Systems Management Professional User`s Manual
Contents
1. User User User User User GARRETT COLEMAN STUDENT NO 96344598 127 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then right click on the highlighted users and click Add to a group amp Active Directory Users and Computers e 4 XE Hml LTR E Active Directory Users and Comput P Saved Queries amp 2 G_ Security Security Group E a MSCCONV IPA HA G_SecurityAdmins Security Group C Builtin gin L Computers Marketing E Domain Controllers ied ForeignSecurityPrincipals g i ia IPA amp i Ei Managed Service Accounts L Users E Organizational Organizational Open Home Page Send Mail All Tasks e Cut Delete Froperties Help ontains actions that can be performed on the item We can then enter the name of the group we wish to add the users to in this case the G_Security group and click Check Names to retrieve the correct group from the Active Directory Select Groups aE GARRETT COLEMAN STUDENT NO 96344598 128 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then select the correct group from the retrieved groups Multiple Names Found More than one object matched the name G Securty Select one or more names from this list or reenter the name Matching names Conca The correct group has been selected and we click OK Select Groups2. Builtin Computers a Domain Controllers ForeignSecurityPrincipals Managed Service Accounts a m Delegate Control F Move O H amp Computer Contact Group InetOrgPerson msImaging PSPs MS5MQ Queue Alias Organizational Unit Creates a new item in this container We then enter the details for the user I ix i 3 Create in MSCCONVIPAAPA First name fuser Initials Last name Full name fuser User logon name fuser MSCCONV IPA a User logon name pre Windows 2000 MSCCONW fuser oes oe a GARRETT COLEMAN STUDENT NO 96344598 je SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 The next step is to enter the password Pa wOrd for the user as specified in the assignment brief We also untick User must change password at next logon as per the assignment requirements New Object User 2 Create in MSCCONV IPAIFA Password nececees Contin password ncceeees tee rr Tree rer ere errr rrr ttre User must change password at next logon User cannot change password Password never expires Account is disabled We then click Finish to create the User object 3 Create in MSCCONVIPAIFA When you click Finish the following object will be created Full name user ie User logon name user l MSCCONV IPA lt Back Cancel GARRETT COLEMAN STUDENT NO 96344598 ae SYSTEMS MANAGEMENT ASSIG
3. New Virtual Machine Wizard Welcome to the New Virtual Machine Wizard What type of configuration do you want Typical recommended Create a Workstation 9 0 virtual machine in a few easy steps Custom advanced Create a virtual machine with advanced W options such as a SCSI controller type VM ware virtual disk type and compatibility with z older VMware products Workstation 9 We select custom advanced configuration and click next to move to the next step GARRETT COLEMAN STUDENT NO 96344598 221 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 New Virtual Machine Wizard poem Guest Operating System Installation A virtual machine is like a physical computer it needs an operating system How will you install the quest operating system Install from Installer disc E DVD RW Drive D Installer disc image file iso C GarrettColeman MSc Comp Sci IPA Project SOs er i Windows 7 x64 detected This operating system will use Easy Install What s this C I will install the operating system later The virtual machine will be created with a blank hard disk We will be using the Windows 7 Professional installer disc image file iso provided as part of this assignment therefore we select that we will install the guest operating system from an ISO and browse to the location where we have saved it on the host computer s hard
4. Media disconnected Connections ecific DNE Suffix 7 _ a oo Es O Windows system32 cmd exe ca EE Microsoft Windows Version 6 1 7601 opypight tc 2609 Microsoft Corporation All rights reserved 111 GC UserssWindows 7 Pro gt ipconfig Mindows IP Configuration Ethernet adapter Bluetooth Network Connection Media State Media disconnected Connect ion specif ic DNS Suffix Ethernet adapter Local Area Connection Connection specific DMS Suffix ihin 679 5 e Seb411 192 168 60 25 299 299 295 6 IPu4 Address subnet Mask ke See Se eee See ee See See Se Eis 2 LALA Ir A Tr er A Tunnel adapter isatap 616E4H6D 4176 4187 82AA ACED 41D1D19 gt Media State Media disconnected Connections ecific DNE Suffix GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 4 3 4 4 Step 4 Test Connectivity We can test the connections between any of the nodes from the command line by typing ping lt ip address of destination node gt We see below that there is a connection between the current node and the computer at 192 168 0 21 Server1 It is important to note that it may be necessary to disable the firewall from the machines we are wishing to communicate between Administrator Command Prompt C Users Administratorsping 192 168 60 21 Pinging 192 168 8 21 with 32 bytes of data
5. 5 Organize Enable this network device Diagnose this connection Rename this connection Bluetooth Network Connection Local Area Connection an B Sra Mot connected x Bluetooth Device Personal Area Men Hek te aca gt gt Search Network Connections D Organize Enable this network device Diagnose this connection Rename this connection gt ES Gil 7 L Bluetooth Network Connection Not connected F x Bluetooth Device Personal Area Create Shortcut Delete ey Rename a Properties GARRETT COLEMAN STUDENT NO 96344598 AUS SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 The DHCP service is not running therefore Client2 will not be automatically assigned an IP address and will not be able to communicate with the network as before Client2 also has not been statically assigned an IP address Therefore the system will assign itself an Automatic Private IP Addressing APIPA address beginning with 169 254 From the Client2 command line we type ipconfig and we can see that when we disable DHCP services Client2 is assigned an APIPA address which is an address that is given out when DHCP fails Once DHCP is enabled again an IP address within the DHCP scope will be assigned automatically as before a Clhient2 VMware Workstation ff File Edit View WM Tabs Help Hriglveod Deaekx yl oO ni Home ie Server 2 ij Server 1 jl M5
6. Root Fath Do COUO Cancel Apy We then navigate to the User_Docs folder that has been shared on the network select it and click OK Browse for Folder T Select the folder which you want to use as the redirect destination Ry Desktop E ti Network jl CLIENT oi SERVER 1 E pl SERVER Clienti netlogon GARRETT COLEMAN STUDENT NO 96344598 167 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 The root path of the User_Docs folder is then added and we click Apply and OK Documents Properties 4 ajx Target Settings po You can specify the location of the Documents folder setting Basic Redirect everyone s folder to the same location This folder will be redirected to the specified location Target folder location Create a folder for each user under the root path WSERVER2 User Docs For user Clair this folder will be redirected to WSERVER User_Docs Clair Documents We can click Yes to the warning message If you have any folder s setting that is not applied to Windows 2000 Windows 2000 Server Windows XP and Windows Server 2003 OS s you will no longer be able to change any folder redirection settings in this GPO from those OS s Do you want to continue No GARRETT COLEMAN STUDENT NO 96344598 pe SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 To ensure that the GPO will ap
7. Yes Mo We then follow the wizard that is opened Active Directory Domain Services Installation Wizard F Eii Welcome to the Active Directory Domain Services Installation Wizard This computer is already en Active Directory doman canter uu can use thes wizard la uniislall Active Cirectory Domain Services on this server More aboul Active Drectory Domain Services Be a GARRETT COLEMAN STUDENT NO 96344598 210 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 The next window advises that it would be better to uninstall AD DS on the server while connected to the domain instead of forcefully removing it As we have already deleted the domain controller this is not an option and we click Next Active Directory Domain Services Installation Wizard Force the Removal of Active Directory Domain Services Consider this option only after you attempt to remove Active Directory Domain Services nomially By forcing the removal of Active Directory Domain Services AD D S you remove AD DS from this domain controller including any global catalog and application partition data However the forest metadata will not be updated Unless this is the last domain controller in the forest you must perform metadata cleanup manually Therefore try to remove AD DS nonmally by running the Active Directory Domain Services Installation Wizard dcpromo exe on the domain controller b
8. DHCP Scopes i Before you install DHCP Server you should plan your subnets scopes and exdusions Make a record of DHCPy6 Stateless Mode the plan in a safe place for later reference IPv6 DNS Settings Additional Information DHCP Server Authorization DHCP Server Overview Integrating DHCP with DNS Progress Results lt Previous next gt Install Cancel We then tick the checkbox for the IP address that will be used for the DHCP server will use which is the IP address of Server2 Add Roles Wizard l x Select Network Connection Bindings Before You Begin One or more network connections having a static IP address were detected Each network connection can E naka be used to service DHCP cients on a separate subnet DHCP Server Select the network connections that this DHCP server will use for servicing cients Network Connection Bindings Network Connections IP Address pd ype 2 DeU W 192 168 0 22 IP v4 IPv4 DNS Settings IPy4 WINS Settings DHCP Scopes DHCP v5 Stateless Mode IPv6 DNS Settings BHCP Server Authorization Confirmation Progress Results Details Name Local Area Connection Network Adapter Local Area Connection Physical Address 00 0 29 0 5 49 87 lt Previous Install Cancel GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 At the next window we enter our domain name MSCCONV IP
9. Forest trust which allows organizations to easily share A You will be able to add only domain controllers that are running i Windows Server 2003 or later to this forest More about domain and forest functional levels Active Directory Domain Services Installation Wizard Set Domain Functional Level Select the domain functional level Domain functional level Windows Server 003 Details e features available at the Windows Server 2003 domain functional level include a ll features available at the Windows Server 2000 domain functional level and the allowing additional features Constrained delegation which an application can use to take advantage of the secure delegation of user credentials by means of the Kerberos authentication protocol lastLogon Timestamp updates The lastLogon Timestamp attribute is updated with the last logon time of the user or computer and it is Ay You will be able to add only domain controllers that are running j Windows Server 2003 or later to this domain More about domain and forest functional levels Back Next gt Cancel GARRETT COLEMAN STUDENT NO 96344598 pee SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 As we are currently installing our first domain controller the only additional option available is DNS Server which we select Active Directory Domain Services Installation Wizard Additional Domain C
10. Our next step is to locate the installation ISO image file of the OS We click on Edit virtual machine settings select CD DVD IDE click the Use ISO image file radio button and browse to the required ISO image file We can then click on Power on this virtual machine Hardware Options Device i Memory Processors Hard Disk SCSI CD DVD ave Network Adapter USB Controller gi Sound Card Printer El Display Summary 2 GB 1 200 GE Auto detect NAT Present Auto detect Present Auto detect Virtual Machine Settings Device status Connected Connect at power on Connection Use physical drive Auto detect Use ISO image file C Users Garrett MSc Comp Sc w Advanced Remove OK Cancel Help GARRETT COLEMAN STUDENT NO 796344598 i SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 4 3 1 2 Step 2 Installation of Windows Server Operating Systems When we power on the VM the Windows Server 2008 R2 installation begins E Install Windows Windows Server 2008 Install now What to know before installing Windows Repair your computer Copynght 2008 Microsoft Corporation All nghts reserved During the installation process we select the Windows Server 2008 Datacentre Full Installation for Server 1 and Server 2 Windows oie 2008 Re Standard Full Installation 7 14 2009 Windows Server 2008 R2 Standard Server Core Instal
11. Select this object type Users Groups or Builtin secunty principals From this location MSCCONV IPA Enter the object names to select examples NG Marketing Advanced OK Cancel GARRETT COLEMAN STUDENT NO 96344598 UY SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We can then click on the G_marketing group and click the Deny checkbox under Read permissions which will deny Read access to the IT OU for those users in the G_Marketing group 21x General Managed By Object Securty COM Attribute Editor Group or user names a Domain Admins MS5CCON WV Domain Admins RR Enterprise Admins MSCCONV Enterprise Admins 2 Administrators MSCCONV Administrators Account Operators MSCCONV Account Operators a 2 G_ Marketing MSCCONV Marketing 92 Print Operators MSCCONV Print Operators x Add Remove Permissions for G_ Marketing Allow Deny Full control Create all child objects Delete all child objects For special permissions or advanced settings click Advanced Advanced Leam about access control and pennissions We can then repeat the procedure above and we see that the IT OU is no longer visible to user6 who is part of the Marketing OU 2a ee eS oe Haa DERA na _iv Find Organizational Units File Edit View Organizational Units Advanced Name Stop E Search results
12. Volume Layout Type File System Status ow Cs Mirror D NTFS Healthy Boot Page File Crash Bump 23 GRMSXFRER_EN_DVD 0 Simple Basic UDF Healthy Primary Partition Co New Volume F Spa OC NTFS Healthy La System Reserved Simple D NTFS Healthy System 4 iDisk 0 Dynamic System Ri C New Volume F 200 00 GB 100 MBE MTF 59 30 GE NTFS 140 60 GE NTFS Online Healthy Sy Healthy Boot Page File Crash E Healthy Disk 1 Dynamic c New Volume F 150 00 GE 59 30 GE NTFS 90 70 GB NTFS Online Healthy Boot Page File Crash Dump Healthy LalDisk 2 Dynamic New Volume F 150 00 GB 150 00 GB NTFS Online Healthy 3 CD ROM 0 DVD GRMSXFRER_EN DVD D 2 79 GB 2 79 GB UDF T GARRETT COLEMAN STUDENT NO 96344598 112 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 7 Part B Task D e Within Active Directory create the following organisational unit structure e Parent OU called IPA containing Two child OUs called Marketing and IT T OU to contain 2 sub OUs called Dublin and Belfast e Identify any method of creating users via a TUI environment outline advantages accordingly e Using a method of your choice Create 5 users in the IPA OU called userl to userl0 first name only using the default Pa wOrd e Create 3 users in sales called userl to userl5 3 users in Dublin called userl6 to user 8 and 2 users in Belfast called user19
13. We name the GPO as PublishMSI EPUM Me A ee FEA S AES ES ME L ee g A A New GPO rus PublishMS Source Starter GPO inone v a We then open the GPM Editor by right clicking on the GPO and clicking Edit E croup Policy Management Es Fle Adiu View Winduw j eer Group Policy Management El A Forest MSCCONY IPA E E Domans E 33 MSCCONY IPA l Default Domain Policy TA OPO _Elod Contro Panel HE GPU lert Uotorward H PublishMs oO E Denzin Controlers E FA Fl DE Group Folizy Objects Ef Defaut Doman Controllers Ef Detaut Doman Poicy Ef GPO_lorkControlPanel Ef GO_ClientiCodcrward Ef PablishMs Fel se WMT Filer FF 3 Starter GFOs El Sites me Group Policy Modeling Es Group Polity Resu bs MSCCONV IPA Linked Gruv Poley Objects Group Holicy nhertance Uelegetion Link Eratled WMI Fitter Modified Domain ra ap Defaut Domain Policy Crasled F Sel GPO _Dien1DocForrad Enasled A GPO_ BlockConirolPenel Enasled Fnasled Mons AOS M5000 GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then navigate to User Configuration Policies Software Settings We right click on Software installation and select New Package Hg Group Policy Management Editor Je iol x Fie Action View Help ssl muaudalHE Sj PublishMSI SERVER 1 MSCCONV IF E l Computer Configuration C Policies C Preferences E 4f User Configurati
14. recommendations We enter false for the msDS PasswordReversibleEncryptionEnabled setting as this is not good practice in enterprise environments due to security vulnerabilities Create Object Ral Attribute msD5 PasswordReversibleEnc yptionEnabled Syntax Boolean Description Password reversible encryption status for user accounts We set 24 for password history length which defines how many new passwords must be used before a password can be reused Create Object d E Attribute msDS PasswordHistoryLength syntax Integer Description Password History Length for user accounts cot eo http technet microsoft com en us library cc784090 v ws 10 aspx Accessed July 16 2014 GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We enter true to enable the password complexity setting H Create Object l X Attribute ms05 PasswordComplexityEnabled Syntax Boolean Description Password complexity status for user accounts Value We set the minimum password length as 8 characters Create Object Attribute ms0S MinimumPasswordLength Syntax Integer Description Minimum Password Length for user accounts Value 8 mi e GARRETT COLEMAN STUDENT NO 96344598 142 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We set the minimum password age to 2 days Attribute
15. 2014 12 http msdn microsoft com en us library aa362244 v vs 85 aspx Accessed July 18 2014 13 Arpaci Dusseau R H amp Arpaci Dusseau A C 2012 Operating Systems Three Easy Pieces 14 http technet microsoft com en us library cc772180 aspx Accessed July 19 2014 15 http www microsoft com en ie download details aspx id 23476 Accessed July 19 2014 16 http support microsoft com kb 225551 Accessed July 19 2014 17 http technet microsoft com en us library hh831484 aspx Accessed July 19 2014 18 T Brett Introduction to Active Directory Services June 10 2014 19 http windowsitpro com security access denied understand difference between ad ous and groups Accessed July 20 2014 20 T Brett Group Policy July 1 2014 21 http technet microsoft com en us library cc732524 aspx Accessed July 10 2014 22 http technet microsoft com en us library cc770842 v ws 10 aspx Accessed July 16 2014 23 http technet microsoft com en us library cc784090 v ws 10 aspx Accessed July 16 2014 24 http en wikipedia org wiki File_server Accessed July 20 2014 GARRETT COLEMAN STUDENT NO 96344598 215 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Appendix B Assignment Details Part A INSTITUTE OF PUBLIC ADMINISTRATION MSc in Computer Science Systems Management Module Assignment 2014 Part A Introduction The purpose of this assig
16. 255 255 255 0 Restore Default Cancel Apply Help GARRETT COLEMAN STUDENT NO 96344598 201 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 10 2 2 Subtask 2 Configure Client2 to obtain address amp TCP IP settings from DHCP The first step in connecting the client computer to the DHCP server is to enable DHCP in the client2 network connections as opposed to the static IP address which we previously configured From the client2 machine we click Start and search for view network connections and open View network connections g Client VMware Workstation H File Edit View VM Tabs Help mealy Olm m io Home x ip Server2 ip Servera i MS Core gt ji Centi i Chent2 z Control Panel 12 B View network status and tasks se View network computers and devices a View devices and printers BE Manage wireless networks ft Views bocation activity Y Review your computer s status and resolve issues fa Device Manager h How te add new harchware di Update device drivers Wy Add gadgets to the desktop BW Get more gadgets online LEI PM B i5 7 ee Th Fide ani To retum to your computer move the mouse pointer cutsede or press Ctr Alt E i S354 E We right click on our Local Area Connection network and click Properties Ee J t Control Panel Network and Internet Network Connections Search Network Connections D j Organize Disable th
17. Fie Edt View WRI Tabs Help ti Fat i cor 42 La a Ee oO Home 2 Server 2 Server I Sy M5 Core Ei Chentt S hema E gt iisi iin Programs 2 E Remote Desktop Connection gt Windows Remote 4stitence Control Panel 6 Ff Remotetipp and Desktop Connections SE Allow remote access te your computer Allow Remote Assistance invitations to be sent from this comp Select users who can use remote desktop gt ie _ z E Fm j Set up a new connection with RemoteApp and Desktop Conine i 1 Cary i f i ri F E tem Fi iff a Aas a th Gee i fe remote Shut dewn 2 To raum to your computer move the mouse pointer outede or press Ctrle Alt GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 The Remote Desktop Connection application is then launched where we enter the IP address for the MS Core server and click Connect B Remote Desktop Connection Se i Remote Desktop Connection Computer 192 168 0 23 Username None specified You will be asked for credentials when you connect w Options Connect We are then prompted to enter the required Administrator credentials the password for which we previously set as Pa wOrd Wile seam E Enter your credentials These credentials will be used to connect to 192 168 0 23 Administrator Domain Remember my credent
18. GARRETT COLEMAN STUDENT NO 96344598 171 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 To restrict a group and exclude the GPO from affecting one user from that group we will modify the Delegation settings within the Group Policy Management snap in We click on the GPO click the Delegation tab and click Add Ee Group Policy Management a Fie Action View Windew Help Alms B m da en oky regenen GPO_BlockControlPanel El Gy Foresl MSCCONV IPA GA Domains TER Details Settings ed permission forthis SPQ El ga MSCCONV IPA These croups and users have the spect Defaut Demain Poi L Groups and users GPO a i Inherited ry eee aoe ae CA Aurherticated Users Read from Securty Filtering Ho m E PA i Domain Admins MSCCONV Donair Admins Edi settings delete modify security No E Re Group Policy Objects SA Errerpise Admins MSCCONV Enterprise Admins Edi settings delete modify secunty No Ey Default Domain Controlers Hi ENTERPR SE DOMAIN CCNTROL_ERS Read No 5 Default Domain Polcy Ga SYSTEM Edt settings delete modify security Mo G aro _ElodCornrorand 5 GPO_ClientiDecForward Se WMI Filters Lig Starter GPOs H fa Sites hee Croup Policy Modding CA Group Policy Results Add Remove Piopeties Advanced We can type user into the object name to select and click Check Names and then select the user we wish to exclude from the GPO we select userl3 one
19. JE Control Panel System and Security System r Search Control Panel Control Panel Home View basic information about your computer a Device Manager Windows edition Windows Server 2008 R2 Datacenter Copyright 2009 Microsoft Corporation All rights reserved Remote settings a Advanced system settings System Processor Intel R Core TM i7 36320M CPU 2 20GHz 2 19 GHz Installed memory RAM 2 00 GB System type 64 bit Operating System Pen and Touch No Pen or Touch Inputis available for this Display Computer name domain and workgroup settings Computer name Full computer name Computer description Workgroup See also Windows activation Action Center Windows Update Server2 Change settings Server2 Server 2 WORKGROUP na 2 days until automatic activation Activate Windows now Product ID 00496 164 27400001 84204 Change product key GARRETT COLEMAN STUDENT NO 96344598 67 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL 4 3 3 2 Step 2 Rename MS Core Machine To change the name of the Server Core machine we enter sconfig cmd from the command prompt Fy Administrator Windows system3 Ci Users Administrato sconfig cmd This opens the server configuration interface where we enter 2 for Computer Name which allows us to enter the name we want for the computer Domain Workgroup Workgroup WORKGROUP Computer Name ween te WI
20. STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 5 2 5 COMI CO BUI OS eas gecsascsasancsocasecosasocesassesenesdcassasanesdaunasasanesdsunevesesessseseucseuaucses 99 6 Pa aS kG snoeutnovsemaoauteoed ancsesmeoou A utueamuegeasaoueaeunoouanen 101 6 1 PS NN ate ee ae eect ce ciclo cca ac coda E a edeumaeuederedeuadet eden 101 6 2 SYS CCl eCOUIPC IMC IIL S caceecsssasssaecsaanseanavansanaeaasecasenaeeasvenspasanneeniaanseunepanaensesasecasenacsasressnneeras 102 Set em BAH gl I emma mae rs TR Pad PE Eo ro EO ei 102 Bo SSL VOE a aces cesses ease sonic seme coeur EAA EAE E AE E AAE 102 6 3 POC CUI xicccuracctsatucertaitacoltntniontetntetadavedsintedadetedsantensstetenatecadatetadatecatadceetatncssatacatatncsssecessaaccess 102 6 3 1 Subtask 1 Install 2 Additional Hard Disks On Server 1 cccscscceeeeeeeeeeeeeeeeeeees 102 6 3 2 Subtask 2 Use an Additional Hard Disk to Mirror the OS Disk cccseseee 106 6 3 3 Subtask 3 Create a Spanned Volume to Use Remaining Free Disk Space 108 re P Ee Ta k Daa a E ee E eae east 113 7 1 PAINT aE EEEE EEE EE EES 113 7 2 PrO OOU E a a ER AE E i om ge ese A A EIEL 114 7 2 1 Subtask 1 Create Organisational Unit Structure cccccccseeeeeeeeeeeeeesaeeesaeeesaees 114 7 2 2 Subtask 2 Creating Users using a TUI Environment c ccceeeeeeceeeeseeeeeaeeeeaees 116 7 2 3 SU aso Create USES cnn E EE EE EEEE 118
21. Select a Site Select a site for the new domain controller LESI Wee the site that comesponde to the IP address of this computer Sites Site Default First Site Name GARRETT COLEMAN STUDENT NO 96344598 pe SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 For the second domain controller additional options we select DNS Server and Global catalog Se ee Be ed Fe I gi Active Directory Domain Services Installation Wizard Additional Domain Controller Options za tions for this domain controller W DNS server M Global catalog Read only domain controller RODC Additional information There is cumenth 1 ONS server that is registered as an authortative name server for this domain More about additional domain controller options The remaining steps of the Wizard are as per those described in Server above which we follow to completion Se et Be E a Active Directory Domain Services Installation Wizard Review your selections gure this server as an additional Active Directory domain controller tor the m omain MSCCONV IPA ite Default First Site Name ditional Options Read only domain controller Mo Global catalog Yes DNS Server Yes Update DNS Delegation No ource domain controller any writable domain controller gt To change an option click Back To begin the operation click Next These settings can be exported to an an
22. ooocSyatem Ho avallable propertes On the expanded list of components we add the components we wish to include in our answer by right clicking the component and then selecting the appropriate configuration pass This action adds the selected component to our answer file in the specified configuration pass or phase of the Windows installation It is important that we expand the component list in the Windows Image pane until we see the lowest child node that is the component we wish to add to our answer file For example as shown in the screenshot below we expand Microsoft Windows Setup to see the DiskConfiguration node which we expand to see the disk node which we expand to see the create partition node which is expanded to see the lowest child node that is the create partition node that we wish to add to our answer file When we right click on this node we are given the option to add this component to Pass 1 windows PE pre installation environment This shortcut adds the create partition setting and all parent settings to our answer file in one step GARRETT COLEMAN STUDENT NO 96344598 ie SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 H Untitled Windows System Image Manager fate File Edit Insert Tools Help Select a Distribution Share IE Untitled E Properties fa Components Applicable 1 windowsPE ben tle 1 windowsPE Compone Micrasoft Wind es te 2 offline Servi
23. 2 3 Procedir moa aE E E E EE E T E cae amt daa at cet A E 8 2 3 1 Step 1 Installation of the Windows Automated Installation Kit Windows AIK 8 2 3 2 Step 2 Building an Answer Fil ccccccccsecceseeeceeeccsseeeaeeecaeeeeaeeeeaeeesaeeesseeeseeeeaeeeeas 13 2 3 3 Step 3 Building a Reference Installation wnceiccccsecceccedeieca does cade cecadoee cate eucedoencateeanncane 22 2 3 4 Step 4 Creating Bootable Windows PE M Cia cccsccccseeeeeeeeeeeeeceeeeeeeeeeaeeeeaeeeeas 23 2 3 5 Step 5 Capturing the Installation Onto a Network Share cccsseesseecseeeeeeeseeeeeeees 26 2 3 6 Step 6 Deploying from a Network Share cccccccccsseseesesecseeeeseeeceeeceeeenseeeeevenseeeeas 29 3 PATA WAS FZ a a T E EE E E 32 3 1 ProD Ea aa a erat aeie etude datetedeiaceaatecetetagesamecedetateaanatoce asa 32 3 1 1 How BitLocker Drive Encryption Works ccccccsseeceeeseeeeeeeeeeeeseneeeeeeceesaeeseneeeeeeneeeees 32 3 Vue TEM DENION e astra ace E E E E E E E E E E 33 32 System Requirements cccccccecceeesseeeeecenesaeeeaesenecaeeeesegecaeeeaeseuesauesaeseueseueeaeseueseuenseseaesenenaes 33 3 2 1 WIndows VETSION G eter tetecsnceretececectecte ce tetaecinnn a tateaecinangetatanoaageseaatenosadonodanenetadonotadononnmates 33 3 22 SY SUC CO ORF ClO EE 34 3 3 FOS UT iach arte atten stee ctaa i t ah t e th t attao the atee cai diate eaten cheat tiecieate ata tiatheges 34 3 3 1 BitLocker Drive Encryption on OS drive of computer
24. Ethernet adapter Local Area Connection Connect ion specific Suf fix Description a a a 1 w ew ew ee Physical Address DHCP Enabled Autoconf iguration Enabled Link local I Pv6 Addres IPod Address Subnet Mask Default Gateway a DHGPu6 IAID 3 DHCPu6 Client DUID DMS Servers 5 Het BIOS over Tepip J InteliR PRO 1660 MT Network Connection HH HC 29 21 F7 FF Ho Yes fegt 8c2d 69 a3 9a6 7a29z3 Preferred 192 168 6 23 Preferred gt 255 255 255 0 5334761 HH 81 HA 41 18 66 5E 66 66 6C 29 78 53 3A 192 168 8621 Enabled iC Users Administrator gt GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 5 2 5 Confirm Configurations We can confirm that all of our configurations have taken effect by clicking on Start Administrative Tasks Active Directory Users and Computers AD UC on the Serverl machine b Recule Dees Servinves Fu erve Direcnery Advises Center gg Arve ireen Denar and Inra a So a isle EE EE maters i h Conparent Services Danena E ews Managzimanl EE aa hares gng r 1 Server1 Corral ane a Windows Frenat Aine Security Ae log Windaae Memory gash cate EE EE irde Powersral Moduler os a ibs Wirduen Se ver Back FP AR Ub soma When we click on Computers we see that Client and MS CORE are mem
25. G E3 Install Windows Where do you want to install Windows Total Size r F Disk 0 Unallocated space 200 0 GB 200 0 GB Refresh Pa Delete FP Form at af Mew Q Load Driver Extend Size 60820 ME Apply GARRETT COLEMAN STUDENT NO 96344598 i SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 r Install Windows To ensure that all Windows features work correctly Windows might create additional partitions for system files C The next window shows the partitions that have been created we select the 60GB partition as the location to install Windows and click Next to proceed with the installation 3 DY Install Windows k Where do you want to install Windows Total Size Free Space Type Disk 0 Partition 1 System Reserved 100 0 MB 86 0 MB System yp Disk0 Partition 2 5936 593GB Primary Disk 0 Unallocated Space 140 6 GB 140 6 GB 4 Refresh 7S Delete g Format Load Driver gt Extend GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 The installation then commences That s all the information we need right now Your computer will restart several times during installation Wf Copying Windows files Expanding Windows files 0 Installing features Installing updates Completing installation Once the installation has completed we are required to create the Administrat
26. PublishM l 23 Donars scope Metails Settincs Nielagaton O ga MSCCCNW IPA Unka EE Default Comair Foley Display e ea r aise RA GFO _BodkcenTolFanel Hi rO _CicntiDecFoward fap PuhlishMisT E EJ Domain Controlers o E mra E Sp Croup Policy Ahjeris f Cefault Comair Corrollers Lf Cefault Comair Policy Gf GPO_RockContalPanel The folowing stes domzine anc Oe are inked to thie GFO ia MSCOONW IPA Na Yes MSCCONV PA Secoily Fillevinny The setings n ths GPO can only apply ta ihe folowing croups users ard compters i Authentcated Users o iene E CE Starter Geos 0 F Stes see Group Pricy Marelng C Group Polcy 2esults Remove Properties WMI Hitering This GPO 1s irked to the following WHI fitter ners Ore We then select the G_ITDublin group and click OK Select User Computer or Group Select this object type User Group or Builtin securty principal Object Types From this location MSCCONV IPA Locations _Enter the object name to select examples Check Names Ze GARRETT COLEMAN STUDENT NO 96344598 Advanced OK Cancel 182 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Finally we right click on the GPO and make sure that it is Enabled and then click Enforced i Group Policy Ma nagem ne mlc Hm Es arous Policy Management El AN Torest MSCCONY IFA El E Domains gA MSCCONMIPA
27. SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We can then enter Client and click Check Names and then select Client from the returned computers it will be added to the object name to select pane and we click OK Select User Computer or Group Select this object type From this location MSCCONY IPA nite the obiect name to select examples pan We can then see that the GPO has been filtered such that it is only applied to the Client computer E Group Policy Management e Hil 6 8 alH r Graup Pulty Management GPO ChentiDocForward A Toresti MSCCONY IPA Fl E Donairs Lope Deans Settinas Delegation O g MSCCONV IPA Linka Defaut Domzir Foicy Lisptay ins in ths location oe A E Domain Controlere l i MECZON F PA a PA The following sres domains and OUs are lirked to ths GPO EU cuprucr mics pe e L Detant Domain Controllers P ae Enforced Lnk Enebled ar eer a m ER 1 C3 Slarler SPOs pis Group Policy Modeling The settngs in ths GPO can only aaply to chs following groups users and computers Croup Policy Results SICLIENT1 MSCCONWACLIENTIS Auld Remove Propecilics WMI Filtering This GFC is Inked ta the folowing WMI fiker nores Oper GARRETT COLEMAN STUDENT NO 96344598 ps SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then link the newly created GPO to the IPA OU
28. Select this abject type Groups or Builtin security principals From this location MSCCONV IPA Enter the abject names to select examples G Security Check Names A message is generated confirming the operation was successful tor Active Directory Domain Services o oO The Add to Group operation was successfully completed GARRETT COLEMAN STUDENT NO 96344598 129 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 8 2 1 3 Step 3 Summary of Groups We see below that we have created three groups in the IPA OU G_Security Contains all users for the purposes of applying a fine grained password policy G_SecurityAdmins Contains the Admins for the domain who will have a stricter password policy applied to them G_IPA Contains the users who reside in the IPA OU E Active Directory Users and Computers File Action View Help e9 Am OH ahl H mle kaTa E Active Directory Users and Comput Saved Queries Organizational Unit E ffl MSCCONV IPA Bd Marketing Organizational Unit 15 x C Builtin amp useri User Computers A user2 User Domain Controllers 2 dbg Hee ForeignSecurityPrincipals 2 isdi Te users User i Belfast S2 G_Security Security Group Global Dublin 8 G_SecurityAdmins Security Group Global H Marketing JA GIPA Security Group Global Ea Managed Service Accounts Users G Security Properties General Members Mem
29. Tools Windows actrvation Oe jl Control Panel System and Security System Control Panel Home E View basic information about your computer a Device Manager Windows edition fe Remote settings Windows 7 Professional N H System protection Copyright 2009 Microseft Corporation All rights reserved Ia Advanced system settings Service Pack 1 Get more features with a new edition of Windows 7 mM System Rating System rating is not available Processor Intel R Core TM 17 36320M CPU 220GHz 2 19 GHz Installed memory RAM 2 00 GB System type 64 bit Operating System Pen and Touch No Pen or Touch Input ts available for this Display Computer name domain and workgroup settings See also Computer name Client Change settings Action Center Full computer name Client2 Windows Update Computer description Client2 ta Performance Information and Workgroup WORKGROUP Tools GARRETT COLEMAN STUDENT NO 96344598 70 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 4 3 4 Subtask 4 Assign Static IP Addresses to all Machines When we need a computer to always use a specific IP address such as a server it is necessary to assign it a static IP address By default TCP IP settings are configured to for nodes on a network to receive an address automatically from a Dynamic Host Configuration Protocol DHCP server on the network and it is not necessary to manually configure
30. Updating path to include dism oseding imagex C Program Files Windows AlK Tools PETools C N Program Files Windows ALKNTools PETools AND6b4 C Program Files Windows ALKSITools PEIools s xt6 s i C Program Files Windows AlK Tools PETools AMD64 Servicing C Progran File ssWindows AIK Tools PETools x86 Servicing C Program Files Windows AIK Tools PETools gt copype cmd amd64 c winpe_amd64 GARRETT COLEMAN STUDENT NO 96344598 24 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL Administrator Deployment Tools Command Prompt Se ae copied Files Windows AIK Tools PETools amd64 EF boot bootx64 ef i C Program Files Windows AIK Tools PETools amd64 EFI microsoft boot bed C Program Files Windows AIK Tools PETools amd64 EF microsoft boot fontsschs_ Files Windows AIKNTeo ls PEToo ls and64 EF nicrosoft boot fonts cht_bois C Program Files Windows AIK Tools PETools amd64 EFI microsoft boot fonts jpn_bo ot ttf C Program Files Windows AIK Tools PETools amd64 EFI microsoft boot fonts kor_bo ot ttf C Program Files Windows AIK TIools PETools amd64 EF microsof t boot fonts wg14_b oot ttf 7 Filets copied 1 filets gt copied Success Updating path to include peimg cdimage imagex G N Program Files Windows AIkKNToo ls 5PEToo lss C Program Files Windows AIK Tools PETools AND64 Our next step is to copy the base image named Winpe wim to the Winpe_x86 ISO sources folde
31. the implementation of BitLocker requires that our computer supports USB devices during computer startup However we are using a virtual machine by means of VMWare Workstation which does not support booting to USB USB drives are not available to the Windows bootloader on VMWare Workstation so it cannot read the keys from a passed through USB flash drive BitLocker only GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 allows us to write the keys to a USB drive but the BitLocker boot code can read the keys form any device so our workaround is as per the following five steps 1 We will create a small virtual hard drive that is stored on a USB key and mounted to our virtual machine 2 We will change the Group Policy settings in windows to allow BitLocker to work without a TPM 3 We will mount a temporary USB drive to our Virtual Machine and once BitLocker is setup on the system drive we will have BitLocker write the Key and Backup key to the temporary USB 4 Once BitLocker has written the keys we will copy them over to the virtual disk unmount our first USB drive and allow BitLocker to reboot 5 BitLocker will then start encrypting after it boots back up 3 3 2 1 Step 1 Create and Mount a Virtual Hard Drive Our first step is to provide a permanent location for the BitLocker files We shut down our virtual machine and follow the steps below to add a new
32. 1 5 Step 5 We then confirm that we are ready to encrypt the drive with the Run BitLocker system check check box selected and then click Continue We then agree to restart the computer by clicking Restart now The computer restarts and BitLocker checks if the computer meets BitLocker requirements and is ready for encryption If it is not an error message is generated alerting us to the problem after we have logged on A common problem that causes the computer to not meet BitLocker requirements is the configuration of the system partition BitLocker requires a minimum system partition size of 100 MB and the Windows Recovery Environment requires 200 MB When the operating system is installed the system partition is automatically created by the setup process with a default size of 300 MB GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 However this default partition size can be changed by computer manufacturers or system administrators when they install the operating system If the system partition is exactly 100 MB BitLocker setup assumes that we have a Windows Recovery DVD for use with the computer and the system check is completed without any errors However if we have a system partition size between 101 MB and 299 MB the following error message is generated You will no longer be able to use Windows Recovery Environment unless it is manually enabled
33. Active Directory Domain Services Installation Wizard x Choose a Deployment Configuration You can create a domain controller for an existing forest or for a new forest Existing forest f Add a domain controller to an existing domain Create a new domain in an existing forest This server will become the first domain controller in the new domain Create a new domain in a new forest More about possible deployment contiqurations Back Mext gt Cancel We then enter the FQDN for our domain and click Set to enter the credentials for this machine Active Directory Domain Services Installation Wizard x Network Credentials 2 Specify the name of the forest where the installation will occur and account B Rae credentials that have sufficient privileges to perom the installation ME a Type the name of any domain in the forest where you plan to install this domain MSCCONV IPA Specify the account credentials to use to petom the installation Hu curent logged on credentials SERVERS Administratar 1 The current user credentials cannot be selected because they are local to this gomputer A set of domain credentials is needed Altemate credentials More about who can install Active Directory Domain Services Back Hert gt Cancel GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then enter
34. Add Setting to Pass 2 offlineServicing i a rael fike Add Setting to Pass 3 generalize H s Imagelnstal Add Setting to Pass 4 specialize Sr oS a e er Add Setting to Pass 4 specialize XML 0 Validation m Configuration Set 0 a p Run Asynchronous Add Setting to Pass 5 auditSystem a Following the step by step instructions provided by Microsoft we add the components in the table below this manual describes the creation of a two partition configuration therefore two create partition components and two modify partition components are added to the windowsPE configuration pass Component Configuration Pass Microsoft Windows Deployment Reseal oobeSystem Microsoft Windows International Core WinPE SetupUlLanguage windowsPE Microsoft Windows windowsPE Setup DiskConfiguration Disk CreatePartitions CreatePartition Microsoft Windows 7 7 windowsPE Setup DiskConfiguration Disk ModifyPartitions ModifyPartition Microsoft Windows windowsPE Setup DiskConfiguration Disk CreatePartitions CreatePartition Microsoft Windows 7 windowsPE Setup DiskConfiguration Disk ModifyPartitions ModifyPartition Microsoft Windows Setup Imagelnstall OSImage InstallTo windowsPE Microsoft Windows Setup UserData windowsPE Microsoft Windows Shell Setup OOBE oobeSystem GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 All of the settings
35. COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 The installation process then begins GARRETT COLEMAN STUDENT NO 96344598 ee SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 9 Part B Task F e Setup the MS Core server as a file server e Configure MS Core for Windows Remote administration e Access MS Core from Client2 using remote desktop 9 1 Preamble As the MS Core server has been set up as a member server of the domain it does not handle administrative services such as user authentication Member servers do however provide services to the domain such as print serving or file serving A file server is defined as a computer attached to a network that has the primary purpose of providing a location for shared storage of computer files that can be accessed by the workstations that are attached to the same network The availability of Remote Administration in systems management means that instead of having to physically go to a server to perform administrative duties system administrators can access a server remotely from their current location Using Remote Administration the graphical interface of a computer can be displayed over a network onto another correctly configured computer In larger organisations with many servers this can be save time and improve efficiency 9 2 Procedure 9 2 1 Subtask 1 Set Up MS Core Serve
36. COLEMAN STUDENT NO 96344598 193 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 As with previous roles installations a list of recommendations are given Add Roles Wizard x Before You Begin Before You Begin Server Roles Confirmation Progress Results This wizard helps you install roles on this server You determine which roles to install based on the tasks you want this server to perform such as sharing documents or hosting a Web site Before you continue verify that The Administrator account has a strong password Network settings such as static IP addresses are configured s The latest security updates from Windows Update are installed If you have to complete any of the preceding steps cancel the wizard complete the steps and then run the wizard again To continue dick Next E Skip this page by default On the next window we check the tickbox for DHCP Server Add Roles Wizard Before You Begin Server Roles DHCP Server Network Connection Bindings IPv4 DNS Settings IPv4 WINS Settings DHCP Scopes DHCP v6 Stateless Mode IPv DNS Settings DHCP Server Authorization Confirmation Progress Results Select Server Roles Select one or more roles to install on this server Roles E Active Directory Certificate Services ACOVE Oreciory Doman services Installed _ Active Directory Federation Services Active Directory Ligh
37. Comput f Saved Queries El gj MSCCONV IPA Builtin userii Computers E Domain Controllers ForeignSecurityPrincipals C Managed Service Accounts H Users El EJ IPA Marketing E bel Active Directory Users and Computers 9 timlDlib os Hm tasrae E Active Directory Users and Comput Name mpe SSI Description Saved Queries gj MSCCONV IPA Builtin Computers S Domain Controllers ForeignSecurityPrindpals Managed Service Accounts Pe Lisers El E IPA Marketing E E ir s user i amp user13 GARRETT COLEMAN STUDENT NO 96344598 e VA SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 7 2 3 Subtask 3 Set Logon Hours for Users To restrict user access to the network to 24 hours per day Monday to Friday we will modify the logon hours for users From AD UC we highlight the users to whom we will be applying the restriction right click and select Properties Active Directory Users and Computers XE slu mld a eras E Active Directory Users and Comput Saved Queries Organizational El F MSCCONV IFA FE Organizational C Builtin H Computers E Domain Controllers gt ForeignSecurityPrincipals Managed Service Accounts CA Users seca Add to a group E IPA Disable Account E Marketing Enable Account a E Move Dublin Open Home Page Belfast Send Mail All Tasks Cut Delete In the Properties dialog box we open the Account tab we tick Lo
38. Container CM Syste 2C M B E neawsecony nc 1ra f CN PAAdrini PSD n CN IPAAdmrs 50 CN Password Settngs Container CN Systemi CJ CN Bui lin m CJ CN Corputers J O Donain Controllers 9 CN Forciq Security rirdpals fj opa E CN LoetindFound CM Manaced service Accout 9 CN NTTs Quet CJ CN Program Nate El CH S ys leri E HAm ECHuker C ON ComPartitions gt ON ComPartitionSets 5 ON 2cfaut Domain Policy ON 3t Contiguration E un JcmanUpdares E Nse Hepbeaton Service 9 ov leunks EA Nr Seninty A TH e lings CN Vivrusu LON 19 ON Asssincrd Settings Conainz 9 M i G Nam CNA anc IAS Servers Accece Check LN pchervicee oo E UN winsoceservices EJE peel E ry i pene r N Password Settings Container More Actors a CNIPA Admins FSO 2 Marc Actiers GARRETT COLEMAN STUDENT NO 96344598 152 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We can test that the PSOs have been applied by logging in as a user on one of our client workstations and then attempting to change the password for the account E Client VMware Workstation i ES File Edit Wew WM Tabs Help msia te dlon oO x etae x i Centi x pene amp py Home X fe Server 2 x ie Server l a stait lask manager career Windows Professional _ oe We enter a simple new password that only contains letter character g Clienti VMware Works
39. Control Panel from Prohibi a banian i starting As a result users cannot start z start Menu and Taskbar Control Panel or run any Control Panel L Show P System items Windows Components DA all Settings This setting also removes Control Panel Re Apply Filter from the Start menu This setting also 4 Preferences removes the Control Panel folder from All Tasks Windows Explorer Help If users try to select a Cortrol Panel item from the Properties item on a context menu a message appears explaining that a setting prevents the action E Extended isplays Help for the current selection We then click the Enabled radio button and click Apply and OK cY Prohibit access to the Control Panel Ioj x Prohibit access to the Control Panel Previous Setting Next Setting Not Configured Comment a Enabled Disabled Supported on at least Windows 2000 Options Help Disables all Control Panel programs i This setting prevents Control exe the program file for Control Panel from starting As a result users cannot start Control Panel or run any Control Panel items This setting also removes Control Panel from the Start menu This setting also removes the Control Panel folder from Windows Explorer If users try to select a Control Panel item from the Properties item ona context menu a message appears explaining that a setting prevents the action cnet ty
40. Corporation On computer MININT 8 TFJT DISKPART gt select disk Disk is now the selected disk DISKPART gt clean DiskPart succeeded in cleaning the disk DISKPART gt create partition primary size 360 DiskPart succeeded in creating the specified partition DISKPART gt select partition i Partition 1 is now the selected partition DISKPARI gt format fFe ntfs Llabel Systen 1486 percent completed DiskPart successfully formatted the volume DISKPARI assign letter 5 DiskPart successfully assigned the drive letter or mount point DISKPART gt active DiskPart marked the current partition as active DISKPART gt PDISKPART gt cre DiskPart succeeded in creating the specified partition DISKPART select partition 2 Partition 2 is now the selected partition BSDISKPART gt format Feentfs label Windows 166 percent completed DiskPart successfully formatted the volume DISKPART gt assign letter C DiskPart successfully assigned the drive letter or mount point DISKPART gt We can then copy the image from the network share to our local hard drive As described above we mount the Share folder as a drive on the destination computer at the command prompt we type net use N lt ComputerName gt lt PathToSharedFolder gt lt password gt user lt userName gt in our case this is net use N WIN OQFC9RD5ACBR Users Lenovo Desktop Share PaSSw0Ord user Lenovo GARRETT COLEMAN STUDENT NO 96
41. Edit He Acton Wea Helo oe m Xa os Ble ANAT File Luzbigushed Nama ACO WRECCOAV TIS Server 1 44SCCony TPA p a x TJ j z y F Wy kiye a a i El E z ee E LM LPAAS MmebsHactwa CA LAPSO CN Paceao d Settrce Lontaner 4 system LX F UE Password settings Lontainer A EJ be MsccCony DC IFA gt CN Duitin Merc Acciona F m CN Corputers O O Donain Conzellers E Ci roreignsecuitysncpals G ospa 9 CN netardFaund 0 CNSMa a Se vie Acwuunls E CN NTDS Quctas 9 CH Preqram Datz Mowe O ch Svatem Sew Connection for Hera LN Admin amp LHolder E UN Uomvarttions O ON cemPartitionsers E N d ernan Pole y CN 3fs Cun Waa ia Zelete gt DN DomainUpdates Serene gt CN lt lefeplection Servee teeth E N li ceporbuist E UN L Securty IN Veetings N vierrec fits ON Fasenurd Se clings C B ON sides F N35 Ur Fo Lm E ON 285 and AS Servers Access hedi G ON ApecServicee UN iWWineseeServicss xl E kreatez anew temin te conzainer GARRETT COLEMAN STUDENT NO 96344598 ae SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 The attribute settings we set are similar to the previous PSO with the following exceptions We name the PSO IPAAdminsPSO Create Object Attribute cn Syntax Unicode String Description Common Wame Value We set the precedence of the PSO to 1 Create Object x Attribute msD5 Fasswo
42. Folder MSCCONWV IPA 3_SecuntyAdmins MSCCONV IPA GARRETT COLEMAN STUDENT NO 96344598 134 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 When the group has been selected we click OK a Select Users Computers or Groups Nits Seek Moir key tater oes rE We then highlight the selected group and click Next Delegation of Control Wizard Users or Groups Select one or more users or groups to whom you want to delegate control GARRETT COLEMAN STUDENT NO 96344598 eae SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We can then select the tasks that we wish to delegate as shown below Delegation of Control Wizard Tasks to Delegate You can select common tasks or customize your own Delegate the following common tasks Create delete and manage user accounts Reset user passwords and force password change at next logon Read all user information Create delete and manage groups Modify the membership of a group Manage Group Policy links Generate Resultant Set of Policy Flanning Create a custom task to delegate lt Back Cancel Hep We then click Finish to complete the wizard Delegation of Control Wizard Completing the Delegation of Control Wizard You have successtully completed the Delegation of Control wizard You chose to delegate control of objects in the fol
43. GB RAM 32 bit or 2 GB RAM 64 bit Disk Space 16 GB available hard disk space 32 bit or 20 GB 64 bit Graphics DirectX 9 graphics device with WDDM 1 0 or higher driver 4 3 Procedure 4 3 1 Subtask 1 Create Three Server Virtual Machines 4 3 1 1 Step 1 From VMware Workstation we select File New Virtual Machine and select a Typical recommended install As we will install the operating system later it is not necessary to doa Custom advanced configuration A typical install is required to enable configuration of Hard Disk Drive HDD partitions during installation New Virtual Machine Wizard Welcome to the New Virtual Machine Wizard What type of configuration do you want Typical recommended Create a Workstation 9 0 virtual machine in a few easy steps _ Custom advanced Create a virtual machine with advanced options such as a SCSI controller type VMware virtual disk type and compatibility with Workstation 9 Help older VMware products lt Back Cancel GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 New Virtual Machine Wizard Guest Operating System Installation A virtual machine is like a physical computer it needs an operating system How will you install the quest operating system Install from Installer disc cig DVD RW Drive E C Installer disc image file iso C Users Garrett MSc C
44. Machine OOBE out of box experience prompts the end user to read the Microsoft Software License Terms and to configure the computer The System Preparation Tool Sysprep window is automatically displayed on the desktop in audit mode and on this window we select Enter System Out Of Box Experience OOBE from the System Cleanup Action list tick Generalize select Shutdown from the Shutdown Options list and then click OK GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 System Preparation Tool Sysprep prepares the machine for hardware independence and cleanup Enter System Out of Box Experience OOBE Generalize Shutdown Options ry Aa Tal PM a 0 gt a Priel asoma Sysprep exe prepares the image for capture by cleaning up various user and computer specific settings as well as log files The reference installation now is complete and ready to be imaged 2 3 4 Step 4 Creating Bootable Windows PE Media Our next step is to create a bootable Windows PE Preinstallation Environment RAM disk ona CD ROM disc by using the Copype cmd script Windows PE RAM enables us to start a computer for the purposes of deployment and recovery by booting directly into memory enabling us to remove the Windows PE media after the computer boots In step 5 hereunder we will boot into Windows PE and use the ImagexX tool to capture modify and apply file b
45. Organizational Unit E Domain Control Organizational Unit Default container for domain controllers 3 item s found GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 8 2 3 Subtask 3 Folder Redirection Group Policy Object GPO 8 2 3 1 Step 1 Create Shared Folder Our first step is to create a folder called User_Docs on the C drive of the Server2 computer and share it out to the network We click Start Computer and click on the Local Disk C icon We right click on whitespace and select New Folder We then name the folder User_Docs Local Disk C Computer Local Disk C Organize Share with New folder a iil e Ww Favorites Name Date modified Type Ee E Desktop i FerfLogs 14 07 2009 04 20 File folder J Downloads L Program Files 23 07 2014 15 12 File folder E Recent Pl nee Program Files x86 23 07 2014 15 12 File folder 29 07 2014 12 16 File fold au Libraries a Se eee Or ile folder EB Docaienis A Users 22 07 2014 18 27 File folder al Music d Windows 23 07 2014 15 25 File folder Pictures z Videos jE Computer Ci Network We then share this folder out to the network by right clicking on it and selecting Share with specific people Organize Open Indudeinlibrary Share with New folder fil s SN Name Date modified Type Size A Desktop ah PerfLogs 14 07 2009 04 20 File folder Jf Downloads Ji Program
46. Policies C Preferences E y User Configuration E Policies C Software Settings El Windows Settings Soipts Logon Logoff Security Settings El Folder Redirection AppData Roaming Desktop Start Menu Documents Pictures Music Videos Favorites Contacts Downloads Links Searches Saved Games Policy based Qos aa Internet Explorer Maintenance C Administrative Templates C Preferences H Computer Configuration i User Configuration Select an item to view its description 5 Extended A Standard Opens the properties dialog box for the current selection GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then define the settings for the folder redirection of the Documents folder Under the Target Tab in the Settings dropdown menu we select Basic Redirect everyone s folders to the same location In the Root Path box we click Browse For Target folder location we select Create a folder for each user under the root path This means that a folder will be created for each individual computer user to which this GPO is applied Target Settings Ee You can specify the location of the Documents folder setting Basic Redirect everyone s folder to the same location This folder will be redirected to the specified location Target folder location Create a folder for each user under the root path
47. Reply from 192 168 89 21 bytes 32 time 1lms TTL 129 Reply from 192 168 686 221 bytes 32 timetims TTL 128 Reply from 192 168 80 21 bytes 32 time lt ims TTL 129 Reply from 172 166 6 21 bytes 32 time lt ims TTL 128 Ping statistics for 192 168 60 21 Packets Sent 4 Received 4 Lost B Cx loss gt Tao a DOWI CE LP C LNIG LIT Pett e a r lia Minimum ms Maximum ims Average Pms C Users Administrator gt _ GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 5 Part B Task B e Please configure the following Forest settings e Server is to be a Domain Controller of a tree called MSCCONV IPA e Client 1 is to be a workstation member of MSCCONV IPA e Server2 is to be setup as a second domain controller of MSCCONV IPA e MS Core is to be a member server of MSCCONV IPA 5 1 Preamble Servers within a domain are set up as either a member server or a domain controller DC A domain controller is a server on the domain network that controls host access to Windows domain resources Domain controllers in a network are commonly described as the centrepiece of the Active Directory Service The domain controller stores user account information global catalog authenticates users and enforces security policy for a Windows domain Microsoft recommend the use of more than one domain controller in a domain so that a domain can continue to function if a
48. TCP IP settings However automatically assigned IP addresses are subject to change and so in order to ensure reliable communication between nodes on a network we use Static IP addresses In order to assign a Static IP address we must fist ensure that the address we wish to assign is not in the DHCP range of addresses that may be automatically assigned and avoid the risk of an IP address being assigned statically and dynaically IP address conflict will also ensue if we attempt to assign an IP address that has already been assigned to another computer 4 3 4 1 Step 1 Assign Static IP Addresses to Serverl and Server2 To statically assign an IP address on either of our Windows Server 2008 R Datacentre Full Installation machines we firstly select Configure networking from the Initial Configuration Tasks window Alternatively we can search for View Network Connections from the start menu to open the same window and this is how the window is accessed from our windows 7 client machines cm Perform the folowing tasks to configure this server Ry Windows Server 2008 2 Datacenter lal Specifying computer information A Activate Windows Product ID Not activated Set time zone Time Fone UTC Dublin Edinburgh Lisbon London Local Area Connection Pv4 address assigned by DHCP Pv5 enabled Full Computer Name Server Workgroup WORKGROLP 2 Update This Server a Updating your Windows server ua Enable automatic updati
49. We then restart the technician computer by pressing the CTRL ALT DEL keys To boot from the CD DVD ROM disc we override the boot order by pressing the appropriate function key during initial boot and setting boot from CD DVD as the initial boot location Windows 7 Setup Setup exe will now begin automatically By default Windows Setup will search the root directory of all removable media for an answer file called Autounattend xml however as VMWare Workstation doesn t recognise USB drives at boot time it is necessary to press shift Fl10 to open a command prompt from where we enter setup exe unattend lt thePathToOurUSBDrive gt after which Setup will continue using the configuration settings from our answer file When our installation using the answer file is complete the computer will reboot to audit mode Audit mode is the stage of Windows Setup that enables a user to quickly boot to the desktop install additional applications and device drivers and test the installation We next use the sysprep command with the generalize option to remove hardware specific information from the Windows installation and the oobe option to configure the computer to boot to Windows Welcome upon the next restart so that the computer is prepared for the end user Windows Welcome does not run in audit mode but it will run the next time the computer restarts once we have run the sysprep command with the oobe option Windows Welcome also known as
50. a Virtual Machine Document the process of Implementing Bitlocker in the form of a user instruction manual During the process outline any options and or requirements which must be met in order to setup same 3 1 Preamble Windows BitLocker Drive Encryption is a security feature that provides data protection for a computer by encrypting all data stored on the Windows operating system volume We define a volume as consisting of one or more partitions on one or more hard disks BitLocker works with simple volumes where one volume is one partition For best security BitLocker uses a Trusted Platform Module TPM to help protect the Windows operating system and user data and helps to ensure that a computer if lost or stolen or even left unattended cannot be tampered with A Trusted Platform Module TPM is a microchip that is built into a computer and used to store cryptographic information such as encryption keys Information stored on the TPM is generally more secure from external software attacks and physical theft BitLocker can also be used without a TPM by changing the default behavior of the BitLocker setup wizard using Group Policy When BitLocker is used without a TPM the required encryption keys are stored on a USB flash drive that must be presented to unlock the data stored on a volume 3 1 1 How BitLocker Drive Encryption Works BitLocker Drive Encryption protects data by encrypting the entire Windows operating system
51. and reference computer then while the reference computer is booted with WinPE then the two computers are in different subnets and cannot communicate Therefore on our reference computer at the command prompt we type netsh int ip set address local static 192 108 00 42 255 255 255 0 This sets a static IP address to the reference computer in PE mode that is in the same ipv4 address range as our technician computer facilitating communication between the two Following this we mount the Share folder as a drive on the reference computer at the command prompt we type net use N lt ComputerName gt lt PathToSharedFolder gt lt password gt user lt userName gt in our case this is net use N WIN QFC9RD5SACBR Users Lenovo Desktop Share Pa w0rd user Lenovo We then change the current drive to the new mounted drive by typing N The next step is to create a new folder called Images within the new drive by typing md Images Finally we copy the captured image to our newly created folder by typing copy C myimage wim N Images isa C Windows system32 cmd exe copy C myimage wim Ni Images os ES c Wsers reference gt net use N WIN QFCORDSACBR Users Lenovo DesktopsShare Pa w Hrd user Lenovo The command completed successfully Co cers reference gt M N omd Images His gt copy Co nyimage wim Nis mages We now have an image of our reference installation and we can
52. and user20 e Users are not to change their passwords at first login and are to have 24 hour logins enabled Monday to Friday only 7 1 Preamble According to Microsoft the Active Directory Domain Services role allows us to create a scalable secure and manageable infrastructure for user and resource management Simply described it centralise network management so that most administrative tasks can be implemented and controlled from one of the Active Directory Domain Controllers These tasks can also be applied to the whole network at once rather than having to be applied on each individual AD member as we will illustrate hereunder An organisational unit OU is a subdivision within an Active Directory An organisational unit is a logical container into which users groups computers and other OUs can be placed One of the benefits of An Active Directory OU structure is often cited as being that it can reflect the logical structure of an organisation by modelling the organisational chart depicting employees and their respective departments Organisational units are created to configure objects within the organisational unit and delegate administrative control An OU is the smallest unit to which a Group Policy can be linked or over which administrative authority can be delegated The configuration and implementation of Group Policies in Active Directory is described in Section 8 Part B Task E below The main GUI for ad
53. by right clicking on the IPA OU and selecting Link An Existing GPO Hep gee Fie e ol ie Hig Se okey nganani GPO ClientiDocForward E Forest MSCCORV TPA A Domains ope Cetate Setinge Cesgation en ea linkre Create a GFO in tha domain and Ure t nere E r ee vo Ss El Ae merre lca damaira and OUs are inkee to tha GPO mq Group Policy Modeling Wizard Erforced Link Enabled Path te New Ongertieclignie Uril JPA Yea iio MSCCONVIFA E Search changa Domalr Controller Remove Active Directory Users aid Computers ae Rew Window fram 4er his GFU car cny apply te ihe olewing groups users aid computers _ ReTes eee MSCOCNVACLIENTI m 2 Prenarties AEs ar ie Sor Hep Add Ramove Fropertise WMI Filtering This GPO is linked bo bre halaerrng WMI ilea ananas per Togale blocs nherltence We are then given the list of currently existing GPOs and we select the GPO_Client1 DocForward GPO that we have created Select GPO i Xx Look in this domain MSCCONV IPA r Group Policy objects GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 8 2 3 3 Step 3 Define Group Policy Settings From the GPM snap in we right click on the GPO_Client DocForward GPO and click Edit E Group Policy Management ai File Action View Window Help e H FIG e Ralb a a Group olicy
54. credentials to use for authorizing this DHCP server in AD DS Network Connection Bindings IPv4 DNS Settings Use current credentials IPv4 WINS Settings The credentials of the current user will be used to authorize this DHCP server in AD DS DHCP Scopes User Name MSCCONV Administrator DHCP v6 Stateless Mode IPv6 DNS Settings DHCP Server Authorization ie alternate oedentak Confirmation Spedfy domain administrator credentials for authorizing this DHCP server in AD DS Progress User Name Specify Results Skip authorization of this DHCP server in AD DS This DHCP server must be authorized in AD DS before it can service cients More about authorizing DHCP servers in AD DS GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We are then provided with a summary of roles role services and features which will be installed We click Install Add Roles Wizard Confirm Installation Selections Before You Begin To install the following roles role services or features click Install Server Roles G 1 informational message below DHCP Server Network Connection Bindings DHCP Server IPv4 DNS Settings Network Connection Bindings 192 168 0 22 IPv4 IPv4 DNS Settings IPv4 WINS Settings DNS Parent Domain MSCCONV IPA DHCP Scopes DNS Servers 127 0 0 1 192 168 0 21 WINS Servers None DHCP y Stateless Mod
55. document should be produced in a format which can be viewed in either Microsoft Word or Adobe Acrobat The document should be saved in the following naming format lastnameFirstinitial_sysmgmt xxx where xxx is the extension of the document used If your name is John Smith and the document is in Acrobat Reader than this document should be named as follows GARRETT COLEMAN STUDENT NO 96344598 216 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 smithJ_sysmgmt pdf e Submission The artefact documentation should be provided in soft copy format only The Assignment artefact is to be submitted via a dropbox link which should be emailed to both training tombrett ie and ckelly ipa ie e Deadline The deadline for the assignment submission of both parts A and B of this assignment is Monday 4 th August at 1600 hours e Penalties Any late submissions will be subject to a penalty of 3 marks per day accountable from the submission deadline date and time Penalties will also be applied for incorrect naming and submission of the assignment accordingly Please ensure that your name and student number is on the cover page of the documentation Assignment Details Task Al Using Virtual Machines to mimic the use of Physical Machines document and Install Microsoft Windows 7 using the Lite Touch Installation LTI method Task A2 Microsoft Windows offers the ability to enforce full drive encryption
56. domain controller NET Framework 3 5 1 Features NET Framework 3 5 1 Print e mail or save this information lt Previous Next gt Cancel The Installation Results window confirms the successful installation of our specific server roles and features Add Roles Wizard iS x Installation Results i Before You Begin The following roles role services or features were installed successfully Server Roles iD Llwarning 1 informational messages below Active Directory Domain Services 2 Confirmation b Windows automatic updating is not enabled To ensure that your newly installed role or feature is automatically updated turn on Windows Update in Control Panel Progress Active Directory Domain Services Installation succeeded The following role services were installed Active Directory Domain Controller m Use the Active Directory Domain Services Installation Wizard dcpromo exe to make the server a fully functional domain controller Close this wizard and launch the Active Directory Domain Services Installation Wizard depromo exe NET Framework 3 5 1 Features Installation succeeded The following features were installed NET Framework 3 5 1 Print e mail or save the installation report Previous Next gt Close i ance GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Following thi
57. domain controller fails or must be disconnected A second domain controller can also be used as a means of balancing the workload of a network We will be setting up Server2 as a second domain controller in our domain Another type of domain controller worth noting is a Read Only Domain Controller RODC The RODC hosts read only parts of the Active Directory database A RODC can only receive replicated data from other domain controllers and cannot initiate any replication RODC s are typically used in satellite locations of an organisation where access to Active Directory is required but the security around the server is less secure Active Directory can be made up of multiple domains called trees A tree is a collection of domains with a common namespace such as guinness diageo local and baileys diageo local The entire container within Active Directory is called a Forest which is a group of one or more domains When setting up a domain controller we must specify a Fully Qualified Domain Name FQDN If this is the very first domain in the forest it is referred to as the forest root domain An FQDN has two elements the first being the name of the network such as in our case MSCONV and the second part is referred to as a top level domain Examples of top level domains are com net etc However in Active Directory a valid top level domain is not required The most commonly used one is local however we will be using IPA When
58. e Windows 8 1 Professional Edition e Windows 8 1 Enterprise Edition e Windows Server 2012 e Windows Server 2008 R2 e Windows Server 2008 e Windows 7 Enterprise Edition e Windows 7 Ultimate Edition e Windows Vista Enterprise Edition e Windows Vista Ultimate Edition GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 3 2 2 System Configuration In order to enable BitLocker drive encryption the system must be configured as follows e The computer must either have a TPM of version 1 2 or higher or a removable USB memory device such as a USB flash drive If the computer doesn t have TPM version 1 2 or higher BitLocker will store its key on the flash drive e The computer must have at least two partitions One partition must include the drive Windows is installed on which is the drive that BitLocker will encrypt The other partition is the active partition which must remain unencrypted so that the computer can be started e The system must be formatted with the NTFS file system e The BIOS must be compatible with TPM and the computer must support USB devices during computer startup 3 3 Procedure In an enterprise environment BitLocker drive encryption would typically be implemented on the system drive of a computer with a TPM chip built onto its motherboard However as noted above it is still possible though not as secure to enable BitLocker drive encryption on
59. gi Tarei Dann Py faz Defeult Domain Policy Yes Enabled Nore 2307 2 MSCCO ji GPO _BlockZontrolPanel ia H GPC Client 1DecForward Yes Enabled None 29 07 2 MSCCO E oes sig GPC_Block Yes Enabled None 29 07 2 _ MSCCO ll PublishMSI Enabled E Domein Controllers E IPA E iis Group Policy Obrects E Defaul Domain Controlers E Defaul Domain Policy E GO_BockControPane E GO_ClentiDocFarward I P iblishMsT T WMI Filters CE Starter GPUs Sites E Group Policy Modeing Ei Group Policy Results We can then log on to the client machine as one of the Dublin OU users We search for Add or remove programs in the search bar on the start menu and then open Add or remove programs a Client VMware Workstation A EA File Edt View WM Tabs Help 3 oe mw A o Home lt E Server 2 k j Sevei GiMStoe i dienti Control Panel 22 a Scan a document or picture E Show or hide commen icons on the desktop Turn automatic updating on or off E Turm Windows features on or off amp Enable or disable sessron cookies amp Turn autocomplete m internet Explorer on or off L Lock of unlock the taskbar UL Turn toolbars on the taskbar on or off I Show or hide clock icon on the taskbar Tum High Contrast on or off ri Tum Magnifier on or aff Turn On Screen keyboard on or eff Change keyboards or other input methods lg Start or stop using autoplay for all media and devices wi Add gadgets to the d
60. in this GPO can only appy to the following groups users and computers Reine Foapeilies WMI Filtcring This SPO ia Inked tothe following WMI fiter We type the G_ITBelfast group name and click Check Names The group name appears underlined once it has been found and we click OK f Select User Computer or Group Select this abject type User Group or Buitin security principal Object Types From this location MSCCONV IFA Check Names GARRETT COLEMAN STUDENT NO 96344598 175 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then select the default Authenticated Users group and click Remove J Group Policy Management i File Acton View Wincow Help JF 9 aml eH m l Group Policy Management E Ay Forest MSCCONV IPA 4 Domains GPO _BlockControlPanel Scope Details Settings Celegation Gej MSCCONV IPA Links SE Default Domain Policy Display inks in this location ja GPO_DlockContrdParel MSCCONV PA E GPO_Client1NacForward The following sites domains end OUs are linked to this GPO Link Enabled ej MSCCONVIPA Yes Yes MSCCONW IPA Publ shMs1 Domain Controllers m E IPA E Group Policy Sbhjecte IE Default Coman Controllers E Default Coman Policy Z GPO_BlockCortroPanel Sf GPO_ClientiDoc arward E PublishMsI T5 WMI Filters a Starter GPOs m f amp Sites cee Group Policy Modeling 2 Group P
61. logging on to Client as userl2 one of the users in the Belfast OU We can see that the Control Panel is not available from the start menu Client VMware Workstation es sae i APS Viewer _ a Windows Fax and Scan Default Programs J l Remote Desktop Connection Help and Support e Magnifier PAN Programe Search programs and files ET i B EE Se a Bld Pha IaM To retum to your computer move the mouse pointer outside or press Ctrlv Alt We can then do a search for Control Panel and click on the Control Panel search result o _Client1 VMware Workstation E Ele Edt View WM Tabs Help 2l Bodl MoE amp hilo Ri Home x server x server gt i Ms core X j cients Programs 1 EF Control Panel 2 See more results ae 820 BM E LE mE 7 29 2018 ee ELLONE To direct input to this VM move the mouse pointer inside or press CtrleG GARRETT COLEMAN STUDENT NO 96344598 177 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 A message is then generated advising that the operation has been cancelled due to restrictions in effect on the computer Client VMware Workstation oe Fie Edt View WM Tabs Help Hre D OOG DOE amp iio Serveri MSore F Ciemi ime x sever x M E U CG i KE a miei be This operatio
62. more files on the host file system which will appear as a single hard disk to the quest operating system Virtual disks can easily be copied or moved on the same host or between hosts Use an existing virtual disk Choose this option to reuse a previously configured disk 6 Use a physical disk for advanced users Choose this option to give the virtual machine direct access to a local hard disk h We select create a new virtual disk and click next to move to the next step New Virtual Machine Wizard Ready to Create Virtual Machine Click Finish to create the virtual machine and start installing Windows 7 x64 and then VMware Tools The virtual machine will be created with the following settings Name Windows 7 x64 a Location C Users Lenovo Documents Virtual Machines Win Version Workstation 9 0 Operating Syst Windows 7 x64 Hard Disk 60 GB Split Pre allocated Memory 1500 ME lt Customize Hardware Power on this virtual machine after creation lt Back Frish Cancel Before we click finish to finish the wizard setup we click on customise hardware GARRETT COLEMAN STUDENT NO 96344598 225 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Hardware e a Device status Device Summary i Memory 1 568 d Processors 2 My Mew CO DOVD Using file C GarrettColeman Auto detect Fl Network Adapter NAT Use physical drive dh S
63. ms05 MinimumPassword ge Syntax Duration Description Minimum Password Age for user accounts Value 200 00 00 coed Heb We set the maximum password age to 30 days Create Object Attribute msDS MaximumPasswordaAge syntax Duration Description Maximum Password Age for user accounts Value 30 00 00 00 cot oee 143 GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We set the lockout threshold to 3 such that 3 incorrect login attempts will be allowed before the account is locked Create Object x Attribute msOS LockoutThreshald syntax Integer Description Lockout threshold for lockout of user accounts Value 3 coed eb We set the Lockout Observation Window that determines for how long incorrect logon attempts are remembered to 30 minutes ar a Create Object X Attribute msDS LockoutObservation Window syntaxi Duration Description Observation Window for lockout of user accounts Value esa GARRETT COLEMAN STUDENT NO 96344598 Eo SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We set the Lockout duration for locked out users to 30 minutes i Create Object Ei KI Attribute msDS LockoutDuration Syntax Duration Description Lockout duration for locked out user accounts Value 0 00 30 00 lt Back
64. of the two users in the Belfast OU and click OK Multiple Names Found x More than one object matches the following object name user Select an object from this list or to reenter the name click Cancel Matching names user MSCCONVIPA I F user 10 useri MSCCONVIPAYT Aa user 1 user 1 MSCCONV IPAYT a userl userl2 MSCCONV IPA user13 MSCCONV IPA user user MSCCONV IPAA user3 user3 MSCCONV IPM F user userd MSCCONV IPAL F user5 user5 MSCCONV IPA users users MSCCONV IPAMI a GARRETT COLEMAN STUDENT NO 96344598 172 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Userl3 has now been selected These groups and users have the specified penission for this GPO Select User Computer or Group Select this object type User Group or Built in security principal From this location MSCCONV IPA Locations Hotel ine oblect name to sajari lera user13 user 3 MSCCONVIPA We can then select the permissions we want to grant to this user and we use the default permission of Read and click OK Add Group or User S x Group or user name MSCCONVuser13 Browse Permissi ons Read hi ae From the GPM snap in we then select the user we have just added and click Advanced E Group Policy Nanagement File Action View Window Help s oie a Group Policy Management GPO _BlockContr
65. ous Update fett inga Hiload and Instali Updates 3 ite Desktop etwork fett mos t Date and T are iB L g OFF User Restart ferver To retum to your computer move the mouse pointer outside or press Ciri AR 2 mat amp Da GARRETT COLEMAN STUDENT NO 96344598 Eo SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 a Client2 VMware Workstation 4 Fie Edt View WM Tabs Help Bri td vod Owe amp iio Home i Servera F Server 1 Ep M5 Core Bi cent Fj hiema To rum to your computer move the mouse pointer outside or press Ctr AR a E Ar Ta dh i E GARRETT COLEMAN STUDENT NO 96344598 192 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 10 Part B Task G e Install DHCP on Server2 with the scope 192 168 0 100 to 192 168 0 150 default mask and appropriate DNS address Configure Client2 to obtain its address and TCP IP settings from DHCP e If you disable DHCP services what address will Client2 get 10 1 Preamble The Dynamic Host Configuration Protocol DHCP is a TCP IP protocol that is used to configure nodes connected to each other on a network Nodes are assigned an IP address by the DHCP server giving them a unique address on the network for communication purposes The IP address they are given is determined by the class of network they are connected to and the scope that the DHCP server has been assigned The main benefit of usin
66. to as the reference computer is created with no operating system installed on it This is the computer where we will install a customized installation using the Windows 7 iso file and an answer file Once installed we will capture and store an image of the installation on a network share e Network connectivity between the technician and reference computers http technet microsoft com en us library dd349348 v ws 10 aspx Accessed July 1 2014 i http go microsoft com fwlink Linkld 136976 Accessed July 1 2014 GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 2 3 Procedure 2 3 1 Step 1 Installation of the Windows Automated Installation Kit Windows AIK Firstly using our technician computer we download the Windows AIK from Microsoft s website B Qewnload Tac Wincows 4 O GE wewsricrosott com en ie download contimation aspx7id 5753 By using lhis sile you agree bo the use of cookies for analylics personalsed content and ads pra Shee a Learn more x EE Microsoft Download Center Products SUpcort Thank You tor Downloading The Windows Automated Installation Kit AIK for Windows 7 F your downoad goes not start ater 30 seconds click this Ink Click here G lnstrinctiars FT p KOAKINiso 0 07 GD 19 mins let osnowel downloads a IHE a Be Tp ml TEJ 05 06 2004 After the download has complet
67. virtual hard disk Click Edit Virtual Machine Settings a bitlocker win VMware Workstation File Edit View VM Tabs Help gt 2l odiIonE AlO jp Home EH technician computer x reference computer E g coleman win ED bitlocker win BN bitlocker win7 Devices m Memory 2 GB J Processors gA Hard Disk SCSI 69 GB 3 Hard Disk 2 SCSI y CD DVD IDE Auto detect Floppy Auto detect TE Network Adapter NAT USE Controller Present dfi Sound Card Auto detect g Printer Present Display Auto detect Description Type here to enter a description of this virtual machine Virlual Machine Delails State Powered off Configuration file C Uses Garrett MSc Comp Sci IPA S3 Systems Management 3 Projyect VMs bitlocker win vwmx Hardware compatibility Workstation 9 0 virtual machine GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Highlight Hard Disk and click Add Virtual Machine Settings Hardware Options be Device Summary gee fl Memory 1 5 GB J Processors 1 Hard Disk SCSI 60 GB Capacity My CD DVD IDE Auto detect Current size 13 6 GB Fig Network Adapter Bridged Automatic System free 420 7 GB USB Controller Present Mim ee gh Sound Card Auto detect Printer Present Disk information E Display Auto detect Disk space is not preallocated for this hard disk Hard disk con
68. we added will now be present in the Windows SIM Answer File pane as shown below Autounattend cd Xm w Mind ows Sy TET em vIn 12 FC fh Wie nager File Edit TEF Tools Help jS Abd Ox i BO 3 aD TETI Micosoit Windowa a ts 5 amd64_Microsoft Windows Ee amd64_ Microsoft Windows ee amd64_Microsoft Windows fs gt amd 64_Microsoft Windows fee i amd64_ Microsoft Windows coy i amd64 Microsott Windows ia S amd64_Microsoft Windows dee amd64_ Microsoft Windows cee amd64_Microsoft Windows beat fy amd64_Microsoft Windows be amd64_ Microsoft Windows is amd64_Microsoft Windows sat fi amd64_Microsoft Windows dean 0 amd64_ Microsoft Windows 3 amd64_Microsoft Windows J ComplianceCheck A Diagnostics DiskConfiguration e rm Disk 5 CreatePartitions S Create Partit g ModifyFartitions a Display fT Dynamic Update f Imagelnstall J PageFile H 1 9 RunAsynchronous Auto unattend rE Components ie aly 1 windowsPE a 9 amd64_Microsoft Windows Intemational Core WinPE_neutral F Setup UILanguage 4 aa amd64_ Microsoft Windows Setup_neutral a Disk Configuration a g Disk DiskID 0 7 ie Create Partitions deen fl Create Partition Order 1 be CreatePartition Order 2 J ModityPartitions g E Imagelnstall OSimage E InstallTo EI UserData J ProductKey ay 2 offline Servicing lll 3 generalize all 4 specialize lll 5 a
69. we want to delete and then right click it and select Delete Active Directory Users and Computers File Action View Help e9 m ORO sSs BR BRT ae Active Directory Users and Comput Aere __ Type_Lp Type dae __ Description E Saved Queries E SERVER 1 Computer Default First Site Name El MSCCONY IPA SERVE GC Default First Site Wame C Builtin Add to a group C Computers Reset Account S Domain Controllers Move C ForeignSecurityPrincpals Manage E IPA rr 5 a C Managed Service Accounts All Tasks C Users Cut Properties Help PIL gt Deletes the current selection a GARRETT COLEMAN STUDENT NO 96344598 208 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 A warning message is then displayed advising that the best method to delete a domain controller is by using DCPROMO As we are theoretically dealing with a server that is unbootable this is the only method you have of deleting the domain controller from the domain We tick the checkbox for This Domain Controller is permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard DCPROMO and then click Delete Deleting Domain Controller E x Warning You are attempting to delete a Domain Controller from Active Directory Domain Ab Services without using the Active Directory Installation Wizard DCPromo To properly i remove the Domain Controller
70. 13 2014 pal oe GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then open Windows SIM by clicking click Start All Programs Microsoft Windows AIK and then Windows System Image Manager i Default Programs Be Desktop Gadget Gallery Internet Explorer 64 bit Internet Explorer amp Windows Anytime Upgrade Lenovo ka Windows Fax and Scan Ef Windows Update lt a XPS Viewer d Accessones Documents Pictures PATEE Music i Games d Maintenance TE wan puter E VPocumentation Control Panel AN IT A 2 d Startup Devices and Printers Default Programs Help and Support On the Windows SIM file menu we click Select Windows Image In the Select a Windows Image dialog box we navigate to the desktop where we saved Install wim above and then click Open Fii ot pE E E OF DEE E wo igi GARRETT COLEMAN STUDENT NO 96344598 Bo SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We are then prompted to select an image we choose the Windows image that we want to install and then click OK At the prompt to create a catalog file we click Yes to generate the file E Windows System Imege Manager Tile dit Inset Tools I lelp E o E E EECA Seleri a sinh tian Share Ereren open an arenerfle Widows yan Image Mace zaj The catalog f
71. 344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL We then copy the image from the Share folder on the technician computer to the hard drive of the destination computer by typing copy N Images myimage wim C 1 filets copied 4 windows system32 gt a windows s ystem32 gt in windows system32 gt n Windows systemi gt Following this we apply the image to the hard drive by using the ImageX tool located on our Windows PE media by typing E imagex exe apply C myimage wim 1 C B x n Windows system32 gt E imnagex exe apply Cisxmyimage wim i CG Image Tool for Windows Copyright lt C Microsoft Corp All rights reserved Version 6 1 7608 16385 L 186 J Applying progress Successfully applied image Total elapsed time 6 min f sec Finally we use BCDboot to initialize the Boot Configuration Data BCD store and copy boot environment files to the system partition We effect this by typing C windows system32 bcdboot C windows BX windows system32 gt C windows system32 bedboot Cr windows Boot Files successfully created gt Windows systemi2 gt m Success Our custom image is now deployed onto the destination computer and it is ready for use GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 3 Part A Task A2 Microsoft Windows offers the ability to enforce full drive encryption using
72. 7 2 3 Subtask 3 Set Logon Hours for USELSS cccesececeeseeeeeseeeeeseeeeaseeeeaneeetageeetaneeeeagenees 122 8 P BE ects E E E E E nde 124 8 1 Prea O EEE EEEE E EE EEE EE 124 8 2 PrO ECOUTE cenaa E E E 125 8 2 1 Subtask T Group Users in ach OU cccccucucexemanadantaduceamaed 125 8 2 2 Subtask 2 Prevent users in Marketing OU from being able to see IT OU 154 8 2 3 Subtask 3 Folder Redirection Group Policy Object GPO ssssesesessneseeneennerrnnnnns 159 8 2 4 Subtask 4 Prohibit Control Panel Access Group Policy Object cceeeeeeees 170 8 2 5 Subtask 5 MSI File Publishing Group Policy Object cccccccsseeeeeeeeeeeeeeaeeeeaees 179 9 Pal aS Fare ert neo en ee ee ee ees 186 9 1 PI GUID C aoa E E 186 9 2 Pro SCM sce ce cece ci ec ie ii ci eine tw oe ie vse we ise va E reise E E 186 9 2 1 Subtask 1 Set Up MS Core Server as a Files Server ccccceseceeeseeeseceeeeseeeveaeeeases 186 9 2 2 Subtask 2 Configure MS Core for Windows Remote Administration 188 9 2 3 Subtask 3 Access MS Core from Client2 Using Remote Desktop ccceee 189 IO Pa BS Si ea 193 OA PAIN OS eee reise espera reise sare eet reise ee retreive reise ee re elon oeise vere eeloe aise E ere e pepe EE 193 TO PO CC II eee EE E EEE EEEE EEE 193 10 2 1 Subtask 1 Install DHCP on Server 2 ccccceccccseseecesseecceeeceaeeeesaeeessaueessageessaseessaes 193 10 2 2 Subtask 2 Configure Client2 to obtain address amp T
73. A the local host address for Server2 127 0 0 1 which is used as out preferred DNS Server and the IP address of Server which will be used as the alternate DNS server Before You Begin When cients obtain an IP address from the DHCP server they can be given DHCP options such as the IP Server Roles addresses of DNS servers and the parent domain name The settings you provide here will be applied to cients DHCP Server satus Specify the name of the parent domain that cients will use for name resolution This domain will be used for all Network Connection Bindings scopes you create on this DHCP server IPv4 DNS Settings IPv4 WINS Settings Parent domain DHEP Scopes DHCP v6 Stateless Mode Specify the IP addresses of the DNS servers that cients will use for name resolution These DNS servers will be IPv6 DNS Settings used for all scopes you create on this DHCP server DHCP Server Authorization Preferred DNS server IPv4 address Confirmation Progress valid Results Alternate DNS server IPv4 address Validate More about DNS server settings lt Previous Next gt Cancel As WINS server settings are not required for our configuration we tick this radio box and click Next Add Roles Wizard Ps X be Specify IPv4 WINS Server Settings Before You Begin When cients obtain an IP address from the DHCP server they can be given DHCP options such as the IP ad
74. ARRETT COLEMAN STUDENT NO 96344598 188 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 The server configuration tool is then launched from where we type 7 for Remote Desktop which is disabled by default We then type e to enable Remote Desktop We then type 2 to enable Remote Desktop for clients running any version of Remote Desktop We then see a window confirming that Remote Desktop has been enabled J MS Core VMware Workstation 0 Fie Edt View WM Tabs Help at Foza Tr i a ow A p O Home Gi Server 2 P Server t Ej MS Core Ei Cents F chent Dasebled p OV Se Pee it to Command Line a number to felect an optio or Disable Remote Des ktnp CAlank Gance ow only clients running Renote Desktop with Metwork Level Authentication Becure low cliente running any version of Hemote Desktop lets fecure Enter select ion Enabling Hemote Desktop mabe Desktop Slemabe Desktop enabled for cients rumning any versian of Remobe Desktop Jess secure To ntum to your computer press Cit Alt at Ta dh 9 2 3 Subtask 3 Access MS Core from Client2 Using Remote Desktop To access MS Core remotely we will need to know its IP address which can be found from the MS Core command line by typing ipconfig From the Client machine we search for Remote Desktop Connection on the Start menu and then open Remote Desktop Connection Client2 VMware Workstation a
75. CP IP settings from DHCP 202 10 2 3 Subtask 3 Disable DHCP Services amp Confirm Address Assigned to Client2 204 i EB AS Ea eee pac E i ie ein vate spe ea eisai espa ge vpn velge veloc ereiseloe reise reieeoesenedeedeen 208 FET IPROAINIDIC e E E E E E E E E 208 EZ Proc c dU aeea a a E T 208 11 2 1 Subtask 1 Decommissioning Server2 from the Active DirectOry ccceeeeeeee 208 11 2 2 Subtask 2 Deleting Domain Controller using dcpromo if Server is Bootable 209 GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 APPENDIX A RE TENCE eee eee ne eee enn ees eve SP eke ReneS HPS en er SPER tide te ts eee Rhy PRES On RE tres en ere OAT 215 Appendix B Assignment Details Part A cccccccssecsseesceeeeeeeeeeetaeeeaneeeeeeeeeeaeetaneseueeeaeengestaeesaeess 216 Appendix C Assignment Details Part B nnccrcee eee eee ee eee eee ei eae 218 Appendix D Creation of a Virtual Machine amp Installation of Windows 7 Pro OS 00eeee 221 GARRETT COLEMAN STUDENT NO 96344598 B SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 l Introduction This document is a professional user s manual that follows a series of practical tasks set by the Institute of Public Administration as the module assignment associated with the Systems Management module of the Masters in Computer Science Conversion 2013 2014 at University C
76. Components BitLocker Drive Encryption Operating System Drives and then double click on require additional authentication at startup Local Group Policy r i mm ia eS ie es oe a eee a i File Acton View Help H i Berl T a Windows Components O Acted Installer Service E Application Compatibility AutoPlay Policies b Backup O Biornetics i Require aoc csuon a a BitLocker Drive Encryption Ej Aourenhanced PINs for Startup E Fired Data Drives E Configure minimum PMN length for startup Pr Operating System Drives IE Choose how BitLocker protected operating system dives ca Removable Data Dryer i Ei Configure TPM platform validation profile Credential User Interface Desktop Gadgets b E Desktop Window Manager C Digital Locker C Event Forwarding b E Event Log Service Event Viewer C Game Explorer O HomeGroup b O Internet Explorer C Internet Information Senaces E Location and Sensors dii m J t Extended 4 Standard GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We click the radio button to enable the policy and tick the option to Allow BitLocker without a compatible TPM Require additonal suthentcateon af startup Net Cenfigured Comment oo Supported Ori Windows 7 Farnily Helpe 7 Allow BitLocker without a compatible TPM This policy setting allows you to configure whe
77. Control Protocal Intemet Protocol The default wide area network protocol that provides communication across diverse interconnected networks GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then select the Use the following IP address radio button which allows us to enter the IP address we wish to use for this machine along with the Subnet mask As we are using a private network there is no need to enter a default gateway address Internet Protocol Version 4 TCP TPv4 3p ap jes a x General You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically Use the following IP address IP address 192 168 O 21 Subnet mask bss 255 255 0 Default gateway t ea en a ee ee pa es Pe a Be DIGG wa Server age ress automaticaly rs Use the following DNS server addresses Preferred DNS server Alternate DNS server z validate settings upon exit Advanced From the command line on Server we type ipconfig to confirm that the IP address has been assigned successfully w Administrator Command Prompt Co NUsers Administrator gt ipconfig Hlindows IP C
78. Core W Clienti ie Centa gt J 40FD B 748 DAR9 34Fi166D3 gt Redia disconnecte Paea Pry ta ooa G e gt i As r To return to your computer move the mouse pointer outside or press Ctri Alt pe fy l GARRETT COLEMAN STUDENT NO 96344598 207 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 11 Part B Task H e Decommission Server 2 from the Active Directory system using a method which would be used if the server became unbootable 11 1 Preamble If a domain controller becomes unbootable or is disposed of it is then necessary to remove the system from Active Directory In normal circumstances a domain controller is removed from Active Directory by running DCPROMO directly from the domain controller server However this user manual describes a scenario where the system is unbootable and so the the system is removed via Serverl If however Server2 were to ever becomes bootable again it would not be possible to remove Active Directory using DCPROMO and so an alternative method which involves using the forceremoval command in the command prompt is also described below 11 2 Procedure 11 2 1 Subtask 1 Decommissioning Server2 from the Active Directory If a server has become unbootable it is possible to delete a domain controller through Active Directory Users and Computers On Serverl within AD UC we select Domain Controllers under the domain select the DC that
79. D No Media B Unallocated I Primary partition GARRETT COLEMAN STUDENT NO 96344598 pe SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then initialise the disk as prompted Use the following partition style for the selected disks MER Master Boot Record GPT GUID Partition Table Note We pee ae eee all previous versions of Windows It is recommended for disks larger than ITB or disks used on Raniumbased computers We then right click the Unallocated space and select New Simple Volume to open the wizard which we follow to completion To store data on this partition you must format it first Choose whether you want to format this volume and so what settings you want to use Do not format this volume Format this volume with the following settings File system FAT Allocation unit size Defaut Volume label 7 Perform a quick format Enable file and folder compression GARRETT COLEMAN STUDENT NO 96344598 Eo SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 3 3 2 2 Step 2 Group Policy Settings In order to enable BitLocker without a TPM we run gpedit msc from the start menu Programs 1 gpedit a TES EEE Type Microsoft Common Console Document Size 143 KB Date modified 6 10 2009 9 47 PM P See more results We then navigate to Computer Configuration Administrative Templates Windows
80. DC IPA and then expand CN System and then double click CN Password Settings Container We can see any PSO objects that have been created in our domain iG gt Blas ADSI Edit El 5 MSCCONV IPA Server 1 MSCCONV IPA El DC MSCCONV DC IPA CN Builtin CN Computers OU Domain Controllers CN ForeignSecurityPrindpals OUS IPA CN LostAndFound CN Managed Service Accounts CN NTDS Quotas CN Program Data E CN System CN AdminSDHolder CN ComParttions CM ComParttionSets CN Default Domain Policy CN Dfs Configuraton CN DomainUpdates CN File Replication Service CN FileLinks C CN IP Security tings More Actions F BERERE C CN P5Ps CN RAS and IAS Servers Access Check P CN RpcServices CN WinsockServices 2 eee 2S GARRETT COLEMAN STUDENT NO 96344598 UER SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then right click CN Password Settings Container click New and then click Object id Server 1 Vidware Workstation E File Edit View WM Tabs Help B 3 0 Om e fo et Home x i Server 2 X Serveri Si Ms Core x E dena i Ciema Ano al am E ADSI Edit E E MSCCOMIPA Server 1 MScCONV IPA BS D be Msec0ny DC IPA F CN 8uien T CN Computers 2 Gl Dormain Controllers ON ForeignSecuribyPrindpels gt GusiPa SS CN Leat ndFourd ON Managed Service Accounts E CN NTDS Quotes 9 ON ragram Data E
81. Dlagrostics Get ay overview of the statue of the server perform top mansqemen taske and adc or remove server roer avd features i Con figirakon I Sterace l enhanced Security On tor Adninetrstorc aj vorfigrann E On for llsers ia Holes summary H Kalz tumrary Fep i Rakes Cho 7 irs alal ia Features Sammary Features Summary Helz Features 0 of 42instelled me Acd stres na kmo cates gt Resources and Support Rego_roes and Sucport Hele Hels make Windows lervcr acter by particpating n the Customer xpcricrec Improvement ig Palopa s in CoP Progran ica Report kaum to Microsoft acd get sclutiacs to common peshleme by fuming an Windies Crear BP ur on Wrdowe Error Reporting Repcrtinz p last Retes Today ac 140A Socfigee retes 12 http msdn microsoft com en us library aa362244 v vs 85 aspx Accessed July 18 2014 GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 The first page of the Add Roles Wizard requires us to confirm that certain steps have been completed such as the Administrator account having a strong password x Before You Begin Before You Bey Thie wizard helpe vou retal roles cn chic server You detecane and roles te netral caced on the ks vou Server Poler want this server to 2em coch sharing docunenw o hosting a wes dte Lon tmatcn Before you contenue en thot Frores The Azminiskstor acount hat
82. E Chasysten I OW sdminstHolder 3 CH ComPartitiors O O ComParthorSets F CNe Defadi Doman Policy H CN 04 Configuration Gi Domaniipdates J CN Fie Replication Service I CN Fielir s G chef Searity CN Meetings T Gi eMorosoftins 4 Passeord Setiings Conmtaine CN Polices D N P F CN RAS and 145 Servers Accea Check GheRpcServces 1 Ca WinsockSendces w IX jaf em aimam e i Ss ee ee n To direct input to this VM move the mouse pointer inside or press CtrleG In the Create Object dialog box under Select a class we click msDS PasswordSettings and then click Next Create Object Select a dass msOS PasswordSettngs GARRETT COLEMAN STUDENT NO 96344598 139 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 In Value we type the name of the new PSO and then click Next SUF aE el f Create Object l f Attribute in Syntax Unicode String Description Common Wame Value IPAPSO me o We then set the precedence of the PSO as 2 as we will subsequently create a higher precedence PSO Create Object E X Attribute msD5 Password5ettingsPrecedence Syntax Integer Description Password Settings Precedence coed Heb GARRETT COLEMAN STUDENT NO 96344598 pee SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then proceed to enter settings for the password policy in accordance with microsoft security
83. Files 23 07 2014 15 12 File folder E Recent Pl eee L Program Files x86 23 07 2014 15 12 File folder Libraries n User Docs 29 07 2014 12 16 File folder E Mrima d Users File folder a Music W Windows Share with T Nobo File folder Pictures Restore previous versions BE Videos Include in library eT tii Send to E j Computer 7 E Cut Ei Network Bt Create shortcut Delete Rename Properties File folder J User_Docs Date modifed 29 07 2014 12 16 GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then type Everyone into the name pane and click Add E File Sharing g O x J a Filesharing Choose people on your network to share with Type a name and then click Add or click the arrow to find someone Everyone Find people Administrator Read Write Y 8 Administrators Owner lel Share Cancel We can then select Everyone and select Read Write from the Permission Level dropdown menu and click Share File Sharing l Jol xj 3 File Sharing Choose people on your network to share with Type a name and then click Add or click the arrow to find someone Te Read Write Chwner By Share Cancel GARRETT COLEMAN STUDENT NO 96344598 pe SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then receive a notification that the folder has been shared giving
84. MENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 3 3 1 3 Step 3 If the TPM is not initialized the BitLocker setup wizard instructs us to remove any CDs DVDs or USB drives from the computer and restart the computer to begin the process of turning on the TPM We are either prompted to enable the TPM before the operating system boots or in some cases depending on the BIOS of the computer it may be necessary to navigate to the BIOS options and enable the TPM manually Once we confirm that we want the TPM enabled the operating system will start and the Initializing the TPM security hardware progress indicator will be displayed 3 3 1 4 Step 4 After the TPM is initialized the BitLocker setup wizard prompts us to choose how to store the recovery key from the following options e Save the recovery key to a USB flash drive e Save the recovery key to a file i e a network drive or other location e Print the recovery key For optimum security it is advisable to save the recovery key apart from the computer in our case we select to save it to a USB flash drive and follow the steps on the wizard accordingly The recovery key is required if the encrypted drive is moved to another computer or changes are made to the system startup information This recovery key is essential so best practice is to make additional copies of the key and store them in safe places that can be readily accessed to recover access to the drive 3 3
85. Management E Forest MSCCONWV IPA El Domains E gJ MSCCONV IPA tal Default Domain Policy am GPO BleckControlPanel aii GPO_Clienti3ocForward GPO_Client1DocForward Scepe Details Setings Uelegation Links Display links in this locatien MSCCONVIPA 0 O The following sites domains and OUs are Inked to his GPO fis PubishMS1 eal Domain Controllers Location Enforced Link Enabled Paih aaae ER IPA Ga MSCCONVIPA Yes Yes MSCCONM IPA El E Group Policy Objects Lf Detault Domain Controllers g Default Domain Policy 5 GPO_BlockContrelPanel egGPO_Clien Ej FPublshMsI o Se WMI Filtera C Starter GPOs Rarklip wr a tering s n this GPO can only apply to the following groups users and computers i 14 MSCCONVSCLIENT 15 B WS i Restore from Backup ft Group Bins Modeling Impor Settings Gz Group Policy Results Save Repert View F New Window fom Here ___ Remove OO motie Copy Delete linked to the following WMI filtar Rename ka F Refresh then Dektes the currant selection Help Under User Configuration we expand the Policies tree to Windows Folder Redirection Documents which we right click and select Properties EB Group Policy Management Editor E l2 olx Esnas HE 5 GPO_Client2DocForward SERVER1 MSCCONV IPA Policy E Mie We r e E Ea ALT VE ial El jl Computer Configuration
86. N 1SITTECAITKS Add Local Administrator itis Configure Remote Management gt Windows Update Settings Manual Download and Install Updates Remote Desktop Disabled Network Settings Date and Time i6 gt Log OFF User 11 gt Restart Server 12 gt Shut Down Server 13 gt Exit to Command Line Enter number to select an option 2 Computer Name Enter new computer name lt Blank Cancel gt MS Core_ GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 We are prompted to restart the computer to apply the changes re ae ee ee Acs ee utr ees A a e 2 1 Feo z 3 igs z O x Computer Name WIN 1LSTTECITKS Add Local Administrator Configure Remote Management Windows Update Settings Manual Download and Install Updates Remote Desktop Disabled Hetwork Settings Date and Time 10 Log OFF User 41 gt Restart Server 12 gt Shut Down Serve 13 gt Exit to Comman You must restart your computer to apply these changes Computer Name Enter new computer Changing Computer Once the computer has restarted by entering Server Configuration again we can see that the computer name has been changed as required Donain Workgroup norky reap WORKGROUP Computer Mame MS CORE Add Local Administrator Configure Remote Management Windows Update Sett
87. NMENT PROFESSIONAL USER S MANUAL July 30 2014 This process is repeated for all of the users specified in the brief Please note that as the user numbers in the brief did not correlate with the number of users required to be created user numbers were adjusted to match the number of users required We can see below that five users were created in the IPA OU called userl to userS if Active Directory Users and Computers z Active Directory Users and Comput Name O o me o Description ial Saved Queries E Marketing Organizational El gj MSCCONV IPA Organizational Builtin Computers E Domain Controllers ForeignSecurityPrincipals Managed Service Accounts User User User User User E Dublin E Belfast Three users were created in the Sales OU called user6 to user8 fj Active Directory Users and Computers oOo B ol x es m lE asl Hm BRE ToOR E Active Directory Users and Compu CJ Saved Queries El aj MSCCONV IPA ser Builtin amp users fad Computers Domain Controllers ForeignSecurityPrincipals Managed Service Accounts Users ad DA E Belfast T e eee GARRETT COLEMAN STUDENT NO 96344598 UAU SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Three users were created in the Dublin OU called user9 to userl11 Active Directory Users and Computers i H oj x E Active Directory Users and
88. OLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Once Virtual CloneDrive has been downloaded we launch the installation using the exe file that we have downloaded following the steps on the installation wizard ae A ACOR AER Space avallable SGb Space required 3MB Once the installation is complete the installation window will close and we launch the Virtual Clone Drive software from the desktop GARRETT COLEMAN STUDENT NO 96344598 Pe SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 A selection pane is opened prompting us as to how many drives we wish to create we select one virtual drive for the installation of the Windows AIK Humber of Drives tia keep History of recently mounted images Automount last Image Show Tray loon T Eject unmounts image file Our next step is to mount the image iso file that we downloaded to the drive we have just created We click on the icon in the bottom right of the desktop highlighted in the screenshot below to open a pop up menu where we right click on the larger highlighted area On the resultant menu we hover over the virtual drive and select mount from the pop out menu Help Drive E Cc Users Lenovol Desktopi KB3AIK_EM iso Clear History Purge images that no longer east from History Customize C3 Users Lenovol De
89. PA E Group Policy Objects Ef Default Domain Controllers Ef Detault Domain Policy lE GFO_BockControlFanel laf GPU_ClentWocto ward E Se WMT Alters E Sarle GPOs H in sites nae Sraup Policy Modelng 2 Sroup Policy Results Modhed ia Defzul Domain Poicy z 23 07 72 ipl GPC Chent l Darten a i E E ZITA E Sai GARRETT COLEMAN STUDENT NO 96344598 170 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then expand down to User Configuration Policies Administrative Templates Control Panel We then right click on the Prohibit access to the control panel setting and click Edit B Group Policy Management Editor e gt H m T Ey GPO _BlockControlPanel SERVER L MSCCONY IPA Policy El jl Computer Configuration Folides C Preferences E 4 User Configuration B Control Panel Prohibit access to the Control Panel _5 tt F Add or Remove Programs Edit policy setting F Display a C Policies aten E software Settings r Ee E g oome Windows Settings At least Windows 2000 lt ileal E C Administrative Templates Policy definitions eee m beo Descripton ied Regional and Language Options Ci Control Panel Disables all Control Panel programs T F Desktop li Hide specified Control Panel items F Network This setting prevents Contol ewe the E Always open All Control Panel Items when opening Control Panel Shared Folders program file for
90. SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 When the computer restarts we can see that the computer is no longer part of our domain and we can now log on as a local user od Server 2 VMware Workstation A EA lisp Edt View Wh Tabs Help fy 3 v0 Dam elo Bu tome i Servera x sever Simscore Sidet x Administrator 7 pe w Windows Server 2008 Datacenter 214 GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Appendix A References 1 http technet microsoft com en us library dd349348 v ws 10 aspx Accessed July 1 2014 2 http go microsoft com fwlink Linkld 1 36976 Accessed July 1 2014 3 http go microsoft com fwlink Linkld 136976 Accessed July 1 2014 4 http www slysoft com en download html Accessed July 1 2014 5 T Brett Introduction to Active Directory Services June 10 2014 6 http msdn microsoft com en us library dd184075 aspx Accessed July 17 2014 7 T Brett IP Addressing CIDR July 8 2014 8 http technet microsoft com en us library dd3 7951 1 v ws 10 aspx Accessed July 17 2014 9 http windows microsoft com en lE windows 7 products system requirements Accessed July 17 2014 10 http www techopedia com definition 4193 domain controller Accessed July 18 2014 11 http technet microsoft com en us library cc738032 v ws 10 aspx Accessed July 18
91. Systems Management Professional User s Manual Course Masters in Computer Science Conversion 2013 14 University College Dublin Module Systems Management delivered at the Institute of Public Administration Assignment Title Module Assignment 2014 Parts A amp B Professional User s Manual Submitted by Garrett Coleman Student No 96344598 Lecturer Mr Tom Brett Submission Date 4th August 2014 Word Count Excluding Appendices 18 404 IPA AN FORAS RIARACH IN INSTITUTE OF PUBLIC ADMINISTRATION SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Table of Contents ie IT CUES 111 carp cer tec ci tects tect ciate cic tect cinatecinelu E E AE 5 PT re eee ee ee ee ee eee ee ee ee ee 6 2 Part A Task Al ceccccssccccessecceeseeceseeceaseecsaseecsaseecsaeecsaueeeeaueeesaueessaueeesaueeesaueessaseessaeeeesseeessaees 6 2 1 Proa FS teen ae accra etcetera eens aac E E E A dase 6 2 1 1 High Touch Installation ccccccccssecceseeeeeeeceseeceseeceaeeeeaeeeeaeeeeeeceeeeegeeeeueesegeesegeesageeses 6 2 1 2 Zero TOUCH Installation ccccccesecccseeeceeceecceseecceeeeccaeeceaseeesaseeeeaseeesaseessaseessaseessaeeess 6 2 1 3 Lite Touch Installation LTD eeciseccececec secede cece ec dee dedececede cuca codec udecedoceducedouecmconauededeceuens 6 2 2 System Requirements ccceccecceeceeeceesaececeeeceecaecaeceuseueceesaecauseuseeesaesausausegecsesaeeaeseessetsaesansaes 7
92. TT COLEMAN STUDENT NO 96344598 107 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then see that the two partitions are synced coloured maroon to indicate mirrored volumes E Gemer Manager Fie Arlon View Helo e Alm Halaxe sag aq Server Manager SERVE Disk Management Volume List Graphcal View a Faleg l a Features inune bayou Tyre File System Status E Nagnastics c Mirror C NTFS Resynching Boo Page Fle Crash Duma aig Cuntfiqur a Liar eg GRVSYFRER_FN_NVI D3 Smple Rase UDS Healthy Primary Partition E S orage Lasystem Reserved ample OC NTFS Healthy fystem ne Wincows Server Backup fey Disk Management Disk Management More Actions d G 59 20 CB HTFE 110 60 GB Resyuiching Bou Page Fie Ca Jf Unido ad CG 59 20 GB NTFS 90 70 GB Resynching Root Page File Crash Dum Unallacated A Mirrored volume 6 3 3 Subtask 3 Create a Spanned Volume to Use Remaining Free Disk Space In order to create a spanned volume that uses the remaining available disk space we right click on any of the unallocated space and select New Spanned Volume l Server Manager Tile Actor View lelp es Am HEAS R Sa Server Manager SERVER 1 Disk Management Volume List Graphical View gt Roles a pe volume Layout Type Fie Syeten statu o4 apoi i Miror D NTFS Healthy Root Page File Crash Turmp O l Configuration GRMSXFRER EN D
93. The memory size must be a multiple of 4MB J Processors i l Lend Hard Disk SCSI 200 GB Memory for this virtual machine 2048 MB y CD DVD IDE Using file C Users Garrett MSc C i _ FelNetwork Adapter NAT er FA USB Controller Present 20GB pee Card Auto detect iiac as prira re E GE Maximum recommended memory Display Auto detect 4 GE Memory swapping may tai occur beyond this size LGE lt j 6184 MB G12 MB E Recommended memory 256 MEB 2048 MB 125 MEB 4 ME Guest OS recommended minimum ae 1024 MB 16 ME amp ME 4 ME Remove Cancel Hep We then select Hard Disk and click Next Add Hardware Wizard Hardware Type What type of hardware do you want to install Explanation Add a hard disk Flopp Network Adapter USB Controller ghi Sound Card fey Parallel Port iol Serial Port g Frinter Generic SCSI Device GARRETT COLEMAN STUDENT NO 96344598 UIE SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then follow the steps as described in Appendix D hereunder for the setting up of a VM Add Hardware Wizard Select a Disk Which disk do you want to use Create a new virtual disk A virtual disk is composed of one or more files on the host file system which will appear as a single hard disk to the quest operating system Virtual disks can easily be copied or moved on the same host or between hosts Us
94. VD D Simale Basic UDF Healthy Primary Partition Es Storage Ca System Reserved Simale D NTFS Healthy System bi Windows Server Backup E Disk Managenent Mure Arlurs 4 Lol Dtisk Dynarric SystemR C 203 00 GB 100 MB NTF 55 3066 NTFS 140 20 GB Online Healthy Sy Healthy Eoot Page Ale Crash E Unallocated New RAID 5 Volume Properties Help iC 59 30 GE NTFS Healthy Boot Page File Crash Cump BB Yuallocated fE Primary partition J Simple volume E Mirrored volume GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 This opens the New Spanned Volume Wizard I m td New Spanned Volume x Welcome to the New Spanned Volume Wizard This wizard helps you create spanned volumes on disks A spanned volume is made up of disk space on more than one disk Create a spanned volume if you need a volume that is too large for a single disk You can extend a spanned volume by adding free space from another disk To continue click Next lt Back Cancel _ We can then see the unallocated space on all disks and we select each of the disks and click Add to include it on our spanned volume iNew Spanned Volume 3 x Select Disks You can select the disks and set the disk size for this volume Select the disk you want to use and then click Add Disk 1 92878 MB Total volume size in megaby
95. a computer that does not have a TPM chip and as the computer being used for the purpose of writing this manual is not equipped with a TPM chip it is this method that we will describe with the aid of screenshots However for the sake of completeness a description of how to enable BitLocker drive encryption employing a TPM chip will be described first 3 3 1 BitLocker Drive Encryption on OS drive of computer with TPM 3 3 1 1 Step 1 We click Start Control Panel System and Security and then BitLocker Drive Encryption 3 3 1 2 Step 2 We then click Turn On BitLocker for the operating system drive BitLocker will then scan our computer to ensure that it meets BitLocker system requirements If the computer meets requirements BitLocker then advises the next steps that need to be taken to turn on BitLocker such as drive preparation turning on the TPM and encrypting the drive This description describes the scenario of encrypting a single partition that holds the operating system drive and BitLocker prepares the drive by shrinking the operating system drive and creating a new system partition to use for system files that are required to start or recover the operating system and that cannot be encrypted This new drive will not have a drive letter in order to help prevent the storing of data files on this drive inadvertently After the drive is prepared we restart the computer GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGE
96. a IPAPSO hives Builtin All Tasks Computers eo E Domain Controllers Cut ForeignSecurityPrincipals Delete IPA Rename gt LostAndFound P Managed Service Accounts See Help r ComPartitions P ComPartitionSets DomainUpdates IP Security C Meetings MirosoftDNS Policies RAS and IAS Servers Access Chec WinsockServices C WMIPolicy gcd Default Domain Policy O Dfs Configuration File Replication Service a Displa ys Help for the current selection GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 In the Attribute Editor of the Properties dialog box we select the msDS PSOAppliesTo attribute which has not yet been set and click Edit General Object Security Attribute Editor Attributes msOS LockoutObser 0 00 30 00 msOS Lockout Thresh 3 msOS MaximumPass 30 00 00 00 ms0S MinimumPassw 2 00 00 00 msOS MinimumPassw amp msDS Ne Type anot setr msDS FasswordCom TRUE msD5 PasswordHisto 24 msD5 FPasswordReve FALSE Irala m g maDS FS50AppliesTo not set gt name PAP OW objectCategory N ms D5 Password Settings CN Schema objectClass top msD S Password Settings Re e ee Maoh geese serge ier EEA i We then click Add Windows Account Multi valued Distinguished Name With Security Principal Editor E Attribute msD5 PSO0AppliesTo Values Name Container Distin
97. a strocg password Hade a A shework setings suh as shehr F sddresses a mng red 5 s The lates security nuodattaa fan Winctowes Upis are itale Ifyou nave lo tapk e any ul be p stediog seps tante lhe msa congele Ihe slaps and Uren on the wizerd agai To ntre dice kert D sep che page ov default Prey isue ext gt metal Canl At the next window we select Active Directory Domain Services as the role we wish to install Add Roles Wizard x Select Server Roles Before You Begin Select one or more roles to install on this server Roles Description Confirmation Active Directory Domain Services AD DS stores information about objects Progress on the network and makes this Results Ga wy is information available to users and Active Directory Lightweight Directory Services network administrators AD DS uses Active Directory Rights Management Services domain DE gai network eae users access to permitted resources _ Application Server anywhere on the network through a DHCP Server single logon process E DNS Server E Fax Server File Services Hyper V Network Policy and Access Services E Print and Document Services Remote Desktop Services Web Server IIS Windows Deployment Services Windows Server Update Services More about server roles Cancel GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL J
98. ain Controller ee Container Default container for man L ipad Raise domain hice Container Default container for upar Users GARRETT COLEMAN STUDENT NO 96344598 je SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then name the OU as required in this case IPA We also tick the Protect container from accidental deletion tickbox New Object Organizational Unit lt Geatein MSCOONVIPAY Name IPA W Protect container from accidental deletion In order to create a nested OU within the IPA OU we simply right click on the IPA OU and select New Organisational Unit which can then be named appropriately z Active Directory Users and Computers 9 timli OlXOoslibaisaraer Active Directory Users and Comput Name sd Type O Descriot Saved Queries saron 4 MSCCONV IPA There are no items to show in this view Builtin Computers 3 Domain Controllers ForeignSecurityPrincpals Managed Service Accounts Users a i Delegate Control Move Computer All Tasks i Contact Group InetOrgPerson Rename Refresh Printer Export List User O Shared Folder Propertes Help GARRETT COLEMAN STUDENT NO 96344598 ee SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 This process is repeated for the specified required OUs leaving an Organisational Unit structure a
99. ame ip o i Primary Dns Suffix Ei 3 Hode Type a ES g gt IF Routing Enabled Ei j WINS Proxy Enabled Ethernet adapter Local Area Connection Connect ion specific Suf fix Description A ow ow ow sw le Physical Address a a a a DHGP Enabled Autoconf igurat ion Enabled Link local IPv6 Address IPu4d Address a Subnet Mask a Default Gateway DHGPu6b IAID i DHCPuG6 Client DUID DNS Servers Met BIOS over Tcpip Intel R gt PRO 1 6680 MT Network Connection HH HC 29 21 F7 FF No Yes fegt 8c2d 69a3 9a6 Yaz t3 Preferred 192 168 6 23 Preferred gt 255 255 255 0 54334761 4 41 8 41 18 68 5E 68 66 8C 29 76 58 3A 192 168 09 21 Enabled C2 Users Administrator gt _ 5 2 4 2 Step 2 We can then join MS Core to the domain from the command line by typing netdom join MS CORE domain MSCCONV IPA userd Administrator passwordd Pa wOrd We can confirm the above configurations by typing ipconfig all Ci Users Administrator snetdon join M amp S CORE domain MASCCOMU IPA userd Administra tor passwordd Pa wlrd ihe computer needs to be restarted in order to complete the operation The command completed successfully Ci xUsers Administratorsipconfig sall Windows IP Configuration MS CORE MS CCONU I F Hybrid Mo Mo Host Mame Primary Dns Suffix 4 Hode Type i IF Routing Enabled j WINS Proxy Enabled
100. and moved to the system drive If we have a Windows 7 DVD that contains the Windows Recovery Environment or we have another system recovery process in place we may disregard this message and continue with BitLocker setup Otherwise it is advisable check our system partition and verify that we have at least 200 MB of free space on the system partition so that the Windows Recovery Environment can be retained on the system drive along with the BitLocker Recovery Environment and other files that BitLocker requires to unlock the operating system drive If it is ready for encryption the Encrypting status bar is displayed which shows the progress of the drive encryption Encrypting the drive is time consuming and a completion message is displayed when encryption is finished By completing this procedure we have encrypted the operating system drive and created a recovery key that is unique to this drive The next time we log on there are no apparent changes however If the TPM ever changes or cannot be accessed if there are changes to key system files or if someone tries to start the computer from a disk to circumvent the operating system the computer will switch to recovery mode and prevent Windows from starting 3 3 2 BitLocker Drive Encryption on OS drive of computer with no TPM Hereunder is the step by step guide to enabling BitLocker drive encryption on a computer that does not have a TPM chip available As noted above
101. and pennissions We click Yes at the resultant warning message Windows Security You are setting a deny permissions entry Deny entries take precedence over allow entries This means that if a user is a member of two groups one thatis allowed a permission and another thatis denied the same permission the user is denied that permission Do you want to continue ee GARRETT COLEMAN STUDENT NO 96344598 174 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then select the group to which you want the GPO to apply From the GPM snap in we select the Scope tab and select Add under the Security Filtering section E Group Policy Management i File Action View Wincow Help a Alri ic a a Group Policy Managenent El A Forest MSCCONV IPA El GA Comains GPO BlockControlPanel Scope Details Setings Delegation H g MSUUUNV IFA Links i Cefaull Comair Policy Display lirks in this location MSCCONY IPS bel GPO BlockCentrolPanel E GPO_ClientiDocForward E Comain Controllers E IPA E L Group Policy Objects ley Lefault Domain Controllers E Cefaull Comair Policy LE GPO_BlockCentrolPanel Ef GPO_ClientiMincForaard C WMI Filters H Starter POs E Sites ii Croup Policy Yodeling E Group Policy Resulls The following sites domains and 2 Us are linked to ths G0 fe MSCCONVIPA Security Altering The settirgs
102. as upgraded to dynamic can never be extended or spanned e Itis not possible to extend a System or Boot volume 6 3 Procedure 6 3 1 Subtask 1 Install 2 Additional Hard Disks on Server 1 To add a hard disk HDD to the Server VM we right click on the VM and select Settings Pa Server 1 VMware Workstation 2 EA File Edit Wiew WM Tabs Help gt ce qi tia ip Home el Server I 2 Server l H MS Core E dienti Cent CH Server 1 i Memor y 2 be G Procespors 1 ie Hard Dek SCS 200 OB CEUTY MDE Using file Cree Ta Network Adapter NAT E USE Controller Present dh Sound Card Auto detect E Pronfer Present E Display Suto debect Description Virtual Machine Details State Powered off Configuration fle Csesar Comp Ser iPal 3 Systerns Management03 Sroject WMsinked cones Serwer 1wrm Oone of Ci Users Garet MSec Comp Scr IPAS3 Systems Managemenid Projects Windows Server 208 R2 wid Hardware compatibility Workstation 9 0 virtual machine http www microsoft com en ie download details aspx id 23476 Accessed July 19 2014 e http support microsoft com kb 225551 Accessed July 19 2014 GARRETT COLEMAN STUDENT NO 96344598 102 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 From the Hardware tab we click on Add Virtual Machine Settings Hardware Options Memory Summary Specify the amount of memory allocated to this virtual machine
103. ased disk images On the technician computer we click Start All Programs Windows AIK where we right click Deployment Tools Command Prompt and then select Run as administrator GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Default Programs Ge Desktop Gadget Gallery 6 Internet Explorer 64 bit Internet Explorer a Windows Anytime Upgrade Lenovo E Windows Fax and Scan E Windows Update q XPS Viewer Documents Pictures L Accessories I Elaborate Bytes L Games Maintenance Music Games ES Deployment Tools Command Prompt Computer H Windows System Image Manager Documentation Control Panel J VAMT 12 i Startup Devices and Printers Default Programs The menu shortcut opens a Command Prompt window and automatically sets environment variables to point to all the necessary tools By default all tools are installed at C Program Files Windows AIK Tools At the command prompt we run the Copype cmd script copype cmd lt architecture gt lt destination gt where lt architecture gt can be x86 amd64 or ia64 and lt destination gt is a path to a local directory In Our case we use copype cmd amd64 c winpe_amd6 4 This creates the necessary directory structure and copies all the necessary files for that architecture i e winpe_amd64 winpe_amd64 ISO winpe_amd64 mount Gi Administrator Deployment Tools Command Prompt
104. at reflect the organisation s hierarchical OU structure and also that reflect recommended best security practices in an enterprise environment Group Policy Objects GPO have been defined as containers for groups of settings policy settings that can be applied to user and computer accounts throughout an ActiveDirectory network They allow a setting to be configured once and then applied to many users and or computer objects GPOs can be applied or linked as it is termed in Active Directory to OUs or entire domains as required It is possible for an OU or other Active Directory object to have multiple GPOs linked to them As will be shown below GPOs are configured and managed through the Group Policy Management snap in and the Group Policy Management Editor ee http windowsitpro com security access denied understand difference between ad ous and groups Accessed July 20 2014 T Brett Group Policy July 1 2014 GARRETT COLEMAN STUDENT NO 96344598 124 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 8 2 Procedure 8 2 1 Subtask 1 Group Users in each OU 8 2 1 1 Step 1 Create Groups To create a group we open Start Administrative Tasks Active Directory Users and Computers AD UC g Server 1 VMware Workstation E File Edt View WM Tabs Help Ft ME ea e i Hore x a i Server x je Server 1 x Si ms core i centi x Teg F E ooro r 1 Serve
105. be setup as a second domain controller of MSCCONV IPA e MS Core is to be a member server of MSCCONV IPA Task C e Install 2 additional hard disks of 150 GB on Serverl and configure them to e Using these disks use one to Mirror the operating system disk e Using the remaining available space available Create a Soanned volume which is to use all of the remaining free space on all disks Task D e Within Active Directory create the following organisational unit structure e Parent OU called IPA containing Two child OUs called Marketing and IT T OU to contain 2 sub OUs called Dublin and Belfast e Identify any method of creating users via a TUI environment outline advantages accordingly e Using a method of your choice Create 5 users in the IPA OU called userl to userl0 first name only using the default Pa wOrd GARRETT COLEMAN STUDENT NO 96344598 219 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 e Create 3 users in sales called userl to userl5 3 users in Dublin called userl6 to userl8 and 2 users in Belfast called user19 and user20 e Users are not to change their passwords at first login and are to have 24 hour logins enabled Monday to Friday only Task E e Group the users in each OU according to recommended security policies e Prevent the users in the sales OU from being able to see the IT OU in Active Directory e Create 3 group policies to achieve the followi
106. ber Of Managed By Members Active Directo HA user MSCCONV IPA IPA 2 user10 MSCCONV IPA IPA IT Dublin user11 MSCCONV IP AAIPA IT Dublin T useri MSCCONV IPA IPA IT Belfast T user13 MSCCONV IPA IPA IT Belfast 2 user MSCCONVIPA IPA 2 user3 MSCCONV IPA IPA amp user4 MSCCONV IP AAPA amp user5 MSCCONV IPAVIPA A user MSCCONVIPFAIFA Marketing DA user MSCCONV IPFA IFA Marketing EA userg MSCCONVIPFAAP A Marketing LA user MSCCONV IPAAIPAATT Dublin GARRETT COLEMAN STUDENT NO 96344598 130 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 The IT OU contains the G_IT group E Active Directory Users and Computers es timlCi0o sols amp er7oe bal Rati ect Veer art Cipit al Saved Queries Belfast Organizational Unit MSCCONV IPA aid Dublin Organizational Unit Builtin Sc 0 Security Group Global Gal Computers E Domain Controllers C ForeignSecurityPrincipals El E IPA eit E Belfast Dublin E Marketing ial Managed Service Accounts al Lisers i Active Directory Users and Computers es Amianas iba Se arose L Active Directory Users and Comput Descripti 0 Saved Queries useri User El eq MSCCONV IPA F user13 User C Builtin amp 2 c belfast Security Group Global Pl Computers E Domain Controllers ForeignSecurityPrincipals E E IPA a aj ir S Belfast E Dublin Marketing id Managed Service Accounts liad User
107. bers of the domain E Active Directory Users and Computers lolx e9 2m4 OXN ceum EEEE E Active Directory Users and Compu l E 0 Saved Queries AEE CLIENTI EEEE El g MSCCONV IPA ico ues ForeignSecurityPrincpals Eat Managed Service Accounts Gad Users GARRETT COLEMAN STUDENT NO 96344598 pi SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 When we click on Domain Controllers we see that Serverl and Server2 have been set up as domain controllers for this domain Active Directory Users and Computers AlmplOl o nesl Hmla kT Ek Active Directory Users and Compulife Saved Queries ge SERVER 1 El Ee MSCCONV IPA Ml SERVER Builtin Computer Default First Site Name Computer Gt Default First Site Name ges poser aey aT ip ie 3 Domain Controllers ForeignSecurityPrincipals Managed Service Accounts ind Users GARRETT COLEMAN STUDENT NO 96344598 pe SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 6 Part B Task C e Install 2 additional hard disks of 150 GB on Server and configure them to e Using these disks use one to Mirror the operating system disk e Using the remaining available space available Create a Spanned volume which is to use all of the remaining free space on all disks 6 1 Preamble In an enterprise environment the installation of two additional hard disks on a server would involve the opening of the
108. bstantial period of time and when complete our system drive is then encrypted such that if the drive containing the virtual hard drive is not mounted to the virtual machine the VM will not boot nor can it be read in any way GARRETT COLEMAN STUDENT NO 96344598 pee SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Part B 4 Part B Task A e Using Virtual box VMware Workstation or similar you are to create several virtual machines e Three Servers with server 2008 or later installed 2 of these servers are to be installed with Standard Enterprise or Datacenter edition using the full GUI install and named Server and Server2 accordingly The third server is to be a Standard Server Core installation and named MS Core e One Client machine with Windows 7 or later installed and named Client e Clone this Client Virtual Machine and rename the workstation Client2 e Please use adequate sizes for the Hard Disk partitions on each of the Client machines Configure the servers with 200 GB hard disks For the Operating System create a partition of 60 GB accordingly e RAM on all machines is to be 512 MB or greater depending on your amount of available RAM e All passwords are to be Pa wOrd e Give all machines a static IP address from the range 192 168 0 0 24 4 1 Preamble Windows Server 2008 is a Microsoft server operating system Windows Server operating systems are built to meet enterprise requirement
109. cing KeyName Order ae a amd64_ Microsoft Windows PartitionManager_6 1 7601 17514_neutral S 3 generalize Fath DiskConfigurati H a amd64_ Microsoft Windows PerfCenterCPL_6 1 7601 17514_neutral fees tle 4 specialize E Settings a amd64 Microsoft Windows PnpCustomizations NonWinPE_ 1 7601 17514_neutra ii tle 5 auditSystem Extend false E i amd64_ Microsoft Windows PnpCustomizationsWinPE_6 1 7600 16385 neutral Bees tld 6 auditUser Order a fT amd64_Microsoft Windows PnpSysprep_6 1 7601 17514_neutral jill 7 oobeSystem Size en a amd64_ Microsoft Windows powercpl_6 1 7601 17514_neutral E Packages Type inn i amd64 Microsoft Windows Prnting Spooler Core_6 1 7601 17514_neutral fue S amd 4_Microsoft Windows RasServer _6 1 7601 17514_neutral fue amd64_ Microsoft Windows RemoteAssistance Exe_6 1 7600 16385_neutral feee i amd64_ Microsoft Windows Secunty Licensing SLC_6 1 600 16385_neutral fen S amd 4_Microsoft Windows 5ecurnty Ucensing 5LCC_6 1 7000 16385_neutral ie 0 amd64_ Microsoft Windows Secunty Licensing SLC UX_6 1 7600 16385_neutral ben i amd64 Microsoft Windows Secunty SPP_6 1 7601 17514_neutral en I amd64_ eee ne ee a Ux a 1 7601 17514_neutral ie amd64 Microsoft Windows rE 6 1 7600 16385 neutral ne 9 ComplianceCheck m fee a Diagnostics res Disk Configuration El Disk E 2 Create Partitions i ApplicableConfigurati H a Modify Partitions Add Setting to Pass 1 windowsPE pi
110. concel __Heb We then click Finish to complete the creation of the PSO f Create Object To complete the creation of this abject click Finish To set more attributes click More Attributes More Attributes GARRETT COLEMAN STUDENT NO 96344598 pee SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 From the ADSI Edit snap in we can now see that the PSO has been created Fic Acior Yew Alp jee Sic BS GE ADE Edit E F MSCOONV IPA Ecrecr 1L VSCCONY IPA H msp 7 9 bcemsccony Dc r cM Builtn O oN Comsutere E WU Deman Conrellers _M shoraagnsecurity incpals JU 148 H cN LostandFound 3 CN Manag d Sew arch inte CH STIS Quas TN Pueypar la FS ON Syslen E CN AdrinStHulber CN CorPartitions 3 CN CorPartitionSets gt CN Default Dorain Policy 5 CN D4 Configuration E CN Doerainupdates CN Fic Ycplacton Service E CN FieLinke E CN Ib s r ty E CN Meetrge E UN Moersesftie C3 CM Password Settings Conamer 2 CN Poldes CN PSPs D5 CN RAS a 145 Servers Ai pss Cheik E ON Ryr S veers 0 CN WinsukSe vies x a oo R REE Ja In order to apply to the PSO to a specific group we open AD UC and navigate to our domain MSCCONV IPA System Password Settings Container which displays the PSO we have created We then right click on the PSO and click Properties E Active Directory Users and Computers Ez iol x Name l Type Description
111. configure and deploy a Windows image on Microsoft TechNet the Microsoft web portal and web service for IT professionals A six step process describes the creation of a valid answer file that is used to install windows 7 the preparation of a bootable Windows Preinstallation Environment Windows PE and the deployment of a custom Windows image from a network share The five steps are as follows 1 Installation of the Windows Automated Installation Kit Building an Answer File Building a Reference Installation Creating Bootable Windows PE Media Capturing the Installation onto a Network Share num A U N Deploying from a Network Share 2 2 System Requirements e A Windows 7 product DVD disc or Windows 7 iso file as is described in this manual e A Windows AIK DVD disc or Windows AIK iso file as is described in this manual which is available at the download center on the Microsoft website e Atechnician computer A virtual machine hereafter referred to as the technician computer is created with Windows 7 installed on it The creation of virtual machines using VMWare Workstation 9 is outside the scope of this user manual however for reference purposes the steps involved in this process as described in a previously prepared user s manual are included as Appendix D This is the computer on which we will install the Windows Automated Installation Kit Windows AIK e Areference computer A virtual machine hereafter referred
112. d actions bo keep Windows minning smoothhy PE Show which operating system your computer s running i View ang processes with Task Manager Wy View list of running gadgets E kerer your computers status and resolve issues Da View network status and tasks Eg Change default settings for media or devices fig Play COs or other media automatically Eg Start or stop using autoplay for all media and devices JH See more results run xi Shut down 13 AM a i i 4 Waa one To retum to your computer move the mouse pointer outside or press Ciri AR i i e n 2 ee From the run command we type C Windows System32 rundll32 exe dsquery dll OpenQueryWindow This will allow us to search for OUs on the domain available to the user we are logged on as TaT Type the name of a program folder document or Internet resource and Windows will open it for you Open System3Z rundll3Z exe dsquery dll OpenQueryWindow Cancel Browse GARRETT COLEMAN STUDENT NO 96344598 ves SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We select Organisational Units under the Find dropdown menu and click Find Now a IA mans ae F E T a H EnS s n 7 rational Units perm File Edit View Name In the search results we can see that the IT OU is currently available to a user in the Marketing OU i ay j ar ga a tte ppd at v s Find Organizat
113. d clones Serer Tamy Gone ol C Users GarrettihlSe Come Sei PA S3 Systema Management 0S Propect Whls Windows Server 2008 Fa biv Hardware compatibility Workstation 0 vitual machine 5332 3 C C H8 1 649 D g 4 ara 6 3 2 Subtask 2 Use an Additional Hard Disk to Mirror the OS Disk To manage HDDs on Serverl from Server Manager we select Storage Disk Management We then right click on each of the newly added HDDs and click Online to make them available E Server Manager l Fale x Fie Acton View Help A E oe eS Sl Se Server Manager SERVER 1 Disk Management Volume List Graphical View It keles F S E e Volurre Lavout Type File System Status 2 pa aS 5 c Simple Basic NIFS Healthy Boot Page File Crash Dump Prinary Partit More Actigne b E Fi Cenfiguraton ew ORMSXFRER_EN DVD D Simple Basic UDF Healthy Frirary Partitior E Es Storage Ca System Reserved Simple Basic NIFS Healthy System Actve Primary Partitior Hb Windows Server Backup aay Disk Management q LaDisk 0 Easic Syslem Ra cz 200 00 GB LOO MB MTF 59 30 GB NTFS 140 60 GB Online Healthy Sy Healthy Boot Page Fle Craso C Unallocated 4 Disk 1 Help F GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 To mirror the OS to one of our newly added disks we right click the partition where the OS is installed and selec
114. ddress on our Windows Server 2008 R2 Datacentre Core Server Installation machine we use the netsh command from the command prompt entering netsh interface ipv4 set address name Local Area Connection source static address 192 168 0 23 mask 255 255 255 0 Se C Windows trator C TAST stem3 2 cm iit Sh interface ipv4 set address name Local Area ion source static address 192 168 8 23 mask 255 255 255 8 I C2 Users Administrator GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL 4 3 4 3 Step 3 Assign Static IP Addresses to Client Machines We follow the same procedure as Step 1 above to assign static IP addresses to the client machines and use ipconfig to confirm that the IP address has been assigned to each machine EA C Windows system32 cmd exe festa Microsoft Windows Version 6 1 7601 Copyright tc 2669 Microsoft Corporation ALL rights reserved Co wUsers Windows Y Pro ipconfig Windows IP Configuration Ethernet adapter Bluetooth Network Connection Media State Media disconnected Connect ion specif ic DNS Suffix Ethernet adapter Local Area Connection Connection specific DHS Suffix T aanle lannan l TDF AD own m IPu4d Address 2 Subnet Mask nef _ Ti E i a ae Entis fA As eo Cob Beil 192 168 60 24 255 255 255 0 Tunnel adapter isatap i6bibE4H D 4176 4107 82AA ACED74iDiD19 Media State
115. deploy the image onto new hardware GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 2 3 6 Step 6 Deploying from a Network Share The final step is to use the DiskPart tool to format the hard drive on the reference computer in order for it to act as a destination computer We can then copy our image from the network share On the reference computer we insert our Windows PE media and restart the computer by pressing the CTRL ALT DEL keys The reference computer hard drive contains an active partition Therefore we must override the boot order to boot from the CD DVD ROM drive During initial boot we select the appropriate function key to override the boot order and Windows PE starts and launches a Command Prompt window We then format the hard drive to reflect the disk configuration requirements by using the DiskPart tool from the Windows PE Command Prompt window In our case we type diskpart select clean create select Formac assign active create select format assign exit disk 0 partition primary size 300 partition 1 fs ntfs label System letter S parti ti n primary partition 2 fs ntfs label Windows letter C SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL n Windows s ysten32 wpe init 4 windows gt s ystem3 2 diskpart Microsoft DiskPart version 6 1 7604 Copyright C 19979 2008 Microsoft
116. dresses of WINS servers The settings you provide here will be applied to cients using IPw4 Server Roles erik as WINS is not required for applications on this network Network Connection Bindings IPyv4 DNS Setti POE WINS is required for applications on this network IPv4 WINS Settings Specify the IP addresses of the WINS servers that dients will use for name resolution These WINS servers DHCP Scopes will be used for all scopes you create on this DHCP server DHCP v6 Stateless Mode Preferred WINS server IP address IPv DNS Settings DHCP Server Authorization Alternate WINS server IP address Confirmation Progress Results More about WINS server settings GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We will then specify our DHCP scope and click Add to do this Add Roles Wizard i l x Add or Edit DHCP Scopes Before You Begin A scope is the range of possible IP addresses for a network The DHCP server cannot distribute IF addresses to cients until a scope is created Server Roles Scopes Sas Name Padesan Network Connection Bindings IPv4 DNS Settings a IPv4 WINS Settings Delete DHCP Scopes DHCP v6 Stateless Mode IPv6 DNS Settings DHCP Server Authorization Confirmation Progress Results Properties Add or select a scope to view its properties More about adding scope
117. drive and click next to move to the next step New Virtual Machine Wizard Name the Virtual Machine What name would you like to use for this virtual machine Virtual machine name g coleman win Location C GarrettColeman MSc Comp Sci PA Project Wir tual Machines Browse The default location can be changed at Edit gt Preferences K lt Back We name the virtual machine as g coleman win7 and browse to the folder where we wish the virtual machine to be saved to and select next to move to the next step GARRETT COLEMAN STUDENT NO 96344598 222 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 New Virtual Machine Wizard a Som Memory for the Virtual Machine How much memory would you like to use for this virtual machine Specify the amount of memory allocated to this virtual machine The memory size must be a multiple of 4 MB 64 GB Memory for this virtual machine 1500 MB 32 GB 16 GE amp GB AGE a Maximum recommended memory 7GB 4496 MB IGB T 4 Ci MB Recommended memory 755 MB 1024 MB i258 ME 64 MB O Guest OS recommended minimum 32 ME 1024 MB 16 MEB amp ME 4 ME Help We specify 1500MB of memory to be allocated to the virtual machine and click next to move to the next step New Virtual Machine Wizard Network Type What type of network do you want to add Network connection Use bridged networking Give the guest ope
118. e Sipes IPv DNS Settings Name DHCP Scope Ee P A Default Gateway None Se ep een es Subnet Mask 255 255 255 0 Confirmation IP Address Range 192 168 0 100 192 168 0 150 Progress Subnet Type Wired ease duration will be amp days Activate Scope Yes Results DHCP v6 Stateless Mode Enabled IPv6 DNS Settings DNS Parent Domain MSCCONV IPA DNS Servers ui fecd 0 0 Fh 1 DHCP Server Authorization Authorize using credentials associated with MSCCONV Administrator Print e mail or save this information lt Previous Next gt Install Cancel Once the installation of the DHCP Server role has completed we click Close Add Roles Wizard Installation Progress Before You Begin The following roles role services or features are being installed Server Roles DHCP Server Network Connection Bindings IPv4 DNS Settings IPv4 WINS Setings DHCP Scopes DHCP V6 Stateless Mode IPye DNS Settings DHCP Server Authorization Confirmation Progress Results Initializing installation lt Previous Next Install Cancel GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Before You Begin The following roles role services or features were installed successfully Server Roles 1 warning message below DHCP Server Ay js a Network Connection Bindings Windows automatic updating is not enabled To e
119. e an existing virtual disk Choose this option to reuse a previously configured disk Use a physical disk for advanced users Choose this option to give the virtual machine direct access to a local hard disk cack Conc Add Hardware Wizard Select a Disk Type What kind of disk do you want to create Virtual disk type C IDE SCSI Recommended Mode Independent Independent disks are not affected by snapshots Persistent J i j f Li j Cai aae p h r Sioa ale sae marr osmeenel j EAR Fae Feo Sic LAdGnges are IMmMediater and Perinanencly Written CO CAE Ise hy Monpersistent H j ci p kee J J Peel f Changes to tpe disk are discarded when vou power off or restore I z e imr mm al Gs lt back GARRETT COLEMAN STUDENT NO 96344598 MERE SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 At the Specify Disk Capacity window we enter 150GB as specified in the brief for each additional HDD Add Hardware Wizard Specify Disk Capacity How large do you want this disk to be Maximum disk size GB Recommended size for WIhKoWS Server 2008 R2 x64 40 GB _ Allocate all disk space now Allocating the full capacity can enhance performance but requires all of the physical disk space to be available right now If you do not allocate all the space now the virtual disk
120. e standard Windows user interface and with a subset of server roles that can be managed from a command prompt reducing management requirements and attack surface We follow the installation wizard until we reach the installation type window where we select Custom Advanced installation in order to allow us to partition the HDD during the installation Upgrade Upgrade to a newer version of Windows and keep your files settings and programs The option te upgrade is only available when an existing version of Windows is running We recommend backing up your files before you proceed Custom advanced Install a new copy of Windows This option does not keep your files settings and programs The option to make changes to disks and partitions is available when you start your computer using the installation disc We recommend backing up your files before you proceed Help me decide GARRETT COLEMAN STUDENT NO 96344598 37 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then select the unformatted drive and click Drive options advanced K E Install windows Where do you want to install Windows Total Size Disk O Unallocated space 200 0 GB Refresh Load Driver We then click New and enter 60820MB as the partition size The brief specified partition size is 60GB to which we add 100MB to accommodate the separate partition that Windows creates for system files
121. e the name and the membership of this computer Changes might afect access to network resources More information Computer name Server Full computer name Server Workgroup wo REGROUP GARRETT COLEMAN STUDENT NO 96344598 pe SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 It is necessary to restart the computer to apply the computer name change Computer Name Domain Changes a 0 You must restart your computer to apply these Before restarting save any open files and close all programs Once complete we can see the required names for Serverl and Server 2 Control Panel Home View basic information about your computer Windows edition Windows Server 2008 R2 Datacenter Device Manager Ep Renote settings ey Radiohead E ASE TAE Copyright 2009 Microsoft Corporation All rights reserved System Processor Intel R Core TM i7 36320M CPU 2 20GHz 2 19 GHz natalled memory RAM 7 00 GR System type 64 bit Operating System Pen and Touch No Fen or Touch Input is available for this Display Comouter name domain and workgroup settings Change settngs Lomputer name server Full computer name Server 1 Computer description server L Workgroup WORKGROUP See also Windows activation Acton Center Wirdows Update an 2 days until automatic activation Activate Windows now Product ID 00496 164 2400001 84204 Change product key
122. ection specific DHS Suffix CixUsers Windows Y Pro gt 10 2 3 Subtask 3 Disable DHCP Services amp Confirm Address Assigned to Client2 To disable DHCP services we open Server Manager on the Server2 machine and click on DHCP Server and then in the System Services pane we select the DHCP Server and click Stop E Server Manager a loj x pa pm e as Tile Acton View lep EEE a jer amua iy Server Manager EELVER2 El i Roles El Ay Actve Directory Domain Se E DHCP Server Hl MNS Server i gp Features 2 Syslen Servives Al Purine Gu lu Services gig Diagnostics ae EE E gi Configuration Displey Name Service Neme Status Startup Type a Bain E 3 Slayer SA DIICP Server D ICPServer Running Auto Yes Stat Nesiptan ji Restar Performs TEPI configuration or DUCK ciens ndudng dynamic sssignmencs of IP addresses spediaion I of he WINS and DHS servers and conrercton speriic ONS names F this servre k stopped ne DHCP server well cal per Cann TEPIP wonfiguiralion far dienils I this service s diabed ariy ser vives hal eapit Uy depend on it wil sal vo start Resources and Support A Pecommended configuration tases nesh practices and online rescorces F DHCF Serwer Help SSS a Fea DHCF Se wer Teche ile Recommencatons a j Ine ease faull talzranoe by splilliy DHCP stupes ig DHCF Serwer Cormrrunizy Center tay Eim
123. ed to enter our network credentials lt Ee I mO Search Network P Organize Search Active Directory Network and Sharing Center Add a printer Add a wireless device Ee Fil Wr Favorites 4 Computer 3 Bl Desktop m Downloads A CLIENTI E Recent Places g j SERVER1 Ca Libraries A Documents gl Music Enter Network Password Pict Enter your password to connect to MS CORE ictures z Videos jE Computer ci Network Domain MSCCONY twor Remember my credentials MS CORE Categories Computer Network location MSCCONV IPA Workgroup MSCCONV GARRETT COLEMAN STUDENT NO 96344598 187 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We can then see that the Share folder which is located on the root directory of the MS Core server is available from the Client workstation aR x Our Pet Nesnok MEOE t eyl SearchMs corne ol Organize Network and Sharing Center View remote printers s Gil EY Favorites E Desktop E Downloads i Recent Places vy Libraries E5 Documents a Music ie Pictures fee uy ee Videos 7 Computer ti Network P A 1 item i 9 2 2 Subtask 2 Configure MS Core for Windows Remote Administration In order to configure MS Core for Windows Remote Administration we type sconfig smd from the command line of MS Core ka Administrator C Windows system32 cmd exe Co Users Admin rataran rsconfig cmd G
124. ed we then install the AIK download This can be done by burning the downloaded iso image file to a DVD disk and running it As an alternative in order to expand our knowledge we will download a program that will emulate the image file onto a virtual drive we will use Virtual CloneDrive provided by SlySoft Pap Shysott Download AnyLy x Wo 4 gt E wvavslyscfi com en cewnload himl k AnyOVo r AnyDVD HO FOuneDbVo t ConecDVO mobile t Donel CloneDVD 2O1L 05 03 5065 kB changelog t Game larkal Ern t Game Jackal Entercrise r virtual Clonesrive 7 AnyDVD amp AnyDVD HD 201405 14 10053 kB changslog Canelvn mohile 2017 03 75 5617 kA changalng CloneCD 2009 03 16 2671 KB changelog l Pu mhase GamejJackal Pro ZOL3 L9 29 LOST KB chang2log GameJackal Enlerprise 1 1 2 2010 12 04 10766 kB charyeluy Installation ou push be logger or as an Adini nslralor ur have admins ation richie before installing ovr products The installatior wizard wil guide you throsgh the instellaticn in seounds Please reslark yurt Compuber aller Lhe weslallalisn iwirip ele How to Update If you lave zlready installed one or more of cur products yol can easily update them by inctalling the moet recert varsion on top of tiem Your computer must be 12 33 5 06 2014 BP amp i http go microsoft com fwlink Linkld 136976 Accessed July 1 2014 g http www slysoft com en download html Accessed July 1 2014 GARRETT C
125. efore you try ta force the removal of AD DS To continue click Next lt Back cance _ The next window warns to update or delete any existing DNS delegations pointing to this server DNS Server service has been detected on this server Any existing Active Directory integrated zones will be deleted during the removal of Active Directory Domain Services AD DS on this server After the forced removal of AD DS you should delete any existing DNS delegations pointing to this server GARRETT COLEMAN STUDENT NO 96344598 211 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We are then prompted to provide an administrator password that will be used for the new local account that will be configured on the server a Active Directory Domain Services Installation Wizard X ES a Type a password for the new Administrator account on this server Fassword Contin password lt Back Next Cancel The next window provides the option to export the forest metadata in an answer file l Active Directory Domain Services Installation Wizard Review your selections Remove Active Directory Domain Services from this computer without updating aj orest metadata be To change an option click Back To begin the operation click Next These settings can be exported to an answer file for use with ean other unattended operations Exp ngs More about using a
126. er File Autounattend xml Windows System Image Manager File Edit Insert e Be 4 Hide Sensitive Data ie Validate Answer File ca Selecta Distribution 9 Create Configuration Set ty tounattend Components DEL 1 windowsPE S 2 offline Servicing Explore Distribution Share Create Distribution Share Import Package s Create Catalog ce ale 7 oobe System 9 Packages No available properties EQ Windows 7 PROFESSIONALN Components E Packages XML 0 Validation 0 Configuration Set 0 GARRETT COLEMAN STUDENT NO The above settings define a basic unattended installation in which no user input is required during Windows Setup and the final step in building an answer file is to validate the settings poje 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 The setting values in our answer file are compared with the available settings in the Windows image If the answer file validates successfully a No warnings or errors message is generated in the Messages pane at the bottom of the Windows SIM window Otherwise error messages will appear in the Messages pane _4 Autounattend xml Windows System Image Manager a fan File Edit Insert Tools Help El S Aldd PE B sa Select a Distribution Share cka Autounattend S E Components fl 1 windowsPE By old 2 offline Servicing ug 3 generalize aly 4 speciali
127. esktop See more results EE x Shutdown yak 7 R T PM I 72y ha ate T i To direct input to this VM move the mouse pointer inside or press CtrleG GARRETT COLEMAN STUDENT NO 96344598 183 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then click on Install a program from the network s eA t Control Panel Programs Programs and Features Control Panel Home Uninstall or change a program View installed updates To uninstall a program select it from the list and then click Uninstall Change or Repair ay Turn Windows features on or ik Organize Install a program from the Fy i Mame Publisher Installed On Size E Microsoft Visual C 2008 Redistributable x649 0 3 Microsoft Corporation 7 23 2014 T E Microsoft Visual C 2008 Redistributable x86 9 0 3 Microsoft Corporation 7 23 2014 5 a VMwa re Tools VMware Inc 7 23 2014 60 4 m t Currently installed programs Total size 61 8 MB pl 3 programs installed We can then see that we have the option to install Microsoft Office PowerPoint viewer which we can select and then click Install G A t Control Panel Programs Get Programs Control Panel Home Install a program from the network Uninstall a program To install a program select it from the list and then click Install a Turn Windows features on or i Organize c GARRETT
128. esults in the use of thin provisioning i e the VM grows as the files grow avoiding the full 200GB being immediately taken from the host machine New Virtual Machine Wizard Specify Disk Capacity How large do you want this disk to be The virtual machine s hard disk is stored as one or more files on the host computer s physical disk These file s start small and become larger as you add applications files and data to your virtual machine Maximum disk size GB 200l0 Gan Recommended size for Windows Server 2008 R2 x64 40 GB _ Store virtual disk as a single file Split virtual disk into multiple files Splitting the disk makes it easier to move the virtual machine to another computer but may reduce performance with very large disks Help lt Back Cancel GARRETT COLEMAN STUDENT NO 96344598 fp SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then click Finish to complete the creation of the VM New Virtual Machine Wizard Ready to Create Virtual Machine Click Finish to create the virtual machine Then you can install Windows Server 2008 R2 x64 The virtual machine will be created with the following settings Name Location i Version Operating Syst Hard Disk Memory Customize Hardware Server 2008 R2 x64 Cc Users Garrett MSc Comp Sci IPA S3 Systems M Workstation 9 0 Windows Server 2008 R2 x64 200 GB Split 2048 ME
129. from the AD DS domain you should run DCPromo on the Domain Controller that you want to delete Domain Controller SERVER2 ose We finally click Yes at the warning that the domain controller is a global catalog and this completes the deletion of the domain controller from our domain Delete Domain Controller l x Q This Active Directory Domain Controller is a global catalog Do you want to continue with this deletion E 11 2 2 Subtask 2 Deleting Domain Controller using dcpromo if Server is Bootable If the previously unbootable server becomes bootable again we would use the dcpromo forceremoval command from the command prompt al Server 2 VMware Workstation E ew File Edt View Whi Tabs Help bli co Gi Hag EZ a Home je Server 2 Se Server 1 a MS Core i Centi Adminstrator Command Prompt Hicrosoft Windows Version 6 1 7688 Copyright ted 2669 Microsoft Corporation All rights reserved Ci Users Aldministratoredcprom forcerenoval Start JE rr Lem Er 0k 12 ap 2 P ae EN Tal Cb sayma S To return to your computer move the mouse pointer outside or press Ctrle Alt i Ty m Pi H GARRETT COLEMAN STUDENT NO 96344598 209 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 A warning message is generated warning that data is about to be deleted that may not be recoverable and we click Yes to continue ON Active Director
130. ft 1993 2607 All rights reserved BLicensed only for producing Microsoft authorized content y i source tree j source tree complete 22 Files in 9 directories gt Computing directory information complete mage File is 168671648 bytes riting 22 Files in 7 directories to co winpe_andb4 winpe_amd64 iso0 eb complete Final image File is 168891648 bytes Donme ic gt winpe_ amdb4 gt Finally we burn the image Winpe_x86 iso to a CD ROM disc and we now have a bootable Windows PE RAM CD containing the ImagexX tool 2 3 5 Step 5 Capturing the Installation onto a Network Share The penultimate step is to capture an image of our reference computer by using Windows PE and the ImagexX tool We will then store that image on a network share On the reference computer we insert our Windows PE CD ROM disc and restart the computer As previously described to boot from the CD DVD ROM disc we override the boot order by pressing the appropriate function key during initial boot and setting boot from CD DVD as the initial boot location Windows then PE starts and launches a Command Prompt window We then capture an image of the reference installation by using the ImageX tool located on our Windows PE CD DVD ROM by typing E imagex exe capture D D myimage wim my Win Install compress fast verify GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL IX window
131. fyPartition Microsoft Windows Setup DiskConfiguration Disk ModifyPartitions Mod ifyPartition Microsoft Windows Setup Imagelnstall OSIma ge Microsoft Windows Setup DiskConfiguration Input Locale lt nput Locale gt For example en US SystemLocale lt System Locale gt For example en US UILanguage lt UI Language gt For example en US UserLocale lt User Locale gt For example en US UILanguage lt UI Language gt For example en US WillShowUI OneError DiskID 0 WillWipeDisk true Order 1 Size 300 Type Primary Extend true Order z Type Primary Active true Format NTFS Label System Order 1 Partitions il Format NTFS Label Windows Order 2 PartitionIiD 2 WillShowUI OnError InstallToAvailablePartition false DiskID 0 Paeruirioni py A GARRETT COLEMAN STUDENT NO 96344598 pr 1 WindowsPE Microsoft Windows 7 oobeSystem Microsoft Windows 7 oobeSystem Microsoft Windows Shell SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 ge InstallTo AcceptEula true Setup UserData 1 WindowsPE Microsoft Windows Key lt product key gt Setup UserData ProductKe y WillShowUI OnError ForceShutdownNow false Deployment Reseal cds Aidit HideEULAPage true Setup OOBE ProtectYourPC 3 therein and save them to a file In Windows SIM we click Tools and then click Validate Answ
132. g a DHCP server particularly in a large organisation is that DHCP automatically allocates IP addresses within a set range when a node connects to a network It means that administrators don t have to Statically assign an IP address to each individual node however IP address can still be assigned to nodes statically if a node such as a server has to be permanently at a particular IP address 10 2 Procedure 10 2 1 Subtask 1 Install DHCP on Server 2 As DHCP is a server role our first step is to add this role to Server2 We open Server Manager and click Add Roles ioj x File Acton View Help a s Zi Server Manager SERVER2 B Roles g Features Day wslits att Configuration H is Sorage Gat a overview of the status of this server perform top managment tasks and add or remove server roles and features Windows Firewall Domain On UT TIT pe eis Check fer Mew Roles Windows Uodas Never check for updates Bh an Seneity Conkqeectinny ed Lash checked fur updalzs Hever Tp Curtiqure IE ESC Last installed updates Never TE Enhanced Serurily Corfgur alin On for Adminis alors ESC On for Users i Roles Summary Roles Summary Help Fa Add Roles RS Remove Roles l Roles 2 of 17 installed amp Acive Direclory Domar Ser vives A DNS Serve lAl Features Summary Features Summary Help Features 3 of 42 installed aa Add Features a Last Refresh Today at LUA Configure refresh GARRETT
133. g an installation DVD or standard image ISO file to manually install the operating system individually on every computer When employing the High Touch Installation on a larger environment a single installation is carried out and an image of the installation is created using the ImageX tool that is included as part of the Windows Automated Installation Kit AIK 2 1 2 Zero Touch Installation The Zero Touch Installation is a fully automated means of installing windows that is typically employed in larger environments with 500 or more computers It is considered to require a high level of system administration competency as well as a significant budget compared to other installation methods This method uses System Center Configuration Manager to deploy and update servers client computers and devices on a network 2 1 3 Lite Touch Installation LTI The Lite Touch Installation approach that is described hereunder requires some human interaction in the initial stages of the installation but is thereafter automated The approach works well in environments with more than 150 computers The Lite Touch Installation method described below describes the deployment of Windows 7 using the Windows Automated Installation Kit Windows AIK GARRETT COLEMAN STUDENT NO 96344598 pr SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 The procedure follows the step by step instructions provided by Microsoft for how to
134. g on the IPA OU and selecting Delegate Control ss Fie Et View WM Tabs Help H alo OgdinnE A o i home x severa i Server x i ms core Bi denti 3 x Active Direchory Users and Computers This launches the Delegation of Control Wizard and we click Next Delegation of Con tro Wiza rd Welcome to the Delegation of Control Wizard This wizard helps you delegate control of Active Directory objects You can grant users permission to manage users groups computers organizational units and other objects stored in Active Directory Domain Services To continue click Next http technet microsoft com en us library cc732524 aspx Accessed July 10 2014 GARRETT COLEMAN STUDENT NO 96344598 133 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then click Add to add a user or group to whom we wish to delegate control Users or Groups Select one or more users or groups to whom you want to delegate control Selected users and groups Remove We can then type in the name of the group in our case the G_SecurityAdmins group which contains our Administrator users and click Find and then select the correct group from the groups found Multiple Names Found More than one object matched the name G_ Select one or more names from this list or reenter the name E Mail Address Description _ _ In
135. ge password i Password never expires i Store password using reversible encryption Account expires fe Hever C End of The above procedure is repeated for all users GARRETT COLEMAN STUDENT NO 96344598 123 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 8 Part B Task E e Group the users in each OU according to recommended security policies e Prevent the users in the sales OU from being able to see the IT OU in Active Directory e Create 3 group policies to achieve the following e Forward my documents from Client2 to a folder on the root of C on Server2 called User_Docs e Prevent Belfast from accessing control panel Please exclude user 20 from this policy e Publish any MSI file of your choice from the C drive contents to all users in Dublin 8 1 Preamble Organisational Units such as those created in the preceding task are used in Active Directory for the delegation of administrative authority over users However OU s are not security principals and therefore they do not preclude the need for groups as groups are used for controlling permissions of access to resources on a network The difference between OUs and groups has been simply described as You put a user in a group to control that user s access to resources You put a user in an OU to control who has administrative authority over that user Hereunder we will describe the procedure for creating groups th
136. gon hours and click Logon hours Properties for Multiple Items 2 x General Account Address Profile Organization To change a property for multiple objects first select the checkbox to enable the change and then select the change MSCCONV IPA X Log En To User must change password at next logon E l User cannot change password Password never expires Store password using reversible encryption gt Never E Endo 24 August 2014 C cee e GARRETT COLEMAN STUDENT NO 96344598 122 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 By default users are permitted 24 hour access 7 days a week indicated in blue Therefore we select the blue sections for Saturday and Sunday and then click Logon Denied changing the hours for these two days to white indicating Logon Denied and then click OK Logon Hours X Saturday through Sunday from 00 00 to 00 00 We are then returned to the Properties window where we click Apply Properties for Multiple Items x General Account Address Profile Organization To change a property for multiple objects first select the checkbox to enable the change and then select the change UPN suffix MSCCONVIPA kni Saat a Seal 2 Computer restrictions Log Wn To Account options E User must change password at nest logon i l User cannot chan
137. group when it is created and selecting Properties E Active Directory Users and Computers File Action View o timli olXodslbm Baar oe E Active Directory Users and Comput C Saved Queries El gj MSCCONV IPA C Builtin Pa Computers Domain Controllers C ForeignSecurityPrincipals El E IPA E i 2 Belfast E Dublin E Marketing Pa Managed Service Accounts Users GARRETT COLEMAN STUDENT NO 96344598 126 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 In the Member Of tab we can then add the group of which the current group is required to bea member Below we see that we have made the G_ITBelfast group a member of the G_IT group General Members Member OF Managed By Member of MSCCONV IPAAPAVTT Add Remove This list displays only groups from the current domain and groups maintained in the Global Catalog such as universal groups 8 2 1 2 Step 2 Add Users to Groups To add users to a group in ADUC we highlight the users we wish to make members of a group amp Active Directory Users and Computers O x File Action View Help es tim XOeslibaltebrae E Active Directory Users and Comput Name OOOO e O Description Saved Queries JA G_Seaurity Security Group El i MSCCONV IPA S2 G_SecurityAdmins security Group Builtin Organizational Computers Domain Controllers ForeignSecurityPrincipals IPA Managed Service Accounts Users
138. guished Name SID Feme A onei GARRETT COLEMAN STUDENT NO 96344598 147 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 This allows us to search for our G_Security group and then click OK ee a a Select Users Computers or Groups We can then see that the PSO will be applied to the group Multi valu ed Distinguished Name With Secu rity Principal Editor oes EFi gt MSCCONYV lt SID 010500000000000515000 i hme Ee a ls ee ed i ws oe es Be s i i j F GARRETT COLEMAN STUDENT NO 96344598 ee SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then click Apply and OK ee a a a ee a JIPAPSO Properties Es General l Object Security Attribute Editor msOS LockoutObser 0 00 30 00 msDS Lockout Thresh 3 msD5 MaimumFass 30 00 00 00 msD5 MinimumFPassw 2 00 00 00 msD5 MinimumPassw amp msD5 Mc Type anot set msD5 PasswordCom TRUE msD5S PasswordHisto 24 msDS FasswordReve FALSE msD5 FasswordSetti 2 msDS PS5OAppliesTo lt SID 070500000000000515000000e 928 1f name IPAPSO objectCategory CN ms D5 Password Settings CN Schema objectClass top ms05 Password Settings Our next step is to create a second stricter PSO that we will aplly to our G_SecurityAdmins group From the ADSI Edit snap in we follow the same steps as before FF ADSI
139. he steps taken to achieve these results The format and deadline date for the overall assignment submission Parts A and B has been previously detailed in Part A Assignment Details Task A e Using Virtual box VMware Workstation or similar you are to create several virtual machines e Three Servers with server 2008 or later installed 2 of these servers are to be installed with Standard Entreprise or Datacenter edition using the full GUI install and named Serverl and Server2 accordingly The third server is to be a Standard Server Core installation and named MS Core e One Client machine with Windows 7 or later installed and named Client e Clone this Client Virtual Machine and rename the workstation Client2 GARRETT COLEMAN STUDENT NO 96344598 218 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 e Please use adequate sizes for the Hard Disk partitions on each of the Client machines Configure the servers with 200 GB hard disks For the Operating System create a partition of 60 GB accordingly e RAM on all machines is to be 512 MB or greater depending on your amount of available RAM e All passwords are to be Pa wo0Ord e Give all machines a static IP address from the range 192 168 0 0 24 Task B e Please configure the following Forest settings e Server is to be a Domain Controller of a tree called MSCCONV IPA e Client 1 is to be a workstation member of MSCCONV IPA e Server2 is to
140. ials The application then begins to connect to MS Core dm To aa By Remote Desktop Connection Se a Connecting to r eS 192 168 0235 Securing remote connection GARRETT COLEMAN STUDENT NO 96344598 oes SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We accept the warning message advising that the identity of the remote computer cannot be identified Hs Remote Desktop Connection aa The remote computer could not be authenticated due to problems with its secunty certificate t may be unsafe to proceed Certificate name Name in the certificate from the remote computer MSCORE MSCCONV IPA Certificate emors The following errors were encountered while validating the remote computers certificate A The certificate is not from a trusted certifying authority Do you want to connect despite these certificate emors Dont ask me again for connections to this computer ys __Ne__ We can then see the MS Core screen where the server configuration tool is still open We can exit this and then type ipconfig to see the IP address of MS Core and confirm that we are connected to the server from our client workstation a Client2 VMware Workstation Fie Edt View WM Tabs Help H ilu GQ iim Bm oO ip Home Gi Server 2 0 Server 1 ip M5 Core Bi Chentt Sp hiema pj co Adina bribe Wamdowe ieys bem i conden Pec a P
141. ices and Printers Administrative Tools Help and Support Run All Programs Search programs and files 2 Log off GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL Ge NUsers Administrator dsadd Description This tooi commands add specific types of objects to the directory The dsadd commands dsadd computer adds a computer to the directory dsadd contact adds a contact to the directory dsadd group adds a group to the directory dsadd ou adds an organizational unit to the directory dsadd user adds a user to the directory idsadd quota adds a quota specification to a directory partition For help on a specific command type dsadd lt ObjectType gt 7 7 where ObjectType gt is one of the supported object types shown above For example dsadd ou Remarks Commas that are not used as separators in distinguished names must he escaped with the backslash UN character for example CH Company Inc CH Users DC microsoft DC com gt Backslashes used in distinguished names must be escaped with a backslash for example CN Sales Latin America OU Distribution Lists DC microsoft DC com gt Directory Service command line tools help dsadd ff help for adding objects deget help for displaying objects dsmod help for modifying objects dsmove 7 help f
142. if so what settings you want to use s Do not format this volume le Format this volume with the following settings File system NTFS ha Allocation unit size Default anf Volume label New Volume lf Perform a quick format Enable file and folder compression lt Back New Spanned Volume M x Completing the New Spanned Volume Wizard You have successtully completed the Wizard You selected the following settings Volume type Spanned Disks selected Disk 0 Disk 1 Disk 2 Volume size 390455 MB Drive letter or path E File system NTFS Allocation unit size Default Volume label New Volume Quick format Yes To close this wizard click Finish GARRETT COLEMAN STUDENT NO 96344598 eae SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 A similar warning message to when mirroring is displayed which we accept and then spanning is carried out Disk Management f x The operation you selected will convert the selected basic disk s to dynamic disk s If you convert the disk s to dynamic you will not be able to start installed operating systems from any volume on the disk s except the current boot volume Are you sure you want to continue l Yes No Upon completion of the above tasks we can see our mirrored disks coloured maroon and our spanned volume in purple across the three disks Disk Management Volume List Graphical View
143. in i Create a nen domain in an existing forest THe semer wil become the first doman controller mthe new domain f Create a new domain in a new forest More about possible deployment configurations Back Next Cancel At the next window we enter the assignment specified Fully Qualified Domain Name FQDN Active Directory Domain Services Installation Wizard 4 x Name the Forest Root Domain 3f The first domain in the forest is the forest root domain Its name is also the name of EL the forest Type the fully qualified domain name FQDN of the new forest root domain FODH of the forest root domain MSCCONV IPAl Example com contoso com Back Next Cancel GARRETT COLEMAN STUDENT NO 96344598 Bo SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 The next two windows allow us to enable backward compatibility so that any Windows Server 2003 or Windows Server 2008 servers will be compatible with our new domain as regards Forest Functional Level and Domain Functional Level Set Forest Functional Level Select the forest functional level e Windows Server 2003 forest functional level provides all features that are m vailable in Windows 2000 forest functional level and the following additional eatures Linked value replication which improves the replication of changes to group memberships More efficient generation of complex replication topologies by the KCC
144. inale menal apiales of ONS records by wonfigaring dyna updale erid secure dyn updale KS Serd Feedback be Mic usu Allow emule adminish aliu ul DACP servers oy woiiguiing Wincuws Firewall pon Ls yPrevertrogue DHCP servers on Your netwerk by authonzng JHCF servers In Active Clrectory Domelr Etforce networs access polities for dient heath by configuring DACE with rework Access Protection c amp yAutonate management of devices that have static IP add esses by creatiag DHCP reservations E a last tePesh Today ak le 30 Canty ire retesh GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We can then see that the DHCP Server has stopped E Server Manager a Server Manager SERVER DHCP Server E gt Roles TF Active Directory Domain 5e qb El DACP Server Centrally marages ard assigns IF addresses bo n2twork dient ag ferver 2 meccony ipa i E DNS Server W a Features s ai System Services 1 Se a Go to Se vices Dagnostics i Configuretion a a Dee W 23 swrage a CHCP Server DHCPServer Ne Yes E stop lb Start Desurip lur Performs TCP IP configuration for DHCP dients including dyramic assignments o IP addresses specificetion ov the WINS and ONS servers ard connectioi specifc DNS names I this service is stopped the DHIP server wil no perform TCP IP configuration for cents If this service is clsabled any services
145. ings Manual Download and Install Updates Remote Desktop Disabled Hetwork Settings Date and Time 16 gt Log OFF User 11 gt Restart Server 12 gt Shut Down Server 139 Exit to Command Line Enter number to select an option GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 4 3 3 3 Step 3 Rename Client 1 and Client 2 Machines The same procedure as described above for renaming Serverl and Server2 is followed to rename the two client machines VOE jE Control Panel System and Security System Control Panel Home ar a View basic information about your computer la Device Manager Windows edition By Remote settings Windows 7 Professional N Ia system protection Copyright 2009 Microsoft Corporation All rights reserved Ia Advanced system settings Service Pack 1 Get more features with a new edition of Windows 7 System Rating System rating is not available Processor Intel R Core TM 17 36320M CPU 220GHz 2 19 GHz Installed memory RAM 2 00 GB System type 64 bit Operating System Pen and Touch No Pen or Touch Input is available for this Display Computer name dornain and workgroup settings see also Computer name Clientl a Change settings Action Center Full computer name Client Windows Update Computer description Clientl Performance Information and Workgroup WORKGROUP
146. ion Wizard Review your selections gure this server as the first Active Directory domain controller in anew forest a 1e new domain name is MSCCONV IPA This is also the name of the new forest e NetBlOS name of the domain is MSCCONY Forest Functional Level Windows Server 2003 Domain Functional Level Windows Server 2003 e Detault First Site Name z To change an option click Back To begin the operation click Next These settings can be exported to an answer file for use with Export settings other unattended operations Ee More about using an answer file Back Next gt Cancel The wizard then configures Active Directory Domain Services as we have directed Active Directory Domain Services Installation Wizard The wizard is configuring Active Directory Domain Services This process can take from a few minutes to several hours depending on your environment and the options that you selected Waiting for ONS installation to finish Cancel Reboot on completion Finally we click Finish to complete the installation and are then prompted to restart the computer to initialise the settings GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 g Active Direwlory Donain Services IneLellalion Wizard E Ea Completing the Active Directory Domain Services Installation Sa Wizard ve Drectory Deman Services is vow
147. ional Units ah Sm pelt tine Fike Balto iet Organizational Units Name Description Organizational Unit Organizational Unit Organizational Unit E Domain Control Organizational Unit Default container for domain contr G Belfast Organizational Unit GARRETT COLEMAN STUDENT NO 96344598 ps SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 In order to hide an OU from a user or group we open AD UC click View and click Advanced Features to enable them amp Active Directory Users and Computers E JE iol x Fie Action View Help gt il Add Remove Columns Active Dret Large Icons Tipe Desi Be Saved Small Icons Organizational Unit El MSCCO List Organizational Unit Buil Detail Security Group Global Mee ER E EN oe Security Group Globa 7 E Security Group Global a a Computers as containers t S Dor Security Group Global fal For s User El E IPA m F A IIE User Customize User Dublin ds user4 User Marketing a user5 User Managed Service Accounts Users Changes the options for the view We then right click on the IT OU and click Properties amp Active Directory Users and Computers E Active Directory Users and Comput Saved Queries C Builtin builtinDomain El fa MSCCONV IPA Computers Container Default container for upar C Builtin Domain Controllers Organizational Unit Default container f
148. is network device Diagnose this connection Rename this connection BE iil ry a Not connected MSCCOl a Disable K Bluetooth Device Personal Area GE Intel R P Bluetooth Network Connection Ms Local Area Connection Status Diagnose g Bridge Connections Create Shortcut Delete Rename eres GARRETT COLEMAN STUDENT NO 96344598 202 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We can then click on TCP IPv4 and select Properties Networking Connect using ae Intel R PRO 1000 MT Network Connection o Client for Microsoft Networks Fl QoS Packet Scheduler ai File and Printer Sharing for Microsoft Networks Intenet F ol Version 6 Tt Py Pye ae ntemmet Protocol Version 4 TCP Py4 Install Uninstall Description Transmission Control Protocol Intemet Protocol The default wide area network protocol that provides communication across diverse interconnected networks We thin select the Obtain an IP address automatically radio button and click OK 2 es You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings 6 Use the following IP address IP address Subnet mask Default gateway 6 Obtain DNS server address automatically Use the following DNS server addresses Preferred DNS server 192 Alternate DNS serve
149. k You need at least two dynamic disks in addition to the startup disk to create a spanned volume You can extend a spanned volume onto a maximum of 32 dynamic disks Arpaci Dusseau R H amp Arpaci Dusseau A C 2012 Operating Systems Three Easy Pieces E http technet microsoft com en us library cc772180 aspx Accessed July 19 2014 GARRETT COLEMAN STUDENT NO 96344598 eae SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 6 2 System Requirements 6 2 1 Disk Mirroring e As advised by microsoft in Windows Server 2008 R2 as long as there is one additional hard disk it is possible to set up mirroring RAID1 for the operating system volume using only tools already built into the operating system e No special software or hardware is required e Once the disk mirror is set up the operating system and data will be present on both boot disks and the system software will keep data and changes to the operating system such as registry updates in sync on both boot disks e f the primary boot disk should fail the computer can switch over and boot from the secondary boot disk 6 2 2 Spanned Volume e Microsoft note that simple volumes on dynamic disks can be extended on the same disk or set to span other disks without restarting the computer if more disk space is required e A simple volume can only be extended if the file system is NTFS e Avolume that existed before the disk w
150. lation 7 14 2009 Windows Server 2008 R2 ee Full Installation ff14 2009 clone Server S008 E nterorices Server ore Installat nee rae aa Windou ws Server 2008 R2 Datacenter Full Installation vibe 7 14 2009 Windows Web IE 2008 RO Full In stallation 7 14 2009 Windows Web Server 2008 R2 Server Core Installation 7 14 2009 Description This option installs the complete installation of Windows Server This installation includes the entire user interface and it supports all of the server roles GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We select the Windows Server 2008 R2 Datacentre Server Core Installation for the MS Core Server VM e Install Windows Select the operating system you want to install Architecture Date modified Windows Server 2008 Re Standard Full Installation x4 7 14 2009 Windows Server 2008 Re Standard Server Core Installation xo f 14 2009 Windows Server 2008 R2 Enterprise Full Installation xb F714 2009 Windows Server 2008 R2 Enterprise Server Core Installation x4 7 14 2009 Windows Server 2008 Re Datacenter Full Installation xo P14 2009 Windows Server 2008 R2 Datacenter Server Core Installation 64 7 14 2009 Windows Web server 2UUs Pe Full Installation FECT Windows Web Server 2008 R2 Server Core Installation ae 7 14 2009 Description This eption installs a minimal installation of Windows Server without th
151. le for Windoas trace Wiodsas 7 PROFFS SIONS Koranna he opened fortis folewre maser Cannot tind the cotalogtle aezociated wilh Ihe Windowe mage V indowe PROFESS ONSLN ou musl Feve a valid valduy ike lu continue Du yuu ward lo credle a udaku file rarm hear adminiairater cf the local machine Em No available proportics Selec a Windows imags or cata ag dils KVL 10 elation Cantaura St We click File New Answer File and an empty answer file appears in the Answer File pane _ H Untitled Windows System Image Manager File Edit Inset Tools Help Apad a Piveaie a Componenta pe windows PE i 2 offine Sarvieng al 3 genealze a 4 specialize ro 5 audilSyslem i a8 6 audit Jser ll 7ooscSystem No available propertes B Windows 7 PROFESS ONALN m Componenta L Packages 5 11 OM G 13 2014 a ez Thal W GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Our next step is to define basic disk configuration and Windows Welcome settings In the Windows SIM Windows Image pane we expand the Components node to display available settings that can be copied to our answer file A Untitled Window System Image Manager File Eert Insert Tools Help a mkd secta Diartutor hae E Compencnia poo pag windowsPE poi 2 offineSenvicng i aa 3 geiealze o jf 4 specialize a 2 audilSyslerm lg 6 audit Jser oh
152. les and SYSVOL Fi For better performance and recoverability store the database and log files on separate volumes Database folder CAWindowsiNTDS Browse Log files folder CAWindows NTD 5 Browse SYSVOL folder C Windows S7SVOL Browse More about placing Active Directory Domain Services files lt Back wa The next step is to create the Directory Services Restore Mode DSRM password which is used in the event of the Active Directory requiring to be restored or maintained and as such this password should be recorded and stored in a safe place such as a fire proof safe l Active Directory Domain Services Installation Wizard x Directory Services Restore Mode Administrator Password 5 Sa The Directory Services Restore Mode Administrator account is diferent from the domain Administrator account Assign a password forthe Administrator account that will be used when this domain controller is started in Directory Services Restore Mode We recommend that you choose a strong password Password eoeeesee Contin password evseeee More about Directory Services Restore Mode password GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 The next window gives a summary of selected settings which can be exported to allow the same installation to be rolled out on several computers gi Active Directory Domain Services Installat
153. lowing Active Directory folder MSCCONV IPAJIPA The groups users or computers to which you have given control are G SecuntyAdmins MSCCONW G_ SecuntyAdmins You chose to delegate the following tasks To close this wizard click Finish lt Back wa Hels _ GARRETT COLEMAN STUDENT NO 96344598 136 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 8 2 1 5 Step 5 Create and Apply Fine grained Password and Account Lockout Policies As recommended by microsoft we will now use a feature that was added to Windows Server 2008 whereby fine grained password policies can be used to specify multiple password policies and apply different password restrictions and account lockout policies to different sets of users within a single domain In our case we will create a Password Settings Object PSO that is to be applied to our general G_Security group that includes all users and a second stricter PSO that will be applied to the Admin users in our G_SecurityAdmins group We will see how it is possible to set a higher precedence on the stricter PSO such that it overrides the general PSO From the start menu on Sever we type ADSI into the search bar and then open ADSI Edit g Server 1 VMware Workstation 3 EZ File Edt View VM Tabs Help is 2 oO0d 0a x m o ig Home x ih server 2 i Server 1 x Bi mscore ve E Genes x i ca x erverl eae ee aj aO AS m To
154. ministration of OUs is the Active Directory Users and Computers ADUC Microsoft Management Console MMC snap in From here we will illustrate below how to create OUs new users and groups and how to apply Group Policies sal http technet microsoft com en us library hh831484 aspx Accessed July 19 2014 a T Brett Introduction to Active Directory Services June 10 2014 GARRETT COLEMAN STUDENT NO 96344598 113 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 7 2 Procedure 7 2 1 Subtask 1 Create Organisational Unit Structure To create Organisational Units OU we click Start Administrative Tools Active Directory Users and Computers AD UC a Server 1 Vidware Workstation a EA File Edt ra VM Tabs Help melal begim amp o Home x isever2 x Servers Simscore Gictenta 5 denz r al r 1 Server1 All Programs p A a ioe eE Pte oem e 2 5 n CEEL LOEAN To retum to your computer move the mouse pointer outside or press Ciri AR We then right click on our domain select New and click Organisational Unit Active Directory Users and Computers es amO OaslHm anra C Saved Queries builtinDomain El E MSCCONV J Delegate Control Container Default container for upgr Ll Builtin Find Organizational Default container for dom LJ Corin Change Domain Container Default container for secu ES Pamei Change Dom
155. n answer file coe GARRETT COLEMAN STUDENT NO 96344598 212 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Active Directory Domain Services is then removed from the computer Active Directory Domain Services Installation Wizard The wizard is configuring Active Directory Domain Services This process can take from a few minutes to several hours depending on your environment and the options that you selected Reading domain policy from the local machine Reboot on completion We click Finish to complete the wizard gi Active Directory Domain Services Installation Wizard Completing the Active Directory Domain Services Installation Wizard tive Directory Domain Services was removed from this omputer ive Directory Domain Services AD 0 binaries will ain installed after demotion of this domain controller o uninstall the AD DS binaries use Server Manager to ove the AD DS role ome emors occured during the operation Consult the vent log for more information j To close this wizard click Finish lt Back Eancel It is necessary to restart the computer the effect the above changes l Active Directory Domain Services Installation Vi ard You must restart your computer before the changes made by the Active Directory Domain Services Installation wizard take effect Do not Restart Now GARRETT COLEMAN STUDENT NO 96344598 213
156. n below should be visible if they are not it is necessary to change the folder properties to display hidden as well as system files Med a Computer TRASLER G Organize Open Burn New folder Nare Er Favorites E Desktop RECYCLER J Downloads EPE EAE TE tater 7 2 Recent Places 73F1 901 A358 4 9 Q96E BS2A14FC2CE4 BEK B25 201d do PA BRK Ee _ BitLocker Recovery Key DSD7DLF6 0310 40C0 823F CBFFACICFO93 TAT G 25 201444PM Tet Docume ve Libranes Docurnents a Musie w Pictures H videos E Computer E Local Disk C ga NEW VOLUME F as TRAILER G E RECYCLER A Systers Volume In ti Network m 2 tems selected Date modened 6 25 2014 4 44 PM Date orewbed 6 25 2014 4 53 PM fre LOJ KE SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then copy the two files from the USB drive to our virtual hard drive go lca Computer gt NEW VOLUME F p Search New Y rch NEW VOLUME Organize include in library Shane with Bun New Feide or Favorite Marre Date modefned Type BB Desktop Recycle Bin ore jp Downloads F3FLSO01 4356 41 E9 S9EE BSZALECICR 6 SL Recent Places i BitLocker Recovery Key OS0701R 0310 6 eu d Peal File telte 1d d PA EEE File FSR dH Phl Test Dacurnent i Ta Libraries Documents al Music tal Pictures H vdeo Computer amp Local Disk C cca NEW VOLUME F tha Network It is now safe to unm
157. n has been cancelled due bo restrictions in effect on this computer Please contact your system administrater 8 20 PM i s7 i a 1 a F C To retum to your computer move the mouse pointer outside or press Ctre AR i A If we log on to client as userl3 who is a member of the Belfast OU but has been explicitly exempt from the group policy we see that the control panel is available from the start menu a Client VMware Workstation 1E jl Setting Started nel Connect to a Proyector Se Sticky Notes Sg Snipping Tool 7 EPS Viewer a Windows Fax and Sean A l Remote Desktop Connection re Default Programs Bagnie Help and Suppor PAN Programe Devices and Printers Search programs and files Di r a S gig BSLPM 2 Le NANA eee E SEAE To direct input to this VM move the mouse pointer inside or press CtrleG GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 8 2 5 Subtask 5 MSI File Publishing Group Policy Object It is possible to use a GPO to publish a package and thus share out an MSI installation package out to users on the network who can then install the package by using Add or Remove Programs Our first step is to create a folder on the C drive of the Serverl machine called MSI Files into which we save an MSI file for Powerpoint Viewer and then share it out to the users in the G_ITDublin gro
158. net mask 255 255 Default gateway Obtain DNS server address automatically Use the following DNS server addresses Preferred DNS server 192 168 Alternate DNS server 192 158 E Validate settings upon exit GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 The next step is to add Client as a member of our domain which we effect by opening System Properties and clicking Change We then select the Member of Domain radio button and enter the FQDN for our domain as previously specified sad Properties Computer hare Germain ieme You can change the name and the membership of this computer Changes might affect access to network resources More information Computer name Client 1 Full computer name Domain MSCCONV IPA C Workgroup WORKGROUP Windows Security Computer Name Domain Changes Enter the name and password of an account with permission to join the domain _ Adminstrator Se coxa MSCCONY APA GARRETT COLEMAN STUDENT NO 96344598 pe SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 A message advises us that the computer is now a member of the domain In order to effect the changes it is necessary to restart the computer Computer Name Domain Changes 4 You must restart your computer to apply these changes Before restarting save any
159. ng e Forward my documents from Client2 to a folder on the root of C on Server2 called User_Docs e Prevent Belfast from accessing control panel Please exclude user 20 from this policy e Publish any MSI file of your choice from the C drive contents to all users in Dublin Task F e Setup the MS Core server as a file server e Configure MS Core for Windows Remote administration e Access MS Core from Client2 using remote desktop Task G e Install DHCP on Server2 with the scope 192 168 0 100 to 192 168 0 150 default mask and appropriate DNS address Configure Client2 to obtain its address and TCP IP settings from DHCP e If you disable DHCP services what address will Client2 get Task H e Decommission Server 2 from the Active Directory system using a method which would be used if the server became unbootable GARRETT COLEMAN STUDENT NO 96344598 220 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Appendix D Creation of a Virtual Machine amp Installation of Windows 7 Pro OS Task A 1 Creation of a Virtual Machine amp Installation of Windows 7 Pro OS A 1 1 Creation of Windows Virtual Machine For the purposes of the tasks described in this manual VMWare Workstation 9 has been used The installation of this program is outside the scope of this manual The first step is to launch the VMWare program and select create a new virtual machine which opens the new virtual machine wizard
160. ng and Updates Never check for updates h feedback Feedback Windows Eror Reporting off Not participating in Customer Experience Improvement Program sal Download and install updates Checked for Updates Installed Updates E gt Customize This Server ig Customizing your server des Add roles Do not show this window at logon GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We right click on our Local Area Connection and select properties Er Network Connections I Control Panel Network and Internet Network Connections Organize Disable this network device Diagnose this connection Rename this connection View status of this connection T h Ci 7 Ce Local Area Connection We Tv ja pT e i Intel HJ Disable yl Bridge Connections Create Shortcut i Delete p F R ename We then select the Internet Protocol Version 4 TCP IPv4 item and click Properties i Local Area Connection Properties EH Intel R PRO 1000 MT Network Connection This connection uses the following items 1E Client for Microsoft Networks F QoS Packet Scheduler ai File and Printer Sharing for Microsoft Networks wi Intemet Protocol Version 6 TCP IP w6 aed Intemet Protocol Version 4 TCP IP v4 ai Link Layer Topology Discovery Mapper 1 0 Driver wi Link Layer Topology Discovery Responder Install Uninstall Ss Transmission
161. nment is to give you a thorough understanding of operating systems management and networking through your practical knowledge and skills This document is Part A of a two Part Assignment Part B will be given out at a later date both components are to be submitted together as a single assignment in one document with Part A and Part B clearly marked out accordingly For this assignment you are asked to carry out a series of practical exercises It is essential that you document your steps and processes from the beginning of the assignment to the end For each practical task you should provide legible screen shots at each Stage to show its progress and completion These screen shots should be documented as ina professional user s manual and such that it could be used to instruct a trainee IT administrator on how to perform the relevant tasks At the end of the assignment you will be required to provide the assessor with an artefact which conforms to the following e Artefact The artefact to be produced is a user s manual showing the steps which need to be taken to complete each of the relevant tasks As in any user manual for each of the tasks all technical issues with regard to hardware and software requirements which must be met should be detailed accordingly Screen shots should also be used to illustrate the steps throughout e References Any references used should be in APA format e Naming Convention and document type The
162. nsalec on tis omputer ter the demain MEClONW IPA is Active Directory donzin controller is assiqved ta the ie Defauk Frst Ste Name You can manage sites Hthth gt Active Directory Stes enc Services dminietrative tool Ta clase his wirarc click Firisk You must restart your computer before the changes made by the Active Directory Domain Services Installation wizard take effect Soa Rett Non 5 2 2 Subtask 2 Setup Client as a Workstation Member of the Tree 5 2 2 1 Step 1 To setup client as a workstation member of the domain server we firstly setup the member on the same network as the domain server We previously assigned a static IP address to client within the same range as Serverl and we now set the IP address of Serverl as the preferred DNS of clientl setting the IP address of Server2 as the alternate DNS address Server2 will be set up as a second domain controller later G J t Control Panel Network and Internet Network Connections iraani an hla thir natuan edarra Chis thi DAOS ion Rename this c bnnection Networking network 1000 MT Network E Internet Protocol Version 4 TCP IPva Properties General You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically Use the following IP address IF address 192 168 Sub
163. nsure that your newly nstalled role or feature is automatically updated turn on Windows Update in Control Panel IPY DNS Settings IPv4 WINS Settings T Installation succeeded DHCP Scopes DHCP v6 Stateless Mode IPv6o DNS Settings DHCP Server Authorization Confirmation Progress Results Print e mail or save the installation report Previous As we are using virtual machines for the purpose of illustrating this user manual in order for the DHCP server to work DHCP must be disabled within VMware In order to do this we click Edit from the VMWare dropdown menu and then select Virtual Network Editor We then select the NAT external connection and untick the box beside Use local DHCP service to distribute IP address to VMs and then click OK ge Virtual Network Editor Name Type External Connection Host Connection DHCP Subnet Address Mneto Bridged Auto bridging YMnets NAT MAT Connected 192 165 145 0 Add Network Remove Network Mnet Information Bridged connect VMs directly to the external network Bridged to Automatic Automatic Settings NAT shared host s IP address with VMs NAT Settings 3 Host only connect VMs internally in a private network Connect a host virtual adapter to this network Host virtual adapter name VMware Network Adapter VMnet _ Use local DHCP service to distribute IP address to VMs DHCP Settings Subnet IP 192 168 145 0 Subnetmade
164. o Having checked that the required roles and features are installed dcpromo then opens the Active Directory Domain Services Installation Wizard We do not require the advanced mode installation and so we leave this unticked and click Next GARRETT COLEMAN STUDENT NO 96344598 82 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 g Active Directory Domain Services Installation Wizard a i Welcome to the Active Directory Domain Services Installation Wizard This wizard helps you install Active Directory Domain Services AD D5 on this server making the server an Active Directory domain controller To continue click Next Leam more about the additional options that are available in advanced mode installation More about Active Directory Domain Services Bash Caneel _ The next window describes some of the new features inherent in Windows Server 2008 gi Active Directory Domain Services Installation Wizard Operating System Compatibility Improved secunty settings in Windows Server 2008 and Windows Server 008 R2 affect older versions of Windows A Windows Server 2008 and Windows Server 2008 R2 domain controllers have a new more secure default for the secunty setting named Allow cryptography algorithms compatible with Windows NT 4 0 This setting prevents Microsoft Windows and non Microsoft SMB clients from using weaker NT 4 0 style cryptography algorithms when e
165. ociated routing prefix 192 168 100 0 or equivalently its subnet mask 255 255 255 0 The 24 relates to the amount of 1 s in the subnet mask i e 11111111 11111111 11111111 00000000 which is equal to 255 255 255 0 In summation 24 bits identify the host portion 8 bits identify the node Therefore we will provide each node on our network with a static IP address of 192 168 0 x with x being between 1 and 255 and with a subnet mask of 255 255 255 0 4 2 System Requirements The system requirements for the installation of Windows Server 2008 R2 are as follows e Processor 1 4 GHz 64 bit processor e RAM Minimum 512 MB Maximum 32 GB for Windows Server 2008 R2 Standard 2 TB for Windows Server 2008 R2 Enterprise 2 TB for Windows Server 2008 R2 Datacenter e Estimated minimum disk space requirements for the system partition 32 GB The system requirements for the installation of Windows 7 Professional 64 bit are as follows e Processor 1 GHz 32 bit x86 or 64 bit x64 processor 6 http msdn microsoft com en us library dd184075 aspx Accessed July 17 2014 T Brett IP Addressing CIDR July 8 2014 http technet microsoft com en us library dd379511 v ws 10 aspx Accessed July 17 2014 i http windows microsoft com en lE windows7 products system requirements Accessed July 17 2014 GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 RAM 1 gigabyte
166. ol Panel pa Control Panel Home View basic information about your computer i dy Remote settings Windows Server 2008 R2 Datacenter gq PE RE PANEI A AERE Copyright 2009 Microsoft Corporation All rights reserved System Processor Intel R Core TM i7 36320M CPU 2 20GHz 2 19 GHz Installed memory RAM 2 00 GB System type 54 bit Operating System Pen and Touch No Pen or Touch Input is available for this Display Computer name domain and workgroup settings Computer name WIN 302CTV 70914 Full computer name WIN 302CIV 70914 Computer description Workgroup WORKGROUP See also Windows activation Action Center 2 days until automatic activation Activate Windows now Windows Update Product ID 00496 164 2400001 84204 Change product key GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 On the System Properties window we open the Computer Name tab and click Change System Properties l Computer Name Hardware Advanced Remote i h Windows uses the following information to identify your computer lt an the network Computer description Server 1l For example WS Production Server or Accounting Server Full computer name WIN 304C IV 70S 4 Workgroup WORKGROUP To rename this computer or change its domain or Change workgroup click Change We then enter the computer name as applies You can chang
167. olPanel El A Forest MSCCONYV IFA eae i Deta ls Setings Deleyaliv E E Domains El gf MSCCOW PA These groups and users have the specifiec permission for this GFO aE Default Domain Policy larcups and users ia GPO_BlockControlPanel HE GPO_ClientiDocForward E Domain Controllers EE Authenticated Users Read from Security Titering o E IPA KE Demain Admins MSCCON Ws Dorain Admins Fdit setings delete modify sera mby El Group Policy Objects iA Erterpise Admins MSCCON V Enterpise Sdmins Edit settings delete modify secunty l Default Domain Controllers Kt ENTERPR SE DOMAIN CONTROLLERS Read j Detault Domain Policy ha sits leM Edit settings delete modihy security lay GPC _BlockContralParcl s user TI user 1 J2 MSCCoNV IPA 5 GPC ClientiDocForward WMI Filters Starter GPOs io Sites F Group Policy Modeling Et Group Policy Results GARRETT COLEMAN STUDENT NO 96344598 173 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then reselect userl3 and in their permissions we tick the Deny checkbox for Apply group policy and click Apply and OK mar Re ae k ee he ee T ee es ll a 1GPO_BlockControlPanel Security Settings i Group or user names E CREATOR OWNER s Authenticated Users Pennissions for userl 3 Allow Deny Write Create all child T Special permissions For special pemissions or advanced settings Advanced cick Advanced Leam about access control
168. olicy Results Secunty iteng The settings in this GPO can only apply to the following groups users and computers H Adhenticated Users KG ITBefast iMSCCCN VG ITBefast Add Properties WMI Filtering This GPO is linked to the following WMI filter lt none gt T Open Certain containers may have blocked inheritance and in order for this GPO to affect them as well we enforce the GPO by right clicking on it and selecting Enforced Group Policy Management 2 re Policy Management GPO BlockControlPanel El Fu esl MSCCCNY IPA a Diomairs Scope Details Settirgs Delegaton El g s MSOCCNV IPA Links bai Default Domain Policy Display links in this cation ARANA a H GPO ch blowing atca dormaina and O La are linked to tha GPO a E tabled at E Group P PEERED Yes M3CCONV IPA at View E 5 New Window from Here E GPC Nelete ity Filtering 3 WMI FIt Rerame ettings in this GPO can only apply to the following groups users and computers a Gj Starter Refresh Te aa tuthenticated Users TA Group Policy Mo Help ie Group Policy Results 2_ T Belfast MSCCONV G_ TEelfast Add Jemove Properies WMI Altering This GPO is linkedto the folowing WMI iter none gt pen GARRETT COLEMAN STUDENT NO 96344598 176 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We can then test that the GPO has been applied by
169. ollege Dublin The full texts of the module assignment are provided in Appendices B and C hereunder The required tasks are broken into two parts A and B Part A relates to network based installation of Windows operating systems and the enforcement of full drive encryption while part B relates to the setting up of server operating systems and the configuring of servers networks and Microsoft s Active Directory Domain Service This user manual explains the reasons why the required tasks would be carried out in an enterprise environment highlighting the benefits and drawbacks of approaches where applicable and then describes in writing with the aid of annotated screenshots the steps that need to be taken to complete each of the relevant tasks The manual has been written for a trainee IT administrator with the aim of instructing said trainee as to how the relevant tasks would be carried out and references are provided where pertinent to facilitate further learning The manual is broken up into parts A and B with sub sections relating to each task required to be carried out as listed in the table of contents above The instructions for each task are provided at the beginning of each sub section in italics and the description of each task generally takes the form of a preamble describing the reasons for carrying out said task along with any related advantages and or disadvantages followed by an overview of any system requirements
170. om the DHCP server they can be given DHCP options such as the IP Server Roles addresses of DNS servers and the parent domain name The settings you provide here will be applied to cients DHCP Server sche Shi Network Connection Bindings Specify the name of the parent domain that cients will use for name resolution This domain will be used for all scopes you create on this stateless IPv DHCP server IPv4 DNS Settings IPv4 WINS Settings Parent domain MSCCONV IPA DHCP Scopes DHCP y6 Stateless Mode Specify the IP addresses of the DNS servers that cients will use for name resolution These DNS servers will be used for all scopes you create on this DHCP server IPv6 DNS Settings DHCP Server Authorization Preferred DNS server IPv6 address Confirmation Validate Progress Results Alternate DNS server IPv6 address Feco 0 0 Ffff 1 Validate More about DNS server settings lt Previous next gt Install Cancel We then authorise the DHCP server by selecting Use Current Credentials and click Next Add Roles Wizard 3 x Authorize DHCP Server Before You Begin Active Directory Domain Services AD DS stores a list of DHCP servers that are authorized to service cients on the network Authorizing DHCP servers helps avoid accidental damage caused by running DHCP servers with server Roles incorrect configurations or DHCP servers with correct configurations on the wrong network DHCP 5 ih Specify
171. omp Sc IPA S3 Systems Man Browse I will install the operating system later The virtual machine will be created with a blank hard disk Help lt Back ar Next i Cancel We then select the OS that we want to install namely Windows Server R2 x64 Windows XP Professional Windows XP Professional x64 Edition Windows 2000 Professional Windows NT Windows Server 2012 Hyper V unsupported Windows Server 2008 R2 x64 Windows Server 2008 Windows Server 2008 x64 Windows Server 2003 Standard Edition Windows Server 2003 Standard x64 Edition Windows Server 2003 Enterprise Edition Windows Server 2003 Enterprise x64 Edition Windows Server 2003 Small Business Windows Server 2003 Web Edition Windows 7 x64 Hep lt Bak Cancel GARRETT COLEMAN STUDENT NO 96344598 53 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then name the VM and chose where to save all of the files associated with it New Virtual Machine Wizard Name the Virtual Machine What name would you like to use for this virtual machine Virtual machine name Server 2008 R2 x64 Location C Users Garrett MSc Comp Scd IPA S3 Systems Management The default location can be changed at Edit gt Preferences lt Back Next gt Cancel We then set the disk capacity of the virtual HDD at 200GB as specified in the assignment brief We select the option to Split virtual disk into multiple files which r
172. on El J Policies E Software Settings Windows Administ yjew C Preferences Paste Refresh Export List Properties Creates a new item in this container We then navigate to the MSI Files share on Server that we created above and select the ppviewer MSI file Organize New folder Hse ow Mil a Music al Name Date modified Type ppviewer 27 10 2006 23 27 Windows Installer P EE videos i 1oy gp Computer Local Disk C al DVD Drive D GRE ga New Volume F El th Network ol CLIENTI li SERVER BB Msi Files netogon i sysval ol SERVER aiaj i File name GARRETT COLEMAN STUDENT NO 96344598 ps SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 In order for the powerpoint viewer program to be added to the Add or Remove Programs list for users to whom the GPO is applied we then tick the Published deployment method radio button and click OK Deploy Software X Select deployment method i Published Assigned C Advanced Select this option to Publish the application without modifications The next step is to add users groups to whom the GPO will apply Within the GPM snap in we select the GPO and click Add under the Security Filtering section E Group Policy Management Fle Action View Wincow Feb ee sir unl alH m eis Group Moicy Managenent E A Farast MSCCCNV TPA
173. onfiguration Ethernet adapter Local Area Connection Connection specific DHS Suffix i 4 T Da m4 LE PAOD es 2 a S oa S m fo ETE 102i 3e 7dBcxii IPu4 Address 192 168 80 21 2 Subnet Mask 55 255 255 8 PETAULEL LALEWAN a a Tunnel adapter isatap t6E57C285 ASD8 4A6F B46 8 6 B99400745 DC Media State a a a22 2 Media disconnected Connection specific DHS Suffix Tunnel adapter Local Area Connection 11 Media State Joa ie ona a ae a Media disconnected Connection specific DHS Suffix IC Users fdministrator gt GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL From the command line on Server2 we type ipconfig to confirm that the IP address has been assigned successfully C Users Administrator gt ipconfig hiindows IP Configuration Ethernet adapter Local Area Connection Connection specific DHS Suffix IPu4 Address 192 168 09 22 Subnet Mask a a a 255 255 255 0 DEeraAuit GATEWay Tunnel adapter isatap 6E57C2B5 A3D8 4A6F B485 8 5699466745 DC gt Media State aes Media disconnected Connect ion specif ic DNS Suffix 3 Tunnel adapter Local Area Connection 11 Media State a a a E Media disconnected Connect ion specif ic DNS Suffix E Users Administrator gt 4 3 4 2 Step 2 Assign Static IP Addresses to MS Core To assign a static IP a
174. ontroller Options Select additional options for this domain controller V DNS server i Global catalog Read only domain controller RODE Additional intormation The first domain controller in a forest must be a global catalog server and cannot be an RODC We recommend that you install the DNS Server service on the first domain controller More about additional domain controller options Back Next gt Cancel A warning message is then displayed which we can ignore as the server will be configured later Active Directory Domain Services Installation Ward ed A Adelegation for this DNS server cannot be created because the A authoritative parent zone cannot be found or it does not run Windows DNS server If you are integrating with an existing DNS infrastructure you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain MSCCONY IPA Otherwise no action is required Do you want to continue GARRETT COLEMAN STUDENT NO 96344598 a SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We can then specify locations for database log files and SYVOL to be stored which we leave as default Active Directory Domain Services Installation Wizard x Location for Database Log Riles and SYSVOL Specify the folders that will contain the Active Directory domain controller ee eet database log fi
175. ontroller to our domain is given that Server2 has already been assigned a static IP address within the same range as Serverl to add the IP address of Server as the preferred DNS of Server2 Internet Protocol Version 4 TCP IPv4 Properties hale General You can get IP settings assigned automatically if your network supports this capability Otherwise you need to ask your network administrator for the appropriate IP settings C Obtain an IP address automatically Use the following IP address IP address Subnet mask 255 J55 Default gateway 4 1 oy E aa E I Pl m m fa rt obtain DNS server address automatically j L m i Use the following DNS server addresses J Preferred DNS server 192 168 0 Alternate DNS server Validate settings upon exit Advanced Cancel 5 2 3 2 Step 2 As with Server we enter dcpromo from the command line tn Administrator Command Prompt Microsoft Windows Version 6 1 7600 Copyright tc 2609 Microsoft Corporation All rights reserved Co Users Administrator dc promo GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We follow the steps as with Serverl however for Server2 we select the Add a domain controller to an existing domain radio button
176. open files and close all programs Once the computer has restarted by right clicking on computer from the start menu and selecting properties we can see that the computer is now a member of the domain TOE jE Control Panel System and Security System Search Control Panel P Control Panel Home i er View basic information about your computer p Device Manager Windows edition ia Remote settings Windows 7 Professional N System protection Copyright 2009 Microsoft Corporation All rights reserved ee Adwanced system settings Service Pack 1 Get more features with a new edition of Windows 7 LLL System Rating System rating is not available Processor Intel R Core TM i7 36320M CPU 2 20GHz 2 19 GHz Installed memory RAM 2 00 GB System type 64 bit Operating System Pen and Touch No Pen or Touch Input ts available for this Display Computer name domain and workgroup settings See also Computer name Clienti E Change settings Action Center Full computer name Clientl MSCCONVIPA Windows Update Computer description Client i Performance Information and Domain MSCCONV IPA Tools Windows activation GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 5 2 3 Subtask 3 Setup Server2 as a Second Domain Controller of the Tree 5 2 3 1 Step 1 Similarly to the steps above the first step in adding Server2 as a second domain c
177. or dom pnpa ForeignSecurityPrincipals Container Default container for secu Domain Controllers E infrastructure infrastructureUpdate C ForeignSecurityPrincipals IPA Organizational Unit i IPA El ki C LestAndFound lostAndFound Default container for orph Managed Service Accounts Container Default container for man ATDS Quotas msDS QuotaContainer Quota specifications cont Program Data Container Default location for storag System Container Builtin system settings Users Container Default container for upor NTL Cut Delete E GARRETT COLEMAN STUDENT NO 96344598 156 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 From the Security tab we click Add to add a user or group General Managed By Object aroup OF USer names COM Attribute Editor ER SELF KE Authenticated Users EA SYSTEM BA G_SecurtyAdmins MSCCON VG _Secunity dmins 2 Domain Admins MSCCONV Domain Admins Allow Deny Pemissions for Everyone Full control Read Write Create all child objects Delete all child objects For special permissions or advanced settings click Advanced Leam about access control and pennissions mea toon vee As described before we can retrieve the group we wish to use in this case the G_Marketing group that contains the users who reside in the Marketing OU Select Users Computers Service Accounts or Groups
178. or moving objects dsquery ff help for finding objects matching search criteria dsrm help for deleting objects iC Users Administrator gt To create an enabled user account named user with a password of Pa wOrd that is not to change password at first logon in our organizational unit OU named IPA in our domain named MSCCONV IPA we would type dsadd user cn userl ou IPA dc MSCCONV dc IPA disabled no p Pa wOrd mustchpwd no SC Users Administrator gt dsadd user cn userl ou PA dc MSCCONU dc I PA pud Passube f rd mustchpwd yes disabled no The main benefit of using a TUI environment to administer users is that it allows us to write One script to create disable delete accounts across multiple domains thus saving time and minimising scope for human error GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 7 2 3 Subtask 3 Create Users For the purposes of this manual we are using the GUI environment inherent in Active Directory to create our users We right click on the OU in which we wish to create a user click new and select User E Active Directory Users and Computers loj x File Acton View Help e9 Am4 OXE ablHm SATAR z Active Directory Users and Comput Mame me o O Description C Saved Queries eas E ay MSCCONV IPA There are no items to show in this view
179. or password 4 The user s password must be changed before logging on the first time 3 Windows Server 2008 Datacenter GARRETT COLEMAN STUDENT NO 96344598 pes SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We set the password as Pa wOrd as specified in the assignment brief Administrator eseese 7 Windows Server 2008 Datacenter w i Your password has been changed Windows Server 2008 Datacenter 4 3 2 Subtask 2 Create Client Machine with Windows 7 The assignment brief requires us to create a client machine with Windows 7 or later installed named Client which is to be cloned and renamed as Client2 The creation of the client VM is as described in Appendix D hereunder including an installation GARRETT COLEMAN STUDENT NO 96344598 Eo of windows 7 professional SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 In order to minimise resources used by the virtual machines and to provide redundancy in the event of failure of any of the VMs we will create linked clones of all of our VMs Linked clones allow us to install an operating system once and make copies of it whereby the OS that is being cloned is used as a base image and the cloned VM uses the base image when it is powered on This means that the cloned VM uses significantly less space as it does not need the initial OS space that a newly created VM normally uses The de
180. orking New Virtual Machine Wizard r Siem Select 1 0 Controller Types Which SCSI controller type would you like to use I O controller types IDE Controller ATAPI SCSI Controller BusLogic Not available for 64 bit quests E LSI Logic The standard recommended LSI logic SAS SCSI controller is selected and we then click next to move to the next step New Virtual Machine Wizare eee Specify Disk Capacity How large do you want this disk to be l Maximum disk size GB 60 0 Recommended size for Windows 7 x64 60 GB Allocate all disk space now Allocating the full capacity can enhance performance but requires all of the physical disk space to be available right now If you do not allocate all the space now the virtual disk starts small and grows as you add data to it Store virtual disk as a single file Split virtual disk into multiple files Splitting the disk makes it easier to move the virtual machine to another computer but may reduce performance with very large disks We specify the maximum disk size as 60GB as per the assignment instructions tick to allocate 1 all disk space now and select to split the virtual disk into multiple files GARRETT COLEMAN STUDENT NO 96344598 224 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 New Virtual Machine Wizard rower Select a Disk Which disk do you want to use A virtual disk is composed of one or
181. ould be the only option and click Save G BitLocker Drive Encryption C Save your Startup Key inget a removeble USE memory device and select its deve then click Save When prompted we save the recovery key to the same USB drive for simplicity How do you want to store your recovery key A recovery key is different from your PIM or Startup key E is used te access your files and folder if a problem with your computer prevents you from dorg 20 gt Save the recovery key to a USB flash drive gt Save the recovery key to a file Print the recovery key Some settings are managed by your pater administrator Vhal a recovery keyi GARRETT COLEMAN STUDENT NO 96344598 E SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 The next window confirms that the recovery key has been saved at which point we pause without closing this window ec Se BitLocker Drive Encryption C How Go you want to store your recovery key A recowery key ts different from your PIN or Startup key E is used to access pour files and folders if a problem with your computer prevents you from doing s Save the recovery key to a USB flash drive Save the recovery key to a file Print the recovery key O Your recovery bey has been saved 3 3 2 4 Step 4 Copy BitLocker Keys to Virtual Disk The next step is to open the mounted USB Drive in windows explorer A BEK and a TXT file as show
182. ound Card Auto detect Printer Present E Display Auto detect Connected E Connect at power on Connection Use floppy image file Create Browse Read only This opens a summary of the specification for the virtual machine that we are creating We highlight the floppy device and click on remove to minimise unnecessary resource usage New Virtual Machine Wizard Ready to Create Virtual Machine Click Finish to create the virtual machine and start installing Windows 7 x64 and then VMware Tools The virtual machine will be created with the following settings Name Windows 7 x64 a Location C Users Lenovoe Documents Virtual Machines Win Version Workstation 9 0 Operating Syst Windows 7 x64 Hard Disk 60 GB Split Pre allocated Memory 1500 ME lt Customize Hardware Power on this virtual machine after creation lt Back Frish Cancel We tick the option to power on the virtual machine after creation and then click finish The virtual machine is now created and powers on installing the Windows 7 operating system in the process During the installation we select English as the language to install we set the time and currency format as English Ireland and the keyboard or input method as Irish and tick to accept the Microsoft license terms GARRETT COLEMAN STUDENT NO 96344598 220
183. ount the temporary USB drive 3 3 2 5 Step 5 Encryption Finally we return to the wizard from step 3 above and select Continue ensuring that Run BitLocker system check is ticked G hg BitLocker Drive Encryption C Are you ready to encrypt this drive The selected drive i C You can keep working whae the drive is beng encrypted Your computer s performance will be affected ard free apace wall be uted by BitLocker dunng encryption W Run Blocker system check Thee system check will ensure that ErtLocker can read the recovery and encryption keri conmecth before encrypting the dive Insert the USB memory dence contaming your saved recovery key Blache wall restart your computer before encrypting Note The check can take some time but ts recommended beceuse there a sk that you might need to ender the recovery key to unlock the drive GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then select Restart now lt q The computer must be restarted Insert the USE memory device contaimng the recovery key Restart mow Restart later A short time after the system boots back up a notification popup is displayed advising that encryption has started Encryption in progress wx Encryption of C by BitLocker Drive Encryption has started Click for more information x07 PM 6 25 2014 el 3 This process takes a su
184. ows 7 x64 60 GB Allocate all disk space now Allocating the full capacity can enhance performance but requires all of the physical disk space to be available right now If you do not allocate all the space now the virtual disk starts small and grows as you add data to it Store virtual disk as a single file Split virtual disk into multiple files Splitting the disk makes it easier to move the virtual machine to another computer but may reduce performance with very large disks lt Back cance GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 At the Specify Disk File screen we specify the path on our intended removable location Add Hardware Wizard Specify Disk File Where would you like to store the disk file Disk file This virtual disk file will store the configuration details of the physical disk G smalidisk e m c SS I fl Back ur Finish m Cancel We then boot up the Virtual Machine and from the start menu enter diskmgmt msc to open Disk Management File Action View Help e s m fg a Jo a a a cw C Simple Basic NTFS Healthy 5 60 00 GB M0SGE 83 Itt 8Disk 0 ie Basic cs 60 00 GB 60 00 GB NTFS Online Healthy System Boot Page File Active Crash Dump Primary Partition CiDisk 1 Basic 9 MB Online d cD ROM 0 CD ROM
185. ows us to enter the name of the GPO we name it iene ic PO Clent DocForward Source Starter GPO inone TA GARRETT COLEMAN STUDENT NO 96344598 162 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Our next step is to filter the GPO to apply to the Client machine We click on the GPO_Client DocForward GPO and in the Security Filtering section we click Add E Group Policy Management aa File Action View Window Help Eel Flr lal et Group Policy Managerent GPO Cllent2DocForward O AA Forest MSCCONY IPA ig Scope Cetals Setings Deegation E A Domaire 4 MECCOMV IPA Linke Ef Default Domain Policy Pind ek PA ek Se z splay s in lhi lucaliars VISCOONY IPA El ER Demain Cantrolle s MSCCONVIP Gl E TPA The folowing sites damains and OUs are inked to this GPO Group Policy Objects lE Default Domain Controllers LS Default Domain Policy E GFO_Clent2DocForward WMI Alters z Starte GPOs a sroup Policy Modeling The settings in this GPO car ony apply to the ollowirg goups users and computers US Sroup Policy Results WMI Altering This GPO is linked to the folowng WMI fitter Select User Computer or Group Select this object type User Group or Builtin secunty principal From this location Locations Enter the object name to select examples GARRETT COLEMAN STUDENT NO 96344598 163
186. ply to a computer and not just a user we modify a second group Computer Configuration policy within the GPO This policy is located at Computer Confifuration Administrative Template Policies System Group Policy In this location we scroll down to the User Group Policy loopback processing mode policy and highlight it We right click on it and click Edit _ he l fue Edt View VMS Tebe Help m allo ogion ej Gj Home x i severa lt p Servers 5 Ms Core x Bi deni Bi cema x E Turn off background refresh of Group Paley 1 Turn off Local Group Paley objects processing Reeve users abdity to invoke machine policy refresh 35 Group Potiey show link detection am hes setting directs GE Group Policy refresh intervat for computers 2 Group Policy refresh interval for damain controllers E Always use local ADM files for Group Policy Object Editor LJ GS Tum off Resultant Set of Policy logging 2 eee E Data Sources preference extension paley processing E Devies preference extension policy processing Files preference extension policy processing a Saker rabera nnim We then select Enabled and change the option to Merge Then click OK DOO U Eas File Edit View WM Tabs Help r 3 o O0 Dme oO a Home x i Server 2 lt p Servers x Si Ms core x E denti x amp chent2 x iNi kr Pol cy back whe i Applies altemete user settings
187. pports the installation of limited server roles for example it cannot provide an Application Server role or Remote Assistance The cost of an OS is often a determining factor in their selection As noted by Microsoft The Full installation option of Windows Server 2008 still installs many services and other components that are often not needed for a particular usage scenario Therefore the Server Core Installation may well be the preferred option for an organisation depending on their requirements and budget Thirdly two client workstations named Client and Client2 will be set up with Microsoft Windows 7 Professional 64 bit installed on them When the required computers are setup and named with relevant OS installed we will then assign Static IP addresses to the computers as per the assignment brief requirement above with an address from the range 192 168 0 0 24 This is what is known as a Classless Internet Domain Routing CIDR address CIDR is regarded as the method to specify more flexible IP address classes CIDR was created as it became clear that available IP addresses were running out as more individuals and corporations participated on the Internet As a Class B address range is usually too large for most companies and a class C address range may be too small CIDR provides the flexibility to increase or decrease the class sizes as necessary The CIDR provided 192 168 0 0 24 represents an IPv4 address and its ass
188. ption to enable IPv6 stateless mode for the server we click Enable and then click Next Add Roles Wizard x Configure DHCPv6 Stateless Mode Before You Begin DHCP Server supports the DHCPv6 protocol for servicing IPv 6 cients Using DHCPY6 cients can automatically configure their own IPv6 addresses using stateless mode or they can acquire IPv6 addresses in stateful mode server Roles from the DHCP server If routers on your network are configured to support DHCP v6 verify that your DHCP Server selection below matches the router configuration Network Connection Bindings Select the DHCPv6 stateless mode configuration for this server IPv4 DNS Settings IPv4 WINS Settings Enable DHCPv6 stateless mode for this server DHCP Scopes IPv6 cients will be automatically configured without using this DHCP server DHCP v6 Stateless Mode Disable DHCPy6 stateless mode for this server IPv DNS Settings B After installing DHCP Server you can configure the DHCPv6 mode using the DHCP Management console DHCP Server Authorization Confirmation Progress Results More about DHCP v6 stateless mode Cancel GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then specify the IPv6 DNS settings as necessary and click Next Add Roles Wizard x Specify IPv6 DNS Server Settings Before You Begin When clients obtain an IP address fr
189. quired to install Windows Automated Installation Kit On Your computer S eo ee T Windows 7 Installation Complete Windows Automated Installation Kit has been successfully installed Click Close to exit GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 2 3 2 Step 2 Building an Answer File Now that the Windows AIK is installed on out technician computer we can build an answer file An answer file is used to configure Windows settings during installation and it contains all of the settings that are needed for an unattended installation so that during installation a user is not prompted with user interface pages Hereunder we describe the process for creating an answer file using Windows System Image Manager Windows SIM Windows SIM is a utility for creating and modifying unattended answer files and configuration sets We will copy a Windows image file wim to our technician computer and then create a simple answer file that includes basic Windows Setup configuration and minimum Windows Welcome customizations Having copied our Windows 7 iso file onto a blank DVD on our technician computer we insert the DVD We open the Sources directory on our Windows 7 iso file and copy the Install wim file located there to the desktop of the technician computer F a Recycle Rin i _ Sy a4 Virtual Glenetrive AA PRA
190. r 192 16 validate settings upon exit GARRETT COLEMAN STUDENT NO 96344598 203 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 The computer then reconnects to the network using the new settings and if we open the command prompt and type ipconfig we can see that Client2 has now been assigned an IP address within the scope of addresses that we specified for the DHCP server Gal C Windows system32 cmd exe Microsoft Windows Uersion 6 1 76811 Copyright c gt 2669 Microsoft Corporation All rights reserved C sUsers Windows 7 Pro gt ipconfig findows IP Configuration Ethernet adapter Bluetooth Network Connection Media State Shed aaa ek seo Media disconnected Connection specific DHS Suffix Ethernet adapter Local Area Connection MS CCONU TPA FeSO 64d3 Sa61 28793 eSe6411 192 168 6 184 255 255 2558 Connection specific DHS Suffix Link local I Pv6 Address IPu4 Address no n n n n n n n Subnet Mask o m m n o a Default Gateway a a a a n a Tunnel adapter isatap MSCCOHU I P Media State Media disconnected Connection specific DHS Suffix M amp CCON IPA Tunnel adapter Local Area Connection 13 Media State ath e oe a a Media disconnected Connection specific DHS Suffix Tunnel adapter isatap 89E69D96 6813 4BFD B748 D66934F166D3 Media State z Skee ee ea Media disconnected Conn
191. r and rename the file to Boot wim by using the following script copy c winpe_amd64 winpe wim c winpe_amd64 ISO sources boot wim eSEeaeaeuuuqquueeeeeeeeec _ eee Ee Administrator Deployment Tools Command Prompt m Updating path to include peimg cdinage inagex C Program Files Windows AIK Tools PETools L Program Files Windows AIKSNIools PETools SAMDE 4 i Filets copied c gt winpe_and64 gt _ We then Copy ImageX into Winpe_amd64 ISO by typing copy c program files Windows AIK Tools amd64 imagex exe c winpe_amd64 iso E Administrator Deployment Tools Command Prompt cs winpe and6b4 gt copy c Program Files tindows AIK Too ls and64 imagex exe c i win pe_andb4 150 E FEMNE OOpa ci winpe _and64 gt _ GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Following this we then create a Windows PE image iso file This is done by using the Oscdimg tool from the Deployment Tools Command Prompt typing oscdimg n bc winpe_amd64 etfsboot com c winpe_amd64 ISO c winpe_amd64 winpe_amd64 iso as shown in the screenshot below E Administrator Deployment Tools Command Prompt aa fsa ic winpe_amd64 gt 0scdimg n be winpe_amd 4 etfsboot com c winpe_amd64 I80 ciwwi mpe _ andb4 winpe amdb4 iso BOSCDIANG 2 55 CD ROM and DUD ROM Premastering Utility Copyright lt C gt Microso
192. r as a Files Server The method we will use to setup MS Core as a file server is to create a folder on the MS Core machine and then share that folder out to our network On the MS Core machine we open the command prompt and navigate back to the root directory by typing cd We then create a folder called FileServerFolder and create a Share on that folder called Share which is available to everyone on our network by typing net share Share C FileServerFolder GRANT Everyone FULL E Administrator C Windows system32 cmd_exe GCisntmd FileServerFolder C N bnet share Share C FileferuerFolder GRANT Everyone FULL Share was shared successfully Gist n http en wikipedia org wiki File_server Accessed July 20 2014 GARRETT COLEMAN STUDENT NO 96344598 pe SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 As all users on the network have been granted full access to this folder anyone can now read or write to this network share as is illustrated below by opening client 1 and clicking Start Network BO U ee File Edit View WM Tabs Help Hr 2 00 mum o i Home Gi Severa E Sever if E Mecore x qi chen x Ei ciema K fa 3 zF j Setting Started 3 Connect to a Proyector a Windows Fax and Sean AU Remote Desktop Connection Err To retum to your computer move the mouse pointer outside or press Ctrl Alt Ea T aasaga m When we open MS CORE we are prompt
193. r1 All Programs get i peme j ERIR Irrcts os cal E Wieder E gt fai chy i To direct input to this VM move the mouse pointer inside or press CtrleG i E a a S335 5864 9 R p We then right click on the OU within which we wish to create a group and select new Group E Active Directory Users and Computers DEORE EEEE E E Active Directory Users and Comput Name Type Description Saved Queries aa oF iaiia an El MSCCONV IPA S Marketing Organizational Builtin a useri User C Computers 2 user User Fs Domain Controllers z PE T L Ae iA 2 ESTS Pn E Delegate Control amp user5 User M GARRETT COLEMAN STUDENT NO 96344598 125 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We can then name the group and select it s scope as global and the group type as Security Shown below is the G_Security group members of which will be all users This group will be used to apply a general fine grained password policy described later hereunder New Object Group H Create in MSCCONV IPA IPA Group name pre Windows 2000 G Security Group type As we are creating a group structure to mimic our OU structure it is important to ensure that any sub groups that we create should be set as members of the group above them in the organisation hierarchy This is achieved by right clicking on the
194. ral Fk F Setup UlLanguage 4 a amd64_ Microsoft Windows Setup_neutral E DiskConfiguration B f Disk DiskID 0 mi Create Partitions Bs p Create Partition Order 1 Create Partition Onder 2 a Modify E E El m Imagelnstall Ayia 0 UserData BH E ProductKey Eee wy 2 offline Servicing a tall 3 generalize pee U 4 specialize es S 5 audit System iis iU 6 audit User Ep ay 7 oobe System a amd64 Microsoft Windows Deployment_neutral Beit F Reseal 4 oO amd64 Microsoft Windows Shell Setup_neutral xm 0 Nason 0 Coniston Set GARRETT COLEMAN El Properties AppliedContigurati 1 windowsPE Spies Microsoft Windows Set seam mage O Settings DiskID Partition D STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Pass WindowsPE WindowsPE WindowsPE WindowsPE WindowsPE WindowsPE WindowsPE WindowsPE WindowsPE 1 WindowsPE Microsoft Windows International Core WinPE Microsoft Windows International Core WinPE SetupUILanguage Microsoft Windows Microsoft Windows Setup DiskConfiguration Disk Microsoft Windows Setup DiskConfiguration Disk CreatePartitions Crea tePartition Microsoft Windows Setup DiskConfiguration Disk CreatePartitions Crea tePartition Microsoft Windows Setup DiskConfiguration Disk ModifyPartitions Mod i
195. rating system direct access to an external Ethernet network The guest must have its own IP address on the external network Give the guest operating system access to the host computer s dial up or external Ethernet network connection using the host s IP address E Use host only networking Connect the guest operating system to a private virtual network on the host computer Do not use a network connection K We next select network address translation NAT as the type of network we will use for the virtual machine Bridged networking connects a virtual machine to a network by using the network adapter on the host system while with NAT networking a virtual machine does not have its own IP address on the external network Instead a separate private network is set up on the host system GARRETT COLEMAN STUDENT NO 96344598 223 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 The virtual machine and the host system share a single network identity that is not visible on the external network With bridged networking the VM requires it s own IP address from the network it is supposed to belong to while NAT networking is often used when the amount of IP addresses in the external network is limited As this assignment was largely being carried out at University College Dublin where the author has experience poor wireless internet accessibility the virtual machine was initially set up using NAT netw
196. rdSettingsPrecedence Syntax Integer Description Password Settings Precedence Value coed ee GARRETT COLEMAN STUDENT NO 96344598 pe SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We set the minimum password length to 15 Create Object Attribute msDS MinimumPasswordLength syntax Integer Description Minimum Password Length for user accounts We apply to the PSO to our G_SecurityAdmins group Select Users Computers or Groups E 2 x Select this object type Users Computers Groups or Builtin secunty principals Object Types From this location JMSCCONV IPA Locations Enter the object names to select examples a SecunrtyAdmins Check Names Advanced OK Cancel fe GARRETT COLEMAN STUDENT NO 96344598 pe SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 _ e Multi valued Distinguished Name With Security Principal Editor Attribute msDS PSOAppliesTo Values G_SecurityAdmins MSCCONV lt alD 0 10500000000000515000 Remove OK Cancel After the second PSO has been created we can then see in the ADSI Edit snap in that there are now two PSOs in the Password Settings Container Be ADSI Edit lalz he Acton Wew Held a l are oo O l A are ae El g MSCCONV IF6 Server LMSCIOMY IPA cN rarsa TDS Pasewo CN lt IPACEO CH asaword Ecttros
197. re that users can still log on to the network in the case of a server outage install a minimum of two domain controllers for a domain Lio AD DS requires a DNS server to be installed on the network If you do not have a DNS server installed you will be prompted to install the DNS Server role on this server Li After you install the AD DS role use the Active Directory Domain Services Installation Wizard dcpromo exe to make the server a fully functional domain controller i Installing AD DS will also install the DFS Namespaces DFS Replication and File Replication services which are required by Directory Service Additional Information Overview of AD DS Installing AD DS Common Configurations for AD DS lt Previous Install Cancel GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then confirm the installation selections by clicking Install Confirm Installation Selections Before You Begin Server Roles To install the following roles role services or features cick Install i 2 informational messages below Actve Directory Domain Services Confirmation This server might need to be restarted after the installation completes Progress Active Directory Domain Services Results 7 After you install the AD DS role use the Active Directory Domain Services Installation Wizard depromo exe to make the server a fully functional
198. retum to your computer move the mouse pointer outside or press Cirit Aft _ f i 5 x S24 64a amp 2 a E In the ADSI Edit snap in we right click ADSI Edit and then click Connect to ADSI Edit Sie Aulus View Help as co alim Eao wo Welcome to ADSI dit Actve Directory Services Inverfaces Coitor ACSI Zdi is a owdevel edibcr for Active Direccory Domain Servicec f Actve Cirectory Lightweight Directory Samire TE alras yo to view madi creabe and dala ary object in Mlicrcsoft s AD DS LDS are Alias F To create a convection to AD DS LOS on e Action menu cick Connect oO ee aa ae http technet microsoft com en us library cc770842 v ws 10 aspx Accessed July 16 2014 GARRETT COLEMAN STUDENT NO 96344598 137 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 In Name we enter the fully qualified domain name FQDN of the domain in which we want to create the PSO and then click OK Connection Settings Name MSCCONV IPA Path LOAP Server1 MSCCONV IPA Default naming context Connection Point Select or type a Distinguished Name or Naming Context Select a well known Naming Context Default naming context Computer Select or type a domain or server Server Domain port Default Domain or server that you logged in to Use SSL based Encryption ae We then expand our domain and then expand DC MSCCONV
199. rimarily involving encryption keys It is usually installed on the motherboard of a computer and communicates with the rest of the system by means of a hardware bus The facility of a TPM allows computers to create cryptographic keys and encrypt them so that they can be decrypted only by the TPM This process known as wrapping or binding a key helps to protect the key from disclosure Each TPM has a unique master wrapping key the Storage Root Key SRK which is stored within the TPM itself and the private portion of a key created in a TPM is never exposed Computers with a TPM can also create a key that as well as being wrapped is also tied to specific hardware or software conditions and this is known as sealing a key When a sealed key is first created the TPM records a snapshot of configuration values and file hashes A sealed key is only unsealed or released when those current system values match the ones in the Snapshot BitLocker uses these sealed keys to detect attacks against the integrity of the Windows operating system With a TPM private portions of key pairs are kept separated from the memory controlled by the operating system Using its own internal firmware and logic circuits for processing instructions the TPM does not rely upon the operating system and is not exposed to external software vulnerabilities 3 2 System Requirements 3 2 1 Windows Versions The following versions of windows include BitLocker functionality
200. s The next window allows to name the scope and the starting and ending IP addresses as well as the subnet mask which we enter as per the assignment brief requirements A scope is a range of possible IP addresses for a network The DHCP server cannot distribute IP addresses to cients until a scope is created Configuration settings for DHCP Server Scope name HCPScope Starting IP address 92 168 010 8 8 Ending IP address f192 158 0 150 OO Subnet type Wired ease duration willbe 8 days W Activate this scope Configuration settings that propagate to DHCP dient Subnet mask 255 255 255 0 Default gateway optional GARRETT COLEMAN STUDENT NO 96344598 197 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We can see that the scope has been added to the list Add Roles Wizard l X Add or Edit DHCP Scopes Before You Begin A scope is the range of possible IP addresses for a network The DHCP server cannot distribute IP addresses to cients until a scope is created Server Roles DHCP Server Network Connection Bindings Sopes IPv4 ONS Settings IPv4 WINS Settings DHCP Scopes DHCP v6 Stateless Mode IPv6 DNS Settings DHCP Server Authorization Confirmation Progress Results Propertes Add or select a scope to view its properties More about adding scopes lt Previous Next gt Install Cancel At the o
201. s GARRETT COLEMAN STUDENT NO 96344598 LEL SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 The Dublin OU contains the G_ITDublin group members of which are user9 to userl1 who reside in the Dublin OU Active Directory Users and Computers es m AlE ael Hm anra 5 Active Directory Users and Comput eap F Saved Queries User E 4 MSCCONV IPA a userii User C Builtin 2 user User E Computers 2 G _ITDublin Security Group Global E Domain Controllers gt ForeignSecurityPrincipals E IPA El E T E Belfast E Marketing EA Managed Service Accounts E Users The Marketing OU contains the G_Marketing group which contains user6 to user8 who reside in the Marketing OU E Active Directory Users and Computers es timlblossibRltearae E Active Directory Users and Comput Name T F Saved Queries El gj MSCCONV IPA 2 user7 User C Builtin amp users User CJ Computers 2 G_ Marketing Security Group Global Domain Controllers C ForeignSecurityPrindpals E Bj IPA El ir Belfast E Dublin 0 Managed Service Accounts E Users GARRETT COLEMAN STUDENT NO 96344598 132 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 8 2 1 4 Step 4 Delegate Control of OUs to Security Admin Group As recommended by microsoft we will delegate control of our overall OU and this is done from AD UC by right clickin
202. s from Server Manager we can see that the roles and features have been installed a server manager iix Fie Acton View Fel Sy Server Manacer SERVER 1 Server Manager SERVER me Roles Acive Drectory Domain Se aa E O Artive Directory laers F L o p Active Directory Siesa EE g fail Fealurzs Roles Summary if Liagnostics af Configuration a Roles Lol i inelaled E Active Directory Domain Services Features Summary amp Features 2 o 42 installed Get an overview of the staus of the server perform top managemert tasks and add or remove server roles and atures Ed Reles Summary Help al Ge lu Roles Sai Acd Roles ae Remeve Roles H Features Summary dep ef Acd Feetures ae Remeve Features Remote Server Administration Tools Role Administ alur Tul AD DS and AD LDS Tools AC DS Tools AD snap lns anc Command Line loos Active Drectory Adminstratve Center Active Drecto y nodule for Windows PowerStel MET Framework 3 5 1 Features NET Framewark 3 5 1 4 na w ast Refresr Today at 14 25 Cenfigure refesi 5 2 1 2 Step 2 Once the server role has been installed we can then configure Serverl as a domain controller and this is done by typing dcpromo Domain Controller Promoter from the command line ka Administrator Command Prompt Microsoft Windows Version 6 1 7600 Copyright tc 2009 Microsoft Corporation All rights reserved Go Users Administrator dcprom
203. s s ystem32 gt E imagex exe capture D Di myimage wim my Win Install z compress fast verify Image Tool for Windows Copyright lt C Microsoft Corp All rights reserved Nersion 6 1 76606 16385 Files folders excluded from image capture by default Swindows bt Suwindows 1ls winpepge sys Windows NCSC Rec yc led Rec yc ler SRec yc le Bin System Volume Information pagefile sys hiberfil sys E 166 1 Capturing with verification progress Successfully imaged D N Total elapsed time 12 min 51 sec Our next step is to copy the image to a network location this is possible because Windows PE provides network support On our technician computer we create a public folder set with appropriate permissions on the desktop called Share kd EBJAELEM s P i SU ea a Sta ATT Till aa TPR GABE Pe LOG LPS rm 9r sal While Windows PE provides network support it is important to note that when we boot a computer with WinPE the pre installation environment is configured to obtain an IP address automatically and if we don t have DHCP service on the network the WinPE computer will obtain an IP address from the Automatic Private IP Address range APIPA which is a class B network address GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 If we are using Class C network addresses for our technician
204. s shown below Organisational Units are represented by a folder icon with a small book superimposed on it E Active Directory Users and Computers i l Joj x Fie Acton View Help es m co RO asl Hm Saura A E Active Directory Users and Computers Serve Saved Queries amp 2 G_Client2UserDocsAccess Security Group Global El gig MSCCONV IPA GA GIPA Security Group Global C Builtin A G Security Security Group Global Ei Samper A G_SewurityAdmins Security Group Global system rages a fad rr Organizational Unit 2 eo EF Marketing Organizational Unit a user 1 User ER Belfast gt user2 User E Dublin amp users User EA user4 User Managed Service Accounts amp users User E Users 7 2 2 Subtask 2 Creating Users using a TUI Environment Within Active Directory users can be created via a TUI environment by using the dsadd command line tool that is built into Windows Server 2008 It is available when we have the Active Directory Domain Services AD DS server role installed To use dsadd we run the dsadd command from an elevated command prompt To open an elevated command prompt we click Start right click Command Prompt and then click Run as administrator Active Directory Users and Computers Administrator Pin to Taskbar J 2 Pin to Start Menu Documents se Remove from this list emove rom SS c Network Z ADSI Edit e Contral Panel ay Active Directory Sites and Services Dev
205. s such as corporate networking internet intranet hosting and databases The main feature that was introduced with Windows Server was the Active Directory This user manual describes and explains tasks related to Active Directory which would typically be carried out in an enterprise environment Active Directory can be described as a directory service that allows businesses to define manage access and secure network resources including files printers people and applications Prior to the introduction of directory systems users were required to authenticate themselves multiple times across multiple servers to access different resources Active Directory provides a single sign in that facilitates access to all resources Described hereunder is the procedure for the installation of three different operating systems OS The first OS Microsoft Windows Server 2008 R2 Datacenter Full Installation will be installed on computers called Serverl and Server2 Microsoft Windows Server 2008 R2 Standard Server Core Installation is the second OS we will use and will be installed on a computer called MS Core Microsoft Windows Server 2008 R2 Standard Server Core Installation provides a minimal installation of Microsoft Windows Server a T Brett Introduction to Active Directory Services June 10 2014 GARRETT COLEMAN STUDENT NO 96344598 B SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 2008 R2 which su
206. scription hereunder is of the cloning of our Server VM and can be applied for the cloning of the other VMs 4 3 2 1 Step 1 From the VMWare Workstation library we right click on the VM we wish to clone select Manage and click Clone to open the Clone Virtual Machine Wizard which we follow as shown Clone Virtual Machine Wizard Welcome to the Clone Virtual Machine Wizard This wizard will help you create a copy of this virtual machine If you intend for other users to create dones from this virtual machine you should enable template mode under VM gt Settings gt Options gt Advanced VMware Workstation 9 ma L GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Clone Virtual Machine Wizard Clone Source Which state do you want to create a clone from Clone from The current state in the virtual machine Creating a linked cone from the current state will create a new snapshot An existing snapshot powered off only This virtual machine has no existing doneable snapshots cack neas conc We select the Create a linked clone radio button Clone Virtual Machine Wizard Clone Type How do you want to done this virtual machine Clone method Create a linked done A linked done is a reference to the original virtual machine and requires less disk space to store However it cannot run without access to the original
207. server case and installing the correct SCSI drives As the tasks described in this user manual were carried out using virtual machines two additional hard drives were added in VMWare Workstation The mirroring of a disk is a form of Redundant Array of Independent Disks RAID technology that is also known as RAID 1 RAID can be defined as a data storage virtualization technology that combines multiple disk drive components into a logical unit for the purposes of data redundancy or performance improvement When mirroring is implemented data is written identically to two or more drives thereby producing a mirrored set The read request is serviced by any of the drives containing the requested data and this can improve read performance However write performance can be reduced because all drives must be updated thus the write performance is determined by the slowest drive The array continues to operate as long as at least one drive is functioning The implementation of RAID can be managed either by dedicated computer hardware or by software This ser manual describes a software solution that is part of the operating system A spanned volume is a dynamic volume consisting of disk space on more than one physical disk If a simple volume exists that is not a system volume or boot volume it can be extended across additional disks to create a spanned volume A spanned volume can also be created in unallocated space on a dynamic dis
208. sktop KBIAIK EN ise GARRETT COLEMAN STUDENT NO 96344598 pre SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 A new window is opened and we select the Windows AIK image file from where we have saved it on the desktop to be mounted to the virtual drive Recent Places a librarse Docunentr kusir tel Pictures H Videos lt KBSAK_EN IE Computer Virta ConeDirive lt 00 GE Sia Network Filename KESAK EN Clonet OVT Images Once mounted to the virtual drive a new window opens emulating that a disk has just been inserted and we select to run the StartCD exe BD ROM Drive l KB3AIK_EN __ Always do this for software and games Install or run program from your media SA Run StartCD exe Published by Microsoft Corporation jeneral options aw LA TIT la 5 using Windows Expiorer GARRETT COLEMAN STUDENT NO 96344598 pr SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 A new window will appear and show the options for installation We select Windows AIK Setup and follow the instructions on the setup wizard for installation T Welcome to Windows Automated Installation Kit Ss ee e ee E z hl yy ae eee eS ee we eR haa rites ala a te nari nll ina e Windows Welcome to the Windows Automated Installation Kit Setup Wizard The installer will guide you through the steps re
209. stablishing secunty channel sessions against Windows Server 4008 or Windows Server 2003 R2 domain controllers As a result of this new default operations or applications that require a secunty channel serviced by Windows Server 2008 or Windows Server 2008 R2 domain controllers might fail Platforms impacted by this change include Windows NT 4 0 as well as non Microsoft SMB clients and network attached storage NAS devices that do not support stranger cryptography algorithms Some operations on clients running versions of Windows earier than Windows Vista with Service Pack 1 are also impacted including domain join operations performed by the Active Directory Migration Tool or Windows For more information about this setting see Knowledge Base article 547564 http go microsoft comAwiink Linkld 104 751 GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 The next window offers the option to add a domain controller to an existing domain create a new domain in an existing forest or create a new domain in a new forest We are creating a new domain in a new forest and so we click this radio button z Active Directory Domain Services Installation Wizard x Choose a Deployment Configuration You can create a domain controller for an existing forest or for a new forest a C Existing forest i Add a domain controller to ar existing dama
210. starts small and grows as you add data to it Store virtual disk as a single file Split virtual disk into multiple files Splitting the disk makes it easier to move the virtual machine to another computer but may reduce performance with very large disks lt Back Cancel mi Te a rae Mess Ise Me as Ss Fr Add Hardware Wizard Specify Disk File Where would you like to store the disk file Disk file This virtual disk file will store the configuration details of the physical disk Server Lymdk Browse lt Back Finish Cancel GARRETT COLEMAN STUDENT NO 96344598 js SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 From VMWare Workstation we can then see that the 2 additional Hard disks have been added aw Server 1 Vidware Workstation A File Edt View WM Tabs Help B Q qf a a Home Gi Server 2 Server 1 M5 Oore Bi Chentt Ei Chent2 H Server 1 P Power on this votue machine Edit virtua machine settings Devices EE Aernory 26GB Ee Processors 1 i Hard Disk 057 200 GE ee Hard Disk 2 SCS 130 GE pee Hard Disk 3 SCSI 150 GB JCOYDVD IDE Using file C Uce Ta Network Adapter NAT By USE Controller Present Sound Card Auto detect me Prmber Present EA Display Auto detect Description F 7 h i Virtual Machine Details State Powered off Configuration file Ci Ukes Garet MSc Dome Sehl PASA Systems Managementa Project WM hnke
211. step is to create a new GPO From the GPM snap in we right click on our domain and select Create a GPO in this domain and link it here E croup Policy Management 3 Fle Acton View window eee TET Te E Group Policy Managenent 44 Forest MSQCONv IPA GPO ClientiDocForward B Domans Scope aa Settings Nelegatinn J ee MSCCONVIPA ains ard OUs are linkedtoths GFO si Graup Paliry Modeling Wizard Erfued ink Link Erabled Path Cs Ey New Organizational Jrit MSCCONVAIPA Sf Search EJ Change Domain Controller F i Remeve tel KG Ste fine Directory Users and Zemputers oe m CA Sites panoply te the ollowing groups users enc computes af So Pone E Group Folic REE RVCLIENTTG Properties Ul Remove Properties WMI Altenng Thia GPO ia liniced to the following WMI filter none ka pen 4 t Displays lep for the current selection We then name the GPO as GPO_BlockControlPanel CT x Name E PO_BlockControl Fanell Source Starter GPO none canal We then right click on the new GPO and select Edit to open the GPM Editor E croup Policy Managenrenl E File Actor wew whdow EOLA Greup Policy Managerment MSCCOMVIPA El AN Forest MSCCONV IPA nz E 34 Demairs Linked Group Policy Objects Group Foicy Inheritance Delegation O a MSCCONV IPA Ge Detault Domain Policy bg G20_BlockControlanel ae SP O_CllentLOocForward E Damain Cantrallars I
212. swer file for use with Export settings other unattended operations a5 eo More about using an answer file lt Back a GARRETT COLEMAN STUDENT NO 96344598 E SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 El Active Directory Domain Services s Installation Wiza ard D d F Completing the Active Directory Domain Services Installation eee e Directory Domain Services is now installed on this compi ter for the domain MSCCONY IPA Pe his Active Directory domain controller is assigned to tl site Default First Site Name You can manage sites administrative tool To close this wizard click Finish tm es 1 BACK GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL 5 2 4 Subtask 4 Setup MS Core as a Member Server of the Tree 5 2 4 1 Step 1 As MS Core has already been assigned a static IP address on our network the first step in setting it u as a member server of our domain is to add the required DNS server i e the IP address of Serverl to its network configuration We do this from the command line by typing netsh interface ipv4 set dns Local static 192 168 0 21 Co wUsers Administrator netsh interface ipv4d set dns Local static 192 168 8621 CixUsers Administrator ipconfig all Windows IP Configuration N amp Core Hybrid No No Host M
213. t Add Mirror E Server Manager Abk Fie Action View Help s Am BH Elixs cs aR Se Server Manager SERVER 1 Disk Management Volume List Graphical View P me e Stas Diagnostics EJ Sinple Basic NTFS Heal hy Boot Pag File Crash Dump Primary Partit a inkai d GAMSKFRER EN DVO D Sinple Basic UDF as Hi storage a System Reserved Sinple Basic MTFS Explore n i Windows Server Rarkup ae Disk Management Mark Partition as Active Change Orive Letter ard Paths Friar Extend Volume Base Syslem Re ei 200 00 GB 100 ME NTF f53 30 GB NTFS lt Onine Healthy sy fe FDisk 1 Unknown 150 00 GB Not Initializec S aa We then select the disk we wish to mirror the OS in our case we select Disk 1 Ci x Adding a miror to an existing volume provides data redundancy by maintaining multiple copies of a volume s data on diferent disks Select a location for a miror of C The resultant warning message advises us that the disk will be changed to a dynamic disk we will not be able to start any more OS s from the HDD other than the current boot volume Disk Management re The operation you selected will convert the selected basic disklas to dynamic disk s If you convert the disk s to dynamic you will not be able to start installed operating systems from any volume on the disk s except the current boot volume Are you sure you want to contnue No GARRE
214. tation a Fie Edt View WM Tabs Help m l a ue dinu E L siden x Home X iie X ig tervers i Motor ij Centi MSCCONVuserlO eee as Se Logan ta Macaa Haw do Log on to aeee a i Caneel ic 4 Wi naows Professional N To return te you ur computer _ mene the mouse pointer guede or press Cir Alt A message is generated advising that the new password does not meet the length complexity or history requirements set for the domain Unable to update the password The value provided for the new password doesnotrmeettidlengin complexity or history requirements of the domain GARRETT COLEMAN STUDENT NO 96344598 153 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 8 2 2 Subtask 2 Prevent users in Marketing OU from being able to see IT OU In order to hide an OU from specific users we will first of all confirm that users in the Marketing OU can indeed see the IT OU To do this we log on to our client machine as a Marketing user e g user6 From the start menu we type Run and select the Run command it Clienti VMware Workstation oe File Edit View WM Tabs Help Bri 2 OO Gq Dawe amp iO 1 ei Home X Bi Server2 X Gp Server L lt Bi MSCore X Gj Cienti Bi Ciema Programs 1 q Control Panel 10 A Rur programs made for previous verncns of Windows ad View recommende
215. tents are stored in multiple files awaits gt Advanced For Hardware Type we select Hard Disk Add Hardware Wizard Hardware Type r What type of hardware do you want to install Hardware Explanation Hard Disk Add a hard disk y CD DVD Drive Floppy Drive sll Network Adapter USE Controller gh Sound Card m Parallel Port Serial Fort tt Printer Generic SCSI Device lt Back Canl GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then select to Create a new virtual disk Add Hardware Wizard Select a Disk I Which disk do you want to use A virtual disk is composed of one or more files on the host file system which will appear as a single hard disk to the quest operating system Virtual disks can easily be copied or moved on the same host or between hosts Use an existing virtual disk Choose this option to reuse a previously configured disk Use a physical disk for advanced users Choose this option to give the virtual machine direct access to a local hard disk lt Back We only require a small disk as the keys that will be stored on it are a few kilobytes in size so for size we select 10mb Add Hardware Wizard Specify Disk Capacity How large do you want this disk to be Maximum disk size GB oid J Recommended size for Wind
216. tes MB 92878 Maximum available space in MB 928 78 Select the amount of space in MB 92878 vets e GARRETT COLEMAN STUDENT NO 96344598 ee SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Once the available space has been selected we click Next New Spanned Volume xj Select Disks You can select the disks and set the disk size for this volume Select the disk you want to use and then click Add Available d Add 5 2a isk 1 92878 MB o Remove isk 1535599 MB __ lt Remove Al __ lt Remove Al Total volume size in megabytes MB 390455 Maximum available space in MB 378 Select the amount of space in MB 92878 lt Back cancel We then assign a drive letter to the spanned volume New Spanned Volume E x Assign Drive Letter or Path For easier access you can assign a drive letter or drive path to your volume Assign the following drive letter JE Mount in the following empty NTFS folder Browse f Do not assign a drive letter or drive path Bak Next gt Cancel GARRETT COLEMAN STUDENT NO 96344598 pee SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 The next window allows us to format the drive and we select NTFS file system and quick format New Spanned Volume l xX Fomat Volume To store data on this volume you must format it first Choose whether you want to format this volume and
217. that explidty depend on it will fail ta start l Restart A Recommended coniigurations tasks best practices and online resources H DHCP Server Help ta DHCP Server TechCenter G Increase fault tolerance by spliturg DHUP scopes E DHCP Server Community Center 1G Eli ninale manual updates af DNS records by configuring dynamic updale ane secure vyrnanit apale g Sert Feedback tu Mir usull L Allow remote administration of DHCP servers by configuring Windows Firewall por ig Prevent rogue DHOP servers on your network by suthoriang DHCP servers in Actve Directory Domair Eg Erforce network access policies for dient health by configuring DHCP with Network Access Protection Sect ota management of stare thet heve static IP Sane by ane EF reservations m fer i i 1 er m 1 are l a Lasl Rel ae Tuday al 12 21 ER reiesh We then open the Network Connections window on Client2 right click on our network and click Disable Cuan hi Disable this network device Diagnose this connection Rename this connection Not connected A Bluetooth Network Connection Bluetooth Device Personal Area Diagnose ay Bridge Connections Create Shortcut Delete a Rename Properties GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 aml eer t Control Panel Network and Internet Network Connections s search Network Connection Pp ___ I
218. that may apply and finally a step by step description of how the task is carried out employing screenshots as a visual aid Screenshots are located immediately after the text to which they relate References have been provided in adherence with APA formatting however in addition to references being listed in Appendix A as per the recommendations of the APA guidelines references are also included as footnotes at the bottom of the page they appear on The user manual has entailed a lengthy document and it was felt that same page referencing would be of assistance to the reader GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Part A 2 Part A Task Al Using Virtual Machines to mimic the use of Physical Machines document and Install Microsoft Windows 7 using the Lite Touch Installation LTI method 2 1 Preamble Microsoft provide several different methods for the installation of windows 7 ranging from manual methods such as inserting a DVD to completely automated methods that can be effected over a network or via the cloud These fully automated methods are known as non touch installations Installation methods can be categorised as follows e High Touch Installation HTI e Lite Touch Installation LTI e Zero Touch Installation ZTI 2 1 1 High Touch Installation The High Touch Installation requires the manual configuration of each system usin
219. the Administrator credentials and click next on the Wizard A Windows Security 4a x Network Credentials Specify the account credentials to use to perform the installation Administrator Domain MSCCONV IPA gl Active Directory Domain Services Installation Wizard Network Credentials Specify the name of the forest where the installation will occur and account credentials that have sufficient privileges to perform the installation Type the name of any domain in the forest where you plan to install this domain ober pains me MSCCONV IPA Specify the account credentials to use to perfor the installation f fy curent logged on credentials SERVER administrator A The curent user credentials cannot be selected because they are local to this computer A set of domain credentials is needed cy Altemate credentials More about who can install Active Directory Domain Services ee oe ca GARRETT COLEMAN STUDENT NO 96344598 i SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Our domain is then displayed as the domain for the additional domain controller gi Active Directory Domain Services Installation Wizard Select a Domain Select a domain for this additional domain controller Domains MSCCONVIPA forest root domain We accept the default site for the new domain controller le ee el lr Active Directory Domain Services Installation Wizard X
220. the domain controllers have been setup nodes can then be connected to the DC and become members of the domain As members of the domain they can be assigned privileges ai http www techopedia com definition 4193 domain controller Accessed July 18 2014 http technet microsoft com en us library cc738032 v ws 10 aspx Accessed July 18 2014 GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 to access certain resources such as printers and files Access to certain resources can also be restricted The Client Client2 and MS Core machines will be setup as members of our domain In order to setup a domain Active Directory Domain Services must be installed as a role Microsoft Active Directory Domain Services are the foundation for distributed networks built in Microsoft Windows Server 2008 operating systems that use Domain Controllers Active Directory Domain Services provide secure structured hierarchical data storage for objects ina network such as users computers printers and services 5 2 Procedure 5 2 1 Subtask 1 Setup Serverl as a Domain Controller of the Tree 5 2 1 1 Step 1 Our first step will be to set up a domain and in order to do this Active Directory Services must be installed as a role on our server We open Server Manager and select Add Roles Server Hanoger SURVOR1 Ta Servar Macager SERVER L pi Ries gj Festures a
221. the root path to the share on a m p 1 T re Pon n EaI E EE E E File Sharing 8 2 3 2 Step 2 Create GPO Linked to IPA OU and Filtered to Client Machine To create a GPO we click Start Administrative Tasks Group Policy Management g Server 1 VMware Workstation amp x File Edit View WM Tabs Help GB r S2 O0 Doe amp p SSS imi Home Server K de Servers Gimscore x Bi Chentz T z r 1 Server1 All Programs eed ee VW Widows Server Baden CHaT l i i l SSau ae om ez To direct input to this VM move the mouse pointer inside or press CtrleG GARRETT COLEMAN STUDENT NO 96344598 pe SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 In the Group Policy Management GPM snap in we expand the MSCCONV IPA forest Domains and then the MSCCONV IPA domain We then right click on the Group Policy Objects folder and click New E Group Policy Management Ue Starter GPO ata E i R a Manage Backups E Group Policy Modeling Open Migration Table Editor Ea Group Policy Results New ndon form Here JES Group Policy Management El Forest MSCCONY IPA El E Domains E gj MSCCONV IPA g Default Domain Policy E Domain Controllers IPA gt WMI Filters Group Policy Objet Back Up all Refresh Help The first GPO_Client DocForward and leave the Source Starter GPO at none resultant window all
222. ther BitLocker requires addrhena autherbcabon each tine the computer starts requires a startup key ons USE flash dive ened whether you are uting BitLocker wrth of without a Trected Plationm Module TPM This polecy setting s applied when you Settings for computers with a TPM turn on BitLocker Neie Onky one of the additional authentication options can be T5 required at startup otherwise a policy error occurs i ial Configure TPM startup PIN W you want to use BitLocker on a computer without a TPM raed select the Allow PtLocker wahout a compatible TPA check Allow startup PIN with TPM l box In the mode a USS drove is required for start up and the ley TERRAIN TEE information used to encrypt the drive is stored on the USB Give cresting a USE key When the USE key i inserted the access to the drive it authenticated and the dive a accesable the USS key i fost of unavailable you will n ed to use one of the B locker recovery options to access the drive Confaqure IPM startup key and FIH Allow ye od Db as A On a computer with a compatible TPH four types of ieee terete binned EO wean EM __ uthenbcebon methods can b uted Startup to proved added r iH Tr protection for encrypted data When the computer starts it can a ene 3 3 2 3 Step 3 Setup BitLocker on the System Drive and Write Keys to Temporary USB Drive Our next step is to mount a temporary USB dri
223. tweight Directory Services LA d re E Fax Server File Services E Hyper V Network Policy and Access Services E Print and Document Services Remote Desktop Services Web Server IIS Windows Deployment Services Windows Server Update Services More about server roles GARRETT COLEMAN Description Dynamic Host ConfigurationProtocol DHCP Server enables you to centrally configure manage and provide temporary IP addresses and related information for client computers Cancel STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then click Next at the DHCP overview window Add Roles Wizard i x DHCP Server Before You Begin Introduction to DHCP Server a A The Dynamic Host Configuration Protocol allows servers to assign or lease IP addresses to computers and other devices that are enabled as DHCP cients Deploying a DHCP server on the network provides computers DHCP Server and other TCP IP based network devices with valid IP addresses and the additional configuration parameters these devices need called DHCP options This allows computers and devices to connect to other network resources such as DNS servers WINS servers and routers Network Connection Bindings IPv4 DNS Settings Things to Note IPv4 WINS Settings ae 1 You should configure at least one static IP address on this computer
224. uditSystem ll 6 auditUser ee aly 7 oobe System 5 rE amd64_ Microsoft Windows Deployment_neutral tf Reseal ST Ta amd 4_Microsoft Windows Shell 5etup_neutral isa o OOBE F Packages XML 0 Validation 0 Configuration Set 0 Br No available properties When we click on any lowest child node of a component the properties and settings for that node are displayed in the right hand properties pane and it is in the settings variables that enter specific values as listed in the table below E File Edit Inset Tools Help Elie eBH Fe BAR bet fg T dgh Microsoft Windows g J amd64_Microsoft Windows ay amd64_ Microsoft Windows H amd64_Microsoft Windows dene oO amd64_Microsoft Windows at a amd64_Microsoft Windows dene 0 amd64_ Microsoft Windows HT o amd64_Microsoft Windows aan o amd64_Microsoft Windows fee ol amd64_ Microsoft Windows oa amd64_Microsoft Windows fee o amd64_ Microsoft Windows o amd64_Microsoft Windows aa o amd64_Microsoft Windows fee DT amd64_ Microsoft Windows G ee amd64_Microsoft Windows ive ComplianceCheck Eas 0 Diagnostics g 7 Disk Configuration H n Disk 5 rE Create Partitions i ET CreatePartit a ModifyParttions m Dynamic Update F Imagelnstall ie Sa Page File ra E Bouin feumechrancnie El feos Aime rE Components E E aly 1 windowsPE a i amd64_ Microsoft Windows Intemational Core WinPE_neut
225. uly 30 2014 We then click to Add Required Features for the installation Add Roles Wizard X n gt os i F Add features required for Active Directory Domain Services f You cannot install Active Directory Domain Services unless the required features are also installed Features Description NET Framework 3 5 1 Features Microsoft NET Framework 3 5 1 combines NET Gramewedk 151 the power of the NET Framework 2 0 APIs with new technologies for building applications that offer appealing user interfaces protect your customers personal identity information enable seamless and secure communication and provide the ability to model a range of business processes Add Required Features Cancel Gi Why are these features required The next window gives further details concerning the server role Add Roles Wizard x ie Active Directory Domain Services Before You Begin Introduction to Active Directory Domain Services Corer hoes Active Directory Domain Services AD DS stores information about users computers and other devices on the network AD DS helps administrators securely manage this information and facilitates resource sharing and Active Directory Domain Services collaboration between users AD DS is also required for directory enabled applications such as Microsoft Exchange Server and for other Windows Server technologies such as Group Policy Confirmation Progress Things to Note Beats i To help ensu
226. up who are the users to whom the GPO will be applied O x E File Sharing ix re srann Choose people on your network to share with Type a name and then click Add or click the arrow to find someone 2 Administrator Read Write S82 Administrators Owner AG IMDublin Read Write I m having trouble sharing ir File Sharing i g i a i u 0 x Q a mea Individual Items MSI Files WASERVERL MSI Files GARRETT COLEMAN STUDENT NO 96344598 179 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then follow the same steps as described above for creating a GPO in the domain and linking it E croup Policy Management vew Window eel fzlr X oHe a Group Policy Managerert El A Fores MSCOONY IFA m Somairs GPO BlockControlPanel Scope Details Setirgs Delegaticn Ol Be y E Ey ee maccoN APA EJ t Reek Inheritance rains and OUs are inked la bis GPO E AIT croup Poey Medeing Wizard E ETET LII New Orcarizational Unit Yee Yez WSCCONVJIFA m g O E a Go Seadha Change Domain Controller J Remove Active Drectory Leers and Computers E wo AA ar ony apply to dhe follewing groups users and computers Fe Mew Wirdew from Hare a itas Refesh ers pe Grous Pg ____ a 7 E Wa _ITBefest Sroufe Properties Help m EET Remove Fropeties WRI Filtering This GPO is linkec to the folowirg WWI filler anona s k Bpen
227. upe your files What should bow about Locker Creve Encryption before turn i on Balocker Dire Eroryption Hard Disk Drnvet j Balocker Dive Eroryption BrtLocker To Go TRAILER Tuam On Brtlecker See alsa BF TPM Administration Disk Management Read our prvacy statement online GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We follow the wizard through to completion and click Restart Now to finish preparing the system drive Drive preparation is complete You need to restart your computer to finish preparing the system drove for Blocker Save and close any open files or programs before restarting When Windows restarts the BitLocker startup preference dialog is displayed with the only available option being Require a Startup key at every startup which we click Set BitLocker startup preferences This computer dors not appear to have a TPM To use BitLocker Drive Encryption a startup key on a USE Hash drove will be required every teme you start the computer T Use BitLocker without additional keys T Require a PIN at every startup Require a Startup key at every startup GP Sore settings are managed by your system administrator GARRETT COLEMAN STUDENT NO 96344598 pe SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 At the next window we select the mounted USB drive it sh
228. using a Virtual Machine Document the process of Implementing Bitlocker in the form of a user instruction manual During the process outline any options and or requirements which must be met in order to setup same GARRETT COLEMAN STUDENT NO 96344598 217 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 Appendix C Assignment Details Part B INSTITUTE OF PUBLIC ADMINISTRATION MSc in Computer Science Systems Management Module Assignment 2014 Part B Introduction The purpose of this assignment is to give you a thorough understanding of operating systems management and networking through your practical knowledge and skills This is the second part of this assignment Part A has been previously assigned earlier in the course Please note that both parts have to be submitted together clearly labelling each component part accordingly In Part B You are asked to carry out a series of practical exercises It is essential that you document your steps and processes from the beginning of the assignment and right to the end For each practical task you should provide legible screen shots at each stage to show its progress and completion These shots should be documented as in a professional user s manual and such that it could be used to instruct a junior domain administrator on how to achieve same At the end of the assignment you will be required to provide the assessor with e Auser s manual showing t
229. ve to the virtual machine by selecting the VM dropdown menu removable devices the USB device name and connect disconnect from host In our Virtual machine we then have 3 disks The Main Hard Disk the small hard disk and the USB drive GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 r ae kudha Computer Orqpanste Sytem properties Uninstall or change a program Map network dive Open Control Panel Tr Favorites BE Oesktop Local Disk C4 NEW VOLUME F Ip Downloads O rs a SI GE fines of 50 9 GE 6 97 Me free of GOF ME 2 Recent Places wa Libraries er E Documents bol Floppy Disk Drive A CD Drive i a Music E ee Pict a are Boome o 35508 free of 3 55 GB TRAILER i E Computer Gd Network O WIN UONITUGEOA Workgroup WORKGROUP Memon 2 00 Ge Processor Intel R Core TH 7 3 We then open the control panel and navigate to System and Security and on to the BitLocker Drive Encryption control panel where we click Turn On BitLocker for our system Drive G k t Control Panel System and Secumiy BitLocker Drive Encryption i P s i i i Content Panel Hones Help protect your files and folders by encrypting your drives Balocker Dre Encryption helps prevent uneuthonced access to any files stored on the dmesg shown below You are able te use the computer nonmally but unauthorized users cannot read or
230. virtual machine C Create a full done A full done is a complete copy of the original virtual machine at its current state This virtual machine is fully independent but requires more disk space to store lt Back GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 We then name the clone and chose the location for the VM s file Clone Virtual Machine Wizard Name of the New Virtual Machine What name would you like to use for this virtual machine Virtual machine name Server 1 Location C Users Lenovo Documents Wirtual Machines Linked Clones Cancel lt Back Clone Virtual Machine Wizard Cloning Virtual Machine w Preparing done operation w Snapshottng virtual machine Creating linked cone Done GARRETT COLEMAN STUDENT NO 96344598 pa SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 4 3 3 Subtask 3 Computer Names 4 3 3 1 Step 1 Rename Server 1 and Server 2 Machines From the start menu we right click on Computer and click Properties e WOOF Command Prompt F IPve a Notepad Disa Internet Explorer Disa Documents Not ES Open Netwe a a Map network drive Contn Disconnect network drive Show on Desktop All Programs From the System window we click Change settings 4 system O x i Control Panel System and Security System i Search Contr
231. volume If the computer is equipped with a compatible TPM BitLocker uses the TPM to lock the encryption keys that protect the data This means that the keys cannot be accessed until the TPM has verified the state of the computer The encryption of the entire volume protects all of the data including the operating system itself as well as the Windows registry As the keys needed to decrypt data remain locked by the TPM the data cannot be read just by removing the hard disk and installing it in another computer During startup the TPM does not release the key that unlocks the encrypted partition until it has compared a hash of important operating system configuration values with a snapshot taken earlier thus verifying the integrity of the Windows startup process If the TPM detects that the Windows installation has been tampered with then the key is not released GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 It is possible to further increase security by combining the use of a TPM with either a PIN entered by the user or a startup key stored on a USB flash drive Where a TPM is not available BitLocker can provide encryption without the added security of locking keys with the TPM by the the user createing a startup key that is stored on a USB flash drive 3 1 2 TPM Definition A TPM is a microchip that is designed to provide basic security related functions p
232. when a user logs on to a computer alerted by this setting This setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting It ts intended for special use computers such as those in public places lsborstomes and classrooms where you must rrodify the user setting based on the computer that is being used By default the user s Group Policy objects determine which user settings apply H this setting is enabled then when a user loge on to this computer the computers Group Polley objects determine which set of Group Policy objects applies To use this setting select one of the following modes from the Mode boic Replace indicates that the user settings defined in the computer s Group Policy objects replace the user settings normally applied to the user Menge indicates that the user settings defined in the computer s Group Policy objects and the user settings normally applied to the user are combined If the settings conflict the user settings in the computer s Group Policy obpects take precedence over the user s normal settings The folder redirection comes into effect the next time the computer is logged into the domain GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 8 2 4 Subtask 4 Prohibit Control Panel Access Group Policy Object Our first
233. with TPM cccccesesseeeneees 34 3 3 2 BitLocker Drive Encryption on OS drive of computer with no TPM cccseeeeees 36 Pe e sozarae E E A E A E E T qyseudausessgusauscusesaeraeuseees 50 4 PCE E A A E A A E E E A E 50 4 1 PRU IS cn te ee te te a eee ete teeta teen ta teeta teeta teenie tesa ta teeta teen ee 50 4 2 SYSTEM Requirements cccceccseceecceeceecaecaeeceeceecaecanceeeceesaesaesaneceeceesaesaeeceecertansaeseeceesansansanes 51 4 3 PrO o CUN eee E E E E A A E EAE E E 52 4 3 1 Subtask 1 Create Three Server Virtual Machines ccccsseeeceseeceeseeeeeeeeeaeeeesaes 52 4 3 2 Subtask 2 Create Client Machine with WiINdOWS 7 cccssscecseseeeeeseeeeeseeesaeeeesaes 61 4 3 3 Subtask 3 Computer NAMES ccccccecceseeeeeeseeeeseeeseeeaeeeeueeeeeeaeeteeeeeueeeueeesestaeenenees 65 4 3 4 Subtask 4 Assign Static IP Addresses to all MaChines ccccsseecseeceeeeeeeseeeneeees 71 5 PaB TA R Eoee A E A E E E E E E 77 5 1 Prodi O eee E EE E EE EE EE EE AE EE 77 5 2 go e 19 0 comer cee E EEE 78 5 2 1 Subtask 1 Setup Serverl as a Domain Controller of the Tree cee eeceeeeee eens 78 5 2 2 Subtask 2 Setup Client as a Workstation Member of the Tree ccccceeceeeeeeeeees 89 5 2 3 Subtask 3 Setup Server2 as a Second Domain Controller of the Tree 92 5 2 4 Subtask 4 Setup MS Core as a Member Server of the Tree cccccccsceeseeeeeeeeeeeeees 98 GARRETT COLEMAN
234. y Domain Services Installation Wizard This Active Directory domain controller is a DNS server If you A remove Active Directory Domain Services AD DS from this computer all of the DNS data that is stored in Active Directoryntegrated zones will be lost After you remove AD DS from this server this DNS server will not be able to perform name resolution for the DNS zones that were Active Directory integrated Therefore we recommend that you update the DNS configuration of all computers that currently refer to the IP address of this DNS server for name resolution with the IP address of a new DNS server Do you want to continue removing AD DS from this computer As the DC is a global catalog server another warning message advises that we may need to provide another server if we want the domain to continue servicing all of the computers on the domain at which we again click Yes to continue CE Active Directory Domain Services Installation Wizard This Active Directory domain controller is a global catalog server If you remove Active Directory Domain Services AD DS from this computer users might have trouble logging on to domains in the forest Before continuing ensure that enough global catalog servers are in this forest and site to service user logons If necessary designate another global catalog server and update dients and applications with the new information Do you want to continue removing AD DS from this computer
235. ze al 5 audit System U 6 audit User SBE oobeSystem bce Packages No available properties a Windows 7 PROFESSIONALN Elia Components H i Packages XML 0 Validation 0 Configuration Set 0 l Description Location 1 No wamings or emors If an error occurs we can double click the error message in the Messages pane to navigate to the incorrect setting and change the setting to fix the error and then validate again by clicking Validate Answer File This step is repeated until the answer file validates We then navigate to the File menu click Save Answer File and save the answer file as Autounattend xml Finally we copy the Autounattend xml file to the root directory of a USB flash drive We now have a basic answer file that automates a basic unattended installation in which no user input is required during Windows Setup GARRETT COLEMAN STUDENT NO 96344598 SYSTEMS MANAGEMENT ASSIGNMENT PROFESSIONAL USER S MANUAL July 30 2014 2 3 3 Step 3 Building a Reference Installation We will now prepare our reference computer to have a customized installation of Windows that can be duplicated onto one or more destination computers We do this by using the DVD where we have saved our Windows 7 iso file and the answer file that we created in step 1 above We turn on the reference computer and insert the Windows 7 DVD and the USB flash drive containing our answer file named Autounattend xml
Download Pdf Manuals
Related Search