server Manager, select Tools > Group Policy Management. 2. Expand Forest: CorpNet.com > Domains > CorpNet.com > Group Policy Objects. 3. Right-click WorkstationGPO and select Edit. 4. Under Computer Configuration, expand Policies > Windows Settings > Security Settings. 5. Right-click Restricted Groups and select Add Group. 6. Select Browse. 7. In the Enter the object names to select field, enter Desktop Admins; then click OK. 8. Click OK. 9. Under This group is a member of, select Add. 10. Enter Administrators (do not browse); then click OK. 11. Click OK.
7.9.4 Delegate Administrative Control You work as the IT administrator for a small business and are responsible for the corporate network. As your network grows, you need to delegate common administrative tasks. You have defined the following administrative roles: PasswordAdmins can reset passwords for any user in the domain and force password change at next logon. ComputerAdmins can join computers to the domain for the entire domain. GPOLinkAdmins can manage GPO links for departmental OUs (Accounting, Marketing, Research-Dev, Sales, and Support). In this lab, your task is to delegate administrative roles on CorpDC as follows: Create the following global security groups in the Users container for each administrative role: PasswordAdmins ComputerAdmins GPOLinkAdmins Use the Delegation of Control wizard to delegate the necessary permissions at the correct level to each group. In the wizard, use the common tasks option for delegating control.
Create a group as follows: 1. From Hyper-V Manager, select CORPSERVER.Right-click CorpDC and select Connect. 2. From Server Manager, select Tools > Active Directory Users and Computers. 3. Browse to the Users OU.Right-click Users and select New > Group. 4. Enter the name for the group 5. Make sure Global is selected as the group scope. 6. Make sure Security is selected as the group type; then click OK Repeat steps for each group. Delegate the necessary permissions as follows: 1. From Active Directory Users and Computers, browse the Active Directory structure to the level where you want to delegate control (the domain or an OU). 2. Right-click the appropriate OU or domain and select Delegate Control. 3. In the Welcome window, click Next. 4. In the Users or Groups window, click Add to add groups. 5. Enter the name of the group to be added; then click OK. Click Next. 6. Select the box of the task you want to delegate; then click Next. Click Finish. Repeat steps for each group.
9.4.4 Create a Zone and Add Records You work as the IT administrator for a small business and are responsible for the corporate network. You have two servers and a DNS server that use static IP addresses on the 192.168.0.0/24 subnet. You plan to install three more servers soon, so you need to create DNS records for these servers on the CorpDC server. In this lab, your task is to perform the following: Create an IPv4 Active Directory-integrated primary reverse lookup zone for subnet 192.168.0.0/24. Be sure to accept the default replication and dynamic updates settings. Create A records and PTR records for the following hosts:
Create a primary reverse lookup zone as follows: 1. In Hyper-V Manager, select CORPSERVER. 2. Right-click CorpDC and select Connect. 3. In Server Manager, select Tools > DNS. 4. Expand CORPDC. 5. Right-click Reverse Lookup Zones and select New Zone. 6. Click Next. 7. Make sure Primary zone is selected. 8. Make sure Store the zone in Active Directory is selected; then click Next. 9. Keep the default replication scope setting and click Next. 10. Keep the default reverse lookup zone settings and click Next. 11. Type 192.168.0 as the network ID. (Omit any trailing zeroes that are excluded based on the subnet mask. For example, type 192.168.1 for subnet 192.168.1.0/24. Type 10.1 for subnet 10.1.0.0/16). 12. Click Next. 13. Keep the default dynamic update settings; then click Next. 14. Click Finish. Create a host (A) and associated pointer (PTR) record as follows: 1. In DNS Manager, expand Forward Lookup Zones. 2. Right-click CorpNet.com and select New Host (A or AAAA). 3. In the Name field, enter the host name.In the IP address field, enter the IP address. 4. Select Create associated pointer (PTR) record as needed. The reverse lookup zone must exist for this record to be created. 5. Click Add Host. 6. Click OK. 7. Repeat steps to add additional host records. 8. Click Done.
6.3.8 Create a Parent Virtual Machine You installed Hyper-V on the CorpServer server. You are experimenting with virtual hard disks. You plan to run several instances of Windows Server 2016 as virtual machines. Because these virtual machines will use a similar configuration, you are considering using differencing disks to conserve disk space. In this lab, your task is to perform the following: Create a virtual hard disk using the following parameters: Virtual hard disk name: ParentDisk.vhdx Location: D:\HYPERV\Virtual Hard Disks\ParentDisk.vhdxDisk type: FixedSize: 50 GB Create the parent virtual machine using the following parameters: Virtual machine name: ServerParent Location: D:\HYPERV\ Generation: Generation 1Startup Memory: 2048 MB Network: Not Connected Configure the virtual hard disk to use the image file D:\ISOs\en_windows_server_2016_x64_dvd.iso
Create a virtual hard disk as follows: 1. From Server Manager, select Tools > Hyper-V Manager. 2. Right-click CORPSERVER and select New > Hard Disk. 3. Click Next. 4. Select the disk format; then click Next. 5. Select the disk type; then click Next. 6. Enter the name for the hard disk file. 7. Enter the location for the hard disk file; then click Next. 8. Make sure Create a new blank virtual hard disk is selected. 9. Enter the size for the new virtual disk; then click Next. 10. Click Finish. Create a virtual machine as follows: 1. In Hyper-V Manager, right-click CORPSERVER and select New > Virtual Machine. 2. Click Next. 3. Enter the name for the virtual machine. 4. Select Store the virtual machine in a different location to modify the path to the virtual machine files. 5. Verify the location; then click Next. 6. Select the generation; then click Next. 7. Enter the amount of memory to use with the virtual machine. 8. Select Use Dynamic Memory for this virtual machine to use dynamic memory; then click Next. 9. Select the network used by the virtual machine; then click Next. 10. Select connect to an existing hard disk. 11. Make sure Install an operating system later is selected; then click Next. 12. Click Finish. Configure the virtual machine as follows: 1. In Hyper-V Manager, right-click ServerParent and select Settings. 2. Under the Hardware section, select the DVD Drive on IDE Controller 1. 3. In the right pane, select Image file. 4. Select Browse. 5. Browse to and select the image file to be used by the virtual DVD drive. 6. Select Open. 7. Click OK.
6.4.7 Prepare a Production Virtual Machine You need to add additional servers to your network. You have decided to use virtual machines and Hyper-V to create these servers. Hyper-V is installed on the CorpServer server. Be aware of the following concerning this lab: Virtual disks created with the virtual machine are dynamically expanding disks. To create a fixed-size disk, create the disk before creating the virtual machine. When creating the network, use the internal type. This allows the virtual machine to communicate with the host computer, but not with other computers on the production network. When booting a virtual machine from the network, add the legacy network adapter to the virtual machine and make sure to change the boot order to boot from the network. In this lab, your task is to create a virtual machine that will be used to install a domain controller for the network. Use the following settings: Use the Hyper-V Manager utility to create a virtual hard disk named CorpDC in the D:\HYPERV\Virtual Hard Disks directory. - Select the format that allows for maximum backwards compatibility. - Configure the disk for best performance. - Configure a size of 500 GB. Create a virtual machine named CorpDC. - Save the virtual machine in the D:\HYPERV folder. - Use 2048 MB of startup memory for the virtual machine.Use dynamic memory. - Configure the network adapter to remain disconnected for now. - Use the existing CorpDC virtual hard disk file that you created. - Do not install an operating system (the operating system will be installed from an image later). Create a Test Network virtual switch. Configure the virtual machine network settings. - Other network hosts should not be able to use this network. - Add a legacy network adapter to the virtual machine. - Configure the adapter to use the network you created. - Configure the virtual machine to boot from the network. Configure dynamic memory settings: - Minimum RAM: 512 MB - Maximum RAM: 4096 MB - Memory buffer: 30%
Create a virtual hard drive as follows: 1. In Server Manager, select Tools > Hyper-V Manager. 2. Right-click CORPSERVER and select New > Hard Disk. 3. Click Next. 4. Select VHD and click Next. 4. Make sure Fixed size is selected; then click Next. 5. In the Name field, enter CorpDC.vhd and click Next. 6. In the Size field, enter 500; then click Next. 7. Click Finish. Create a virtual machine as follows: 1. Right-click CORPSERVER and select New > Virtual Machine.Click Next. 2. In the Name field, enter CorpDC; then click Next. 3. Select Generation 1; then click Next. 4. In Startup memory, enter 2048. 5. Select Use Dynamic Memory for this virtual machine; then click Next. 6. From the Connection list, make sure Not Connected is selected; then click Next. 7. Select Use an existing virtual hard disk.In the Location field, enter D:\HYPERV\Virtual Hard Disks\CorpDC.vhd. 8. Click Next. 9. Review the virtual machine specifications and click Finish. Create a virtual switch as follows: 1. Right-click CORPSERVER server and select Virtual Switch Manager. 2. In the left pane, make sure New virtual network switch is selected. 3. Select Internal as the switch type. 4. Select Create Virtual Switch. 5. In the Name field, enter Test Network; then click OK. Configure virtual machine settings as follows: 1. Under Virtual Machines in Hyper-V Manager, right-click CorpDC and select Settings. 2. In the Add Hardware pane, select Legacy Network Adapter and select Add. 3. From the Virtual Switch drop-down list, select Test Network. 4. Click Apply. 5. In the left pane, select BIOS to configure booting from the Legacy Network Adapter 6. Select the Legacy Network adapter. 7. Select Move Up twice to move the adapter to the top of the list. 8. Click Apply. 9. In the left pane, select Memory to configure dynamic memory settings. 10. In the Minimum RAM field, type 512. 11. In the Maximum RAM field, type 4096. 12. Set the Memory buffer to 30% 13. Click OK.
15.2.5 Configure an NLB Cluster 2 You would like to improve the availability of applications in the branch office by configuring it in a network load balancing (NLB) cluster. You have installed the Network Load Balancing feature on the BranchNLB1 and BranchNLB2 servers. Now you need to design and implement a solution. In this lab, your tasks are to create an NLB cluster using the two servers and define port rules to meet the requirements below. You do not need to configure host records in DNS. You are working at the console of BranchNLB1. Use the following parameters to create a cluster and configure port rules: Cluster hosts: BranchNLB1 and BranchNLB2 Cluster IP address: 192.168.30.25 Subnet mask: 255.255.255.0 Full Internet name: BranchNLB.Branch2.CorpNet.com Cluster operation mode: Multicast Priority (host identifier) values:BranchNLB1: 2 (or higher)BranchNLB2: 1 Port rules: Protocols, Filtering Mode, and Affinity Port rules: Load Weight and Handling Priority These port rules allow the following to happen: Peer-to-peer servers communicate cluster status information. All requests for TCP and UDP ports 0 to 1023 are equally divided between both servers. Multiple connections from a single client are sent to the same server. All requests for TCP port 1066 are sent to BranchNLB1 and then to BranchNLB2 if BranchNLB1 is unavailable. For TCP port 1777, 75% of the requests go to BranchNLB2 and 25% of the requests go to BranchNLB1. Multiple connections from a single client are sent to the same server. All requests for TCP and UDP ports 2000 to 2999 are not processed by the cluster. All requests for TCP and UDP port 5055 are sent to BranchNLB2 and never sent to BranchNLB1. Any traffic not controlled by a port rule goes to BranchNLB2, and to BranchNLB1 only if BranchNLB2 is unavailable.
Create an NLB cluster as follows: 1. From Server Manager, select Tools > Network Load Balancing Manager. 2. Right-click Network Load Balancing Clusters and select New Cluster. 3. Type the name of a cluster host. 4. Select Connect. 5. Select the interface that the cluster will use; then click Next. 6. Select the priority. 7. Make sure the default state is set to Started; then click Next. 8. Select Add. 9. Make sure Add IPv4 address is selected. 10. Enter the IP address. 11. Enter the subnet mask; then click OK. 12. Click Next. 13. Type the full Internet name for the NLB cluster. 14. Select the cluster operation mode; then click Next. Create and Edit port rules on BranchNLB1 as follows: 1. Select the existing rule. 2. Select Edit to modify an existing port rule. 3. Under Port range, modify the ports. 4. Under Protocols, select the appropriate protocols. 5. Under Filtering mode, select the filtering mode. 6. Select the affinity; then click OK. 7. Select Add to create a new rule. 8. Under Port range, modify the ports. 9. Under Protocols, select the appropriate protocols. 10. Under Filtering mode, select the filtering mode. 11. Select the affinity; then click OK. 12. Repeat steps to create additional port rules. 13. Click Finish to create the cluster. Add BranchNLB2 as a cluster host as follows: 1. In Network Load Balancing Manager, right-click the cluster and select add Host To Cluster. 2. Type the name of a cluster host. 3. Click Connect. 4. Select the interface that the cluster will use; then click Next. 5. Select the priority. 6. Make sure the default state is set to Started; then click Next. 7. Click Finish to add the host to the cluster. Modify the port rules on both cluster hosts as follows: 1. In the Network Load Balancing Manager console, right-click the cluster host and select Host Properties. 2. Select the Port Rules tab. 3. Modify the load weight as follows: - Select the port rule you wish to modify and click Edit. - Under Load weight, deselect Equal. - Enter the load weight; then click OK. 4. Modify the handling priority as follows: - Select the port rule you wish to modify and click Edit. - Enter the handling priority; then click OK. 5. Click OK to close the properties dialog.
7.5.8 Manage User Accounts You work as the IT administrator for a small business and are responsible for the corporate network. You recently added an Active Directory domain on the CorpDC server to manage network resources centrally. Organizational units in the domain represent departments. User and computer accounts are in their respective departmental OUs. Over the past few days, several personnel changes have occurred that require changes to user accounts. In this lab, your task is to use the following information to make the necessary user account changes on CorpDC: Mark Woods has been fired from the Accounting department. Disable his account until his replacement can be found. Pat Benton is returning to the Research-Dev department from maternity leave. Her account is disabled to prevent logon. Enable her account. Andrea Simmons from the Research-Dev department has recently married.Rename the account Andrea Socko.Change the last name to Socko.Change the display name to Andrea Socko.Change the user logon and the pre-Windows 2000 user logon name to asocko. Mary Barnes from the Accounting department has forgotten her password, and now her account is locked:Unlock the account.Reset the password as 1234abcd$.Require a password change at the next logon. For all users in the Support OU (but not the SupportManagers OU), allow logon only to the Support computer.
Disable a user account as follows: 1. In Hyper-V Manager, select CORPSERVER. 2. In the middle pane, right-click CorpDC and select Connect. 3. From Server Manager on CorpDC, select Tools > Active Directory Users and Computers. 4. Browse the Active Directory structure and select the Accounting OU. 5. Right-click Mark Woods and select Disable Account. 6. Click OK to apply the changes. Enable a user account as follows: 1. Select the Research-Dev OU. 2. Right-click Pat Benton and select Enable Account. 3. Click OK. Rename the user account as follows: 1. In the Research-Dev OU, right-click the user account and select Rename. 2. Enter Andrea Socko and press Enter. 3. In the Last name field, enter Socko. 4. In the Display name field, enter Andrea Socko. 5. In the User logon name field, enter asocko. 5. Click OK. Unlock a user account as follows: 1. In the Accounting OU, right-click Mary Barnes and select Reset Password. 2. In the New password field, enter the 1234abcd$. 3. In the Confirm password field, enter 1234abcd$. 4. Make sure that User must change password at next logon is selected. 5. Make sure that Unlock the user's account is selected. 6. Click OK. Configure user account restrictions as follows: 1. Navigate to the Support OU. 2. Select both the Tom Plack and Janice Rons users. 3. Right-click the user accounts and select Properties. 4. Select the Account tab. 5. Mark Computer restrictions. 6. Select Log On To. 7. In the Computer name field, enter Support; then select Add. Click OK.
8.6.3 Configure Security Options You work as the IT administrator for a small business and are responsible for the corporate network. After a security review, you have decided to improve network security. In this lab, your task is to configure the following security options on the CorpDC server using Group Policy. You also need to disable the User Configuration portion of the GPO because all GPO settings in the SupportGPO are in the Computer Configuration portion.
Edit security options as follows: 1. From Hyper-V Manager, select CORPSERVER.Right-click CorpDC and select Connect. 2. From Server Manager, select Tools > Group Policy Management. 3. Expand Forest: CorpNet.com > Domains > CorpNet.com. 4. Right-click Default Domain Policy and select Edit. 5. Under Computer Configuration, expand Policies > Windows Settings > Security Settings > Local Policies. 6. Select Security Options. 7. Right-click the policy you want to edit and select Properties. 8. Select Define this policy setting. 9. Select Enabled or Disabled, or configure additional values for the policy. 10. Click OK. Repeat steps for additional policies. Close Group Policy Editor. Configure SupportGPO as follows: 1. Expand the Support OU.Right-click SupportGPO and select Edit. 2. Under Computer Configuration, expand Policies > Windows Settings > Security Settings > Local Policies. 3. Select Security Options.Right-click the policy you want to edit and select Properties. 4. Select Define this policy setting. 5. Select Enabled or Disabled, or configure additional values for the policy. 6. Click OK.Repeat steps for additional policies. Close Group Policy Editor. Edit the GPO status: 1. In the Group Policy Management console, expand Group Policy Objects. 2. Right-click SupportGPO and select GPO Status > User Configuration Settings Disabled.
10.5.4 Configure NTFS and Share Permissions 1 You work as the IT administrator for a small business and are responsible for the corporate network. You are creating a share for the H:\Components folder on the CorpFiles16 server. Research and Development department employees need to store programming components in this shared folder. Data in a shared folder on an NTFS partition has two sets of permissions (share permissions and NTFS permissions). Each user's data access is determined by the most restrictive of these two permissions. You need to secure the data in the folder as follows: Members of the Research Resources group should have full control over the folder. All other users should be able to view the contents of the folder. Permissions should apply to both network access through the share and local access. In this lab, your task is to implement a combined share and NTFS permission strategy as follows: Share the H:\Components folder using the default share name. Configure share permissions by giving the Everyone group Full Control share permissions. Configure NTFS permissions for the H:\Components folder by giving the Research Resources group Full Control permissions. Keep the remaining NTFS permissions. This allows administrators full control and allows all other users to read the folder contents.
Share a folder as follows: 1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpFiles16 and select Connect. 3. From the taskbar, open File Explorer. 4. Navigate to the folder you want to share. 5. Right-click the folder and select Properties. 6. Select the Sharing tab. 7. Select Advanced Sharing. 8. Select Share this folder.In the Share name field, use the default share name. Configure shared folder permissions as follows: 1. From the Sharing tab, select Permissions. 2. Select the security principal. 3. Select the share folder permissions; then click OK. 4. Click OK to save the changes. Configure NTFS permissions as follows: 1. Select the Security tab. 2. Select Edit. 3. Select Add. 4. Enter the name of the security principal that will receive permission to the folder. 5. Click OK. 6. Select the appropriate NTFS permission. 7. Click OK. 8. Click OK to save the changes.
10.5.5 Configure NTFS and Share Permissions 2 You work as the IT administrator for a small business and are responsible for the corporate network. You created a folder for old data on the CorpFiles16 server. You need to configure share and NTFS permissions so that the Research Resources group has Full Control permissions. Data in a shared folder on an NTFS partition has two sets of permissions (share permissions and NTFS permissions). Each user's data access is determined by the most restrictive of the two permissions. Configure permissions as follows: Make data accessible over the network through a share named Archives. Enable all members of the Research and Development department to add to in the H:\Archives folder. Enable administrators to manage the folder and the share. Ensure permissions apply both locally and when accessed over the network. In this lab, your task is to perform the following on CorpFiles16: Share H:\Archives using the default share name. Configure share permissions to grant Full Control to Everyone. Configure NTFS permissions for the H:\Archives folder and give the Research Resources domain local group the Full Control NTFS permission.
Share a folder as follows: 1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpFiles16 and select Connect. 3. From the taskbar, open File Explorer. 4. Navigate to the folder you want to share. 5. Right-click the folder and select Properties. 6. Select the Sharing tab.Select Advanced Sharing. 7. Select Share this folder. 8. In the Share name field, verify the share name. 9. Select Permissions to configure shared folder permissions. 10. With Everyone selected, select the appropriate permissions; then click OK. 11. Click OK to save the changes. Configure NTFS permissions as follows: 1. Select the Security tab.Select Edit. 2. Select Add. 3. Enter the name of the group that will receive permission to the folder. 4. Click OK. 5. With Research Resources selected, select the appropriate NTFS permission. 6. Click OK. 7. Click OK to save the changes.
10.1.10 Create a Quota Entry For security reasons, you want to know if anyone saves any files on the D: drive using the domain guest account for CorpFiles12. Disk quotas have already been enabled. You also need to set a warning level for the guest account at 1 KB. Using File Explorer, your task is to perform the following for the guest user: Create a new quota entry. Set the quota limit to 500 MB. Set the warning level to 1 KB.
1. From Hyper-V Manager, select CORPSERVER. 2. Maximize the window to view all virtual machines. 3. Right-click CorpFiles12 and select Connect. 4. On the taskbar of CorpFiles12, select File Explorer. 5. Right-click the drive. 6. From the menu, select Properties. 7. Select the Quota tab. 8. On the Quota tab, select Quotas Entries. 9. Select Quotas > New Quotas Entry. 10. Under Enter the object names to select, enter Guest; then click OK. 11. Select Limit disk space to. 12. In the disk space limit field, enter 500 MB. 13. Under Set warning level to, enter 1 KB; then click OK. 14. Close the Quota Entries window. 15. In the Data (D:) Properties window, click OK. 16. In the Disk Quotas window, click OK.
10.1.7 Configure NTFS Permissions You need to manage the permissions assigned to various folders. Department data is stored on CorpFiles16 in a folder named D:\Departments. Within the Departments folder, each department has a subfolder where they can publish files to the rest of the company. The default permissions inherited by the D:\Departments folder and each subfolder currently allow all users to read and execute files. In this lab, your task is to configure permissions for each departmental subfolder so that only users within each department can change their department's files. To complete this task, assign the permissions specified in the following table:
1. From Hyper-V Manager, select CORPSERVER. 2. Maximize the window to view all virtual machines. 3. Right-click CorpFiles16 and select Connect. 4. From the taskbar, open File Explorer. 5. Browse to and right-click the folder and select Properties. 6. Select the Security tab. 7. Select Edit. 8. Select Add. 9. In the Enter the object names to select field, type the name of each security principal that will receive permission to the shared folder; then click OK. 10. Select the security principal. 11. In the Allow column, select the appropriate permission. 12. Click OK twice. 13. Repeat steps 5-12 for each domain local group.
8.8.4 Configure AppLocker You work as the IT administrator for a small business and are responsible for the corporate network. You are increasing network security by implementing AppLocker. Your first step is to prevent applications from running on computers that are not located in the Windows directory or the Program Files directory. In addition, there is a custom call center application used by the support team. The call center application runs from C:\CallCenter\CallStart.exe and must be allowed to run. You also want future versions of the call center application to run without having to change any settings. In this lab, your task is to configure AppLocker in the WorkstationGPO on CorpDC using the following parameters. Create default executable rules to ensure you maintain access to:All files located in the Program Files folderAll files located in the Windows folder Configure a Publisher rule that allows future updates from the same vendor. Allow the support group to run the call center software. Do not add exclusions to the rule.
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpDC and select Connect. 3. From Server Manager on CorpDC, select Tools > Group Policy Management. 4. Expand Forest:CorpNet.com > Domains > CorpNet.com > Group Policy Objects. 5. Right-click WorkstationGPO and select Edit. 6. Under Computer Configuration, expand Policies > Windows Settings > Security Settings > Application Control Policies. 7. Select AppLocker. 8. In the right pane, select Configure rule enforcement. 9. Under Executable rules, select Configured. 10. Make sure Enforce rules appears in the drop-down list. Click OK. Create default executable rules as follows: 1. In the left pane, expand AppLocker. 2. Right-click Executable Rules and select Create Default Rules. 3. In the right pane, notice that the three default executable rules that allow Everyone access to the Windows and Program Files directories were created. Configure a Publisher rule and allow the Support group to run the call center software as follows: 1. Right-click Executable Rules and select Create New Rule. 2. Click Next. 3. Make sure Allow is selected; then click Select. 4. Enter the name of the required group; then click OK. 5. Click Next. 6. Make sure Publisher is selected; then click Next. 7. Select Browse. 8. Browse to and select the executable file. 9. Select Open. 10. Slide the pointer from File version to Publisher; then click Next. 11. Click Next. 12. Accept the default name and select Create. 13. Notice that the Publisher rule was created.
7.8.6 Change the Group Scope You are the IT administrator for the CorpNet.com domain. You recently created a domain local distribution group named Managers in the Users container on CorpDC because department managers need to email other department managers. After creating the group and adding several individual user accounts as members of the group, you decide to use the group to assign permissions to company managers, as well. In this lab, your task is to perform the following: Change the Managers group scope to Global. Change the Managers group type to Security.
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpDC and select Connect. 3. From Server Manager, select Tools > Active Directory Users and Computers. 4. Browse to the Managers group in the Users OU. 5. Right-click Managers and select Properties. 6. On the General tab, select Universal. 7. Click Apply. 8. Select Global. 9. Under Group type, select Security. 10. Click OK to apply the changes.
7.8.7 Implement a Group Strategy You are the IT administrator for the CorpNet.com domain. You are in the process of implementing a group strategy for your network. The CorpNet.com domain has a Support OU. All support employees in the domain have user accounts within the Support OU or within the Support sub-OUs. All support employees need access to the support department's shared folders and printers. Your group strategy must minimize administration when: Granting and removing resource access to support employees. Groups of other employees (such as managers) request access to support resources. Support resources are added or removed. Permissions to the resources need to be granted or removed. The recommended group strategy is to: Make user accounts members of global groups. Make global groups members of domain local groups. Assign permissions to the domain local groups. The following table outlines the groups, group scopes, group types, and group memberships required for this lab: In this lab, your task is to implement a group strategy that meets the above requirements on CorpDC as follows: Create the following two groups in the Support OU:SupportSupport Resources For each group, configure an appropriate scope, type, and membership based on the information in the scenario and the purpose suggested by the group name.
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpDC and select Connect. 3. From Server Manager, select Tools > Active Directory Users and Computers. 4. Browse to the Support OU. 5. Right-click Support and select New > Group. 6. Enter the group name. 7. Select the group scope. 8. Select the group type; then click OK. 9. Repeat steps 5-8 to create additional groups. Modify the group membership as follows: 1. Right-click the group and select Properties. 2. Select the Members tab. 3. Select Add. 4. Select Advanced.Select Find Now. 6. Under Search results, hold down the Ctrl key and select the users or group you want to add. 7. Click OK. 8. Click OK to add the new group member. 9. Repeat steps for additional groups.
7.7.5 Create Computer Accounts You work as the IT administrator for a small business and are responsible for the corporate network. The company has ordered several laptop computers for the Sales team. The laptops will arrive with Windows 10 pre-installed and need to be added to the domain. In this lab, your task is to pre-stage the computer accounts used for the Sales team laptops on CorpDC. Create the following computer accounts in the Workstations OU: Sales1 Sales2 Sales3 Sales4 Sales5
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpDC and select Connect. 3. From Server Manager, select Tools > Active Directory Users and Computers. 4. Expand CorpNet.com. 5. Right-click the Workstations container and select New > Computer. In the Computer name field, enter the computer name. 6. Notice that the pre-Windows 2000 name is filled in automatically. 7. Click OK. Repeat steps 5-7 for each computer account.
8.4.4 Configure Audit Policies You work as the IT administrator for a small business and are responsible for the corporate network. The Accounting OU contains workstations that store sensitive data. Only accounting department employees should use these workstations. As part of securing the workstations, you want to audit who logs on or attempts to log on to the accounting workstations for any user. In this lab, your task is to configure auditing policies in AccountingGPO on CorpDC to meet the following requirements: In the audit policy of the GPO, enable the Audit logon events policy. This records logon to the local computer and records an event in the workstation's Security log. In the Audit logon events policy, audit for both Success and Failure. In this scenario, you want to know when someone is able to log on and when logon is denied. In Security Options, enable the Audit: Shut down system immediately if unable to log security audits policy, which causes the computer to shut down if it can't log audit entries. In Event Log, enable the Retention method for security log policy and configure it to Do not overwrite events (clear log manually).
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpDC and select Connect. 3. From Server Manager, select Tools > Group Policy Management. 4. Expand Forest: CorpNet.com > Domains > CorpNet.com > Group Policy Objects. 5. Right-click AccountingGPO and select Edit. 6. Under Computer Configuration, expand Policies > Windows Settings > Security Settings > Local Policies. Select Audit Policy. 7. Right-click the policy you want to edit and select Properties. 8. Select Define this policy setting. 9. Make sure Success is selected. 10. Select Failure. 11. Click OK. Edit Security Option policies as follows: 1. Select Security Options. 2. Right-click the policy and select Properties. 3. Select Define this policy setting. 4. Select Enable. 5. Click OK. 6. Click Yes to confirm the setting change. Edit Event Log policies as follows: 1. Select Event Log. 2. Right-click the policy and select Properties. 3. Select Define this policy setting. 4. Select Do not overwrite events (clear log manually). 5. Click OK.
8.6.8 Enforce User Account Control You work as the IT administrator for a small business and are responsible for the corporate network. The company has a single Active Directory domain named CorpNet.com. You need to increase the domain's authentication security. You need to make sure that User Account Control (UAC) settings are consistent throughout the domain and in accordance with industry recommendations. In this lab, your task is to configure the following UAC settings in the Default Domain Policy on CorpDC:
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpDC and select Connect. 3. From Server Manager, select Tools > Group Policy Management. 4. Expand Forest: CorpNet.com > Domains > CorpNet.com. 5. Right-click Default Domain Policy and select Edit. 6. Under Computer Configuration, expand Policies > Windows Settings > Security Settings > Local Policies. 7. Select Security Options Policy. 8. In the right pane, right-click the policy you want to edit and select Properties. 9. Select Define this policy setting. 10. Select Enable or Disable as necessary. 11. Edit the value for the policy as needed; then click OK. Repeat steps for each policy setting.
8.3.4 Configure Account Password Policies You work as the IT administrator for a small business and are responsible for the corporate network. You must configure a password policy for the domain. In this lab, your task is to edit the default domain policy on CorpDC using Group Policy Management and configure the account policy settings to meet the following requirements: Passwords must be at least 10 characters long. Passwords must contain uppercase letter, lowercase letter, number, and symbol characters. Users must change passwords every 90 days. Users cannot change a new password for at least 14 days. New passwords must be different than the previous 10 passwords. If five incorrect passwords are entered within a ten-minute interval, the account will lock. Keep accounts locked for 1 hour and then unlock the account automatically.
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpDC and select Connect. 3. From Server Manager, select Tools > Group Policy Management. 4. Expand Forest: CorpNet.com. 5. Expand Domains. 6. Expand CorpNet.com. 7. Right-click Default Domain Policy and select Edit. 8. In the Group Policy Management editor, browse to Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies. 9. Expand Account Policies. Modify password policies as follows: 1. In the left pane, select Password Policy. 2. In the right pane, right-click the policy you want to edit and select Properties. 3. Edit the value for the policy; then click OK. Repeat steps for each policy. Modify account lockout policies as follows: 1. In the left pane, select Account Lockout Policy. 2. In the right pane, right-click the policy you want to edit and select Properties 3. If the policy is currently undefined, select Define this policy setting. 4. Edit the value for the policy; then click OK. 5. Repeat steps for additional policies. ( -Account lockout duration 60 minutes - Account lockout threshold 5 incorrect passwords - Reset account lockout counter after 10 minutes)
8.5.4 Configure User Rights You work as the IT administrator for a small business and are responsible for the corporate network. You are working on improving the security of network resources. When adding users or groups, remember that you are doing so on a domain controller. The following applies: Groups in the Builtin active directory folder are added like a local user or group by simply typing the name of the group. To add a domain user or group, include the domain name in the object name (for example, domain_name\Sales). The proper domain\group entry will be added if you validate the group by clicking Check Names in the Select Users, Computers, Service Accounts, or Groups dialog. In this lab, your task is to add the following group to the associated User Rights Assignment policy in the ServerGPO policy object from the CorpDC server:
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpDC and select Connect. 3. From Server Manager, select Tools > Group Policy Management. 4. Expand Forest:CorpNet.com > Domains > CorpNet.com > Group Policy Objects. 5. Right-click ServerGPO and select Edit. 6. Under Computer Configuration, expand Policies > Windows Settings > Security Settings > Local Policies. 7. Select User Rights Assignment. 8. Right-click the policy you want to edit and select Properties. 9. Select Define these policy settings. 10. Select Add User or Group. 11. Enter the name of the user or group; then click OK. Repeat steps to define additional policy settings.
10.2.6 Restore Previous Version 2 The director of the accounting department has requested a copy of the 2016 purchase order reports located in the POs share. The files are located in the D:\Finances\POs directory on the CorpFiles12 server. You need to retrieve a previous version of the POs folder without affecting any of the current files or folders in D:\Finances. In this lab, your task is to copy the POs folder in the D:\Finances directory of CorpFiles12 to the D:\Temp folder on the same system.
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpFiles12 and select Connect. 3. On the taskbar, open File Explorer. 4. Browse to and double-click the D:\Finances folder. 5. Right-click the POs folder and select Restore previous versions. 6. Select the appropriate version of the folder. 7. Select Copy. 8. Browse to the desired location. 9. Select Copy. Click OK.
10.3.10 Configure Share Permissions You are configuring the file system of a Windows Server 2012 server. You shared the D:\Shared folder on CorpFiles12 for common file access. The Everyone group has complete NTFS permissions to the folder (except permission to change file and folder permissions). Network users report that they can only read data in the Shared folder. They should be able to create, edit, and delete all folders and files. You want to enable these permissions using the least administrative effort. In this lab, your task is to fix a user access problem by granting the Everyone group the Change share permission for the Shared folder.
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpFiles12 and select Connect. 3. On the taskbar, open File Explorer. 4. Navigate to the shared folder. 5. Right-click the shared folder and select Properties. 6. Select the Sharing tab. 7. Select Advanced Sharing. 8. Select Permissions. 9. Under Group or users names, make sure Everyone is highlighted. 10. Under Allow, select Change; then click OK. 11. Click OK to save the changes.
10.1.11 Modify Quota Limits While the CorpFiles12 server was configured, a 5 MB disk quota warning for the D: drive was applied to the Administrators account. As a result, the server logs many warning messages. In this lab, your task is to use File Explorer to remove all quota limits for the Administrators account.
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpFiles12 and select Connect. 3. On the taskbar, open File Explorer. 4. Select the drive. 5. From the top menu, select Properties. 6. Select the Quota tab. 7. Select Quotas Entries. 8. Select the quota entry from the list. 9. Select Quotas. 10. Select Properties. 11. Select Do not limit disk usage. 12. Click OK. 13. Close the Quotas Entries window. 14. Click OK to close the Properties window. 15. Select OK to enable the quota system.
10.3.6 Share a Folder with a Second Name You are configuring the file system of a Windows Server 2012 computer named CorpFiles12. The D:\Users folder is shared using the share name Users. You want the D:\Users folder to be accessible using the share name Home Folders as well. In this lab, your task is to add Home Folders as a share name for the D:\Users folder using File Explorer. Keep the default user limits, share permissions, and offline files settings.
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpFiles12 and select Connect. 3. On the taskbar, select File Explorer. 4. Browse to D:\Users. 5. Right-click the folder and select Properties. 6. Select the Sharing tab. 7. Click Advanced Sharing. 8. Click Add. 9. In the Share name field, enter Home Folders. 10. Click OK twice.
15.6.8 Migrate Virtual Machine Storage The CorpServer server is the host for several virtual machines running in Hyper-V. The CorpFiles12 server is accumulating a lot of files. You would like to move CorpFiles12's storage to another volume on the Hyper-V host. In this lab, your task is to move the storage for the CorpFiles12 virtual machine to G:\HyperV.
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpFiles12 and select Move. 3. Click Next. 4. Select Move the virtual machine's storage; then click Next. 5. Select Move the virtual machine's data to a single location; then click Next. 6. Select Browse. 7. Browse to the new location for storage on the host server. 8. Click Select Folder; then click Next. 9. Click Finish to complete the move.
11.2.3 Configure Printer Pooling You have installed the LaserJet4240 printer and shared it on CorpFiles16 using the share name ResearchPrinter. The LaserJet4240 printer is connected to the Standard TCP/IP Port 192.168.0.20. Due to an increase in the workload on the printer, you added a second print device for the research team to use. The second print device is connected to a Standard TCP/IP Port on 192.168.0.21. You want to automatically load balance print jobs between the two print devices. You do not want to install a second printer to client systems or require users choose between two printers Printer pooling allows a single logical printer object to represent two or more physical print devices. In this lab, your task is to perform the following: Enable printer pooling on the LaserJet4240 printer. Configure the LaserJet4240 printer to use both of the following print device connections:Standard TCP/IP Port 192.168.0.20Standard TCP/IP Port 192.168.0.21
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpFiles16 and select Connect. 3. From Server Manager on CorpFiles16, select Tools > Print Management. 4. In the left pane, expand the Print Servers > CorpFiles16 (local). 5. Select Printers. 6. In the center pane, right-click the appropriate printer and select Properties. 7. Select the Ports tab. 8. Select Enable printer pooling. 9. Select additional ports used by the printer. 10. Click OK.
11.2.5 Deploy Printers with Group Policy The CorpFiles16 server has two printers installed. One printer is for members of the accounting department, and the other printer is for members of the sales team. To simplify adding printer objects on client computers, you need to deploy these printers using Group Policy. In this lab, your task is to perform the following: Deploy the AcctPrinter printer to all computers in the Accounting OU using the existing AccountingGPO Group Policy object. Deploy the SalesPrinter printer to all users in the Sales OU using the existing SalesGPO Group Policy object.
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpFiles16 and select Connect. 3. From Server Manager, select Tools > Print Management. 4. Expand Print Servers. 5. Expand the server node. 6. Select Printers. Deploy the printer connection to computers as follows: 1. Right-click the printer object and select Deploy with Group Policy. 2. Next to the GPO name field, select Browse. 3. Double-click the OU name to find a GPO linked to an OU.Select the GPO; then click OK. 4. Under Deploy this printer connection to the following, select The computers that this GPO applies to (per machine) to deploy the printer to the computer regardless of who is logged on. 5. Click Add.Click OK. 6. Click OK to acknowledge the message. Deploy the printer connection to users as follows: 1. Right-click the printer object and select Deploy with Group Policy. 2. Next to the GPO name field, select Browse. 3. Double-click the OU name to find a GPO linked to an OU.Select the GPO; then click OK. 4. Under Deploy this printer connection to the following, select The users that this GPO applies to (per user) to deploy the printer to users regardless of the computer they log on to. 5. Click Add. 6. Click OK. 7. Click OK to acknowledge the message. 8. In the left pane, select Deployed Printers to view the deployed printers.
10.3.8 Enable Share Caching You are configuring a Windows Server 2016 computer's file system. The H:\Archives folder is shared, and users have read-only access to the Archives shared folder. When a client computers accesses a file in the Archives shared folder, you want to automatically cache a copy to the user's workstation. This will optimize system performance by preventing unnecessary network use when files are accessed in the future. In this lab, your task is to perform the following on CorpFiles16: Make all files and programs that users open from the shared folder available offline automatically. Optimize performance by caching programs and files.
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpFiles16 and select Connect. 3. From the taskbar, open Explorer. 4. Navigate to the shared folder. 5. Right-click the folder and select Properties. 6. Select the Sharing tab. 7. Select Advanced Sharing. 8. Select Caching. 9. Select All files and programs that users open from the shared folder are automatically available offline to enable automatic caching of files. 10. Make sure Optimize for performance is enabled. 11. Click OK to close the Offline Settings dialog. 12. Click OK to save your setting changes.
10.3.9 Disable Share Caching You need to configure the file system of a Windows Server 2016 computer named CorpFiles16. You want to make sure that no data from the D:\Confidential shared folder ever gets cached to local computers. In this lab, your task is to edit the share properties for the Confidential folder using File Explorer. Disable caching for the folder using the No files or programs from the shared folder are available offline option.
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpFiles16 and select Connect. 3. On the CorpFiles16 server, open File Explorer. 4. Navigate to D:\Confidential. 5. Right-click Confidential and select Properties. 6. Select the Sharing tab. 7. On the Sharing tab, select Advanced Sharing. 8. Select Caching. 9. Select No files or programs from the shared folder are available offline to disable caching. 10. Click OK to close the Offline Settings dialog. 11. Click OK to save your changes.
10.2.4 Enable Shadow Copies You have several shared folders on the H:\ drive of the CorpFiles16 server. To improve fault tolerance and allow open file backups, you need to enable shadow copies for the drive. In this lab, your task is to complete the following: Enable shadow copies on H: drive. Store the copies on the D: drive. Configure a 24000 MB limit for shadow copies. Configure a single schedule to run once a day at 8:00 pm. Delete all other schedules.
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpFiles16 and select Connect. 3. On the taskbar, open File Explorer. 4. Right-click the drive and select Configure Shadow Copies. 5. Select the drive. 6. Select Settings. 7. Under Located on this volume, select the drive where the shadow copies will be stored. 8. Make sure Use limit is selected. 9. Enter the amount of space to use for shadow copies. Select Schedule. 10. Under Schedule Task, select Daily from the drop-down list. 11. Under Start time, enter 8:00 pm. 12. Under Schedule, select the other schedule from the drop-down list. 13. Click Delete. 14. Click OK to save changes to the schedule. 15. Click OK to close Settings. 16. Click OK to close Shadow Copies.
10.2.5 Restore Previous Version 1 The bookkeeper in your organization inadvertently deleted a large portion of a departmental expense report and then saved the file. The report contained very important information, and the user needs you to restore the file. The file is located in the Reports share located in the H:\Finances\Reports directory on the CorpFiles16 server. No other files in the directory should be changed. In this lab, your task is to restore a previous version of the 2016report.xlsx file to the H:\Finances\Reports directory on the CorpFiles16 server. To restore a previous version of the file on a Windows Server 2016 system, use the Previous Versions tab on the file's Properties page.
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpFiles16 and select Connect. 3. On the taskbar, select File Explorer. 4. Browse to the H:\Finances\Reports folder. 5. Right-click 2016report.xlsx and select Restore previous versions. 6. Select the 2/16/2016 version of the file. 7. Select Restore. 8. Select Restore to verify that you want to replace the previous version of the file. 9. Select OK.
12.1.10 Configure Computer Groups You work as the IT administrator for a small business and are responsible for the corporate network. You use the Windows Server Update service to help manage computer updates for the CorpNet.com domain. You want to use computer groups to configure different update settings for various computers in Building A and connected branch offices. In this lab, your task is to create computer groups on CorpWSUS1 and add members to them as follows:
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpWSUS1 and select Connect. 3. From Server Manager, select Tools > Windows Server Update Services. 4. In the left pane, expand the CorpWSUS1 > Computers. Create a computer group as follows: 1. Right-click All Computers and select Add Computer Group. 2. Type the computer group name. 3. Select Add. 4. Repeat steps for additional computer groups. Assign computers to a group as follows: 1. Select Unassigned Computers. 2. In the middle pane, right-click a computer (or multiple selected computers) and select Change Membership. 3. Select the group to which the computer will belong. 4. Click OK. 5. Repeat steps to assign additional computers.
7.8.5 Create a Distribution Group You are the IT administrator for the CorpNet.com domain. The CorpDC server is the domain controller. You are in the process of implementing a group strategy for your network. Managers in various departments need to send and receive emails intended for other department managers only. In this lab, your task is to perform the following on the CorpDC server: Create a domain local distribution group called Managers in the Users container. Add the following user accounts as members of the group:Juan SuarezMark BurnesShelly Emery
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click the CorpDC server and select Connect. 3. From Server Manager, select Tools > Active Directory Users and Computers. 4. Browse to the Users OU. 5. Right-click Users and select New > Group. 6. In the Group name field, type Managers. 7. Select the group scope. 8. Select the group type; then click OK. 9. To modify the group membership, right-click the Managers group and select Properties. 10. Select the Members tab. 11. To add a group member use the following steps for each member you would like to add: - Select Add. - In the Enter the object names to select field, type the name of the object that you want to add or enter multiple objects separated by a semicolon. - Click OK to add the new group member. 12. Click OK to apply the changes.
7.8.4 Create Global Groups You are the IT Administrator for the CorpNet.com domain. You are in the process of implementing a group strategy for your network. You have decided to create global groups as a shadow groups for specific departments in your organization. Each global group will contain all users in the corresponding department. In this lab, your task is to complete the following actions on the CorpDC server: Create a global security group named Accounting in the Accounting OU. Create a global security group named Research-Dev in the Research-Dev OU. Create a global security group named Sales in the Sales OU. Add all user accounts in the corresponding OUs and sub-OUs as members of the newly-created groups.
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click the CorpDC server and select Connect. 3. From Server Manager, select Tools > Active Directory Users and Computers. 4. Expand CorpNet.com. 5. Right-click the container for the new group and select New > Group. 6. In the Group name field, enter the name of the group 7. Select a group scope. 8. Select a group type; then click OK. 9. To add users to the group, right-click the user account and select Add to a group. 10. In the Enter the object names to select field, type the name of the group. 11. Click OK. Repeat steps 4-10 for additional groups.
13.2.5 Create Client Reservations You have several printers on Subnet1 that need static IP addresses assigned. In this lab, your task is to configure the CorpDHCP server so that these machines always get the same IP addresses. Additionally, configure each reservation for DHCP only. Use the values in the table below to configure the reservations.
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click the CorpDCHP server and select Connect. 3. From Server Manager, select Tools > DHCP. 4. In the left pane, expand the CorpDHCP.CorpNet.com. 5. Expand the IPv4 protocol. 6. Expand the Scope folder. 7. Right-click Reservations and select New Reservation. 8. In the Reservation name field, enter a reservation name (such as the computer name). 9. In the IP address field, enter the IP address. 10. In the MAC address field, enter the MAC address. 11. Under Supported types, select DHCP only as needed. 12. Select Add to create the client reservation. 13. Repeat steps 9-13 for additional reservations. 14. Select Close.
13.2.4 Create Exclusion Ranges You have just configured a scope on the CorpDHCP server to service the 192.168.0.0/24 subnet. You defined a scope to distribute IP addresses between 192.168.0.1 and 192.168.0.254. Now you need to prevent the DHCP server from assigning addresses to the servers and network devices. Create an exclusion range to exclude addresses 192.168.0.1 to 192.168.0.29
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click the CorpDCHP server and select Connect. 3. From Server Manager, select Tools > DHCP. 4. In the left pane, expand the CorpDHCP.CorpNet.com. 5. Expand the IPv4 protocol. 6. Expand the Scope folder. 7. Right-click the Address Pool node and select New Exclusion Range. 8. In the Start IP address field, enter the starting IP address. 9. In the End IP address field, enter the ending IP address. 10. Click Add. 11. Click Close to close the Add Exclusion Range dialog.
15.6.9 Migrate a Virtual Machine The CorpServer server is the host for several virtual machines running in Hyper-V. The CorpFiles16 server shares files that are required by departments in Building B. You would like to move this server to a Hyper-V host that is on the same network as the users who access the files. CorpServer2 is the Hyper-V host in Building B. In this lab, your task is to complete the following: Explore the Hyper-V configuration on CorpServer. Which virtual machines are running on this host? Explore the Hyper-V configuration on CorpServer2. Which virtual machines are running on this host? Move the CorpFiles16 virtual machine and all of its storage to the CorpServer2 Hyper-V host server. Move all data for the CorpFiles 16 virtual machine to D:\HYPERV on the target machine. Verify that CorpFiles16 was moved to CorpServer2. Which virtual machines are running on this host now?
1. From Hyper-V Manager, select CORPSERVER. 2. There are seven virtual machines, including CorpFiles16. 3. From the top menu, select Building A. 4. From the building map, select Inside under Building B. 5. Select CorpServer2. 6. From Hyper-V Manager, select CORPSERVER2. 7. Maximize the window to view all virtual machines. There are four virtual machines running. Migrate a Virtual Machine: 1. From the top menu, select Building B to move back to Building A. 2. From the building map, select Inside under Building A. 3. Select CorpServer. 4. In Hyper-V Manager, right-click CorpFiles16 and select Move. 5. Click Next. 6. Make sure Move the virtual machine is selected; then click Next. 7. In the Name field, enter the name of the destination host; then click Next. 8. Make sure Move the virtual machine's data to a single location is selected; then click Next. 9. In the Folder field, enter the name of the folder where the data will move to. 10. Click Finish to complete the move. Notice that the CorpFiles16 virtual machine is no longer running on this host. Exploring the New Hyper-V Configuration: 1. Navigate to Building B. 2. Select CorpServer2. 3. From Hyper-V Manager, right-click CORPSERVER2 and select Refresh. 4. Maximize the window to see that CorpFiles16 is now running on the new host.
7.4.5 Delete Organizational Units You work as the IT administrator for a small business and are responsible for the corporate network. You have just installed Active Directory on a new Hyper-V guest server named CorpDC. You have created an Active Directory structure based on the company's departmental structure. While creating the structure, you added an OU named Workstations in each of the departmental OUs. After further thought, you decide to use one Workstations OU for the company. As a result, you need to delete the departmental workstation OUs. In this lab, your task is to delete the following OUs on CorpDC: - Within the Marketing OU, delete the Workstations OU. - Within the Research-Dev OU, delete the Workstations OU. - Within the Sales OU, delete the Workstations OU.
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click the CorpDC server and select Connect. 3. From Server Manager, select Tools > Active Directory Users and Computers. 4. Select View > Advanced Features. 5. Browse the Active Directory structure to the OU. 6. Right-click the OU and select Properties. 7. Select the Object tab. 8. Unmark Protect object from accidental deletion; then 9. click OK. 10. Right-click the OU again and select Delete. 11. Click Yes to confirm deleting the OU. 12. Repeat steps 5-10 to delete the other OUs. 13. Select View > Advanced Features again to turn off the advanced features view.
15.5.5 Add a Failover Cluster Role You are configuring a failover cluster and need to add a role to the cluster. You need to provide high availability for server applications. You are working at the console of the CorpCluster1 server. In this lab, your task is to add a role to CorpCluster using the following settings: Server role: File Server Server type: Scale-Out File Server Client Access Point Name: CorpApps
1. From Server Manager, select Tools > Failover Cluster Manager. 2. Expand the cluster node and select Roles. 3. Right-click Roles and select Configure Role. 4. Click Next to begin the wizard. 5. Select the file server role; then click Next. 6. Select the file server type; then click Next. 7. Enter the client access point name; then click Next. 8. Click Next to confirm. 9. Click Finish.
15.5.6 Configure Failover and Preference Settings You are configuring failover clustering. You installed the CorpApps file server role on the cluster, and now you need to configure the role settings. In this lab, your task is to configure role settings using the following parameters: Preferred owner: CorpCluster2 Placement in the list of preferred owners: top Priority: high Maximum failures: one Period: two hours Failback hours: between 8:00 pm and 5:00 am
1. From Server Manager, select Tools > Failover Cluster Manager. 2. Expand the cluster node. 3. Select Roles. 4. In the center pane, right-click the role and select Properties. 5. On the General tab, select the preferred owner for this role. 6. Select Up to change the preferred order. 7. Select the priority. 8. On the Failover tab, set the failover settings. 9. Select Allow failback. 10. Select Failback between. 11. Set the failback settings; then click OK.
15.3.9 Configure Cluster Quorum Settings You have created a failover cluster using the CorpCluster1 and CorpCluster2 servers. The current quorum configuration is Node Majority. You need to add a quorum witness. You are currently working at the CorpCluster1 server console. In this lab, your task is to configure a file share witness for CorpCluster on \\CorpServer\Witness using the Failover Cluster Manager console.
1. From Server Manager, select Tools > Failover Cluster Manager. 2. Right-click the cluster and select More Actions > 3. Configure Cluster Quorum Settings. 3. Click Next to begin the wizard. 4. Select Add or change the quorum witness; then click Next. 5. Select Configure a file share witness; then click Next. 6. Enter the file share path; then click Next. 7. Click Next to confirm. 8. Click Finish.
7.3.4 Configure Sites You are assisting the administrator of the CorpNet.com domain. Your company has three office locations, Main, Branch1, and Branch2. All of the locations are connected to each other using wide area network (WAN) links. Domain controllers have been installed for each location, but each domain controller is still located in the Default-First-Site-Name site. In this lab, your task is to create sites and subnets that correspond to the physical structure of your network as follows: Rename the Default-First-Site-Name site to Main-Site. Create Branch1-Site and Branch2-Site. Move the BranchDC1 and BranchDC2 servers into their respective sites. Create each subnet and choose the corresponding site object. Configure sites and subnets using the following table:
1. In Hyper-V Manager, select CORPSERVER. 2. Right-click CorpDC and select Connect. 3. In Server Manager on CorpDC, select Tools > Active Directory Sites and Services. 4. In the left pane, expand Sites. Rename the site as follows: 1. Right-click the site and select Rename. 2. Enter the site name. Create new sites as follows: 1. Right-click Sites and select New Site. 2. Enter the site name. 3. Select the site link used by the new site. 4. Click OK. 5. Repeat steps 1 through 4 to create additional sites. Move servers into sites as follows: 1. Expand Main-Site. 2. Expand Servers. 3. Right-click the server and select Move. 4. Select the destination site; then click OK. 5. Repeat steps 1-4 for each server that needs to be moved. Create subnets as follows: 1. Right-click Subnets and select New Subnet. 2. Type the subnet address followed by the prefix (for example, 192.168.40.0/24). 3. Select a site for the new subnet. 4. Click OK. 5. Repeat steps for additional subnets.
9.3.8 Convert a Zone to Active Directory-integrated The CorpDC server currently stores the sales.private standard primary DNS zone. You need to configure the sales.private zone to store all the data in Active Directory. In this lab, your task is complete the following: Convert the sales.private zone to an Active Directory-integrated zone. Change the replication scope to store data on all DNS servers in the domain.
1. In Hyper-V Manager, select CORPSERVER. 2. Right-click CorpDC and select Connect. 3. In Server Manager, select Tools > DNS. 4. Expand CORPDC. 5. Expand Forward Lookup Zones. 6. Right-click the zone and select Properties. 7. Under Type, select Change. 8. Make sure that Primary zone is selected. 9. Select Store the zone in Active Directory. 10. Select OK. 11. Select Yes to confirm Active Directory integration. 12. Under Replication, select Change. 13. Select To all DNS servers in this domain. 14. Click OK. 15. Click Yes to confirm your changes. 16. Click OK.
9.4.5 Create CNAME Records The sales department wants to create an intranet for all sales employees. Internet Information Services (IIS) is installed on CorpWeb and will be used to host the intranet site. Employees need the ability to access the web server using any of the following URLs: http://sales.private http://intranet.sales.private http://www.sales.private You created the sales.private zone on the CorpDC server. Now you need to allow clients to connect to the web server by creating the following records in the zone: Create an ALIAS (CNAME) record leaving the name blank. (This allows users to connect to the server using the sales.private URL.) Create an ALIAS (CNAME) record named intranet. Create an ALIAS (CNAME) record named www.
1. In Hyper-V Manager, select CORPSERVER. 2. Right-click CorpDC and select Connect. 3. In Server Manager, select Tools > DNS. 4. Expand CORPDC. 5. Expand the Forward Lookup Zones. 6. Right-click the sales.private zone and select New Alias (CNAME). 7. In the Alias name field, enter the alias name (to use the parent domain name for the alias, leave the field blank). 8. Enter the fully qualified domain name of the host. 9. Click OK. 10. Repeat steps 6-9 to create additional records.
9.3.7 Create an Active Directory-integrated Zone You work as the IT administrator for a small business and are responsible for the corporate network. The marketing department wants to create an intranet site that is only accessible from the private network. You have selected mrktg.private as the domain name that will hold all records for the zone. You want all client computers in the domain to update their records automatically using DNS. Because security is important, you need to make sure that only the computer that created the DNS record can update it. You also need to create an Active Directory-integrated zone to store the zone data in Active Directory. Using an Active Directory-integrated zone lets you use a multi-master approach to storing zone data. These types of zones also support secure dynamic DNS updates. You can only create Active Directory-integrated zones on DNS servers that are domain controllers. In this lab, your task is to complete the following: Create the mrktg.private zone on the CorpDC DNS server. Configure the mrktg.private zone as a Primary zone. Configure the mrktg.private zone as an Active Directory-integrated zone. Replicate data to all DNS servers in the forest. Allow only secure dynamic updates.
1. In Hyper-V Manager, select CORPSERVER. 2. Right-click CorpDC and select Connect. 3. In Server Manager, select Tools > DNS. 4. Expand CORPDC. 5. Right-click Forward Lookup Zones and select New Zone. 6. In the New Zone wizard, click Next. 7. Make sure Primary zone is selected as the zone type. 8. Make sure Store the zone in Active Directory is selected; then click Next. 9. Select how DNS data is replicated throughout your network. (forest) 10. Click Next. 11. Enter the zone name; then click Next. 12. Make sure Allow only secure dynamic updates is selected; then click Next. 13. Click Finish.
9.1.4 Configure Search Suffixes The CorpWeb server is running Windows Server 2012. You previously configured the server with a static IP address. Now you need to configure a DNS server address. You also want to use sales.private, mrktg.private, and private as search suffixes when simple names are submitted for DNS name resolution. In this lab, your task is to complete the following: Configure 192.168.0.11 as the DNS server address. Configure the following domain suffixes so that the server searches the domains:sales.privatemrktg.privateprivate
1. In Hyper-V Manager, select CORPSERVER. 2. Right-click CorpWeb and select Connect. 3. In the notification area, right-click the Network icon and select Open Network and Sharing Center. 4. In the left pane, select Change adapter settings. 5. Right-click Ethernet and select Properties. 6. Select Internet Protocol Version 4 (TCP/IPv4). 7. Select Properties. 8. Select Advanced. 9. Select the DNS tab. 10. Click Add. 11. Type the IP address of the DNS server you want to use. 12. Click Add. 13. Select Append these DNS suffixes. 14. Click Add. 15. Type the domain suffix you want to use. 16. Click Add. 17. Repeat steps for additional suffixes. 18. Click OK twice.
9.2.7 Create a Root Zone You work as the IT administrator for a small business and are responsible for the corporate network. A partner company has asked you to help configure their DNS server. PartnerServer is a Windows Server 2012 server that holds the primary copy of the PartnerNet.org domain. The server is in a demilitarized zone (DMZ) and provides name resolution for the domain for Internet hosts. The partner company wants to prevent PartnerServer from performing name resolution requests for domains other than the PartnerNet.org domain. In other words, they do not want Internet hosts to be able to obtain name resolution from PartnerServer for domains outside the company. In this lab, your task is to perform the following: Create a root zone on PartnerServer. Create a primary forward lookup zone named . (a dot to represent the root zone). Do not allow dynamic updates. Verify that root hints are no longer configured on the server.
1. In Server Manager, select Tools > DNS. 2. Expand PARTNERSERVER. 3. Right-click Forward Lookup Zones and select New Zone. 4. Click Next. 5. Make sure Primary zone is selected; then click Next. Type . (a dot to represent the root zone) for the zone name; then select Next. 6. Make sure Create a new file with this file name is selected and click Next. 7. Make sure Do not allow dynamic updates is selected; then select Next. 8. Click Finish to complete the New Zone wizard. 9. Right-click the DNS Server and select Properties. 10. Select the Root Hints tab. 11. Verify that there are no root hints; then select OK.
13.4.5 Configure Automatic and Alternate Addressing You work as the IT administrator for a small business and are responsible for the corporate network. The receptionist in your office has a laptop that runs Windows 7. She took it home and configured a static connection to her home network. Now she cannot connect to the office network, which uses a DHCP server for IP address configuration. You need to configure the laptop to work on both networks. In this lab, your task is to configure the Internet Protocol Version 4 (TCP/IPv4) properties with the following settings: On the General tab, set the following parameters:Obtain an IP address automaticallyObtain DNS server address automatically On the Alternate Configuration tab, set the following parameters:IP Address: 172.16.0.12Subnet Mask: 255.255.0.0Default Gateway: 172.16.255.254Preferred DNS Server: 198.60.22.2
1. In the notification area, right-click the Network icon and select Open Network and Sharing Center. 2. In the left pane, select Change adapter settings. 3. Right-click Wireless Network Connection and select Properties. 4. Select Internet Protocol Version 4 (TCP/IPv4). 5. Select Properties. 6. Select Obtain an IP address automatically. 7. Select Obtain DNS server address automatically. 8. Select the Alternate Configuration tab to define an alternate configuration for TCP/IP addressing. 9. Select User configured to configure alternate IP settings. 10. Enter the IP address. 11. Enter the subnet mask. 12. Enter the default gateway. 13. Enter the preferred DNS server. 14. Click OK. 15. Click Close. 16. Select the Network icon in the notification area to view the currently connected network.
10.1.8 Remove Inherited Permissions Confidential personnel data is stored on the CorpFiles16 file server in a shared directory named Personnel. You need to configure NTFS permissions for this folder so that only managers are authorized to access the folder. In this lab, your task is to perform the following: Grant the Managers group the Full Control permission to the D:\Personnel folder. Remove all inherited permissions that are flowing to the D:\Personnel folder.
Configure NTFS permissions as follows: 1. From Hyper-V Manager, select CORPSERVER.Maximize the window to view all virtual machines. 2. Right-click CorpFiles16 and select Connect. 3. From the taskbar, open File Explorer. 4. Browse to the folder you need to modify permissions for.Right-click the folder and select Properties. 5. Select the Security tab. 6. Select Edit. 7. Select Add. 8. Enter the name of the security principal that will receive permission to the folder. 9. Click OK. 10. With the Managers group selected, select the appropriate NTFS permission. 11. Click OK. Prevent inherited permissions from parent objects as follows: 1. On the Security tab, select Advanced. 2. Select Disable inheritance. 3. Select Remove all inherited permissions from this object. 4. Click OK to close the Advanced Security Settings for Personnel dialog. 5. Click OK to close the Properties dialog.
12.1.11 Configure Client-side Targeting You work as the IT administrator for a small business and are responsible for the corporate network. You recently installed CorpWSUS2 in Building B as a downstream server to help with updates. Building B is occupied primarily by the accounting department. You would like to use client-side targeting to ensure that computers in the accounting department get the appropriate updates. In this lab, your task is to perform the following: Configure the WSUS console as follows:Enable client-side targeting.Create a computer group named Accounting (do not add computers to this group. This will be done automatically through Group Policy). Configure the following policies in the AccountingGPO linked to the Accounting OU on CorpDC4:Configure automatic updates to download updates and schedule the installation automatically. Install updates every Sunday at 2:00 am.Point all client computers to http://CorpWSUS2.CorpNet.com both for updates and statistics.Allow power management to wake up computers to install updates.Prevent non-administrators from getting update notifications.Enable client-side targeting and name the group Accounting.
Configure WSUS as follows: 1. From Hyper-V Manager, select CORPSERVER2. 2. Right-click CorpWSUS2 and select Connect. 3. From Server Manager, select Tools > Windows Server Update Services. 4. Expand the server node. 5. Select Options. 6. Select Computers. 7. Select Use Group Policy or registry settings on computers to enable client-side targeting. 8. Select OK. 9. In the left pane, expand Computers. Create a computer group as follows: 1. Right-click the All Computers node and select Add Computer Group. 2. In the Name field, enter the computer group name. 3. Select Add. 4. Close the CorpWSUS2 on CorpServer2 - Virtual Machine Connection window. Edit the Group Policy Object (GPO) as follows: 1. From Hyper-V Manager, right-click CorpDC4 and select Connect. 2. From Server Manager, select Tools > Group Policy Management. 3. In Group Policy Management, expand Forest: CorpNet.com > Domains > CorpNet.com > Group Policy Objects. 4. Right-click the GPO and select Edit. 5. Under Computer Configuration, expand Policies > Administrative Templates > Windows Components. 6. Select Windows Update. 7. Double-click the policy setting you want to change. 8. Select Enabled or Disabled and add additional configuration information in the policy. 9. Click OK. 10. Repeat steps 7-9 for additional policy settings.
15.3.10 Add Storage to a Cluster You are configuring a failover cluster. CorpCluster1 and CorpCluster2 are nodes in the cluster. Now you need to add storage to the cluster. You want both servers to share the storage. In this lab, complete the following tasks on CorpCluster1: Use the iSCSI initiator to connect to the CorpiSCSI server and its ClusterTarget1 target. Bring the iSCSI disk online. Create a volume using the following parameters:Use all the storage available.Do not assign to a drive letter or a folder.Use an NTFS file system.Label the volume iSCSI. Add the storage to the cluster. Make the storage available to both cluster servers.
Connect to an iSCSI target as follows: 1. From Server Manager, select Tools > iSCSI Initiator.In the Target field, enter the server name. 2. Select Quick Connect. 3. Click Done. 4. Click OK. Create a volume as follows: 1. From Server Manager, select File and Storage Services.Select Disks. 2. In the DISKS panel, right-click the iSCSI disk and select Bring Online. 3. Click Yes to confirm. 4. Right-click the iSCSI disk and select New Volume. 5. Click Next to begin the New Volume wizard. 6. Under Disk, select the disk; then click Next. 7. Specify a volume size; then click Next. 8. Select Don't assign to a drive letter or folder; then click Next. 9. Make sure NTFS is displayed in the File System field.In the Volume label field, enter the volume name; then click Next. 10. Click Create. 11. Click Close. Add a Disk to Cluster Shared Storage: 1. From Server Manager, select Tools > Failover Cluster Manager. 2. Expand the cluster node. 3. Expand Storage. 4. Right-click Disks and select Add Disk. 5. Select the disk to add to the cluster; then click OK. 6. In the center pane, right-click the new cluster disk and select Add to Cluster Shared Volumes.
6.2.9 Create Virtual Machines You have installed Hyper-V on the CorpServer server. You are experimenting with creating virtual machines. In this lab, your task is to create two virtual machines named VM1 and VM2. Use the following settings as specified for each machine: VM1: Virtual machine name: VM1 Virtual machine location: D:\HYPERV Virtual machine generation: Generation 1 Startup memory: 1024 MB - Do not use Dynamic Memory Networking connection: External Virtual hard disk name: VM1.vhdx Virtual hard disk location: D:\HYPERV\Virtual Hard Disks Virtual hard disk size: 50 GB Operating system will be install later VM2: Virtual machine name: VM2 Virtual machine location: D:\HYPERV Generation: Generation 2 Startup memory: 2048 MB - Use Dynamic Memory Networking connection: Internal Virtual hard disk name: VM2.vhdx Virtual hard disk location: D:\HYPERV\Virtual Hard Disks Virtual hard disk size: 250 GB Operating system will be install later Minimum RAM: 512 MB Maximum RAM: 4096 MB
Create VM1 on CorpServer as follows: 1. In Server Manager, select Tools > Hyper-V Manager. 2. Right-click CORPSERVER. 3. Select New > Virtual Machine. 4. In the Before You Begin window, click Next. 5. In the Name field, enter VM1 for the virtual machine. 6. Select Store the virtual machine in a different location to modify the path to the virtual machine files. 7. In the Location field, verify the location for the virtual machine; then click Next. 8. Make sure Generation 1 is selected; then click Next. 9. In the Startup memory field, enter the amount of memory to use for the virtual machine; then click Next. 10. In the Connection field, select the network connection from the drop-down list; then select Next. 11. Make sure Create a virtual hard disk is selected. 12. Modify the virtual hard disk name, location, and size as needed; then click Next. 13. Make sure that Install an operating system later is selected; then click Next. 14. Click Finish to create the virtual machine. Create VM2 on CorpServer as follows: 1. Right-click CORPSERVER. 2. Select New > Virtual Machine. 3. In the Before You Begin window, click Next. 4. In the Name field, enter VM2 for the virtual machine. 5. Select Store the virtual machine in a different location to modify the path to the virtual machine files. 6. In the Location field, verify the location for the virtual machine; then click Next. 7. Select Generation 2; then click Next. 8. In the Startup memory field, enter the amount of memory to use for the virtual machine. 9. Select Use Dynamic Memory for this virtual machine; then click Next. 10. In the Connection field, select the network connection from the drop-down list; then click Next. 11. Make sure Create a virtual hard disk is selected. 12. Modify the virtual hard disk name, location, and size as needed; then click Next. 13. Make sure that Install an operating system later is selected; then click Next. 14. Click Finish to create the virtual machine. 15. Adjust virtual machine memory: - Right-click the VM2.Select Settings. - From the left pane, select Memory. - On the Memory window, enter the minimum RAM. - Enter the maximum memory; then click OK.
8.1.7 Create and Link a GPO You are the IT security administrator for a small corporate network. You are using Group Policy to enforce settings for certain workstations on your network. You have prepared and tested a security template file that contains policies that meet your company's requirements. In this lab, your task is to configure Group Policy on CorpDC as follows: Create a GPO named Workstation Settings. Link the Workstation Settings GPO to the following OUs:The TempMarketing OU (in the Marketing OU)The TempSales OU (in the Sales OU)The Support OU Import security settings from the security template (ws_sec.inf) located in C:\Templates for the Workstation Settings GPO.
Create a GPO as follows: 1. From Hyper-V Manager, select CORPSERVER.Right-click CorpDC and select Connect. 2. From Server Manager, select Tools > Group Policy Management. 3. Browse to the OU where the policy will be linked. 4. Right-click Workstations and select Create a GPO in this domain, and link it here. 5. Enter the GPO name. 6. Click OK. Link an OU to a GPO as follows: 1. Browse to the OU to be linked to the Workstation Setting GPO. 2. Right-click the object and select Link an Existing GPO to link the GPO to additional objects. 3. Select the GPO from the list; then click OK. 4. Repeat steps to link additional OUs. Import a security policy template as follows: 1. Right-click the GPO and select Edit. 2. Under Computer Configuration, expand Policies > Windows Settings. 3. Right-click Security Settings and select Import Policy. 4. Browse to and open C:\Templates. 5. Select ws_sec.inf. 6. Select Open.
12.3.5 Back Up a Server You work as the IT administrator for a small business and are responsible for the corporate network. You would like to back up the system state of your domain controllers to ensure that, in the event of a disaster, Active Directory is backed up. You want to configure regular backups on CorpDC4. In this lab, your task is to perform the following using Windows Server Backup on CorpDC4: Create a regular backup schedule for the CorpDC4 server using the following settings:Items to back up: System StateBackup schedule: Once a day at 1:00 AMBackup location:\\CorpFiles12\Backup Take an immediate backup using the following custom settings:Items to back up: System State and C: driveBackup location:\\CorpFiles12\Backup
Create a backup schedule as follows: 1. From Hyper-V Manager, select CORPSERVER2. 2. Right-click the CorpDC4 server and select Connect. 3. From Server Manager, select Tools > Windows Server Backup. 4. Maximize the window for easier viewing. 5. In the Console Tree, select Local Backup. 6. In the Actions pane, select Backup Schedule. 7. Click Next to begin the wizard. 8. In the Select Backup Configuration window, select Custom; then click Next. 9. Select Add items. 10. Select the items to include in the backup; then click OK. 11. Click Next. 12. Select the backup frequency. 13. Select the backup time; then click Next. 14. Select Back up to a shared network folder; then click Next. 15. Click OK. 16. Enter the location of the shared folder; then click Next. 17. Click Finish. 18. Click Close. Perform a backup once as follows: 1. From Windows Server Backup Actions, select Backup Once in the right pane. 2. In the Backup Options window, select Different options; then click Next. 3. In the Select Backup Configuration window, select Custom; then click Next. 4. Select Add items. 5. Select the items to include in the backup; then click OK. 6. Click Next. 7. Select Remote shared folder; then select Next.In the Location field, enter the backup location; then click Next. 8. Select Backup to start the backup. 9. After the backup is finished, click Close.
7.5.7 Create User Accounts You work as the IT administrator for a small business and are responsible for the corporate network. You recently added an Active Directory domain to the CorpDC server to manage network resources centrally. You are populating user accounts in the domain. In this lab, your task is to create the following user accounts on CorpDC: Use the following user account naming standards and specifications as you create each account: User account name: First name + Last name. Logon name: firstinitial + [email protected]. Original password: 1234abcd$ (must change after the first logon). Place the user account in the departmental OU corresponding to the employee's department. For example:The Marketing\MarketingManagers OU for the Marketing managerThe Sales\PermSales OU for the permanent employeeThe Sales\TempSales OU for the temporary employeeThe Sales\SalesManagers OU for the Sales manager For the temporary sales employee:Limit the logon hours to allow logon only from 8 am to 5 pm, Monday through Friday.Set the user account to expire on December 31st of the current year.
Create a domain user account as follows: 1. From Hyper-V Manager, select CORPSERVER. 2. Right-click the CorpDC server and select Connect. 3. From Server Manager, select Tools > Active Directory Users and Computers. 4. Browse the Active Directory structure to the appropriate OU. 5. Right-click the OU in which the new user account must be created (the user account context). 6. From the pop-up menu, select New > User. 7. Enter the following values for the new user: - First name - Last name - User logon name 8. Click Next. 9. Enter the user account's initial password and confirm it. 10. Make sure User must change password at next logon is selected; then click Next. 11. Click Finish to create the object. 12. Repeat steps to create the rest of the users. Modify user account restrictions for the temporary sales employee as follows: 1. In Active Directory Users and Computers, browse to the Borey Chan user account. 2. Right-click the Borey Chan user account and select Properties. 3. Select the Account tab. Set logon hour restrictions as follows: 1. Select Logon hours. 2. In the Logon Hours dialog, select Logon Denied to clear the allowed logon hours. 3. Click OK. 4. Under Account expires, select End of. 5. In the date field, enter 12/31 of the current year. 6. Click OK.
15.3.8 Create a Failover Cluster You are configuring a failover cluster. You have installed the failover clustering feature on the CorpCluster1 and CorpCluster2 servers. You are currently working at the console of the CorpCluster1 server. You have already successfully validated the servers in the cluster. In this lab, your task is to complete the following: Create a failover cluster with CorpCluster1 and CorpCluster2 in the cluster that meets the following parameters:Name the cluster CorpClusterSet the IP address as 192.168.0.25Don't add storage to the cluster at this time Create an A record for the failover cluster in the CorpNet.com zone on CorpDC3 using the cluster name and IP address.
Create a failover cluster as follows: 1. From Server Manager, select Tools > Failover Cluster Manager. 2. Right-click Failover Cluster Manager and select Create Cluster. 3. Click Next to begin the wizard. 4. Enter the name of the first cluster server; then click Add. 5. Enter the name of the second cluster server; then click Add. 6. Click Next. 7. Enter the cluster name. 8. Select the network. 9. Enter the IP address; then click Next. 10. Click Next. 11. Click Finish to create the cluster. Create a host (A) record as follows: 1. From the top menu, select Inside on Building A. 2. Select CorpDC3. 3. From Server Manager, select Tools > DNS.Expand CORPDC3 > Forward Lookup Zones. 4. Right-click the zone that will hold the new host record and select New Host (A or AAAA). 5. Enter the cluster name. 6. Enter the IP addressSelect Add Host. 7. Click OK. 8. Click Done to close the New Host dialog.
10.3.7 Remove a Shared Folder You are configuring the file system of a Windows Server 2016 server named CorpFiles16. The H:\Projects folder is shared using two share names, Projects and Builds. You no longer want the H:\Projects folder to be accessible through the share name Builds. In this lab, your task is to use File Explorer to remove the share name Builds from the H:\Projects folder.
1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpFiles16 and select Connect. 3. On the taskbar, open File Explorer. 4. Navigate to the shared folder. 5. Right-click the folder and select Properties. 6. Select the Sharing tab. 7. Select Advanced Sharing. 8. From the Share name drop-down list, select the share name you want to remove. 9. Select Remove. 10. Click OK to close the Advanced Sharing dialog. Click OK to close the Properties window.
15.2.4 Configure an NLB Cluster 1 You are configuring a Network Load Balancing (NLB) cluster. You have installed the Network Load Balancing feature on the CorpNLB1 and CorpNLB2 servers. You are currently working at CorpNLB1 server console. In this lab, your task is to create an NLB cluster using the CorpNLB1 and CorpNLB2 servers and define port rules to customize how the servers respond. You can configure both cluster hosts from CorpNLB1. Create a new cluster using the following parameters:Cluster host: CorpNLB1Interface name: CorpPriority (host identifier): 1Cluster IP address: 192.168.10.25/24Full Internet name: CorpNLB.CorpNet.comCluster operation mode: unicast Edit or create the following port rules: PortsProtocolsFiltering modeClient affinity0 to 1023BothMultiple hostNone6066BothMultiple hostNone32187BothSingle hostN/A49152 to 65535BothDisable this port rangeN/A Add CorpNLB2 as a cluster host using the following parameters:Cluster host: CorpNLB2Interface name: CorpPriority (host identifier): 2 Edit CorpNLB2 ports using the following parameters:For port 6066, configure a load weight of 100.For port 32187, configure a handling priority of 2. For CorpNLB1, edit the port rule for port 6066 with a load weight of 0. On CorpDC3, use the DNS console to create an A record using the following parameters:Zone: CorpNet.comHost name: CorpNLBIP address: 192.168.10.25
Create an NLB cluster as follows: 1. From Server Manager, select Tools > Network Load Balancing Manager. 2. Right-click Network Load Balancing Clusters and select New Cluster. 3. Type the name of a cluster host. 4. Select Connect. 5. Select the interface that the cluster will use; then click Next. 6. Make sure the Priority is set to 1. 7. Make sure the default state is set to Started; then click Next. 8. Click Add. 9. Make sure Add IPv4 address is selected. 10. Enter the IP address. 11. Press Tab to auto-populate the subnet mask; then click OK. 12. Click Next. 13. Type the full Internet name for the NLB cluster. 14. Select the cluster operation mode; then click Next. Create and edit port rules as follows: 1. Select the existing rule. 2. Select Edit to modify an existing port rule. 3. Under Port range, modify the ports. 4. Under Protocols, select the appropriate protocols. 5. Under Filtering mode, select the filtering mode. 6. Select the affinity; then click OK. 7. Select Add to create a new rule. 8. Under Port range, modify the ports. 9. Under Protocols, select the appropriate protocols. 10. Under Filtering mode, select the filtering mode. 11. Select the affinity; then click OK. 12. Repeat steps to create additional port rules. 13. Click Finish to create the cluster. Add CorpNLB2 as a cluster host as follows: 1. In Network Load Balancing Manager, right-click the cluster and select Add Host To Cluster. 2. Type the name of a cluster host. 3. Click Connect. 4. Select the interface that the cluster will use; then click Next. 5. Make sure the Priority is set to 2.Make sure the default state is set to Started; then click Next. Modify port rules on CorpNLB2 as follows: 1. Modify the load weight as follows: 2. Select the port rule you wish to modify and click Edit. 3. Under Load weight, deselect Equal. 4. Enter the load weight; then click OK. 5. Modify the handling priority as follows: 6. Select the port rule you wish to modify and click Edit. 7. Enter the handling priority; then click OK. 8. Click Finish to add the host to the cluster. Modify port rules on CorpNLB1 as follows: 1. In the Network Load Balancing Manager console, right-click CorpNLB1(Corp) and select Host Properties. 2. Select the Port Rules tab. 3. Select the port rule 6066. 4. Click Edit. 5. Deselect Equal to modify the load weight. 6. Enter the new load weight; then click OK. 7. Click OK to close the properties dialog. Create a host (A) record as follows: 1. From the top menu, select the Inside location tab. 2. Select CorpDC3.From Server Manager, select Tools > DNS. 3. Expand CorpDC3 > Forward Lookup Zones.Right-click CorpNet.com and select New Host (A or AAAA). 4. Enter the host name. 5. Enter the IP address. 6. Click Add Host. 7. Click OK. 8. Click Done to close the New Host dialog.
13.1.5 Install and Configure a DHCP Server You work as the IT administrator for a small business and are responsible for the corporate network. You recently expanded the network to a second building. In doing so, you removed the consumer-grade Internet router and installed a network router. You have decided to use CorpDHCP as a DHCP server to replace the DHCP service provided by the consumer-grade router. In this lab, your task is to complete the following: Install the DHCP role. Authorize CorpDHCP as a DHCP server. Configure the DHCP scope as follows:Name: Subnet1Address range: 192.168.0.1 to 192.168.0.254Subnet mask: 255.255.255.0Length: 24Lease duration: 5 days Activate the DHCP scope. Do not configure exclusions or options at this time.
Install a DHCP role as follows: 1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpDCHP and select Connect.From Server Manager, select Manage > Add Roles and Features. 3. In the Add Roles and Features Wizard, click Next. 4. Make sure Role-based or feature-based installation is selected; then click Next. 5. Make sure CorpDHCP.CorpNet.com is selected in the Server Pool area; then click Next. 6. Select the DHCP Server role. 7. Select Add Features. 8. Click Next. 9. Click Next because no additional features are required for the DHCP Server. 10. In the DHCP Server window, click Next. 11. Select Install to add the selected role. Authorize CorpDHCP as a DHCP server as follows: 1. In the center area, select Complete DHCP configuration to begin the DHCP Post-Install configuration wizard. 2. In the DHCP Post-Install configuration wizard, click Next. 3. Verify the credentials; then select Commit. 4. Click Close to close the DHCP Post-Install configuration wizard. 5. Click Close to close the Add Roles and Features wizard. Configure and activate a DHCP Scope as follows: 1. From Server Manager, select Tools > DHCP. 2. Expand CorpDHCP.CorpNet.com. 3. Right-click IPv4 and select New Scope. 4. In the New Scope wizard, click Next. 5. In the Name field, enter the name of the scope; then click Next. 6. Enter the start IP address. 7. Enter the end IP address. 8. Make sure the subnet is 255.255.255.0. 9. Make sure the length is 24; then click Next. 10. Click Next to ignore any exclusions and delays. 11. Enter 5 days as the lease duration; then click Next. 12. Select No, I will configure these options later to postpone configuring other DHCP options; then click Next. 13. Click Finish to close the wizard and create the scope. Activate the DHCP scope as follows: 1. Expand IPv4. 2. Right-click Scope [192.168.0.1] Subnet1 and select Activate.
10.1.9 Enable Quota Restrictions You work as the IT administrator for a small business and are responsible for the corporate network. Recently, you installed Windows Server 2012 on a new server called CorpFiles12. This server will host the home directories for users. Management is concerned that some users will use a large amount of disk space. To prevent this from happening, you need to enable quota management on the shared drive. In this lab, your tasks is to use Explorer to perform the following tasks: Enable quota management on the D: drive. Limit disk usage to 500 MB per new user and give users a warning at 450 MB. Deny additional space to users exceeding the quota limit. Log an event each time a user hits the warning level.
1. From Hyper-V Manager, select CORPSERVER. 2. Maximize the window to view all virtual machines. 3. Right-click CorpFiles12 and select Connect. 4. On the taskbar of CorpFiles12, select File Explorer. 5. Right-click the drive. 6. From the menu, select Properties. 7. Select the Quota tab. 8. On the Quota tab, select Enable quota management. 9. Select Limit disk space to. 10. In the disk space limit field, enter 500 MB. 11. Under Set warning level to, enter 450 MB. 12. Select Deny disk space to users exceeding quota limit to deny additional space exceeding the quota limit. 13. Select Log event when a user exceeds their warning level; then click OK. 14. Click OK to enable the quota system.
9.2.6 Configure Forwarders You work as the IT administrator for a small business and are responsible for the corporate network. The server CorpDC is your domain controller and DNS server. This server hosts the CorpNet.com zone. For name resolution requests in other zones, you want CorpDC to forward requests to name servers at the ISP. In this lab, your task is to configure the DNS service on CorpDC using the following settings: Forward name resolution requests outside of the CorpNet.com domain to the following ISP DNS servers:163.128.80.93163.128.78.93 Use root hints for requests if the ISP DNS servers are unavailable.
1. In Hyper-V Manager, select CORPSERVER. 2. Right-click CorpDC and select Connect. 3. In Server Manager, select Tools > DNS. 4. Right-click CORPDC and select Properties. 5. Select the Forwarders tab. 6. Select Edit. 7. With Click here to add an IP Address or DNS Name highlighted, enter an IP address to the list. 8. Click inside the field to locate the server. 9. Repeat steps 7-8 to add additional IP addresses. 10. Click OK. 11. Make sure Use root hints if no forwarders are available is selected. 12. Click OK.
13.3.5 Configure a DHCP Relay Agent You just installed the DHCP service on the CorpDHCP server. You configured two scopes. The scope for Building A, Subnet1, is configured on 192.168.0. The scope for Building B, Subnet2, is configured on 192.168.10. After activating the scopes, you find that clients on Subnet1 receive IP addressing information from the DHCP server, but clients on Subnet2 have IP addresses in the 169.254.0.0/16 range. You realize that DHCP messages are not being forwarded through the router. In this lab, your task is to complete the following: Use Routing and Remote Access to configure CorpServer2 as a DHCP relay agent by performing the following:Add the DHCP relay agent routing protocol.Add NetTeam as a DHCP relay agent interface.Set the boot threshold to 0.Configure the DHCP relay agent properties to identify 192.168.0.14 as the DHCP server. Renew the TCP/IP information on Exec2 (the client machine in Building B). Verify that Exec2 has a network connection.
Add the DHCP relay agent routing protocol as follows: 1. In Server Manager, select Tools > Routing and Remote Access. 2. Expand the protocol node. 3. Right-click General and select New Routing Protocol. 4. Select DHCP Relay Agent; then click OK. Add and configure a relay agent interface as follows: 1. In the left pane, right-click DHCP Relay Agent and select New Interface. 2. Select NetTeam; then click OK. 3. Make sure Relay DHCP packets is selected. 4. Set the boot threshold. 5. Click OK. Configure the DHCP relay agent properties to identify the DHCP server as follows: 1. Right-click DHCP Relay Agent and select Properties. 2. In the Server address field, enter the IP address of the DHCP server. 3. Select Add; then click OK. Renew the TCP/IP address and verify the connection as follows: 1. From the top menu, select Inside to go inside Building B. 2. Select Exec2. 3. Right-click Start and select Command Prompt (Admin). 4. In the command prompt, type ipconfig /renew and press Enter. 5. From the the taskbar, select the Network icon to view the connection status.
6.4.6 Create Virtual Switches You have installed Hyper-V on CorpServer because you want to create virtual machines. Prior to creating the virtual machines, you are experimenting with virtual switches. In this lab, your task is to create the following virtual switches: Switch 1 must be a private switch. Within a private switch, virtual machines can communicate with each other but cannot communicate with the management operating system or access the physical network. Switch 2 must be an internal switch. Within an internal switch, virtual machines can communicate with one another and with the management operating system but cannot access the physical network.
Create Switch 1 as follows: 1. From Server Manager, select Tools > Hyper-V Manager. 2. Right-click CORPSERVER and select Virtual Switch Manager. 3. With New virtual network switch highlighted, select Private under What type of virtual switch do you want to create? 4. Select Create Virtual Switch. 5. In the Name field, enter Switch 1; then click Apply. 6. Click OK. Create Switch 2 as follows: 1. In Hyper-V Manager, select Virtual Switch Manager in the right pane. 2. With New virtual network switch highlighted, select Internal under What type of virtual switch do you want to create? 3. Select Create Virtual Switch. 4. In the Name field, enter Switch 2; then click Apply. 5. Click OK.
11.2.4 Restrict Printer Access The CorpFiles16 server has a new printer installed with the following settings: Printer name: KonicaColor Port: 192.168.0.22 (Standard TCP/IP Port) Driver: KONICA MINOLTA PS Color Laser Class Driver Share name: ColorPrinter The printer can be used by everyone. Unfortunately, this has caused the following problems: Members of the Marketing Department often send large print jobs for marketing proofs to the printer. As these jobs print, other users must wait a long time before the printer is available again. In addition, user print jobs end up in the middle of two large marketing print jobs, and the print jobs often get lost. Managers use the print device for printing reports used in planning meetings. They would like these jobs to print as soon as they are sent without waiting behind other documents in the queue. In this lab, your task is to resolve these problems as follows: Create a new printer called MrktgPrinter using the existing port and driver.Share the printer with the same name.Do not list in Active Directory.Make the printer available from 12 am to 4 am.Deploy the printer to computers in the Marketing OU using the MarketingGPO. Set the existing KonicaColor printer to be available between 4 am and 12 am. Create a new printer called MgrPrinter using the existing port and driver.Share the printer with the same name.Do not list in Active Directory.Set the printer priority to 99.Prevent the Everyone group from printing to the printer.Allow members of the Managers group to print.
Create a new printer object as follows: 1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpFiles16 and select Connect. 3. From Server Manager, select Tools > Print Management. 4. Expand Printer Servers.Expand CorpFiles16 (local). 5. Right-click Printers and select Add Printer. 6. Select Add a new printer using an existing port. 7. From the drop-down list, select the port of the Konica printer; then click Next. 8. Select Use an existing printer driver on the computer. 9. From the drop-down list, select the Konica driver from the list; then click Next. 10. Enter the printer name. 11. Make sure Share this printer is selected.Enter the share name; then click Next. 12. Click Next. 13. Click Finish. 14. Repeat steps for additional printers. Modify printer availability times as follows: 1. Right-click the printer and select Properties. 2. Select the Advanced tab. 3. Select Available from. 4. Enter the start and end times. 5. Click OK. 6. Repeat steps for additional printers. Deploy a printer using a group policy as follows: 1. Right-click the MrktgPrinter and select Deploy with Group Policy. 2. Select Browse. 3. Double-click Marketing. 4. CorpNet.com.Select the MarketingGPO; then click OK. 5. Select The computers that this GPO applies to (per machine) to deploy the printer to the computer, regardless of who is logged on. 6. Select Add. 7. Click OK. 8. Click OK to acknowledge the message. Modify printer priority as follows: 1. Right-click MgrPrinter and select Properties. 2. Select the Advanced tab.In the Priority field, enter 99. A higher number means a higher priority, with 99 being the highest. 3. Click Apply. Modify printer permissions as follows: 1. In the MgrPrinter Properties dialog, select the Security tab. 2. Select Everyone. 3. Select Remove to prevent the group from using the printer. 4. Select Add to assign permissions to a new user or group. 5. In the Enter the object names to select field, enter Managers; then click OK. 6. With Managers selected, select the appropriate permissions. 7. Click OK.
8.1.8 Create a Starter GPO You are the IT administrator of a large network. You need to create a starter GPO to use as a template and then create a new GPO using that starter GPO. In this lab, your task is to complete the following on the CorpDC server: Enable the Administrative Templates central store by creating a Starter GPOs folder. Create a starter GPO named DNS Settings. Configure the DNS Settings policies:DNS Servers: 192.168.0.11 and 192.168.10.11 (use a space to separate the two addresses)Primary DNS Suffix: CorpNet.comRegister PTR Records: Enabled with a value of RegisterDynamic update: EnabledTurn off Multicast Name Resolution: Enabled (enabling the policy turns off LLMNR) Create a new GPO named CommonGPO using the new starter GPO you created. Do not link the GPO at this time. Verify that the starter GPO settings were applied to the CommonGPO.
Create a starter GPO folder as follows: 1. From Hyper-V Manager, select CORPSERVER.Right-click CorpDC and select Connect. 2. From Server Manager, select Tools > Group Policy Management. 3. Expand Forest: CorpNet.com > Domains > CorpNet.com. 4. Select Starter GPOs. 5. Select Create Starter GPOs Folder. Create a starter GPO as follows: 1. In the left pane, right-click Starter GPOs and select New. 2. Type the name for the starter GPO; then click OK. Configure the starter GPO policies as follows: 1. Right-click DNS Settings and select Edit. 2. Under Computer Configuration, expand Administrative Templates > Network. 3. Select DNS Client. 4. In the right pane, right-click the policy you want to edit and select Edit. 5. Select Enabled or Disabled for the setting. 6. Configure additional parameters as required. 7. Click OK. 8. Repeat steps for each policy. 9. Close the Group Policy Starter GPO Editor. Create a GPO using a starter GPO as follows: 1. In the right pane, right-click DNS Settings and select New GPO From Starter GPO. 2. Type the name of the new GPO; then click OK. Verify the CommonGPO policy settings as follows: 1. In the left pane, select Group Policy Objects. 2. Right-click CommonGPO and select Edit. 3. Under Computer Configuration, expand Policies > Administrative Templates > Network. 4. Select DNS Client. 5. Verify that the values set in the starter GPO have been applied to the new policy.
6.3.9 Create Child Virtual Machines You just installed your operating system and applications on the ServerParent virtual machine. This virtual machine will be used to create two child virtual machines that use differencing disks. In this lab, your task is to perform the following: Delete the ServerParent virtual machine. Set the D:\HYPERV\Virtual Hard Disks\ParentDisk.vhdx file to Read-only. Create two new differencing hard disks using the following parameters (each hard disk has a different name, but uses the same disk format, disk type, location, and parent disk): - Disk format: VHDX - Disk type: Differencing - Name: Server1.vhdx and Server2.vhdx - Location: D:\HYPERV\Virtual Hard Disks - Parent disk: ParentDisk.vhdx Create two new virtual machines using the following parameters (each virtual machine uses a different name and virtual hard disk, but the same location, generation, size, and network): - Name: Server1 and Server2 - Location: D:\HYPERV\ - Generation: Generation 2 - Size: 4096 MB - Network: External - Virtual hard disk: Server1.vhdx and Server2.vhdx (respectively)
Delete a virtual machine as follows: 1. From Server Manager, select Tools > Hyper-V Manager. 2. Select CORPSERVER. Right-click ServerParent and select Turn Off. 3. Click Turn Off. 4. Right-click ServerParent and select Delete. 5. Click Delete. Make a virtual hard disk Read-only as follows: 1. From the taskbar, open File Explorer. 2. Browse to the location of the virtual hard disk. 3. Right-click ParentDisk.vhdx and select Properties. 4. Select Read-only; then click OK. 5. Close File Explorer. Create a differencing hard disk as follows: 1. In Hyper-V Manager, right-click CORPSERVER and select New > Hard Disk. 2. Click Next. 3. Select the disk format; then click Next. 4. Select Differencing as the disk type; then click Next. 5. Enter the name for the hard disk file. 6. Enter the location for the hard disk file; then click Next. 7. Select Browse to find the parent disk. 8. Select the parent disk. 9. Select Open. Click Next. Click Finish. 10. Repeat steps to create the second differencing hard disk. Create a virtual machine as follows: 1. In Hyper-V Manager, right-click CORPSERVER and select New > Virtual Machine. 2. Click Next. 3. Enter the name of the virtual machine. 4. Select Store the virtual machine in a different location. 5. Enter the path; then select Next. 6. Select the generation for the virtual machine; then click Next. 7. Enter the amount of memory to use with the virtual machine; then click Next. 8. Select the network connection used by the virtual machine; then click Next. 9. Select Use an existing virtual hard disk. 10. Select Browse. 11. Select the existing virtual hard disk; then select Open. Click Next. Click Finish. 12. Repeat steps to create the second virtual machine.
11.1.6 Create and Share a Printer You have added a new printer to the office. The printer is used by members of the Accounting department for printing forms and reports. The printer was not auto-detected, so you need to add the printer manually. The Print Server role service has been installed on CorpFiles16 already. In this lab, your task is to create a new TCP/IP printer on CorpFiles16 using the following settings: IP address: 192.168.0.24 Driver: HP LaserJet P4015X PCL6 Printer name: AcctPrinter Share name: AcctPrinter Location: Building 1 (include a space) List the printer in Active Directory Configure printer permissions as follows:Remove Everyone to prevent everyone from using the printerAdd the Accounting group and assign the Print permissionAdd the Mary Barnes user account and assign the Manage Documents permission
Install a new printer as follows: 1. From Hyper-V Manager, CORPSERVER. 2. Right-click CorpFiles16 and select Connect. 3. From Server Manager, select Tools > Print Management. 4. Expand Print Servers. 5. Expand CorpFiles16 (local) 6. Right-click Printers and select Add Printer. 7. Make sure Add a TCP/IP or Web Services Printer by IP address or hostname is selected; then select Next. 8. In the Host name or IP address field, enter the IP address; then select Next.Select Custom; then select Next. 9. Make sure Install a new driver is selected; then click Next. 10. Under Manufacturer, select HP. 11. Under Printers, select the driver; then click Next.Enter the printer name. 12. Make sure Share this printer is selected.Enter the share name. 13. Enter the location; then click Next. 14. Click Next. 15. Click Finish. List the printer in Active Directory as follows: 1. In the center pane, right-click the printer and select Properties. 2. Select the Sharing tab. 3. Select List in the directory. 4. Select Apply. Modify printer permissions as follows: 1. Select the Security tab.Under Group or user names, select Everyone. 2. Select Remove. 3. Select Add to assign permissions to a new user or group. 4. Enter the name of the user or group and press Enter. 5. Select the user or group you added. 6. Select the appropriate permissions. 7. Repeat steps additional users and groups. Click OK.
6.3.7 Create Virtual Hard Disks You have installed Hyper-V on CorpServer. You are experimenting with virtual hard disks. In this lab, use the Hyper-V Manager utility to create two virtual hard disks in the D:\HYPERV\Virtual Hard Disks directory. Name these disks Test1 and Test2. Use the following settings for Test1: Name: Test1 Disk Format: VHD Disk Type: Fixed size File name: Test1.vhd Location: D:\HYPERV\Virtual Hard Disks Size: 500 GB Use the following settings for Test2: Name: Test2 Disk Format: VHDX Disk Type: Dynamically expanding File name: Test2.vhdx Location: D:\HYPERV\Virtual Hard Disks Size: 4 TB (4096 GB)
To create virtual hard disks, complete the following for each virtual hard disk: 1. From Server Manager, select Tools > Hyper-V Manager. 2. Right-click CORPSERVER and select New > Hard Disk. 3. In the Before You Begin window, select Next. 4. Select the disk format; then click Next. 5. Select the disk type; then click Next. 6. In the Name field, enter the name of the virtual hard disk file. 7. In the Location field, enter the location of the virtual hard disk file; then click Next. 8. In the Size field, enter the size of the new virtual disk; then click Next. 9. Click Finish. Repeat steps 2-9 to create the second virtual disk.
7.4.4 Create Organizational Units You work as the IT administrator for a small business and are responsible for the corporate network. You have just installed Active Directory on a new Hyper-V guest server named CorpDC. You need to create an Active Directory organizational structure. The Active Directory structure will be based on the company's departmental structure. In this lab, your task is to create OUs on CorpDC as follows: Beneath the domain, create the following OUs: - Accounting - Admins - Marketing - Research-Dev - Sales - Servers - Support - Workstations Within the Sales OU, create the following OUs: - SalesManagers - TempSales Prevent accidental deletion of each OU you create.
Use Active Directory Users and Computers to create OUs as follows: 1. From Hyper-V Manager, select CORPSERVER. 2. Right-click the CorpDC server and select Connect. 3. From Server Manager, select Tools > Active Directory Users and Computers. 4. Select CorpNet.com. 5. Select the Create a new organizational unit in the current container icon from the menu bar. 6. Enter the name of the OU. 7. Make sure that Protect container from accidental deletion is selected to prevent the OU from being deleted. 8. Click OK. Repeat steps 4-8 for each OU specified.
13.1.6 Configure DHCP Options You have just configured a scope on the CorpDHCP server to service the 192.168.0.0/24 subnet. You need to configure additional TCP/IP parameters for all clients serviced by the CorpDHCP server. In this lab, your task is to complete the following: Configure the following DHCP options for the CorpDHCP server (not on the Subnet1 scope):006 DNS Servers = 192.168.0.11 and 192.168.10.11 (in that order) 015 DNS Domain Name = CorpNet.com Configure Subnet1 scope options as follows:003 Router (default gateway) as 192.168.0.5
Configure DHCP server options as follows: 1. From Hyper-V Manager, select CORPSERVER. 2. Right-click CorpDCHP and select Connect. 3. From Server Manager, select Tools > DHCP. 4. Expand CorpDHCP.CorpNet.com. 5. Expand IPv4. 6. Right-click Server Options and select Configure Options. 7. Under Available Options, select the 006 DNS Servers. 8. Under IP Address, enter the IP address. 9. Select Add to add the IP address to the list. 10. Repeat steps to add additional IP addresses. 11. Click Apply. 12. Under Available Options, select 015 DNS Domain Name. 13. In the String value field, enter CorpNet.com. 14. Click OK to save the options you have defined. Configure DHCP scope options as follows: 1. Expand Scope [192.168.0.1] Subnet1. 2. Right-click Scope Options and select Configure Options. 3. Under Available Options, select the 003 Router.Under IP address, enter 192.168.0.5. 4. Click Add to add the IP address to the list. 5. Click OK to save the options you defined.
13.3.6 Create a Split DHCP Scope The CorpDHCP server is the only DHCP server for clients on the 192.168.0.0/24 subnet. It has a scope that distributes addresses between 192.168.0.1 and 192.168.0.254, and an exclusion for static addresses for servers from 192.168.0.01 to 192.168.0.29. To provide DHCP fault tolerance for this subnet, you plan to split the scope with the CorpDHCP2 server (located on subnet 192.168.10.0/24 in Building B). Routers have been configured to pass DHCP requests between subnets. In this lab, your task is to complete the following: Explore the DHCP configuration on CorpDHCP. Identify which scopes, exclusions, and options are currently configured. Add the CorpDHCP2 server to the DHCP console. Explore the DHCP configuration on CorpDHCP2. Identify which scopes, exclusions, and options are configured. On CorpDHCP, use the Split-Scope wizard to split the Subnet1 scope between CorpDHCP and CorpDHCP2.Configure CorpDHCP to handle 85 percent of the IP addresses.Configure CorpDHCP2 to handle 15 percent of the IP addresses.Configure a 2-millisecond delay for the target server response.Identify which exclusions have been added to the CorpDHCP server.Identify which scopes, exclusions, and options have changed on the CorpDHCP2 server. Activate the backup scope for Subnet1 on CorpDHCP2.
Explore the DHCP configuration as follows: 1. From Server Manager, select Tools > DHCP. 2. Expand the server node. 3. Expand the protocol node. There is currently one scope for the 192.168.0.0 network. It is named Subnet1.Expand the scope node. 4. Select Address Pool. There is currently an address range of 192.168.0.1 to 192.168.0.254 and an exclusion for 192.168.0.1 to 192.168.0.29 to allow for static server addresses. 5. Select Scope Options. There are currently options configured for 003 Router, 006 DNS Servers, and 015 DNS Domain Name. Add the CorpDHCP2 server to the DHCP console as follows: 1. In the left pane, right-click DHCP and select Add Server. 2. Select This authorized DHCP server. 3. Select CorpDHCP2 and click OK. Explore the DHCP configuration on CorpDHCP2 as follows: 1. Expand CorpDHCP2.CorpNet.com. 2. Expand the protocol node. There is currently one scope for the 192.168.10.0 network. It is named Subnet2. 3. Expand the scope node.Select Address Pool. There is currently an address range of 192.168.10.1 to 192.168.10.254 and an exclusion for 192.168.10.1 to 192.168.10.29 to allow for static server addresses.Select Scope Options. There are currently options configured for 003 Router, 006 DNS Servers, and 015 DNS Domain Name. Configuring a DHCP split-scope as follows: 1. Under CorpDCHP, right-click the scope and select Advanced > Split-Scope. 2. Click Next to begin the DHCP Split-Scope Configuration Wizard. 3. Select Add Server to select the target DHCP server: 4. Select This authorized DHCP server. 5. Select CorpDHCP2 from the list of authorized DHCP servers; then select OK. 6. Click Next. 7. Under Host DHCP Server, enter 85. 8. Under Added DHCP Server, enter 15; then click Next. 9. Under Added DHCP Server, enter 2 for the response delays; then click Next. 10. Click Finish. 11. Click Close. 12. Select Address Pool. Note the new exclusion for 192.168.0.217 to 192.168.0.254, excluding 15 percent of the address range. Explore and activate the new scope as follows: 1. Under CorpDCHP2, expand the scope node for Subnet1. 2. Select Address Pool. The address range of 192.168.0.1 to 192.168.0.254 has been duplicated, and an exclusion for 192.168.0.1 to 192.168.0.216 has been created to exclude 85 percent of the address range. 3. Select Scope Options. Notice that the scope options were duplicated. 4. Right-click the scope and select Activate to enable the backup scope.