Microsoft Certified Solutions Expert Lab ManualWindows Server 2012 MCSE (Microsoft Certified Solutions Expert) Server Infrastructure Lab Manual© 2015 Zoom Technologies India Pvt. Ltd. Alll rights reserved. No part of this book or related material may be reproduced in any form or by any means without prior permission from Zoom Technologies India Pvt. Ltd. All precautions have been take to make this book and related material error-free. However, Zoom Technologies India Pvt. Ltd. is not liable for any errors or omissions. The contents of this book are subject to change without notice DISCLAIMER: MCSE, Microsoft, Windows 2012, Active Directory are registered trademarks of Microsoft IncIntroduction This lab manual has been designed as a comprehensive reference manual for Windows server 2012 configuration. This is a supplement to the MCSE (Server Infrastructure) course taught by Zoom Technologies. All five modules of the MCSE certification course have been covered. We have taken great care to ensure that each configuration exercise is clearly and lucidly explained to the student, so that it is easy for the student to perform that task. Screenshots have been used extensively, for every step in the configuration This lab manual will lead the student from the basics of Windows Server 2012 installation, Active Directory configuration, right up to hosting secure websites on IIS and the related DNS configuration. Other network services like DHCP, FTP, etc. have also been included to give the student a complete administration manual which would be useful not only during the training, but also in the daily course of a system administrator's job. We have divided each exercise into the followings sections for ease of understanding: Objective Topology Pre-requisites Configuration Verification. 2 RENs A lot of effort has gone into the production of this lab manual, which we hope will benefit the serious student. We welcome feedback and suggestions from all users of this manual, so that it can be further improved.ES 2001 Se Table of Contents Lab ~ 1: Installing Windows Server 2012 Operating System feet Lab ~ 2: Installing Windows client Operating System Lab ~ 3: Creating Local User Accounts .....:scisnnisnnniniesennnni Lab ~ 4: Converting Windows Server 2012 GUI to Core Lab ~ 5: Converting Windows Server 2012 Core to GUI Lab ~ 6: Installing Active Directory Domain Controller .. Assigning IP Address. Installing Active Directory Domain Services. Lab~ 7: Configuring Client (Windows 7}. Lab~8: Configuring Member server... Lab- 9: Creating Domain User Accounts .. Lab~ 10: Changing Default Password Policy Lab ~ 11: Enabling Account Lockout Policy. Unlocking the locked User Account Manually. Lab ~ 12: Configuring Logon to and Logon hours permissions... Lab ~ 13: Changing Allow Logon Locally Policy .....rsinnnnnemnnnneneennninnnnnnneseiee Lab~ 14: Security Level Permissions. Lab ~ 15: Share Level Permissions... Lab ~ 16: Adding Mapped Drives . Lab~ 17; Verifying Access Based Enumeration... Lab ~ 18: Configuring Local Profiles. Lab — 19: Configuring Roaming Profiles. 89 Lab ~ 20; Configuring Home Folder. Lab ~ 22: Installing and Configuring File server resource manager Installing FSRM. Configuring Quota Management using FSRM Configuring File Screening Using FSRM Configuring Storage Reports Management using FSRM ... Ra RyES 2001 Se Lab ~ 22: Creating an Organizational Unit (OU) 109 112 115 Lab - 23: Delegating Control to a User Lab 24: Creating Groups. Lab ~ 25: Installing and configuring DISRIBUTED FILE SYSTEM. 11g Installing Distributed File System (DFS). 120 Configuring Namespace In DFS 124 Configuring New Folder In Namespace 128 Lab ~ 26: Installing Additional Domain Controller. pr ABA 142, Lab - 27: Creating Child Domain ... Lab - 28: Creating New Domain Tree in Existing Forest cesses Lab - 29; Transfer Operations Masters... Lab ~ 30: Seize Operations Masters ... 162 a7. eenehnnitasinnsseesrenes 180 185 189 Lab ~ 31: Applying Group Policy on Organizational Unit Level... Lab ~ 32: Applying Group Policy on Domain Level Lab~ 33: Applying Group Policy on Site Level.. Lab~ 34: Applying Group Policy Modeling.. Lab- 35: Applying Software Deployment Policy .....nsimesesnnninninnssnnnninieiennnenenns 198, Lab ~ 36: Applying Scripts using Group Policy... Lab~ 37: Applying Folder Redirection using Group Policy ... Lab ~ 38: Applying Auditing Policy .. 207 au Lab ~ 39: Configuring Preferences using Item-level targeting. 216 Lab 40: Creating Forest Trust. 221 Lab~ 41: Active Directory Recycle Bin ....:ssissnsinnninsesnnnnnin 232 Lab ~ 42: Verifying Global Catalog Server Lab ~ 43: Creating Active Directory Sites. Lab~ 44: Creating Active Directory Site-Links.. .237 243 246 Lab- 45: Installing Read Only Domain Controller Lab ~46; Installing and Configuring DHCP Server 265 Installing DHCP Service 266 Creating a scope.. 272 Lab ~ 47; Creating DHCP Reservation 280 Lab 48: DHCP Server Backup and Restore 283 Lab ~ 49: Configuring DHCP Server Failover... 286 Lab~ 50: Installing and Configuring Domain Naming System (DNS) 293 Installing DNS Service .. Creating Standard Primary - Forward Lookup Zone Ra RyES 2001 Se Creating Host Records for the standard primary zone 301 Creating an Alias record for the host record 302 303 306 308 311 313 Lab ~ 53: Creating Active Directory Integrated Primary DNS Zone. fr. 316 Lab ~ 54: Conditional DNS Forwarders... Creating Standard Primary - Reverse Lookup Zone... Lab ~ 51: Secondary DNS Zone. Allow zone transfers to secondary zone .. Lab ~ 52: Creating a Stub DNS zone, 320 Lab 55; DNS Forwarders ississnnannsininiimiinnnnnseinninniniinscn Megs raise 323 Lab~ 56: DNS Root Hints ... Lab~ 57: DNS Cache.... 325 327 Lab 58: Installing and Configuring Internet Information Services ...n..vennnsitinesnneneens 329 330 Installing Internet Information Services - Web & FTP Server Creating a Web Site. Adding the Default Document for the website .. Enable Directory Browsing for the web site... DNS Configuration for the Website. Lab~59: Configuring redirection of Websites Lab ~ 60: Creating Virtual Directory .. Lab ~ 61: Changing the Web Site IP address or Port number .. Lab ~ 62: Creating Do not Isolate user FTP Site .. Lab ~ 63: Installing and Configuring Windows Deployment Services . Installing Windows Deployment Services Configuring Windows Deployment Services .. ‘Adding Windows 2012 Boot Image to WDS Server ‘Adding Windows2012 Install Image to WDS Server. Lab ~ 64: Installing and Configuring HYPER - V.. Lab~65: Creating Vi Lab~ 66: Creating Lab ~ 67; Creating Dynamically Expanding Virtual Hard Disk Lab ~ 68: Creating Differencing Virtual Hard Disk Lab ~ 69; Configuring Virtual Networks.. Lab 70: Configuring Hyper-V Replic: Lab~71: Installing and Configuring Routing... Assigning the IP Address to Configure Routing. a7 Ra RyES 2001 Se Installing Routing Service on Router & Router2 432 Enabling Routing on Router1 & Router2.. 439 Configuring Static Route: Lab~ 72: Configuring Network Address Translation 44s Lab ~ 73: Configuring DHCP Relay Agent.. Lab~ 74: Configuring Remote Access Services (RAS) Configuring VPN Server....sssseiisene Establishing VPN Connections. 459 Lab- 75: Configuring Remote Desktop Services Lab 76: Hypertext Transfer Protocol Over Secure Socket Layer....scssssennnnsenit Creating a self signed certificate .. Creating a HTTPS Web Site... Accessing the HTTPS site from the Web Server .....sssssineitinnninnnnnionsnisieeinnnsene 43 ‘Accessing the HTTPS site from the Client Computer A748 Lab-77: Installing and configuring iSCSI target server. 480 Configuring iSCSI Target Server 481 Configuring iSCSI Initiator ...n...:mnmnninnnnnannntieetnrnnnnnnnnnnennsesesnnnnnns 490 Lab~79: Creating Mirror Volume (RAID-1), 506 Lab~ 80: Creating Parity (RAID-5).. 518 Lab = 81; Fallover Cluster sng lod sinenenninimininnnsimsannsiisiiiinis ST Assigning ISCSI Disks to Hosts... 532 Installing Failover Clustering 533 Create Necessary Volumes for Failover Clustet ..nnnnmmnnnminnnnnnnnneseneesrnnnnnn S34 Create Failover Cluster. 536 ‘Adding nodes and disks to cluster. 5a Configuring Roles.. 951 Lab= 82: Configuring Windows Server Backup and Recovery... sve 987 Installing Windows Server Backup 558 How to Backup Data using Windows Server Backup. 562 568 372 How to Recover the Data from Backup Fil Lab ~ 83: Configuring Network Load Balai Lab ~ 84: Installing Active Directory Certificate Services. 583 Ra RyLab — 1: Installing Windows Server 2012 Operating System Objective: To Install Windows Sever 2012 Operating System in a Computer. Pre-requisites: Before working on this lab, you must have ‘* AComputer and Windows Server 2012 Operating System DVD. a EYEE orcas Deer eyEs 200m Steps: 1. Restart the System and go to BIOS. 2. Set the First Boot Device as DVD ROM. 3. Save the settings by Pressing F10 and click YES. 4, Insert Windows Server 2012 DVD and Restart the system. etter Poa5 6. zoom J Press any key to boot from the CD or DVD. Centr System copies the files from DVD.EE 200m 7. Select the language to install English il Windows Server 2012 8 Click Install now. LAN inlets tart) Wetter oo) Ce er ReoEE 200m 9. Select the edition Windows Server 2012Standard (Server with a GUI), click Next. 10. Check the box | accept the license termsand click Next, oo Ce er ReoEE 200m 11. Select Custom Installation. 12. Click Drive options. Wetter oe Ce er ReoEE 200m 13. Select Unallocated Space and click New. 14. Enter the size for the partition, and click Apply. Coca Ce er ReoEE 200m 15. Select the Partition and click Next. 16. Windows Installation will start. oo Ce er Reo17. System Restarts. 18. Completes the Installation, and system will be restarted.EE 200m 19. Enter Password and Re-enter Password for Administrator account, click Finish 20. _ Enter Password and Logon using the Administrator account. ee Poe Ce er Reo200 21. Finally Administrator has logged in. rede orc) Cercmeee RO ReyLab — 2: Installing Windows client Operating System Objective: To Install Windows Client Operating System in a Computer Pre-requisites: Before working on this lab, you must have ‘* AComputer and Windows 7 Operating System DVD. a EYEE erasEs 200m Steps: 1. Restart the System and go to BIOS. 2. Set the First Boot Device as DVD ROM. 3. Save the settings by Pressing F10 and click YES. 4, Insert Windows 7DVD and Restart the system. ried re Cerne) Poa5 zoom J Press any key to boot from the CD or DVD. Peet System copies the files from DVD.200 7. Select the language to install English and click Next. B/ Windows 7 8 Click install now. Wetter Poe200 9. Check the box laccept the license terms Presse esd he cen tems se taresus at ayant eae ee crpeatn (ease en ere yeu ta) you, ease reed er The oy 8 oust name hove, whch mes Beda hyo hed fcyortitatoertrnt Wetesusragyeceyeeccae 10. Which yp of ntalation do you ant? F rnc Zito aan Wetter Cerca200 11. Click Drive options. Were do you want install Windows? 12. Select Unallocated Space and click New. Wetter Led200 13. Enter the size for the partition, and click Apply. where d you want tonal Windows? Te Dik Utd oe wo ane here do you want tinal Windows? [Tice aR Tape Sr move moN Sem |e iron a2 Piney Sins Kou komt @yestoie Speen Wetter Cerne]200 15. Windows Installation will start. 16. System Restarts. Windows needs to restart continue Wetter Page |19200 17. Completes the Installation, and system will be restarted. fect Pimraroric’ irons =a 18. Enter the User Name and Computer Name, click Next. £2 Windows’ Professional hn a yr sl dey cop iio tn, pce rcpt SS op 8 Mow Copan At pcan Wetter ree eer ReyEs 200m 19. Seta password for the account, and click Next. 20. Configure Automatic Updates Ask me later. ‘prone you paps Weds ator 21. Select the Time zone and click Next. Wetter eesEs 200m 22. Select the location of your computer Wort Gs mine 23. Windows finalize the settings. EZ Windows? Professional Wetter raedEs 200m 24, Enter the Password to log on to the computer. Be osc te 25. Finally Operating System is installed and the User has logged in. Wetter Cerne) Ea ReyLab — 3: Creating Local User Accounts Objective: To create local user accounts in a Computer, Pre-requisites: Before working on this lab, you must have © AComputer running with windows server 2012 or windows 7. a EYEE rae)ES 200! Steps: 1. Login as the Administrator to the Computer. 2. Press Windows Key [BM to go to Start, type Computer Management i select Computer Management. Search Apps, and 3. Expand Computer Management ->Expand System Tools ExpandLocal Users and Groups ‘right click Users and then click New User. apap ‘Sain «sia “itn re Ce er ReoES 200! 4. Enter User Name and set Password, Confirm Password and click Create. ite heer Cesnetesee = 5. Click Close, and then Close Computer Management. 1. Press Ctrl + Alt + Del >Click Switch User or Logoff Administrator. 2. Login as User (User) on same computer. eae Deer eyLab — 4: Converting Windows Server 2012 GUI to Core Objective: To convert windows server 2012 gui to core Pre-requisites: Before working on this lab, you must have © AComputer running with windows server 2012. cae er Ceres200 Steps: 1. Login to Computer as Administrator 2. Click Windows PowerShell. ror Wetter eaeEs 200M 3. Type the following command 4. The conversion starts and the computer restarts. 5. Login as Administrator and finally GUI is now converted to Server Core.-onverting Windows Server 2012 Core to GUI Objective: To convert windows server 2012 core to gui Pre-requisites: Before working on this lab, you must have © AComputer running with windows server 2012. a EYEE Page 130zoom J \rechnovoaiesy Steps: 1. Login to Computer as Administrator ee eae 2. In Command Prompt, type PowerShell. Adminstrator CWindows\syster32\emdex3. In Power Shell type the following command to convert Core to GUI. Install- Windows Feature Server-GUI-Mgmt-Infra, Server-GUI-Shell -Restart instar Wedos PoneSe ery 4. {installs the required GUI features and restarts 5. Login as Administrator and finally Core is now converted to GUI.200 Lab — 6: Installing Active Directory Domain Controller Objective: To Install Active Directory Domain Services for promoting a new Domain Controller Pre-requisites: Before working on this lab, you must have ‘* AComputer with Windows Server 2012 Operating System. Topology: MICROSOFT.COM sysi Domain Controller IP Address 10.0.0.1 Subnet Mask 255.0.0.0 Preferred DNS 10.0.0. Netter Cerne) i Et ReyES 200! Assigning IP Address 1. Click Server Manager. [alee 2. InServer Manager Dashboard, Click Configure this local server. iy eds 7" Pee err?3. In Local Server, select Ethernet IPv4 address assigned by DHCP. 4, Right click Ethernet, select Properties. Bacto +(e [Pe wrote © ome 1 operon 8 towne 5. Select Internet Protocol Version 6 (TCP/1Pv6) and uncheck the box. a EYEE Page 135200 6. Select Internet Protocol Version 4 (TCP/1Pva) and click Properties. 1B Ne oface Nery Cer (eto) ets omnes © Mlosstae Sone 2 Bord tree Serge neh to 5 Senn ane Haars 1 wae Tene) Ose ee 00 na Teta One rere 5 Henan ness TPs ay a = 7. Select Use the following IP address and enter the IP address and click Subnet mask, it will be entered automatically and select Use the DNS Server addresses and enter the Preferred DNS. Server address (2 te en Eee hem eee see (oe wermosine lee stroenent 8. Click OK, and OK. Wetter nedES 200! Installing Active Directory Domain Services 1. Login as Administrator to the Workgroup Computer. 2. Assign IP Address and preferred DNS Server Address. 3. Click Server Manager Domain Controller HostName: SYS1 eC lverry 10.0.0.1 DNS Server: 10.0.0.1 User Name Uh ciee Lee) y 4, In Server Manager Dashboard, Click Add roles and features. muvee File ad Storage a EYEE Pe200 5. Inbefore you begin page, click Next. Before you begin sumo (REN 0 tee ens rts Ys ee te esr. lene eaten etarpergrens ye ana asm ry eorer h ean pe ey ey cine sty sng ae conga ‘eens nat odes ee ‘hemor cnetart pit tm sUt emsies Steere Eon == 6. In Select installation type, select Role-based or feature-based installation, click Next. Select installation type mon | Seer Wetter Cerne eer Rey200 7. InSelect destination server, from Server Pool select SYS1, click Next. Select destination server ee Sininiogs | nesneennigtec aconcnmnnan one EO —— ss ed ‘epg te n t uigndowSe 7to ag e a = | |i In Roles, check the box Active Directory Domain Services. Select server roles cerns — (ee mc eon ‘rao Dern es AO SE Se en 1 te ey etre aoe 1D percent Oc Svs =a oe (CD Asconcey ape inrentonce eee Dawson Shicra sineesoany Donerson nono Dorion Cite [Dien doce See (nett feo ep Sonar [Dome tr a Wetter Page 139200 9. Click Add Features, to install the required features for Active Directory Domain Services. Click Next. tar mr b | a] 10. _ In Select features wizard, click Next. Select features = Rimbitge | erauoranesniemenpronae i seams rn tee neg Meg 5 Ettgcuciene inne sh) Saas rman 808 ChetarOne tenn Gren meer Corte Chetcrnonn cence, Erector = Beene (Donec san C emasanse Ciaran et Clea eg Sem Diener [Psst Sar i sxssenesenee Ess ES «ia Wetter ree eer Rey200 11. In Active Directory Domain Services wizard, click Next. Active Directory Domain Services sao sow sign ‘sc cD Se 08m ee ol a om ah ee ase ‘cr So os ern cey ngewe (Shbrn memes oberon arty ci spe ach aah rc time + naar to rh Ra ap eo 12. Check the box Restart the destination server automatically if required. Click Install. Confirm installation selections aT ese Tena ng santo cd ne et be sean oe Reta he den sone aati teases Sens cet etre ba rer spb cue bee yh ees Ey ean an tno ak aaa ee ny So See ‘hte ano Pee ‘ove bet mae ee Wetter as eer Rey200 13. Click Promote this server to a domain controller. Installation progress sanernsne © cence vetcen “lias oe me adie sto cel Demise 20 05Smp Comme Ue ot 1a pny ang xno ssn ae foe) oe (come 14, In Deployment Configuration wizard, select Add a new forest, enter the Root domain name (Ex: Microsoft.com) and click Next. Deployment Configuration — Sect tec nena tigen Wetter ok eer Rey200 15. In Domain Controller Options, change Forest and Domain functional level to Windows Server 2003, and Domain Name System server. Type the Directory Services Restore Mode Password and Confirm Password and click Next. Domain Controller Options Sey cannon ati 16. On DNS Options page, click Next. DNS Options = (eee) Cie Wetter Dera eer Rey200 17. Verify the NetBIOS domain name (Ex: MICROSOFT), click Next. Additional Options arnt syne DES me neh dona ide ey aE oe 18. Verify the location of the AD DS database, log files, and SYSVOL, click Next. Paths eaten cece rote 3 —— |S15¥00 ote chimedoansTSVOL, a Wetter Cera eer Rey200 19. Review the Summary and click Next. Review Options cee iii ncare ea stim sonication stentvom ge Tee sence grad os Wades Powel so atonate Sam am [3] ee 20. Click install to begin installation. Prerequisites Check sce sm (A. Wroessene 212 onan ctr xe hema orgies sow [2 ‘stannous 4 Reememmercampe marten meneame 0 rena ce congas | tna | (A syed rer atonal iA nol Ponte en, ew) Ca Wetter CaeES 200! Verificatio 1. Click Server Manager. Bee Se 2. In Server manager, select Local Server and verify for domain Microsoft.com. Wetter PerceES 200! 3, Goto Start, type event in Search Apps, select Event Viewer. APPS. Fests for a 4. Expand Applications and Services Logs, select Directory Service, verify for the Event ids 1394 and 1000. ain din WerecVer tal "ccc Pee Deer ey200 5. Event 1000 displaying Active Directory Domain Services startup complete. a emecnecen.Done tones avaneraain | (FL oo Teepe Secs NOURI GGON Cemosee simran Seow (ea) Cod 6. Event 1394 displaying Active Directory Domain Services updated successfully. Wetter Cerne200 Lab -7: Configuring Client (Windows 7) Objective: To join Clients in Domain Pre-requisit Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Acomputer running windows 7. Topology: MICROSOFT.COM sysi sys2 Domain Controller workgroup IP Address 10.0.0.1 IP Address 104 Subnet Mask 255.0.0.0 Subnet Mask _-255.0.0.0 Preferred DNS —10.0.0.1 Preferred DNS —10.0.0.1 etter erica]200 Steps: 1. Log in as Administrator to Workgroup Computer. 2. Right click Computer Icon and click Properties and click Change settings. 3. In the System properties dialog box click Change. rvs [ino [Ars [ Sune [Rene] Ud Yeememtettarg ener Exgmee then ot orgs: Worucnour Jenngetern stan cent Ze Wetter rae200 4, Select the Member of Domain and enter the Domain Name (Ex: Microsoft.com). SS brats uno ngt stators ec, iia i . Enter the user name Administrator and Password, click OK. ‘wan Sct ‘computer NamerDomaln Changes nabs an ena wih pamicenjontbe 6. Welcome Message appears indicating that the computer was successful in joining the Domain, click OK and OK, It will ask for restart, click Restart Now. Misc Window ‘You must restart your computer to apply these changes Before rearing sie ny opened rea progam (Cisiecee) (_tettte. 7. After restarting the computer, it will become Client. Verificat 1. Right click Computer Icon > Properties. 2. Click Computer Name, domain, and workgroup settings and verify for the Domain NameMICROSOFT.COM. a EYEE Cerne200 Lab - 8: Configuring Member server Objective: To join Member Servers in Domain Pre-requisites: Before working on this lab, you must have + Acomputer running windows 2012 server Domain Controller. © Acomputer running windows 2012 server. Topology: MICROSOFT.COM sys sysz Domain Controller workgroup IP Address 10.001 IP Address 100.02 Subnet Mask 255.0.0.0 Subnet Mask 255.0.0.0 Preferred DNS 10.0.0.1, Preferred DNS 10.0.0.1, Netter Cerca i Et ReyES 200! Steps: 1. Log in as Administrator to Workgroup Computer. 2. Click Server Manager —— Cerne Ce er4. In Local Server, select WORKGROUP. 5. Inthe System properties dialog box click Change. Coxwan ire [Rei Kon [es] nena an teary tren ttre | Eee Reman on? stone vwomcsouP Later eens pee] a EYEE Cerne200 6. Select Member of DOMAIN and enter the Domain Name.(Ex:Microsoft.com) ‘ovancrge ene pctenennts fe ‘roan arg stencesets nt nce Enter the user name Administrator and Password. Click OK. Ai 9 8. Welcome Message appears indicating that the computer was successful in joining the Domain, click OK. = 9. Click OK >elick OK, and click Close to close the System Properties dialog box. It will ask for restart, click Yes. 10. After restarting the computer it will become Member Server. Verification: 1. Goto Server Manager, select Local Server. 2. Verify for the Domain MICROSOFT.COM. Wetter Page |55200 Lab — 9: Creating Domain User Accounts Objective: To create Domain Users in Active directory Domain controller Pre-requisit Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Amember server running windows sever 2012 or client running windows 7. Topology: MICROSOFT.COM sysi sys2 Domain Controller Member Server / Client IP Address 10.0.0.1 IP Address 104 Subnet Mask 255.0.0.0 Subnet Mask _-255.0.0.0 Preferred DNS —10.0.0.1 Preferred DNS —10.0.0.1 etter CerneES 200! Steps: 1. Log in as Administrator to the Domain Controller. 2. Press Windows Key to go to Start, select Active Directory User and Computers. 3. In the console tree, expand your domain MICROSOFT.COM, and then right click Users Container, select New User. Page |57 Ce erES 200! 4. Specify the First name and User Logon name and then click Next. 5. _ Enter the Password and Confirm Password for the User account, click Next, Review the configuration settings for the User Account and then click Finish. Verification: 1. Login as User (User1@Microsoft.com) in Member Server or Client. re Ce er200 Lab — 10: Changing Default Password Policy Objective: To change default password poli Pre-requisit Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Amember server running windows sever 2012 or client running windows 7. Topology: MICROSOFT.COM sysi sys2 Domain Controller Member Server / Client IP Address 10.0.0.1 IP Address 104 Subnet Mask 255.0.0.0 Subnet Mask _-255.0.0.0 Preferred DNS —10.0.0.1 Preferred DNS —10.0.0.1 etter Cera)ES 200! Steps: 1. Log in as Administrator to the Domain Controller. 2. Press Windows Key to go to Start, select Group Policy Management. 3. Expand Forest-> Expand Domains > Expand Microsoft.com right click Default Domain policy and select Edit. ut pa Se *aooare ee ! 35a tee : a Pai Ce er200 4 Expand Computer Configuration Expand Policies-> Expand Windows Settings> Expand Security Settings > Expand Account Policies > Open Password Policy. Be doce vor ep eelan xa ae [oes Conon ee 1 MCROSATCOM ‘Stems pane gh 5. Double click Minimum Password Length. oe aisieo saa +c aan + scary some "Barone 1 Pomeroy 1 3 Lan ot Wetter erase ‘one200 6. Change the length value from (7 to 0) and click Apply and OK. * me ela eer ni ae oo + inScary samp Sorpeneremmestenceter Sele ncaa remota +d tame 12 etog 2 emer cape Wetter eras) eer ReyES 200! 8, Select Disabled and Apply and OK. Been 9. 10. Type GPUPDATE and it refreshes the policy changes. © Tieswate cert mre ea Ce er200 Lab — 11: Enabling Account Lockout Policy Objective: ‘To Configure Account Lockout Policies Pre-requisit Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Amember server running windows sever 2012 or client running windows 7. Topology: MICROSOFT.COM sysi sys2 Domain Controller Member Server / Client IP Address 10.0.0.1 IP Address 104 Subnet Mask 255.0.0.0 Subnet Mask _-255.0.0.0 Preferred DNS —10.0.0.1 Preferred DNS —10.0.0.1 etter CeraES 200! Steps: 1. Log on to D.C as Administrator, click Press Windows Key to go to Start, select Group Policy Management. 2. Expand Forest-> Expand Domains-> Expand Microsoft.com" _ right click Default Domain policy and select Edit. oan ks On A Gwup Poi Maeperent [Data Dela Aiton Ss [Sasa *abomese ie Ren ceo cnt etn te inten eps so dcones (Open the GPO eon Page 165 Ce er200 3. Expand Computer Configuration > Expand Policies Expand Windows Settings > Expand Security Settings Expand Account Policies-> Open Account Lockout Policy. ru Plcy Management ator | = oe ainxe oo (ora oman ae ISIOBSOSOT ray * Ses *Bcarpo ops reat dton cee 1 Gearlog, dena "Gites Gea Kareena 4. Double click, Account lockout threshold. eon ew Hep oo aigxco on {Tot Dar ee SI MCRESETCO Wy 2 +a conn conto ton eer 1 Buena +B eos Sameera * Bier ry Gheomisaneg) = 1 teow oer +d atraecs 12 sett | tem us| Wetter Loca200 5. Enter the Value for Number of invalid logon attempts(Ex: 2) Poros Ea] A 6. Set the Account lockout duration and click OK. ray “Sep | | Soret 7. Close the Group Policy Management Window. Verification: 1. __ Enter the password for user (User) wrongly for 2 times while logging in and the user account will be locked. Wetter Lad200 Lab — 12: Configuring Logon to and Logon hours permi ions 1e and machine restrictions on a user using Logon to and Logon hours Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Amember server running windows sever 2012 or client running windows 7. Topology: MICROSOFT.COM sysi sys2 Domain Controller Member Server / Client IP Address 10.0.0.1 IP Address 104 Subnet Mask 255.0.0.0 Subnet Mask _-255.0.0.0 Preferred DNS —10.0.0.1 Preferred DNS —10.0.0.1 etter era)200 Steps: rator, click Start > Programs Administrative Tools Active 1. Logon to D.Cas Admi Directory Users and Computers. 2. Right click the User (User4) and select Properties. yee Dantaal Sena F Senseo | yeep: cen em gm Wome: une: Ouinore oat ‘ord ae oe Ged nro osu ° Seay orp Domain 5 mr Miowneicocnemudngis. Seat GexpOamaacl Senne me Mewnecee Seay orp buna steno ones800 Peon. Set Gene Damas Mens he. pane te ropes dog oot ar acon 3. Select Account, click Log On To. Tita an paearainon (Dicer anon rmmoarncoone [Dacepomens cogent — Opse (Gass ape a Be a _» |i Wetter Cerne eer Rey200 4, Select the following computers, Enter computer name (Ex: sys], click Add and OK. 5. Click Logon Hours ferme Oo tee eel cero | ae Cae Chom aii ieremn reco ‘aera arya =a aoe = i 6. Select the timing and select Logon Permitted. Reset Brace d tng on 880 Gan Verification: Try to Log in as User (Usert) in client or Member server sys. Wetter CeresEs 200m Lab — 13: Changing Allow Logon Locally Policy Objective: To allow users logon to domain controller Pre-requisites: Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. Topology: = S SS = SJ MICROSOFT.COM SYS1 Domain Controller IP Address 10.0.0.1 Subnet Mask 255.0.0.0 Preferred DNS —10.0.0.1 Netter erica kes Et ReyES 200! Steps: 1. Log in as Administrator to the Domain Controller, click Press Windows Key to go to Start, select Group Policy Management. 2. Expand Forest-> Expand Domains-> Expand Microsoft.com Expand Domain Controllers-> Right click Default Domain Controller Policy and select Edit. Somare cor ete eceny — : i x Pore Ce er3. Expand Computer Configuration ->Expand Policies-> Expand Windows Settings-> Expand ‘Security Settings > Expand Local Policies-> Select User Rights Assignment - Double click Allow logon locally. een Her Hee oa ainleos oo cect ae ae “Hemme, ((saimee Sraa tiaest. eee ee 4 a = ae oes “Socmmareeans | Sasa ee somites |oomrasacae Ss 4. Click Add User or Group >Click Browse-> _ Enter the Username ->Click OK. eames eS ar =a Esa ClickOK OK Apply and OK. 6. Go to Start, type Run Type Control Panel in Search Apps, and select Run, type GPUPDATE and it refreshes the policy changes. Verification: 1. Logon to Domain Controller as Domain User (User). Wetter Locka200 Lab — 14: Security Level Permissions ‘ions for securing user data Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Amember server running windows sever 2012 or client running windows 7. Topology: MICROSOFT.COM sysi sys2 Domain Controller Member Server / Client IP Address 10.0.0.1 IP Address 104 Subnet Mask 255.0.0.0 Subnet Mask _-255.0.0.0 Preferred DNS —10.0.0.1 Preferred DNS —10.0.0.1 etter Cerne200 Steps: 1. Open Computer Go to any NTFS partition and create a folder (DATA), along with some files init. _——EEEEEEEEEEE = a» Compa » Ne Vue =e [se inte ey were fire 1s oats Bs ete ate 2 ue Biioer Score 2. Right click the folder (DATA) and select properties and click Security tab click Advanced tab click Edit click Disable inheritance. 3. Click Remove Apply ->OK->OK 4 Click Edit Wetter Cerne200 5. Add Administrator Administrators and allow Full control permission. 6. Then Add the Users (User) and Allow Read permission. 7. Click Apply> OK OK Verification: Login as User (User) on the same computer, and Open Computer icon, and verify the respective permissions by accessing the folder. = 9 [b> Gonpa » Nour = S| [Hoanerveane SF] tno = oe ee 1 Somat ators we Bite conte 2. The User can just read the Files and Folders. Wetter Lae200 Lab - 15: Share Level Permi ions Objective: To apply permissions on shared folders that protects files accessed across network Pre-requisit Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Amember server running windows sever 2012 or client running windows 7. Topology: MICROSOFT.COM sysi sys2 Domain Controller Member Server / Client IP Address 10.0.0.1 IP Address 104 Subnet Mask 255.0.0.0 Subnet Mask _-255.0.0.0 Preferred DNS —10.0.0.1 Preferred DNS —10.0.0.1 etter Cerne cy200 Steps: 1. Logon to a Computer as Administrator, Open Computer-> Open any drive and create a folder (SALES) along with some files in it. 2. Right click the folder (SALES) and Select Share re to + 1 fe» Comp > Nevo > =] [Recetas] cree ane ewes = dacen ow ence at so Ak Sie: Sa | ‘pen in new window ‘“ | Posi eal a aa al nee nny 1 vse sotto : comer omy Stns oe ae Smnsionse aa ‘i Prepares 3. Select the drop down arrow mark and select Find-> enter the User name (Useri)-> click OK select the User(Usertjand assign Permissions (Ex: Read/Write) click Share-> click Done. Choose people on your network to share with "ype aname ance he Aa occ ao a somsone Nene Perini oe B reminsvater resanne © ramets oer (Eien feed =]¥) head Se — Remove Wetter Cenc)Verification: ‘Access the Shared folder 1. Logon to Member Server or Client as User (User) > Open Network 2. Open System Name in which the shared folder is present. 3. Access the shared folder (SALES) & verify the permissions by creating some files. 1A Nemo) Bt 76] aaa z ‘a ots stage = Boer. mee See Logon to Member server or Client as a User. 2. Click Start click Run and type the Syntax \\Servername\Sharename. Example: \\SYS1\SALES © 0+ te mee aT 72] mara tots seteson Ses det See oe 1 Downes, use me ves Wetter rae200 Lab — 16: Adding Mapped Drives Objective: ‘To map share folders as drives Pre-requisit Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Amember server running windows sever 2012 or client running windows 7. Topology: f = I I Si MIcROSOFT.com svsi sysz Domain Controller Member Server / Client IP Address 1000.1 IP Address 10.0.0.2 Subnet Mask _255.0.0.0 Subnet Mask 255.0.0.0 Preferred DNS 10.0.0. Preferred DNS 104 etter Cerca200 Steps: 1. Logon to Member server or Client as a User. 2. Access the shared folder Sales, Right click on sales folder, select Map network drive. —— aioe 3. Select the Drive letter (Ex: Z:) and click Finish. a R20 Nemorone Verification: Open Computer icon and verify for Mapped network Drive rs wocsce toes eC) toca 0 Boonie — Sa a Rec paces + Devices with Removable Storage Stews hh oor omees 2 msc + Network Location) ices Sis os i voe0s =. Cra Deer ey200 Lab - 17: Verifying Access Based Enumeration Objective: To show only files and folders to which a user has at least read permissions Pre-requisit Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Amember server running windows sever 2012 or client running windows 7. Topology: MICROSOFT.COM sysi sys2 Domain Controller Member Server / Client IP Address 10.0.0.1 IP Address 10.0.0.2 Subnet Mask _255.0.0.0 Subnet Mask 255.0.0.0 Preferred DNS 10.0.0. Preferred DNS 104 etter Cerca200 Steps: 1. Logon to a Sys1 as Administrator, Open Computer-> Open any drive and create a shared folder (Ex: Project) with everyone Read/ Write permissions along with some files in it. 2. Right click on one of the file and select Properties ewes none one nee Bower 1 1s domo Braet caus baa Avec 2. 3. Select user and set the permission Deny Read, click OK. ‘aber ‘Remar Thoesoe (Atennermqucresoranromeny Toenisendmemetc| a ToT coc] [eee] [oe] Wetter Cee200 Verification: 1. Logon to Member Server or Client as User (User). 2. Open Network Icon, Select SYS1, access the shared folder Project and verify for the files present. te ©0 Seema nes anes ‘ene - woesce pasa Dh soe vere dose vse eet tte ind tes Wetter Cee eer Rey200 Lab — 18: Configuring Local Profiles Objective: To Configure Local Profiles For Domain Users Pre-requisit Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Amember server running windows sever 2012 or client running windows 7. Topology: MICROSOFT.COM sysi sys2 Domain Controller Member Server / Client IP Address 10.0.0.1 IP Address 104 Subnet Mask 255.0.0.0 Subnet Mask _-255.0.0.0 Preferred DNS —10.0.0.1 Preferred DNS —10.0.0.1 etter Cera200 Steps: 1. Logon to Domain Controller as Administrator. 2. Goto Active .ctory Users and Computers and create Users (Ex: user, user2). Verificatio 1. Login as User (user2) on Client or Member Server. 2. Press Windows key to go Start, este ONC Pea200 4, In Control Panel search bar, type user profile, select Configure advanced user profile properties, + + acre! 7 5. Verify for User Profile Type and Status to be Local. Sree & eae eter nonsense {a 6. Create some files on desktop and go to C: drive >Open Users > Open the user profile (user) folder > open desktop folder > verify for the files created on Desktop. Wetter Cea200 Lab — 19: Configuring Roaming Profiles Objective: ‘To Configure Roaming Profiles so that user profile will be carried over the network Pre-requisit Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Amember server running windows sever 2012 or client running windows 7. Topology: MICROSOFT.COM sysi sys2 Domain Controller Member Server / Client IP Address 10.0.0.1 IP Address 104 Subnet Mask 255.0.0.0 Subnet Mask _-255.0.0.0 Preferred DNS —10.0.0.1 Preferred DNS —10.0.0.1 etter rae)200 Steps: 1. Log on to D.C as Administrator, Open Computer > Go to a drive and create a shared folder roam with Everyone Read/Write permission. 2. Go to Active Directory Users and Computers Expand the Domain Name (MICROSOFT.COM)->click Users> Right click the User(userl) and select Properties and select the Profile tab. 3. Under User profile Senter profile path as Syntax: \\Servername\shared Folder Name\User Name Example: \\SYS1\roam\user1. Tesoro [Baines [_ Sere [Fee fe Do Seven in| Come] eg fsa: (eee? ] | ————— Oem i Click Apply and OK. Wetter raeVerification: 1. Login as userusert on Client or Member Server and create some files on the Desktop. 2. In Control Panel search bar, type user profile, select Configure advanced user profile properties, 3. Verify for User Profile Type and Status to be Roaming. 4, Logoff this user (user) and login on another computer with the same user (user), we can see the files which we have created on first computer. Wetter es200 Lab - 20: Configuring Home Folder Objective: To configure network drives for Domain users Pre-requisit Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Amember server running windows sever 2012 or client running windows 7. Topology: MICROSOFT.COM sysi sys2 Domain Controller Member Server / Client IP Address 10.0.0.1 IP Address 104 Subnet Mask 255.0.0.0 Subnet Mask _-255.0.0.0 Preferred DNS —10.0.0.1 Preferred DNS —10.0.0.1 etter ec r:200 Steps: 1. Log on to D.C as Administrator, Open Computer > Go to a drive and create a shared folder home with Everyone Read/Write permission. 2. Go to Active Directory Users and Computers select Users and right click User user1 and click Properties. 3. Select the Profile tab Under the Home folder, select Connect and Select a drive letter 2: and in To: enter\\Server Name\share Name\User Name. Example: \\SYS1\home\user1. 4. Click Apply and OK. Verification: 1. Login as user (user) on Client or Member Server. (Open Computer, Locate Home folder under network drives. eS EE + i crv = 6) [Baas SP araanve BB vemone SF naman Wetter Cerne200 Lab — 21: Installing and Configuring File server resource manager Objective: ‘To manage and monitor files created by users Using file server resource manager Pre-requisit Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Amember server running windows sever 2012 or client running windows 7. Topology: MICROSOFT.COM sysi sys2 Domain Controller Member Server / Client IP Address 10.0.0.1 IP Address 104 Subnet Mask 255.0.0.0 Subnet Mask _-255.0.0.0 Preferred DNS —10.0.0.1 Preferred DNS —10.0.0.1 etter Cerca200 Installing SRM. 1. _ In Server Manager Dashboard, click Add roles and features. 7m ein © corse cals I ine A005 + | a ons 1 © weority | @ verona Se 2. In Before you begin page, click Next. fore you begin pan} Bel WEEN wes hep you at ro esenes feses ou determine wih oe le ae ‘ateg doce rhoring swab Treo ole eis or ere ou corte very hello ss have been come + Th Adirah song pond “hemes Seay pts om Windows Ute ested youn ely hat anol he preceding rereustes have been competed se he ‘sid compcte esas and enn ead og 1 pin page by dot a EYEE Cae Deer ey200 3. In Select installation type, select Role-based or feature-based installation, click Next. Select installation type seman citing __| ‘tein thn rte deena | ole based rf ated tainton Conia asa sey ag es ol sees nd estes © tama Dect Sere ntlition Insta equ le seve for ita Oso asic WDD octet vit racine hve or seta bed des deport 4, _ In Select destination server, from Server Pool select SYS1, click Next. Select destination server oan aan | sect acer tom he see poo © seer ave rade ‘Computers en "Ts pge stars tht ening Wesows Ser 207, el that ne ben dad by stn el Sve omg Mn, fiery tnd n Wetter rae200 5. In Roles, expand File and Storage Services, expand File and iSCSI Services, check the box File Server Resource Manager, click Next. Select server roles sommmaet 6. Click Add Features, to install the required features for Active Directory Domain Services. Click Next. ‘di features that are require for File Server Resource anager? 2. Rene Seve Admit Toe 4 Bos Asmat Tele 2 Fle Sere Tol Tonk ie Seer Resure Menapr ese cede managenent tot apc) Wetter Cre eer Rey200 7. InSelect features wizard, click Next. Select features =a Sa = i 8. Check the box Restart the destination server automatically if required, Click Install. 9. Click Close, to complete the installation ca steam eng aps Wetter Cerne eer ReyES 200! Configuring Quota Management using FSRM 1 Go to Start, select File Server Resource Manager. eee Expand Quota Management, right click Quotas, and select Create Quota. waco) fae : luce ; “i iennabenet ow re Ce er200 3. Click Browse and Select the Quota path (Ex: D:\Home) 4, Select Auto apply template and create quotas on existing and new subfolders. Select the limit and click Create. uh (ee) O ose gata | oso rete nde ter or enarg doen aoe ‘rapes “ascanenurse ponent tem ta tnt cect saree owen wrt cag seston? | mre smonte tame ton feces Wetter Cae200 Verification 1. Log in as User (User) on Client or Member Server (SYS2), Open Computer. 2. Verify the Size of the Network drive Z: (Home Folder). EE EEE! 1 Conte fe twortes + Hard Os Dives 3) besten geal DiC) domino aeocee +e wh torent tone) sainnie mn aocene poten dim = neenatin) et a a = a — 3. Login as other users and verify the size of the Home Folder. Wetter Page | 101 eer Rey200 Configuring File Screening Using FSRM 1. Go to Start, File Server Resource Manager; Right click on File Server Resource Manager and select Configure Options. 2. Check the box Record file screening activity in auditing database, click OK. [igiameey Lm [ orem | tne | ines, | cae Wetter CeCe ptr)200 3. Expand File Screening Management, right click File Screens and select Create File Screen. e+ 2c Us [Btesewetecsenwge oat [acon oe * Bawatseagenen fatoesha [Sei [aoa [Soweto Emcee tment ft crete Son Gnssee | [ee fietons tor . Sones, ume Spctoae, i ee IS 4. Click Browse to select the File screen path, select option Block Image Files, and click Create. Wetter CCeCey200 5, Right click on the created file screen, select Edit File Screen Properties, since mas #9 2icl Ot 6. Select the Screening type Active screening, click OK. 0 aes numba tng Wetter CeCe)200 Verification 1. Log in as User (User) on Client or Member Server (SYS2), 2. Open Computer, Network drive Z: (Home Folder) and try to create a New Bitmap Image file. She =e = a = es g = = : — eee = 3. Verify for Access Denied Page. i "You need pemizsion te pestrm tis action User syeThome) Spacefree 59 M8 ‘otal sie 100 MB Wetter CeCe Ce)200 Configuring Storage Reports Management using FSRM 1 Go to Start, File Server Resource Manager, right click Storage Reports Management and select Generate Reports Now. es [Reo Spe Fo 130m 1 a Tate 2. Insettings page, check box File Screening Audit. [sro [perl tone Pectin Sdoarts pt Tee Fes a Tle ee 1 es Ome Derr Pee Elser oer Eltagefe. Frcottones mon im Cam Oey One Wetter Page | 106200 3. Select Scope, click ADD and select the home folder (Ex: D:\Home). 4, Select Wait for reports to be generated and then display them, click OK. ‘Youhave chosento gener set of storage repotsnow_Dependng onthe ‘ypes ef repats andthe volunes ad fede reprted on th can ake afew eat, Choose ane othe folowing (© Generate epats inthe background Select his option to view saved or emaied eps iter, {Wat forepens tobe generated anthen daly them Sect hs option to view th apd realy upon compebon ance 5. It Generates the Storage Reports rerdng soon eo 1 Wetter CeCe eC200 6. Select the File Screening Audit Report and Open the report. Bxa|s 3 Mino S51 > o> Ser » tach > =] [aeoesre 7) Twonies de siasoneats gu. 1122-2 noe Boorse Biases ees Nii oH TS 2s corpo 7. Verify the Report for Blocked image file creation by the users. 2S |S WworteSistoragetep. {ile Screening Audit Report ae aa op Repo stone mate SES eee Seed SUIS 082 MERESTUNN?PeeD eae a) noes ordre A) ehon Wetter CeCe tr)200 Lab — 22: Creating an Organizational Unit (OU) Objective: To create OU's to organize AD objects according to departments Pre-requisites: Before working on this lab, you must have + Acomputer running windows 2012 server Domain Controller. ‘+ Amember server running windows sever 2012 or client running windows 7. Topology: ‘MICROSOFT.COM sys sys2 Domain Controller Member Server / Client IP Address 10.0.0.1 IP Address 100.02 Subnet Mask 255.0.0.0 Subnet Mask 255.0.0.0 Preferred DNS 10.0.0.1, Preferred DNS — 10.0.0.1 Netter CeCe Cr) i Et ReyES 200! Steps: 1. Press Windows Key to go to Start, select Active Directory User and Computers. 2. Right click DomainName->New-> Organizational Unit. S| ee Se — eee 2s eet Coe Ce er200 3. Enter the name for OU (Ex: Sales1) and click OK. 4. Create Users in the Sales1 OU (Ex: $1, $2, $3) SF ectceyineramcms +o a] 0/xG4a/ Omi es [3 Atre ovecy es os or Nae Sesame tne 7 ered om recs e Sn e Cerca petl eer Rey200 Lab — 23: Delegating Control to a User Objective: To give administrative privileges to a user on a ou Pre-requisites: Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. ‘+ Amember server running windows sever 2012 or client running windows 7. Topology: — = SI SJ SJ MICROSOFT.COM svsi svs2 Domain Controller Member Server / Client IP Adress 1000.1 IP Address 10.002 Subnet Mask 255.0.00 Subnet Mask 255.0.0.0 Preferred DNS 10.0.0.1 Preferred DNS 10.0.0.1 Wester Cercupte)200 Steps: 1. Goto Active Directory Users and Computers right click OU select Delegate Control 2 mine uineatcompaes a ee anlsoxGealan tear ee Eeepee come occ oe Click Next. Welcome to the Delegation of Control Wizard ‘eenshpe ms dpe cont ne Once Wetter Page [113 eer Rey200 3. Click Add-> Add the User (User). em eccris Tits Sonusee ete unnyeonae een es 4, Check the Box Create, delete and manage user accounts and Next. Cgeeee cmt te ae) ee ee 5. Click Finish. Verification: Log on to D.C as User (User), Create User in OU. Wetter Cercuete)200 Lab - 24: Creating Groups Objective: To create security groups for permissions Pre-requisit Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Amember server running windows sever 2012 or client running windows 7. Topology: MICROSOFT.COM sysi sys2 Domain Controller Member Server / Client IP Address 10.0.0.1 IP Address 104 Subnet Mask 255.0.0.0 Subnet Mask _-255.0.0.0 Preferred DNS —10.0.0.1 Preferred DNS —10.0.0.1 Wester CerCuetcy200 Steps: 1. Login as Administrator on a Domain Controller. 2. Goto Start, select Active Directory Users and Computers. Right click Users-> Select New > Group. 70) xdaa| Gn sanr as [SAcineovcsy en andCorel hime” Ten eee onion Sey ons nannare Romesh Seto Mennonite Poet Ce er200 4, Mention the Group name and Select the Group Scope as Domain Local and Group type as Security. 5. Group will be created successfully. 6. Toadd any users to this group, Right click on User account and Select Add to group neon Tie Acer Wor He eojani/xGs| Oe) texas [Scie ecu ie Camel hme” Tae Wetter Page [117200 7. Mention the group name as MCITP_USERS-> click OK. 8. Add to Group operation was successfully completed. @) tensa cy apeaceiveacinyeonpuans 1. Go to Active Directory Users and Computers Right click on Group —>Select Properties >Select Members Tab-> Verify for the User. [anes Reon || Mod | eee Wetter Cea pte)200 Lab — 25: Installing and configuring DISRIBUTED FILE SYSTEM. Objective: To configure namespaces and new folders using DFS to manage share folders Pre-requisites: Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Amember server running windows sever 2012. Topology: MICROSOFT.COM sysi sys2 Domain Controller Member Server IP Address 10.0.0.1 IP Address 10.0.0.2 Subnet Mask 255.0.0.0 Subnet Mask _-255.0.0.0 Preferred DNS —10.0.0.1 Preferred DNS —10.0.0.1 Netter Page | 119 i Et Rey200 Installing Distributed File System (DFS) 1. In S¥S2 (Member Server), Go to Server Manager. Click Add roles and features. — a aed @ Configure this local server ig flenssoce Senate D vmnsy © senwpatty 2. In Before you begin page, click Next Bi ana eatres wears | ‘rd ho you nal le, sans ses You tain en le 6 Series ets ott based nt coputn nef your oganaton Sh 5 ‘hg dosent hosing wet Fenech rhe fre you cnn wily ht he flog ss hve been ome ‘Thermos ar cay pts to Mra Upt tal you mas ett ay fe prc preegsies he been comple doe re wer compe he ep 2 nwa apo Si get ata a EYEE Ceca et Deer eyInstallation. Bian ates wars | Select installation type = Se ttt or frre ted ntanton Cotsen oy esingres oe sens du emote Deshtop Services istatiton bal ete lesen fo itu Dest asthe VD a eae ita ‘audine bse resorbed dep deployment, Cee | ee In Select destination server, from Server Pool select SYS2.Microsoft.com, click Next. Select destination server a rope sets ott etm a 1 Sac eo th spook © Sele ahr dee series srt ona ond “Wispage sons ees that ening Winds Seve 202 on ut hae been aed by hing te Al Sans carmandin Se Marge Ons ones nen eee Geevelth secs nl berplevn oh aoa Wetter Crue200 Expand File and Storage Services, Expand File and iSCSI Services, check box DFS Namespaces. patients aL 6. Click Add Features, to install the required features for DFS Namespaces, Click Next. ‘Add features that are required for DFS Namespaces? “The folowing tools are required to manage this feature, but do not have tobe installed on the same server. 14 Remote Server Administration Tools 4. Role Adminiztration Tooke 4 File Services Tools [Tools] DFS Management Tools Include management tools (applicable) dd Features Wetter Cercmptz) eer Rey200 . In Select features wizard, click Next. Select features ae ee 8 Check the box Restart the destination server automatically if required. Click Install. Confirm installation se Sm oni ne ee! ein Soe Saree 9. Click Close. Wetter Cerueee} eer ReyEE 200m Configuring Namespace In DFS 1. InS¥S2 (Member Server) Go to Start, select DFS Management. Cte 2. Right click Namespaces and Select New Namespace Wetter Comet) Ce er Reo3, Enter the Server Name in which DFS Installed and Select Next. Enter Name for the Namespace (Sales)and click Edit Settings. ES en EE mameanc hme an oars ‘rer enna ace Saar Donan ae ‘aro Ra aaa ra wnteeea Cae Wetter CeCe Ce}200 5. Select the Permissions Administrators have full access, other users have read and write permissions, and click Next. Risto hve occas chee ed ard we —e (© Ue catam pamisons: 6. Select Domain Based Namespace-> click Next EE mes ee oe Shean rms ce (© omartantnaanee ‘Acris dn ur rate en nd ‘cgay Seat Ys gonna rey dagemantnl ronan hanes ee ‘mg sen pran cota ot an Sosa tones ate Roer sarorrdocae Tonsley snfscsssbwed eur Noremase onenae haves Se cata (fate rene Se 2 te Fn arene (estes > © sntacreramege ‘rere ronecgen std oa ig arate Yencan ccm he SSS eye eae gee eanacreraeet Wetter CeCe ts)200 7. Click Create EE seven tg at te ae al ‘oat efooing etn ee omega fe tr {aea3o: Cue sneyarnon roman losing ams ‘sass women apr mrtzan ge —a [famepacenane Wis cons SSSR es a 8 Select Close =. eee ean smote ETE Remeron || Soman Wetter CeCeConfiguring New Folder In Namespace In $¥S1 (DC) open any Drive which is formatted with NTFS Create a shared folder (Salest) and give permission (ExiRead\Write for Everyone) Similarly create a shared folder (Sales2) on SYS2 and assign permission. In SYS2 (Member Server) go to DFS Management and Expand Namespaces ye ene Right click on namespace name and Select New Folder a [serstengere “Baoesse Siocon + ion 6. Enter the Name (Ex: Salesi) and click Add. Wetter Page | 128200 7. Enter the path for folder target (\\Systemname\ Sharefoldername)&click OK. 8. Similarly add another DFS Folder (Ex: Sales2) and folder target \\SYS2\sales2. ‘Sie Aen Yew Won 66 ‘e9) ac Oia [Systeme oa | ———= —— ipa Wetter Page |129200 VERIFICATION: 1. _ In $¥S2 (Member Server),Go to Start, type Run in Search Apps, and select Run, type\\Domain name\Namespace Name (Ex: \\Microsoft.com\sales) Typethe name of» program flde, document, or inteet reroutce and Windows will open for you. [McwseRcomsvel —SCSCSC~« (© Tita wit be conte dint plages Bowe. ). _ Itwill display the contents (Folder) of Namespace. ane One moses Type = Best 297201912. Fe tolser ooweioads slew? Sauna 12 ae flier SL Recent places wares B Docanens 2 Muse se1Piwes vices Computer toca osc) Loe Dsk cea New Yume i Nemer Wetter Ceca eD) eer Rey200 Lab — 26: Installing Additional Domain Controller Objective: To install one more Domain Controller (backup) in the existing domain Pre-requisites: Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Acomputer running windows 2012 server. Topology: MICROSOFT.COM sySi sys2 Domain Controller Workgroup IP Address 10.0.0.1 IP Address 10.0.0.2 Subnet Mask -255.0.0.0 Subnet Mask —_-255.0.0.0 Preferred DNS —10.0.0.1 Preferred DNS —10.0.0.2 Alternate DNS Alternate DNS 10.0.0.1 Netter Page | 131 i Et ReyES 200! Steps: 1. Login as Administrator to the Workgroup Computer. 2. Assign IP Address and preferred DNS Server Address 3. Click Server Manager UCC eae oe OS aes SYS2 BUG ley sR DRT y 10.0.0.2 Alternate DNS: 10.0.0.1 UserName =: Administrator Ble Be Ses 4, In Server Manager Dashboard, Click Add roles and features. Server - a aS i al ~ | ‘ & | ig FieondSooge Wetter oe) Ce er Reo200 5. _ In Before you begin page, click Next, In Select installation type, select Role-based or feature- based installation, click Next. Select installation type 2 sere u0h ‘Septem Yume tat ni eo | talent tts iton coer en 8 © tame an Serve tation wr nee stead 6. __InSSelect destination server, from Server Pool select SYS2,click Next. Select destination server ee owe esr in tn sino oe © Stator totam sane foo Wetter Page | 133 eer Rey200 In Roles, check the box Active Directory Domain Services. Select server roles od reson ye foe == a tc ae AD a Succntmncrse yet 1 sO tt etn Ses eee ree cexterston [see omy to srgon es Seem pees, ttn See Srmeecrhe moon» ome ebooracss onsen * Fase ee le oc Cl aretesmensenee (seen ace terete Onten eves (eke ans 8. Click Add Features, to install the required features for Active Directory Domain Services. Click Next. naam ata aaa ee] Wetter Page | 134 eer ReyEs 200m 9, InSelect features wizard, click Next. Select features —— tecaoon 908 exreton srr ecient ee 15 “tonsa eect et noe (eter Oe nt ae eee cexterston (soa nen tt Sontentaeenmetcne, Ceca tirerieteatymreiee ewes ‘grate etme (onecente ton Clemnebone racer coe (2 mote tment lineaments see eaten ce (saan (et iiss rt (eee) ET] [| a] 10. Directory Domain Ser ’s wizard, click Next. i Res ad Features Ward Active Directory Domain Services cen cone | Sen eee aeerniateeersts” S22 | Seater iercieere Wetter Page | 135 eer Rey200 11. Check the box Restart the destination server automatically if required. Click Install. Confirm installation selections aaa ein Reset he ton ee etal ee rc Como ec Goto tingeret ‘hie Oi Art (ase) [oe Ca] Cone] 12. Click Promote this server to a domain controller. i Res ad Features Ward Installation progress ier by as nce Poste 1B Soctyaaenhesirn re comerste etek Dae Bev | [ae coat Wetter CCabes) eer Rey200 13. _In Deployment Configuration wizard, select Add a domain controller to an existing domain, Change. enter the Domain (Ex: Microsoft.com) and Deployment Configuration es ME a comnivnsnn ome: won = Si cet were cnn cent camer pee | [ae = 14, Enter User Name: Administrator@microsoft.com and Password, click OK. Credential for deployment operation Sse One er te deo pen, A... 15. Click Next. Wetter CeTCPeD200 16. In Domain Controller Options, review the default settings, and type the Directory Services Restore Mode Password and Confirm password and click Next. ti en Comin sev Conigaion ich | | Domain Controller Options meee TST sxe snes chy gta an te tn, osone | Bomscante res ome ee geet iets ee de DM pend 17. On DNS Options page, click Next. DNS Options meer vot | Wetter Page | 138 eer Rey200 18. In Adcitional Options Page, select Replicate from Sys. Microsoft.com, click Next. ‘Additional Options ws setae Mea Ope ital tm mt feet or [sine sna cree siershcon aa] ee a) 19. Verify the location of the AD DS database, log files, and SYSVOL, click Next. Paths weet Sey tease te 0S bon en SOL eo Neos a Lister eS a vo. ae 0. a Wetter Page | 139200 20. Review the Summary and click Next. Review Options es et ems rt ll Pesan Ost emacs psn cas agen — Ce 21. Click install to begin installation. Prerequisites Check oe orange cp ta ‘4 sey aemie nomena ipso pct ‘Speen cnet nom ioe ee mee enn ae (0 reer it camnt on te pe sel, Ca bapa “Aityovcec el merase foace Pend eperten pen (ase) Co, Cs] Cone] Wetter CeCe eC eer ReyES 200! 22. The computer restarts as a part of Active Directory Domain Services installation. Te 23. After restarting the computer Active directory will be installed. Verificat 1. Click Start-Run and type CMD. 2. Type NET ACCOUNTS and verify for Backup in Computer role. Administrator C\Windows\systoma\cmnd exe eae Parana ieacest sey OU eog e oe tor Pe) Ces) ase ae aCe Cri) Soars eeu es corsa ceedEs 200m Lab — 27: Creating Child Domain Objective: To create child domain Pre-requisites: Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Acomputer running windows 2012 server. MICROSOFT.COM 1 Milli MCITP.MICROSOFT.COM syst sys3 Domain Controller Workgroup IP Address 10.0.0.1 IP Address, 10.0.0.3 Subnet Mask ——-255.0.0.0 Subnet Mask —_-255.0.0.0 Preferred DNS —10.0.0.1 Preferred DNS —10.0.0.3 Alternate DNS = Alternate DNS 10.0.0.1 Netter Ceremecr Et ReyES 200! Steps: 1. Login as Administrator to the Workgroup Computer. 2. Assign IP Address and preferred DNS Server Address 3. Click Server Manager COCR one li Host Name 2 Ey ex) pam tear BRU UAE) DNS Server BCU UA Es} PN coe rie hed SRUAUA Us § LUTE Tits Pn sete g 4, In Server Manager Dashboard, Click Add roles and features. Server - 3] snes ig fice Store cae er Comey200 5. _ In Before you begin page, click Next, In Select installation type, select Role-based or feature- based installation, and click Next. Select installation type °S Congres engl serve by adn oes, role sevice. and fests, Remote Desitop Series instalation Inst requed rele eres or Vitul Desktop nfastucure (VDD to crete 2 ial machin bases or sesion-based desktop deployment 6. _InSelect destination server, from Server Pool select SYS2, click Next. Select destination server etre tage Secession a oe stant (SRR ern erp Select rua hard die 1 camputendYound ‘This page hows sever tha re runing Wows Sever 2012 and that have ened by ung the Ada Seners command. Server Manager Offi eres and em aed serves om whi ata colecion silicate are ret show a Ls | Tea Wetter CeCe)200 7. In Roles, check the box Active Directory Domain Services. Select server roles 7 tr age Coe) 8. Click Add Features, to install the required features for Active Directory Domain Services. Click Next. aE Wetter CCeeLey eer Rey9, InSelect features wizard, click Next. Select features etre stag renisor ee Sarat secon mene [coe ff aos i pesoapecre pe earerinta Cee Ss Aiee —— ia ceemee ety me aaa feed crag ieee, Heong esses SEE 10. _ In Active Directory Domain Services wizard, click Next. Active Directory Domain Services ralaten yee rsessiose Wetter (eSSrteat aos hp eamrne nay ang rar Rear see ‘httgndcunentan een eA ete ers ey ee apps lots enon unergetow snd ser tnans ane torsagernan ar Cour + Tokina aancn ten necro tgs tte ‘ele yi pone mt be DNS narra sane * oust tee Men an tn en Page | 14611. Check the box Restart the destination server automatically if required. Click Install. Confirm installation selections — acini Toate eowg ct emir ote nace ea risen ee Resta the destination server automaticaly egies Sarason era rch rn ahh dpa en a he wove ‘ee econ Domai Seoces RE sup rey Management Remote Sere Adminisation Tooke [ADDS 2nd ADDS Tool Active Directory module for Windows Powell ‘eave Decor Administrative Center por configuration etings Spec an aerate source path 12. Click Promote this server to a domain controller. installation progress © feseintion Cage nga need ‘Active Drcory Domain Serves "Adtionl steps are eited to make his machine a domain conte, ‘Group Potcy Management Remote Server Adrinistation Took Role Adminstaton Tool ‘ative Decry modu fr Windows PowerShell ‘You can cose tne wzad who interypting running ass View ask [m_ ares or pen this page agin by cickng Notations the command trond hen Tak Det xr coniguran tgs (eee) ) Cd Wetter CeTCuec200 13. _ In Deployment Configuration wizard, select Add a new domain to an existing forest, select domain type Child Domain, enter the Parent domain name (Ex: Microsoft.com) and New domain name (Ex: meitp), and click Change. sev onsen Spi se tron ot Sst ete os i ton sennsraerencuntcon Moe about deployment conigurtions ion] Se 14. Enter User Name: Administrator @microsoft.com and Password, click OK. Credentials for deployment operation So aetnta rte demen gnats A. 15. Click Next. Wetter PCa eLe)200 16. In Domain Controller Options, review the default settings, and type the Directory Services Restore Mode Password and Confirm password and click Next. Domain Controller Options a ct [os exeraiag I>] sao eps Sey orancartce pair mast fomton io [Z barantanespem ON) see seen Sree gon cnos eo) Seren soitaniseyis nates — a Galen soe More about domain consatie optons (Ceti) [hit 17. On DNS Options page, click Next. satan opto nett ceegton enon More about ONS delegation (eae) [ier] Wetter Page | 149 eer Rey200 18. In Adcitional Options Page, Review the NetBIOS domain name (MCITP) click Next. Additional Options SESE eythane mite rag mney ‘ies 19. Verify the location of the AD DS database, log files, and SYSVOL, click Next. Paths Secreta ayant tan OL acct in —— weet age eros More abou Active rectory pas ([epei] (“ties ] Wetter Cea et)200 20. Review the Summary and click Next. Review Options Seren Conrie apne) Cope ene ta te Day oa ait orn 21. Click Install to begin installation. Prerequisites Check eng Se Bal Ga ca 22. After restarting the computer Active directory will be installed. Verification: Go to Server Manager, Local Server verify for Domain MCITP.MICROSOFT.COM 1. Go to Active Directory Domains and Trusts verify for parent and child domain. Example: MICROSOFT.COM and MCITP.MICROSOFT.COM. Wetter CerCcupere200 Lab — 28: Creating New Domain Tree in E: ing Forest Objective: To create new tree domain in existing forest Pre-requisites: Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Acomputer running windows 2012 server. Topology: MICROSOFT.COM McTS.coM sysi sys4 Domain Controller New Domain Tree IP address 10.0.0.1 IP address 10.0.0.4 Subnet Mask —255.0.0.0 Subnet Mask ——255.0.0.0 Preferred DNS —10.0.0.1 Preferred DNS 10.0.0. Alternate DNS Alternate DNS 10.0.0. Netter Cercupey) i Et ReyES 200! Steps: 1. Login as Administrator to the Workgroup Computer. 2. Assign IP Address and preferred DNS Server Address 3. Click Server Manager Host Name 2 yes Uae te or 4 BRU 3 DTS (oa 10.0.0.4 PVC coe by 10.0.0.1 LOR ET Paes 4, In Server Manager Dashboard, Click Add roles and features. Server - 3] snes Wetter Pees Ce er Reo200 5. Inbefore you begin page, click Next, In Select installation type, select Role-based or feature- based installation, and click Next. Select installation type se Congres engl serve by adn oes, role sevice. and fests, Remote Desitop Series instalation Inst requed rele eres or Vitul Desktop nfastucure (VDD to crete 2 ial machin bases or sesion-based desktop deployment 6. __InSelect destination server, from Server Pool select SYS4, click Next. Select destination server etre tage Secession dh stant © select» eer rm the eve pool ‘Select ira hard de 1 camputendYound ‘This page hows sever tha re runing Wows Sever 2012 and that have ened by ung the Ada Seners command. Server Manager Offi eres and em aed serves om whi ata colecion silicate are ret show Cie] ee] [Cw | ee Wetter CeCe)200 7. In Roles, check the box Active Directory Domain Services. Select server roles 7 tr age Coe) 8. Click Add Features, to install the required features for Active Directory Domain Services. Click Next. aE Wetter CeCe) eer Rey200 9, InSelect features wizard, click Next. Select features — ne paver eer EL Lainins a a eee, al cere = paras oe =o lan [ce to ec Ss — fenoopral aes reer i ene seeing peered Seen ae cen De wa SEE 10. _ In Active Directory Domain Services wizard, click Next. Active Directory Domain Services a neretcs AbDshepe aimee cee range tenner ses ee ralaten yee ‘httgndcunentan een eA ete ers ey ee apps cases lots enon unergetow snd ser tnans ane torsagernan ar Cour See “ ‘ele yi pone mt be DNS narra sane * oust tee Men an tn en Wetter Cape11. Check the box Restart the destination server autom: lly if required. Click install. Confirm installation selections Sisto Tint e eowg temic ofan nace ea rsson ee Raa ai ae acy agai ae cake ‘Seeces rman ye doctrine er ten as a Po ce 208 ‘ete Directory Domain Services ‘Group Posey Management Remote Sere Adminisation Fock Role mination Toot [ADDS 2nd ADDS Toole 20 05 Took 1A DS Snap ane Commandine Took ‘AetweDrector Adminitrative Center por configuration setings Spey an area source path 12. Click Promote this server to a domain controller. installation progress © feseintion Conger nqeea hasan enend oe ‘Active Drcory Domain Serves "Adtionl steps are eited to make his machine a domain conte, ‘Group Potcy Management Remote Server Adrinistation Took Role Adminstaton Toole ‘ADDS Too ‘You can cose tie ward wou nteryptingruarng tas View ask [m_ ares or pen this page agin by cickng Notations the command trond hen Tak Det xr coniguran tgs (eee) ) Cd Wetter CeCeeey200 13. _ In Deployment Configuration wizard, select Add a new domain to an existing forest, select ‘type Tree Domain, enter the Forest name (Ex:MICROSOFT.COM) and New domain name (Ex: MCTS.COM), and click Change. dom: sev onsen Spi se tron mot Sse ete os i mtn sennsraerencuntcon Moe about deployment conigurtions ion] Se 14. Enter User Name: Administrator @microsoft.com and Password, click OK. Credentials for deployment operation So aetnta rte demen gnats A. 15. Click Next. Wetter CeCe)200 16. In Domain Controller Options, review the default settings, and type the Directory Services Restore Mode Password and Confirm password and click Next. Domain Controller Options Sec caren creo eis eat orton [dara Neen (OS eet (petocamns renga | Liston " Senne More abou oS deegaton (epee) Cater Wetter Page | 159 eer Rey200 18. In Additional Options Page, Review the NetBIOS domain name (MCTS) click Next. Additional Options SENSEI ey te hn mint rag mney ave aba acl sind ‘ies 19. Verify the location of the AD DS database, log files, and SYSVOL, click Next. Paths Secreta ayant tan OL acct in —— weet age eros More abou Active rectory pas ([epei] (“ties ] Wetter Page | 160200 20. Review the Summary and click Next. Review Options coon Cle oy nt arate they a erin a onscptrs ‘Rome aren dra netcam coe te ‘eet: cnbe ant Won oneal so ate Toone ea fer || 2 21. Click install to begin installation. Prerequisites Check veces [© Aiprequite dacs pared acetal GA Waar wbeghsaiston ——Sowmae *] ee COFe-ES cutee eae ne te Dey Donen oh ena eae ces 1 ee ‘ec ae cna a enti aed in tow cryptography sigorthes compete wth Windows NT AO thet prevents mene | ean ange ‘ureter tg wee ane AI ‘Seceopen on ere pn o preeete c * eared) assigned to I Propertes. both Pal and V6 are enabled fa networ aT eeaintsers hens neue mnpesiea ts Boteeanreicpisomonipectcasne Boectongeek (At tt eer orate th te poner etn (Gesma] oe] Ge] ead 22. After restarting the computer Active directory will be installed. Verification: 1. Goto Server Manager, Local Server verify for Domain MCTS.COM. 2. Go to Active Directory Domains and Trusts verify for parent and New Tree domain. Example: MICROSOFT.COM and MCTS.COM Wester CeCue tse eee iy200 Lab — 29: Transfer Operations Masters Objective: To transfer operations masters from primary to backup Pre-requisites: Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Acomputer running windows 2012 server Additional Domain controller. Topology: = Sj = = Sj = MICROSOFT.COM SYS1 ‘SYS2 Domain Controller Additional Domain controller IP Address. 10.0.0.1 IP Address 10.0.0.2 ‘Subnet Mask 255.0.0.0 ‘Subnet Mask 255.0.0.0 Preferred DNS 10.0.0.1 Preferred DNS 10.0.0.2 Alternate DNS Alternate DNS Wester Cerca er)ZOOM 1. Logon to Domain Controller as Administrator 2. Goto Start, type cmd in Search Apps, and select Command Prompt 3. Type Net accounts and Verify for Primary in Computer role. Administrator CAWindows\systema2\cmdexe Cae es ei RCL Seer emery aa a nar) lockout duration (minute: ecm on windon Sian say ‘he conmand completed suc: ECU ledSNC area eerie Enea Ore Peauuct f TU ao eae 24 Ruan res React Ey rae eau COM) Er) mputer role: Carag cote er Reco SCC Ue Type Roles and Press Enter. Adminstrator: CAWindowseystem22\en BOT Pater ea Sor eae tee Pic re On aaa CE Minimum password age (days) Maximum password age (days) Minimum password length: Oa eat Rectan ema Me tar CLO MS) Boao arcu er) oe Esircy PAO eC Cee Ty BOC OU es otan] Scots azoom J Type Connections and Press Enter. CC eta teats Ci Un Cea oa Never rd age (days): Panne eer Coreen» oa em eae ce Sa aC (eta ecm Sooner ce eer ace eee eS Weegee oad ats eeeey ese east Type Connect to server SYS2 (ADC System name) and Press Enter. a -Admiistator.CAWindowssystem32\cmd exe nts SSE (c) 2012 wicrosoft Corporation. All right VEC area acd Rice re aa inimum password age (days) PMLue eerie ETC ry Tue ee ge oe Re Renae eager een eager OC) aie Boar he command completed successfully Breet) Teonsn eines Senn ees Pc aa tea CS aZOOM 8 Type: Quit a Administrator: C\W ra Et) Ronan ata CUR OCI) 30 eS CCN RC Re ee ec NE ie any ‘onnected to sys2 using credentials of locally logged on user. Se ost eee d 9. Type Help (or) ?, to see the available syntax. Administator. Windows system’2\ci tds Pec ode MeCN SUErR ees DOR ca eo eae Rug quit 10. Type Transfer infrastructure master and Press Enter. SR Rac) Coca Poorer ion Pan React) Cea Ree er ee ee eee no CC ee Pos Ce ae ec eats Scere pesca meester eres oe meetin ree Resets OSs eet Pe menescy Transfer infrastructure master -"sake connected server the infrastruct Cs eae Ss wake connected server the Peveaetiibtast Reet ie aera hake Connected Server the ss SE tosZOOM J 11. Click YES. 12. Type Transfer naming master and Press Enter. oun Gh cre i Cetin Abe gamer ne aon fFsmo naiitenance: Transfer naming master 13. Click YES 14, Type Transfer PDC and Press Enter. dimiistatos CAWindows\sstem2\cmed exe —ntsut ora Pore aa ts IE aat ees artery tat eae LE as aeeaa east Qari aryees aera eS he Sonar rnen tana Riraatet ee Uo ah Re OR e Ceca AeA uA RSM rayzoom } 15. Click Yes 16. Type Transfer RID Master and Press Enter. a Administrator ae cd Pose ae Tastee arsine eee ictat neuter escer Peesasitd Windows\syatem’2\emel exe —ntsuti erro? Rieter eRe ast Roo Re ERC Sela sruitis Pome ae es 17. Click Es 18. Type Transfer Schema Master and Press Enter. Aainistator: CAWIndows\systema2\emd exe nds nce: Transfer RID master Poe ee IPSs Pea Ra Re Sa ele ee Rac hs Seen eat no seatan eee ats Re sas nce eae Sear gator ag gate Somes ote eae wate rue Rita enamel arg ars ire ee a19. Click ES 20. Type Quit and press Enter ace an YS2,,CN=Servers ,CN=Default-First~: Recs erie oni guration, b a A Seep Sart Stun hata eee ae Sec Near ie athe) oie eC Ce er ReoAdministrator: C\Windows\system32\cmd exe - nut Sones See estes om eis Keer narT eaten Glan es rere - CUR ciaewe a saa tT el) eRe ete eet hn: emcee tare (Papeete saat c Tae Tara Cun ent Sree reersss core a aersc iba Sar essere ante ag aT Rieeagtati eos erestua Tig aCe oases Eta Ea hha Type Net accounts and Press Enter Computer role of Domain Controller will be converted to Backup and Additional Domain Controller will be converted to Primary, a Administer: C\Windows\system2\cmd ex Cale aae ects) Rice ae CeCe Lec Minimum password age (days) Maximum password age (days): To ene er og Moco Renae ear Rea Meanie) eye eee Cn) Saige DR ee ete ery SEC Rate Cie200 Lab — 30: S e Operations Masters Objective: ‘To seize operations masters in backup when primary is accidentally down Pre-requisites: Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Acomputer running windows 2012 server Additional Domain controller. Topology: = Sj = = Sj = MICROSOFT.COM SYS1 ‘SYS2 Domain Controller Additional Domain controller IP Address. 10.0.0.1 IP Address 10.0.0.2 ‘Subnet Mask 255.0.0.0 ‘Subnet Mask 255.0.0.0 Preferred DNS 10.0.0.1 Preferred DNS 10.0.0.2 Alternate DNS Alternate DNS Wester Percezoom J Steps: 1 Log on to Additional Domain Controller as Administrator Shutdown the Domain Controller Go to Start, type cmd in Search Apps, and select Command Prompt Type Net accounts and Verify for BACKUP in Computer role. Administrator: AWindows\eystemi2\crd exe SC aU ee ote) Piece a OCU aL re re minimum password age (days) Maximum password age (days) RUN Seg Oe RO aaa Rectan ena Meramec Reyer eet on) cae et Re cee OCC UIE Type Ntdsutiland Press Enter. Adminstrator: CAWindows\eystem2\cmd exe ROU eae sete Cae aeRO aL ee password age (days) password age (days) ares Oe eat) Seat re ena Mera) Et) oa eta Oe re) 30 aS cen Ce ee ee ee ECC ie cae aom J Type Roles and Press Enter. m Aeinistator CAWindows\eystem22\cmd exe - ntti CeCe tele caae ee eC a aa Minimum password age (days, Maximum password age (days): Sue ee Rog Mas Cam Recnae ear ena Mera) eetnar eter Oo can en Ree ae eae oY Be ee ee aD rota eeo Type Connections and Press Enter. Administrator CAWindows\system22\cmd exe -ntdsuti RO nra cea Ca RO ea password age (days): eee eC) Pere OR Rae Brann eon Merah Renae OC) nas PO Re et ecco Ly :\Users\Administratorsntdsutil osha Se Ue oat Type Connect to server SYS1 (ADC System name) and Press Enter. Administrator CAWindows\ystem22\cmd exe - ntti Megara tert sae coce er logoff how long after time expires?: password age (days): password age (days): Ears Ae ne Bacar ar eye trac) ena OG co ne er Ren eet eee Ly EN Se ie aE eas ea Sree earn Pau cases Soak CES 24 reg Et 30 Cred road f cr) 24 TaZOOM 9. Type: Quit Aeinistator CAWindows\eystem22\cmd exe - ntti garter ieee aa RC aC minimum password age (days) Maximum password age (days): Sue ee Row Mas Cem t Recent Ronee Mera) eeenar ete Oc Scan Peetu eee etc ue eon] cra ee) BOR eoatar Ia nas CL tae Se Simos ‘onnected to sysi using credentials of locally logged on us Socata ha 10. Type Help(or}? To view the available syntax. Administrator: CAWindows\systems2\cmd exe - nid smo maintenance: 2 COR s ty Cer aat see oe rar Rest eg eRe SD Te eos Ce nn oc fad CaaS or CaaS Poa eaters PS rear stares ras Eeyore set Cet ee CMe tae ee a DOS Rea Cees aes isco Sac Use on og ee ans Pinca es eat ee and iE11. Type Seize infrastructure master and Press Enter. So oa 7 Eee erat Pecan eet eto AI CR eu Natu an Cot eects eize infrastructure master Re halos ed er Pog Cee eects area aC Poi MUS L Transfe ee curs Berio as ee Perrott at 12. Click VES. me Ce er Reo13, 14. 15, Hes eae F Pt eee fees Coerscnerst eer oe Co ae i j repending on the error code this may indicate a Le ieeuarecetri ce ae re eee eae eee ora eo Recearartetacai RI aeeamr eerste oar Stat rete Click VES Type Seize PDC and Press Enter. Administrator C\Windows\eystem22\cmnd exe -ntdsuti Ta ee a Sa eRe ace tac) a ee ee CCR crass ee OU RR CRC Read Mee aed ores ee eee Ua Mutants rare ren on tara Bob peeees ro arp srume tarred Rusa ee Tara tt ae eee16. a7. 18, Click Yes ‘Type Seize RID Master and Press Enter. SaaS Mair taan at ee coo es i Rea eet SO edo merece rer CroNete (a1) ean Wee eee ea Re ean eee crete Nae Mat aE) WRK eee oe a Sera mlacrecn act bepending on the er ORE ee Mec aan eae i o FSMO failed, proceeding with seizure . ae CaaS oe Pare atun eens tana Rieu eee east ut Saige ire Pree eo Comes Ce er ReoZOOM 19. Type Seize Schema Master and Press Enter. [Administrator C\Windows\system32\cmd exe - nts coo og ransfer of RID FSHO failed, proceeding with seizure CC Seer cry ; ones ert) Tees tion ,DC=Micr Pare aC een tag eg at ee ee 20. Click YES 21. Type Quit and press Enter Administrator CAWindows\ystems2\cmd exe nde pending on the error code this may indicate a connection, acai Pea ee OS A ee Rea Ted server "sysi" knows about 5 roles eur taal oe ATC Moe utsR aa TEaaheie car Tg at UM So tag Taga okey sess coer Tp ary nero tar regs Reoaat ee eta oe eat Re cna gate te ce ace aaa22. Type Quit and Press Enter. Tet Serie tare tartar Ce Seuss ir ae meagre ste poc - CN=NTDS Settings Dart atun eae rea Ts ro Parity ar unen tae epoca cee cena Tah 1. Type Net accounts and Press Enter 2. Computer role of Additional Domain Controller will be converted to Primary. Se Saar Ress tearunes eee saatt Dar tg satunse tse Tags BO essa Meee ei teat aT Stun isn Rae Riegaatactcems nFiguration, ieee eases Dena CIEL ae see) AC ORC eee oa re Minimum password age (days): F Maximum password age (days): ca Minimum password length: 7 oar aS Cet 24 Reman ran Renae Mera Cr) Et) ona UR OC) EY) ae Coat ee ee a cee NEC UES e200 Lab - 31: Applying Group Policy on Organizational Unit Level Objective: To apply group policies on a particular OU Pre-requisites: Before working on this lab, you must have + Acomputer running windows 2012 server Domain Controller. © Amember server running windows sever 2012 or client running windows 7. Topology: MICROSOFT.COM sysi sys2. Domain Controller Member Server / Client IP Address 10.0.0.1 IP Address 10.0.0.2 Subnet Mask 255.0.0.0 Subnet Mask —-255.0.0.0 Preferred DNS —10.0.0.1 Preferred DNS —10.0.0.1 Netter Cee CC i Et ReyES 200! Steps: 1. Press Windows Key to go to Start, select Group Policy Management. Cree 2. Right click OU (Sales) Create a GPO in this domain and Link it here. Gre Ratey Management ¢9\alplo xG¢ Om 3 Group Poicy Maraperent 1 forest mizeesticam “Domai (ase +9 Godlee GO Radon ERIS Walken Eting GPO }stny slot inertance vimstes ous Paty Ueda # Croup Pll Grows Potcy Moceing Waa |S Group Fol) new Oranzational Ut Deste rete Properties Hebe Comers Ce er200 3. Enter any name to GPO Link (Ex: Remove Computer Icon) and click OK. Right Click created GPO Link > Edit o#ainlxslun ‘Too ak Maret *Ateeeriomtie Saeco cemsctoran ey 5. In Group Policy Management Editor Window, Go to User Configuration > Policies Administrative Templates > Desktop. Wetter Cer cup ts)200 6. Select a policy (Remove Computer icon on the Desktop) on right side of the screen, Right Click and select Properties. ageing a ees iteondGuseat tonite ary Nat op [EWE aesmer _Etowotetenmpcrouptine Nato SSetomangyntncr | UNdertoe Gowns dese hate Heroes Deamenseenenteseste Rote hcotewoiocenriencnancoy Nat ‘Shenow hoes semen. Nat humo patentom ay Nat hemor hopenestomte are Bneote. Rete. Sooreeaceee Neco Preven wn ging rpg a ag Ne nn. ror 7. Select Enabled option and click Apply and OK. Wester CrCuete) eer Rey200 Verification: 1. Logon to client system as sales OU user (s1) and verify the changes because of the policy. a EYEE Page | 184 Deer ey200 Lab - 3; : Applying Group Policy on Domain Level Objective: To apply policies which will affect the complete domain Pre-requisites: Before working on this lab, you must have + Acomputer running windows 2012 server Domain Controller. © Amember server running windows sever 2012 or client running windows 7. Topology: MICROSOFT.COM sysi sys2. Domain Controller Member Server / Client IP Address 10.0.0.1 IP Address 10.0.0.2 Subnet Mask 255.0.0.0 Subnet Mask —-255.0.0.0 Preferred DNS —10.0.0.1 Preferred DNS —10.0.0.1 Netter CeCe ts) i Et ReyES 200! Steps: 1. Press Windows Key to go to Start, select Group Policy Management. 2. Right click Domain name (MICROSOFT.COM) and select Create a GPO in this domain and Link ithere. er fe ton ier Vion fe Cll ee nila one oe reales Sa Poe Ce er200 3, Enter New GPO Link name Ex: Remove Network Icon and click OK. +eanea us [Sc te augenet Atectnoatre Sabot Santeoton ow mle loo ae come a oe a gece | ee 1 5. _ Inthe Group Policy Management editor window, Go to User Configuration ->Policies Administrative Templates Control Panel 6. Select a policy (Prohibit Access to Control Panel and PC Settings) right side of the screen, Right Click and select Properties. Wester CeCuety eer Rey200 7. Select Enabled option and click Apply and OK Verification: Login as User ($1) to Client or Member Server and try to access Control Panel, trance a EYEE CeCe t:) Deer ey200 Lab — 33: Applying Group Policy on Site Level Objective: To apply policies according to locations Pre-requisites: Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Amember server running windows sever 2012 or client running windows 7. Topology: = | SI SJ 4 SI MICROSOFT.COM ‘SYS1 ‘SYS2 Domain Controller Member Server / Client IP Address. 10.0.0.1 IP Address 10.0.0.2 Subnet Mask 255.0.0.0 ‘Subnet Mask 255.0.0.0 Preferred DNS 10.0.0.1 Preferred DNS 10.0.0.1 Wester CCu ets)200 Steps: 1. Goto Start, Group Policy Management Right click Group Policy Objects-> Select New. Ubi Acton View Window Hep +9) ale) o| a/ @e [coup Potey Management Ares mesroteom “Domes 1 Bi mcotcom (3 Detat Doman Foley eeweremts | taal = Saari 1 Reave Neworecon |itconomaes faa = Soman » B demainconwoter > (reap ay ja > Seales New Barer Gros Sackip A + ser Menage Bac GrupPelcyModeing—_Openipaton Table Ete Grup Poy Rests ‘Mew - Help ! 2. Enter New GPO Link name Ex: Remove Recycle Bin and click OK. Wetter Cec)200 3, Select the Created GPO -> Right Click Created GPO > Select Edit. $2 Goa Mae Sartor Sete cheat fe Femara oe |. Select User Configuration > Policies > Administrative Templates > Desktop, select Remove Recycle Bin icon from desktop. agg ee aise Ga 7 fren uartonmaaty cig ote Rec ‘ShcchemtOneetcnoriaiee Neen [SeesaetOye” |S toneraewsawneaon mamavg ae ht og "Rawat dete Net Wester Cercupcye eer Rey200 5. Right click Remove Recycle Bin icon from desktop-> Properties, select Enabled > OK > Close. 6. Right click Sites->select Show Sites->check Default-First-Site-Name>click OK->Right Click Default-First-Site-Name->select Link an Existing GPO. Wetter CeTcmpty)200 7. Select an existing GPO, (Remove Recycle Bin) click OK, Verification: 1. Login as a user to Client or Member Server, and Verify for the changes. Wetter CerCue Ce]200 Lab — 34: Applying Group Policy Modeling Objective: ‘To generate reports about polices applied on users and ou Pre-requisites: Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. ‘© Acomputer running windows 2012 server or Windows 7. Topology: = | SI SJ 4 SI MICROSOFT.COM ‘SYS1 ‘SYS2 Domain Controller Member Server / Client IP Address. 10.0.0.1 IP Address 10.0.0.2 Subnet Mask 255.0.0.0 ‘Subnet Mask 255.0.0.0 Preferred DNS 10.0.0.1 Preferred DNS 10.0.0.1 Wester Page | 194200 Steps: 1. Go to Group Policy Management > Right Click Group Policy Modeling and Select Group Policy Modeling Wizard. See wee “Geis foe tomaenet rag *Btenirscoon = ‘Soanee eee Soe Poop ate Hosen L Sa rn | Seip ae Wa 2. Click Next. Wetter CeCe Ce)200 3. Select the domain name and click Next. 4. Select User and click Browse > enter the Username ($1)->click OK and Next. yal Cometer Sen “Siegen erie inan ocean the avast octets ohana a amiesmarerine en Domeoet Cen ae rrcrate: WEROSDFT Acree sro trata tne Oprtane 1 coer ee (Cem) Cote mtn (© Cots Ga] Come i) [ste ntetrg steers claritin Wetter PCa e ty200 5, Select the site (Default-First-site-Name) and check skip to final page, click Next. 6. Click Next-> Finish. Verification: 1. Click Details on the summary page and verify the policies applied on the User. eRBirege eer Rey Wetter CCeecy200 Lab — 35: Applying Software Deployment Policy Objective: To provide software to users through network Pre-requisites: Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Amember server running windows sever 2012 or client running windows 7. Topology: = | SI SJ 4 SI MICROSOFT.COM ‘SYS1 ‘SYS2 Domain Controller Member Server / Client IP Address. 10.0.0.1 IP Address 10.0.0.2 Subnet Mask 255.0.0.0 ‘Subnet Mask 255.0.0.0 Preferred DNS 10.0.0.1 Preferred DNS 10.0.0.1 Wester Cae)ES 200! Steps: 1. Logon to D.C.as Administrator, Create a Shared folder with (.msi) applications in it 2. Goto Group Policy Management. ministrator Right click OU (Sales1) Create a GPO in this domain and Link it here -> Enter the name (Software Deployment) -Pclick OK, Right click the policy and click Edit. oe Ce er200 4. User Configuration > Expand Policies ->Expand Software settings > Right click Software Install > Select New-> Package ei ey anemone fle seten view Hep ee anGes/aa [asa sStacR Name Ver Deploys Sect 2 eee Otic Thee en teat show nen 2 teens 2 use Conaaaton (Sore ete amas ema ye Sear. Properties 5. From the left pane, select Network, OpenS¥Si (Server containing shared folder). ‘Seach Network 2 e-ne (5 Lares 5 Documents 2 Misc Pictures Bi Videos | Computer Network — = Wetter Cece) eer Rey200 6. Select the MSI Softwares Shared Folder-> click Open. © @~ tf > Network + SYST > Search SYS1 — a msi softwares: B Documents a Bi Videos er corm Ive Ge Network [econo pcg +] [aver] [cane] 7. Select the Application Folder (Power Point Viewer) - click Open. + [B SYST > msi soft v 6] [Searchimsi softwares? Opn = Newt -oe “Name “ Date modified Type a Libraries (i PowerPontviewer SOSA. Fietele B Documents 2 Mie ‘5iPictures Bi Videos Computer 4 Network (Wenows natal packages ©] ‘ren Cones Wetter Cece200 8. Select the Application (PPVIEWER) ->click Open. © = 1B meisofwares » PowerPointviewer Ongena e-oe Datemoditied Type sia Downloads * Name ‘Recent places | [pov 3R0/201034. Windows insta. 1, ig Type: Windows installer Paciage mb Sie: 107 MB {2 Documents Date modified 3/30/2010 3.49 PM oD Music Pictures Bvieos 2% Computer SW Network a Select the Method to Deploy Application (Published) and click OK. o O bssgnes OAdyanced Select this oon to Puch the apaication without modcains Wetter Cece200 Verificatio 1. Goto Member Server and login as user. 2. Goto Control Panel, click Programs and Features. 3. Click Install a Program from the Network, Select the Application and Install Get ragepms neta eprogta rom he eter 1B Yaris Ces I Mos ovesat Vane Wetter Cae.) eer Rey200 Lab — 36: Applying Scripts using Group Policy. Objective: To deploy scripts using group policies Pre-requisites: Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Amember server running windows sever 2012 or client running windows 7. Topology: = | SI SJ 4 SI MICROSOFT.COM ‘SYS1 ‘SYS2 Domain Controller Member Server / Client IP Address. 10.0.0.1 IP Address 10.0.0.2 Subnet Mask 255.0.0.0 ‘Subnet Mask 255.0.0.0 Preferred DNS 10.0.0.1 Preferred DNS 10.0.0.1 Wester Peer)Steps: 1. Logon to D.C, create a Shared Folder User Scripts with Everyone as Read/write. 2. Goto Start, type Notepad in Search Apps, and select Notepad. 3. Enter the text wscript.echo “Welcome to Microsoft” ei Noma le Ea Fema ew Hep wscript.echo"welcome to microsoft"| 4. Save the file in the Shared folder User Scripts as Logon.vbe Go to Group Policy Management “Right click OU (Sales1)> Create a GPO in this domain and Link it here and enter the name Script, click OK, Select the GPO Right Click and select Edit. [copay ursorme jee * Reewemoostaan Se 2 Soran a Forwentoeentciy || noeneven onne name socio Beene en eb Rete] Newer ie Wetter PCa)200 >. Expand User Configuration Expand Policies Windows Settings Scripts Logon Properties. rau Paiy Management tor Fle Aeon Vew Hep @9/ ain Go| im 7. TSE eeetntr Rc i (gerne) i 8. _ Enter the UNC path for the Script in the shared folder \\SYS1\Userscripts\logon.vbe and click OK> Apply and Ok. Verification: | Goto Member Server and login as USER1 and verify for the Message. welcome to microsoft Wester Cea200 Lab — 37: Applying Folder Redirection using Group Policy Objective: To redirect folders of users to servers Pre-requisites: Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Amember server running windows sever 2012 or client running windows 7. Topology: MICROSOFT.COM sySi sys2 Domain Controller Member Server / Client IP Address 10.0.0.1 IP Address 10.0.0.2 Subnet Mask 255.0.0.0 Subnet Mask —_-255.0.0.0 Preferred DNS —10.0.0.1 Preferred DNS 10.0.0. Netter Cae i Et ReyES 2001 1. Goto D.C, create a Shared Folder (Folder Redirection) with everyone Read/Write. 2. Press Windows Key to go to Start, select Group Policy Management. Oey 3. Right click OU (Sales) >Select Create a GPO.. +¢ienclxas am os Kiueroanecomamdmmtemsemes oo Ce er200 Enter name (Ex: Folder Redirection) and click OK. Expand User configuration ->Policies->Windows Settings->Folder Redirection > Select Desktop “>Right click Desktop-> Select Properties sale Wetter Cae) eer Rey200 7. Select Basic Redirection, select Create a folder for each user under the root path, click Browse-select the shared folder from Network, \\S¥S1\Folder Redirection, click Apply and OK. Verification: 1. Login as user ($4) in client system. 2. Create a folder on desktop, Right Click on the folder > properties and check the path, it should show Network path (\\SYS1\FolderRedirection\S1\Desktop).. Toa May 200 sso (deny eter in ey Daan (reer) a EYEE Page | 210200 Lab — 38: Applying Auditing Policy Objective: ‘To apply audit policies to generate events for logon etc Pre-requisites: Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. © Amember server running windows sever 2012 or client running windows 7. Topology: = | SI SJ 4 SI MICROSOFT.COM ‘SYS1 ‘SYS2 Domain Controller Member Server / Client IP Address. 10.0.0.1 IP Address 10.0.0.2 Subnet Mask 255.0.0.0 ‘Subnet Mask 255.0.0.0 Preferred DNS 10.0.0.1 Preferred DNS 10.0.0.1 Wester CecmeseeES 200! Steps: 1. Press Windows Key to go to Start, select Group Policy Management. Cree 2. Right click Domain Controllers Select Create a GPO... is | eee Poe) Ce er200 3. Enter name (Ex: Auditing User Account Management) and click OK. ene aes = Ee Co 4, Right Click created GPO, select Edit. ee 5. Expand Computer configuration >Policies->Windows Settings ->Security Settings> Advanced Audit Policy Configuration Audit Policies Account Management Right click ‘Audit User Account Management - Select Properties =| Stacey Foret ShaagpbaconcopMinugerne arcane Shad Dorion cr opine etc et rai, haitOow Reon as NelCe +n enn I at Wetter CePCu Ese)200 >. Check the box, Configure the following audit events and Select Success and Failure. ro Behan (entantee et ee (encom 1. Login as Administrator on D.C, go to Active Directory Users and Computers and delete a user (s1). eeac 40 Moda On teerae (St Oech” pete Tasecoe to te Vimeo | ee (noone oe Wetter CeCe)ES 200! 2. Goto Start, Type Event in Search Apps and select Event Viewer — Se oe eae Se rs om bee — fos cs aie a, —~ wea se site Ss ee ee ellen oooaran 5 la, 4. Verify the event displaying user s1 deleted by Administrator. Te ilena ‘ta Per Ce er200 Lab — 39: Configuring Preferences using Item-level targeting Objective: To configure group policy preferences Pre-requisites: Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. ‘© Acomputer running windows 2012 server or Windows 7. Topology: MICROSOFT.COM sySi sys2 Domain Controller Member Server / Client IP Address 10.0.0.1 IP Address 10.0.0.2 Subnet Mask 255.0.0.0 Subnet Mask —_-255.0.0.0 Preferred DNS —10.0.0.1 Preferred DNS —10.0.0.1 Netter CEPCm Est) i Et ReyES 200! Steps: 1. Press Windows Key to go to Start, select Group Policy Management. Cree 2. Right click Sales ou->Select Create a GPO... “Tam iin 0 a ‘wn Sse Spm ead cunt coy Wr Eitaprie New Oruencatons bat Coos Ce er200 3. Enter name (Ex Preferences Map Network Drive) and click OK. se sear 4, Right Click created GPO, select Edit tote eo Sxans Siegert Free one ‘Sees Sees +heinataon Commence Gea a ‘Frenowcoenarcon [ea viata Ss gee [2 orcas : tae Scocngeen” a Tetras — Expand User configuration >Preferences->Windows Settings Right click Drive Maps> Select New Mapped Drive oe ait] colwaaimmaes {tee eto “8 Conan Canton rec Wester Page | 218 eee iy200 6. In Action select Create, Enter Location: (\\sys1\userdata), select Drive Letter X:-> OK 7. Select Common tab and check box Item-level targeting, click Targeting... [sep trict mone [petngetnertemeeto ore) [saoeeeten ne tpt Dreher ena os Wetter Page | 219200 8. Select New Item select Operating System ip sey Meena 118) 9. Select Product: WindowsServer2012Family, Edition: Standard, Computer Role: Member Server, click OK. ae oe =a oor lee a EYEE Cea) Deer ey200 Lab —40: Creating Forest Trust Objective: To create trust between two domains so that users from one domain can be authenticated from another Pre-requisit Before working on this lab, you must have © Acomputer running Windows Server 2012Domain Controller for MICROSOFT.COM, © Acomputer running Windows Server 2012 Domain Controller for |BM.COM. Topology: VEL) MICROSOFT.COM 1BM.cOM sysi sys2 Domain Controller-MICROSOFT.COM — Domain Controller-IBM.COM IP Address 10.0.0.1 IP address 10.0.0.2 Subnet Mask 255.0.0.0 Subnet Mask —_255.0.0.0 Preferred DNS 10.0.0. Preferred DNS 104 Alternate DNS 10.0.0.2 Alternate DNS Wester Cercmese eer ReyES 2001 1 Go to Active Directory Domains and Trusts, Right click the Domain name and select Properties. mez) Ce er200 3. Verify Domain and Forest functional level to be Windows Server 2012. Domsn funcional evel Windows Server 2012 Ear functional level: Windows Server 2012 4. Select Trusts tab, Click New Trust. Wetter Ceca} eer Rey5. On Welcome wizard, click Next. Welcome to the New Trust Wizard “This wzarshabe you crest sus between his domain end any ofthe folowing + AWedoms domah in ths fred erin aether ore + AWedone NT40domsn. 1 AKeeros V5 aint = Anctretoet ‘Anat ea reltona that enables utes none domain, Fores orrnim tobe ahectcated in species dom fore ereain. “Tecontnue, cick Next eT] 6. In Trust Name, enter name of other Forest IBM.COM and click Next. “rst Nome ‘You can este a tus by ung a NetBIOS or DNS name ‘Typethe name ofthe doman, fre, crreainorthis tut. you ype thenamne of afore. must pea ONS name Example NaBIOS name: anplerO et ‘ample ONS rare: super Tertemalmicrosct com Nae: free Wetter Page | 2247. Select Forest trust and click Next Trust Type ‘This domain forest root doma. the spected domain qusfies, you can create store tu Select he type of trust you wart cea (O Btemal tnt ‘verter tnt ea rertrantive tnt between a doman and ncther domain uid the fret A nortranstive sts bounded bythe domain inthe relionshp, © Fae 1 ore nti a transtive tt beteen foes hat lows seein ry the Suhertctes ay tthe domaine 8. Select Two-way and click Next. Oc 1 {Uber nti domain canbe authertcated nthe spctied doman.raim or [ere merits eked mara ro cae str (© Oneway incoming (Usa nthe demain can be auterticated inthe spected domain, rain, er foot Ogre way: cutgong (Tee nthe spectied domain resin. or forest can be authentested inthis doman, Wetter Pears}200 9. Select Both this domain and the specified domain and click Next. Sides of Trust |fyouhave apsroprte pamisonsin both domains. you can ceste bath Ses of the st eaters. “Tobegin using ut both ses fhe tt elaonship must be cesed For exare, you create a one way incoming tus nthe local domain, 8 one-way outgon tusk Im do be created the pected damon beloeaunetaten aod Bear Feoning across the ns, Crese the tat forthe folowing (O Ths doman only ‘Ths opton cates he tus elatonshp nthelocal domain (© Bai ds ect i, [liscoin coset nad cers bth theo ad the peed omni | | Nou mus have tual ceaton pvleges nthe specfied oman. 10. _ Enter Administrator and Password of Specified domain:IBM.COM and click Next Wester Cae)200 11. Select Forest-wide authentication for Local Forest and click Next. Outgoing Trust Authertication Level—Local Forest Users nthe spect forest can be authertcated toute al ofthe resources nthe local forest or ony hose resources hat you spect, ‘Select he scope of authentication for uses ro the ibm com forest. © Fave sitar ‘iidows wil edomaticaly autherticate utes rom the svected forest for al resources the cal ores. Ths options prefered when bth forests blongto the same 12. _ Select Forest-wide authentication for Specified Forest and click Next. ‘Select the scope of athertication for user fom the local fret @ fea atenein —— ease ENO wi susnatesly adheres ure fom hela eralresoucee nthe moumfons Theoston epteresnrenbanierssbeergiothe mane ————. : _ - oat Wetter Cece Et Rey13. Verify the Trust Selections and click Next. ‘Trust Selections Complete ‘The New Trust Wiz is ead o create the rut ‘You have selected the folowing but stings Govan neoadh con [Specfied oman: IBMICOM Dect: [Twa Users inthe cal doman can auheticste nthe spect domain and jserin the specfed doman can auherticatenthelocal dons. [Tusttpe: Forest st Tomake changes otis ust, cick Back. To create the ust chk Next 14. Verify the Summary and click Next. Statue of changes: frac reltonehp crated succes \Specied domain: com Dect: |Tweay: Utes inthe local doman can atherticate inthe spectied domain end jusesinthespecfed doman can autherteate nthe local dons. [Tusttype: Forest nat louegoing tn autrentcation level Foes-nide atherticaion n loca and [sectied oes Wetter Page | 228200 15. _ Select Yes, confirm the outgoing trust and click Next. Confirm Outgoing Trust "Yu shoud crf this tut ony Fthe other side of the tut has been create. Do you wat to carimthe eugaing tus? ON, do net confirm the outgoing trust © Ms ci ita 16. Select Yes, confirm the incoming trust and click Next. Confirm Incoming Trust "Yu shoud orf this stony the cher side ofthe tut has been create. (Do you wart to corti the ncoming ut? (ON. do net corti the inconing fst Wetter Page | 229200 17. Click Finish. ‘Completing the New Trust Wizard ‘You have sucoessfuly completed he New Trust War ‘Statue of changer: “The tut relationship was auccesdly ested nd cated Foute these namestothe species forest (ibm com Route these ramos tothe loc ees: [Pmorest com Ta dose the werd, click Fish, 18. Check Outgoing and Incoming Trusts and click OK. General| Tease [Managed By Domain uted by ths domain outgoing ts) Doman Name Trust pe | Trnstive ‘omcem Foet Yee Dain that tut ths doman incoming tas). Doma Name “Trust Type | Tanstive ‘emeom Feet Yer Wetter Cece)200 Verification: 1. Try to Logon on to MICROSOFT.COM domain computers or 1BM.COM domain computers as other Domain Users. Note: By default Users cannot log on to D.C. 2. Log in as MICROSOFT Administrator to MICROSOFT.COM D.C and allow IBM users to log on to D.C using Domain Controller Security Policy in Group Policy Management.(Allow Logon Locally Policy) 3. Similarly allow MICROSOFT.COM users to log on to IBM.COM D.C using Domain Controller Security Policy of IBM.COM D. Wetter CerCuere200 Lab - 41: Ac e Directory Recycle Bin Objective: To enable active directory recycle bin for restoring deleted objects in AD Pre-requisites: Before working on this lab, you must have © Acomputer running Windows Server 2012 Domain Controller. Topology: = S | = NJ MICROSOFT.COM syst Domain Controller-MICROSOFT.COM IP Address 10.0.0.1 Subnet Mask 255.0.0.0 Preferred DNS 10.0.0. Wetter CerCueer)200 Steps: 1. Login as Administrator to the Domain Controller (S¥S4), 2. Goto Start, select Active Directory Administrative Center. See 3. In Active Directory Administrative Center, select Microsoft (Local), Click Raise Domain Functional Level, select Windows Server 2012. 4, Click Raise Forest Functional Level, select Windows Server 2012 and refresh, 5. Click Enable Recycle Bin Wetter Ces)200 6. Click OK to confirm the Enable Recycle Bin feature, Enable Recycle Bin Confirmation Be “ye y2u se you want to perorm his action? Once Reeye Bin has been enabled, it cannot be disabied, ox | {cance 7. Click OK, and Refresh Active Directory Administrative Center now. ‘ative Directory Administrative Contr 12} fy, "ess hen AD Adminstative Center no [AD DS has begun enabling Recycle Bin for this forest. The Recycle Bin will nt function reliably uti all domain contolesin the terest have replicated the Recycle Bin configuration change, Page | 234 Ce er200 9, Right click User (User) and select Delete, click Yes to confirm the deletion. 10. Go to Active Directory Administrative Center, select Microsoft (local), Deleted Objects Container Ex Aten. «mime ™ ca E Dewascnece rane ems on owes (mtr Onn cn een ene Wetter CeCe)200 11. Select the User account (User1) to be restored, right click and select Restore. EE Aes. € Sette Drenthe. > re aaa i cree Verification: Go to Start, Select Active account, a Daesooece ictory Users and Computers, and verify for the restored user eosin] fo xD ao/Uo tenree (Scan rl hare” PSieectuete | tues ter ‘ieee [ten oe | Sempre see (Sooren seme a Sosnae Seay e | Rtmwren oro ‘Rota Sau Cont se son Saar hone er a EYEE Page | 236Es 200m Lab — 42: Verifying Global Catalog Server Objective: To verify global catalog server Pre-requisites: Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. Topology: 4 I I ei MICROSOFT.COM sys Domain Controller IP Address 10.0.0.1, Subnet Mask ——255.0.0.0 Preferred DNS 0.0.0.1 MCSE Lab M Creer ReyES 200! Steps: 1. Goto Active Directory Sites and Services. ey 2. Expand the Sites -> Default-First-Site-Name->Servers->Server Names ->NTDS Settings. Right click NTDS Setting and Properties, if the checkbox Global Catalog is checked, then it is a Global Catalog Server. INIDS Settings Properties ‘Gere |Cmeains [Set [ Seay | asi ar] Tp essere Qeytdee ys im: [TSCONDDCET 9 ACEC ONDE pn] Ghats Tre ars oltre taka pla tw Gb Caton vates Seerdeges yar seen noob PoeEs 200m Lab — 43: Creating Active Objective: To create active directory sites to manage servers in branches Pre-requisites: Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. Topology: MICROSOFT.COM sysi Domain Controller IP Address 10.0.0.1 Subnet Mask 255.0.0.0 Preferred DNS 10.0.0. Netter Perea) Et ReyES 200! Steps: 1 Logon to D.C as Administrator, go to Start, Active Directory Sites and Services. 2. Right click Sites-> New Site. ei i ean Series) Fe Aeson view Hep es\agxcasl@ala fe acne reco and Sen Ni ‘aaa ase Siwcen 8 st [Deeps Goma waesmet a nerse i se sa Spots. Page [240 Ce er200 3. Enter the site name (INDIA) and select DEFAULTIPSITELINK and click OK. a Name: fia ‘Select te ink object forthe ste. See ink byte are locatadin the Stes/hier Ste Tarspots container. Unk Nae. Transport Site INDIA will be created, click OK. @ Ste 101A Ma been reste. To nn configuration of NOU Ensue that INDIA is linked to other sites with site links as appropriate, [Add subnets for INDIA to the Subnets container Install one or more Domain Controls in INDIA, or move existing DCS into the site You will not see this message again unt the next time you start Active Directory Sites and Services. | 5. Similarly create another site (USA) Wetter Cece200 6. Expand Default-First-Site-Name-> Expand Servers Right click Server (SYS1)->Move cess oo ain exe 7. Select the Site (INDIA) and click OK. 8. Server is now moved under INDIA site. Wetter Cercmer)Es 200m Lab - 44: Creat g Active Directory Site-Links Objective: ‘To create site links to configure replication between servers in different sites Pre-requisites: Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. Topology: MICROSOFT.COM sysi Domain Controller IP Address 10.0.0.1 Subnet Mask 255.0.0.0 Preferred DNS 10.0.0. Netter Perea eey Et Rey200 Steps: 1. Logon to D.C as Administrator 2. Go to Active Directory Sites and Services > Expand Sites > Expand Inter-Site Transports > Right click IP Select New Site Link. Deion Go eptatentet 3. Enter the name (INDIA-USA Link), select INDIA and USA sites and click Add-> click OK. FD cesar mena an ntsat e/a te Nane Uskinow ‘Stes natin teste ke Aste lck mat cota teas ses. Wetter Page | 244200 4, Right click INDIA-USA Link, select Properties. 9/2 xGsalaa| a [i ActveOvecory Sts ander Nome Type —_Decition Gest Aeolian ena oeraun. stein 100190 1 att Fe Nan [pees _—_} ig use tee inom 5. Click Change Schedule. 5 6. Select the Interval of Time for Replication Available, click OK-OK. ee er Wetter CeCe eer Rey200 Lab — 45: Installing Read Only Domain Controller Objective: To install read only domain controller in branch offices Pre-requisites: Before working on this lab, you must have © Acomputer running windows 2012 server Domain Controller. ‘© Acomputer running windows 2012 server. Topology: MICROSOFT.COM sysi sys2. Domain Controller Read Only Domain controller IP Address 10.0.0.1 IP address 10.0.0.2 Subnet Mask -255.0.0.0 Subnet Mask —_255.0.0.0 Preferred DNS 10.0.0. Preferred DNS 1.0.0.2 Alternate DNS Alternate DNS 10.0.0.1 Netter Cae. i Et ReyES 200! Creating a Pre-Create Read Only Domain Controller Account 1. Login as Administrator to the Domain Controller (S¥S1). 2. Verify Domain and Forest Functional Levels to Windows Server 2008 oF later. 3. Goto Active Directory Users and Computers. 4, Create Users (Ex: User, User2, User3, Userd, Users). 5. Right click Domain Controllers, Select Pre-create Read-only Domain Controller account. ee) an] 10/XGas|am/tanrae [Zane Orecoy Wen al| name Type OC Type Ste Desipton Fi SowedGueies | weSIst Computer Ge wow 2 imeoioteom +a eatin 13 comes borin naa i FamigrSecriy Osetia Cool 1 tongs Sen P-ceae Re onyDonsin Coral aco Use Fred a usver New : Poo Ce er200 }. In Welcome Screen, click Next. ‘Welcome to the Active Directory Domain Services Installation Wizard ‘Tis wradhepsyou create naccourt for areadnty damon exter ROD) Youve be ale to acne Server tit you warts Be he RODC otha coat by ‘meng he wearer at ever (i ea ae Lear me abu the ditional tr tha re ‘atalem advanced node saan are sb sa tation sf BODE Wore about AciveDrecton Doman Savi 7. _ Select My current logged on credentials (MICROSOFT\ Administrator) and click Next. ee sb ao can tl Have ncn Dra Sarat Wetter CeCe.)200 3. Enter the Computer Name(SYS2) of Read Only Domain Controller. 9. Select the Site (USA) for the Read-only Domain Controllers and click Next. Wetter Page | 249200 10. Verify the DNS, Global Catalog and Read-only Domain Controller (RODC) checkboxes and click Next. ‘sect adtna opr forthe doman conor. ADNS saver eta cataby Bead dona corte (FODC) tend lomaton [Thee curety | DNS seve tai rgieredas an auaraierane |] [rer fortes dona, Wore abut siden dian corte eters 11. Click Set. 5 ‘Theat ar gow hat you ety wb alt tach a savers he RODS centr you ae cetng row and cancie he ROD nln, They wi ‘Sichoveloes agnnsvane semauons on bs BOO “To api sdnnsraton you had pec 2 grup athena nd ue othe go. Ge ose Car accounts cn alo he pemisors on he RODE bathose accourts whe ave eal sonnatatve parisons on fis RODC ures you a tho cous No sou seen Wetter Cee200 12. Enter the User name (User) and click OK and click Next. 13. Review the Summary, and click Next. Bevewyeuresecine: CS resi compute accor for srew eadory donan cobaerorte dona = Socet com Conputernane:er2merest om Ste use Aiton Ortore ‘eadony doran crea. "Yea™ (Global ctaog Tee ‘NS Sewer Yes ‘Seuve 2:9 meres com Tochange a opto, le Back To begnthe operon ck Nee. Tes tron cba mondo n mowers th [Beg] Wetter Cems14. Click Finish. 15. le Action View Hep +o) xXGea Active Directory Uses ar Nae Swed Queiee | 5x1 Demsin Contos Foregrsecurtyn Nanane Serie Sve BUS Ueee Wetter ‘Completing the Active Directory Domain Services Installation Wizard [Youve succes creed on account for ead =) danan carder RODC) Youve ato ihe eave tat you wart ob the RODC ots loytenngte hdd Fee Vizard Saver anager ota seer accu forthe eatery dora cotale "ae? it ested te dona ‘ech con |The oman corte account assed he te “To.cbee tne ward cc ah Om teurae Tye DC Type Comper Gc Cercaey) ‘Account of Read-only Domain Controller will be created in Domain Controllers.200 16. To cache the user account password on RODC, Select the Users (User, User2, User3, User4, Users) Right and select Add to a Group. Daltenrax ‘ln or an es OSES 17. Enter the Group Name Allowed RODC Password Replication Group and click OK. 18. The Users will be added to the Group, click OK. @ We Asso coun operation was sucess competed Wetter Cees}Es 200M Configuring Read-Only Domain Controller using IFM 1. Login as Administrator to the Domain Controller (SYS4). 2. Create a Shared folder (Ex: ifm) in C drive. 3. Goto Start, type cmd in Search Apps, and select Command Prompt 4, Type Ntdsutil Administrator: Command Prompt Ct beet cert] aoe 5. Type Activate instance ntds. a Administrator: Command Prompt - ntdsutil ferosofe Windows [Uersion 6.2.92001 Creat t thier yeaercr Tea ro Pe ences esis ieret cents)om J 6. Typeifm. Administrator: Command Prompt - ntdsuti TOT cet merce Paes 7. Type createsysvolRODCC: a Administrator: C\Windows\system32\cmd.exe - n ary Intdsutil: activate instance ntd: Seetreu wet ects Rrenseeet cy ieee mer CRRCt Sensurieur Sica acces 8. Verify for the snapshot generated successfully then type quit, and again quit. Administrator: C\Windows\gystemaz\cmdexe ntdsutt |= | RI Cen ee eet? Cote an 9. Log in as Administrator to the Workgroup Computer(SYS2) 10. Assign IP Address and Preferred DNS Server Address.ES 200! 11. Access the shared folder (Ex: ifm) on Domain Controller and copy it to local hard disk drive (Ex: Carive), 12. Click Server Manager ARO wa Monel aoiece (oe PCa rhs SYS2 am CeCe p CURR U4 DOSES pCR RU Alternate DNS: 10.0.0.1 LUTE vn ea Loo 13, In Server Manager Dashboard, Click Add roles and features. averse jeand tonge Wetter Pood Ce er Reo200 14, In Before you begin page, click Next, In Select installation type, select Role-based or feature- based installation, click Next. Select installation type = — “secmaenys oan aro alan (eet ed ttn Cog seen yg in es Ramat See ation ut eureriesvet nto mrce ADS ti mane no ‘ose se ec ec 15. _InSelect destination server, from Server Pool select SYS2, click Next. Select destination server co ein 8 8 Sdectesmrerton tee Wetter Cera eer Rey16. _ In Roles, check the box Active Directory Domain Services. Select server roles lesion foe ee a a fm (ice Oy ene 201 ese Oe ohh Dees cexterston [see omy to srgon es (see soe low see onsen fase ee le oc Cl aretesmensenee (seen ace terete Onten eves (eke ans 17. Click Add Features, to install the required features for Active Directory Domain Services. Click Next. ‘Add features that are required for Active Directory Domain Services? ‘You cannot instal Actve Directory Domain Services unless the folowing ole serceso estates a ao stale. {Toots Group Policy Management 4 Remote Server Adminstration Tools 4 Role Administration Tots 44. ADDS and AD LS Tools atv Dtectory module for Windows PowerShell 4 ADDS Tools Took Active Dkectory Administrative Center {Took} AD 0S Snap-ins and Command-Line Tools [Ince management tools Ot aplcable) ‘ha Foire | Wetter Page | 258Es 200m 18. In Select features wizard, click Next. Select features es tecaoon 908 exreton tr ecient ee “tonsa eect et noe (eter Oe nt cexterston (soa nen tt Ceca tirerieteatymreiee ewes ‘grate etme (onecente ton Clemnebone racer coe (2 mote tment lineaments see eaten ce (saan (et iiss rt (eee) ET] [| a] 19. In Active Directory Domain Services wizard, click Next. Active Directory Domain Services — tesa 968 ‘Shacrtobera eon ADDS stand Gry ied ere ee Mo ae ESET te teaas natu ao coe Wetter Page | 259200 20. Check the box Restart the destination server automatically if required. Click Install. Confirm installation selections aaa ein Reset he ton ee etal ee rc Como ec Goto tingeret ‘hie Oi Art (Case Ca] Cone] 21. Click Promote this server to a domain controller. Installation progress sere, ier by as nce Poste 1B Soctyaaenhesirn re comerste etek Dae Bev | [ae coat Wetter Cee eer Rey200 22. In Deployment Configuration wizard, select Add a domain controller to an existing domain, enter the Domain (Ex: Microsoft.com) 23. Click Change, enter User Name: user] @microsoft.com and Password, click OK->Next. = Deployment Configuration Seca eso epatin say et ‘so ete ptr i penton pene CE] 24. In Domain Controller Options, review the default settings, and type the Directory Services Restore Mode Password and Confirm password and click Next. Domain Controller Options Spy msi craic ant fran “pnt itn Sn te Mad BR pment Sen or ae Wetter Cece200 25. In Additional Options Page, check box Install from media, browse and select the folder C:\ifm select Replicate from Sysi.Microsoft.com, click Next. Additional Options SEES ey tian iM ee Cepein] Cater] 26. Verify the location of the AD DS database, log files, and SYSVOL, click Next. Paths = Dee COTES Gear can ch AO ob ek a SHO oe oom = = = a eee = Wetter Perce)200 27. Review the Summary and click Next. Review Options cect cetpren scstotcyine tenet et gt ig ct ne eerie mein ct Lape eescdoes os eae tard eater ea 28. Click install to begin installation. Prerequisites Check worse, [© Aiprequite dacs pared acetal GA Waar wbeghsaiston ——Sowmae *] Ee COFES cate et eae no te Dey Donen oh sectors ene i ih ean pts 1 eee ‘A Reconnect tp tect ae aE rans ess Paes Hoch dana ene tne {Sern hans acon nd mired nan epee ste snes nenok nant Suton eats wearers ‘que ce ue ty, Ca aa eg ln, Atrescchtst esmne nora tect thet pomcbnoeton (Gesma] oe] Ge] ead Wester Ceca]29. The computer restarts as a part of Active Directory Domain Services installation. 30. After restarting the computer Active directory will be installed. Verification: 1. Logon to Domain Controller (S¥S1) as Administrator 2. Go to Active Directory Users and Computer, Expand Domain Controllers OU and verify for $YS2as Read Only Domain Controller. ‘Aetwe Decor Uses and Computes be Acton View Hep #9 of (O/xXies/ Ga tewr oe Acne Ovectony Versa Name Tyee DC Type Ste Desa Ym SovedQueres — | misysi Computer GC Now 2S micosotcom ae oa ‘2 buitin 18 Computes |A Doran Controls Bh FeresgrSecuyn A Managed Seo Ua USUsee Wetter Ceca)