Configure Windows Server 2008 R2

1. Open Server Manager. Click Start > Administrative Tools > Server
Manager.

Refer to the right panel of the Serve Manager

 To assign a computer name, click Change Systems Properties.
 To assign a static/manual IP address and DNS, click View Network
Connections.
 To allow remote desktop connection for remote configuration, click
Configure a Remote Desktop.

The above initial configurations are necessary to prepare the server computer
for the installation of Active Directory Domain Service Role (AD DS) and
promotion to Domain Controller.
Add Active Directory Domain Service (ADDS) Role

1. Open Server Manager. Click Start > Administrative Tools > Server Manager.
2. In the left panel of Server Manager, click Roles.

3. Click Add Roles link found in the right panel of the Roles Summary section.
4. Click Next button in the Add Roles Wizard Window to begin the installation.
5. Select Active Domain Directory Domain Service and then click Next to
continue and when you reach the Confirm Install window, click Install button
to start the installation.

6. After the installation, promote the SERVER-PC to a Domain Controller by

clicking red underlined text or launching the AD DS Installation wizard thru
dcpromo.exe.
Promote Server to Domain Controller

1. To promote Server Computer to Domain Controller, launch the AD DS

Installation wizard. Click Start > Run > dcpromo.exe

2. When the AD DS Installation wizard appears, click Next to continue.

3. Since it is our first time to create a Domain Controller, select Create a new
domain in a new forest . Click Next to continue.

4. Type your network domain name e.g. crossroads.com, css.local, cti.com.

Click next to continue.
5. Select Windows Server 2008 R2 as the forest functional level.

6. Add DNS Server as additional option for this domain controller. It is

recommended to add the DNS Server on the first domain controller.

7. A warning appears because currently there is no running DNS server in your

network. Just click Yes to continue. Let our server computer (Domain
Controller) be the DNS server at the same time.
8. Leave everything as default location for Database and log files. Click Next to
continue

9. Enter your administrator account password. Click Next to continue.

 10. Click Next to start the installation. Installation will take some time and a reboot
is required.

After the promotion of computer server to domain controller, the server’s primary or
preferred DNS address is automatically set to 127.0.0.1. Since our domain controller
is also a DNS server, we need to set our server’s DNS address same to its IP address.

To do this:

1. Open Control Panel > Network and Internet > Network and Sharing Center.
2. In the left panel of Network and Sharing Center, click Change Adapter Settings.
3. Right-click Local Area Connection > Properties.
4. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
5. Change the value of Preferred DNS server from 127.0.0.1 to server’s IP address.
(Whatever the IP address of the server is, it should also be the value of your
preferred DNS server)

6. Click OK button to save settings.

INSTALL AND CONFIGURE DHCP ROLE

1. In the Server Manager, click Add Roles.

2. Select DHCP Server from the list of server roles.

3. Select the network connection(s) that will be used for serving clients. In
this demo, 192.168.0.2 has been selected by default.

4. Specify IPv4 server settings.

 For the Parent Domain, just leave current domain name as default.
 Set the value of Preferred DNS same as the server’s IP address.
This is important because all Windows clients need this
information to join to the domain network.
5. WINS is not required in this application so leave this setting as default.

6. Specify the range of your DHCP client’s base on the requirements of your
network. If you only have 10 computers in your network, you may set the
scope to cater only 10 or 15 IP addresses like 192.168.1.1 –
192.168.1.15. Scope always depends on the requirements of the Network
Administrator. To do this, click on Add button and fill in the required
field.
Note: Set the value of the Default Gateway same to Router’s IP address.
7. For DHCP Authorization, always use the Administrator account.
Although you can specify, any members of the Administrators group of
users but to make our life easier, let Administrator be the authorized
user in terms of DHCP settings management. In the next window after
confirmation, click Install to start the installation of the DHCP role.
To manage DHCP service, locate DHCP in the Administrative Tools. Go to Start
> Administrative Tools > DHCP.

To view connected clients, click Address Leases under Scope options.

To add IP exclusions (IP lease exemptions, IPs that should not be given to the
client computers), right click Address Pool under the Scope and Select New
Exclusion Range. Enter the IP you wanted to exclude.

Important: Exclude your Router (gateway) and your server’s IP address.

Configure your DHCP server options. Server options are values that were given
to connected clients during the lease of IP address such as Default Gateway
and DNS settings. For some reason, this should not be performed in actual
environment (security matters). During the assessment, to make your life
easier in joining windows client computer, this is a good option.

To configure Server Options, right click Server Options on the left panel and
select Configure Options. The following are the most important options to
configure:

 Router [003] = the network’s gateway or the router’s IP address.

 DNS Server [006] = the IP address of the DNS Server.
 DNS Domain Name [015] = string value of the current domain name e.g.
cti.local or crossroads.com
Sample Server Options Configurations.
Once the configuration is done, refresh your DHCP IPv4 settings so that all
clients will have these options on their adapter settings. In the client
computer, perform the ipconfig /renew and ipconfig /release to be able to
receive a new set of network settings.

To check if the server options were included during leasing of IP address, log on
to client computer. Go to Start > cmd , then type ipconfig /all.
Compare the highlighted items to your Server Options. If it’s exact same value,
therefore, your DHCP server is working pretty well.
Join Windows Client to Domain Controller

To join Window client to a domain network:

1. Right click Computer > Properties or go to Control Panel > Systems and
Security > System.

2. Click Change Settings. On the System properties window, click Change

button.
3. Select Domain and then type the domain name of your domain network.
4. Click OK.
5. The computer will then ask you to enter Administrator account.
6. Once done, you should be able to see a message that welcomes you to
the domain network.

7. Congrats! Your computer is now a member of the domain network.

Restart your computer.
Add Domain Users

1. To add domain user accounts, click Start > Administrative Tools > Active
Directory Users and Computers.

2. On the left panel of the window AD Users and Computers windows, right-click
Users > New > User.
3. Fill in the required fields. Click Next to setup a password for the user.
 Note:
 User logon name should be formalized e.g. juan.delacruz or jdelacruz.
 Password‘s minimum character length is 8, a combination of
alphanumeric (with at least 1 Capital letter).

4. Click Next to continue and you’re done!

To organize user accounts, it is recommended that you put all the users in one
container called Organizational Unit. To add users in an OU, simply create a new
Organizational Unit (OU).

1. Right-click on your domain name e.g. YourDomainName.Com > New >

Organizational Unit.
2. Choose your own OU. Note: Very important that you name your OU base on
your actual department or units like Service Department, Admin Department,
IT Unit, etc. Click OK to finish.

To create users inside the container/unit, right click on the OU, New > User.
(Steps 3 – 4 above)
Configure User Home Directory

1. Create a New Folder in one of the partitions of the server. Name it “User
Files”.

2. Share “User Files” folder. Right click “User Files” > Properties. In the
User Files properties window, click Sharing tab > Advance Sharing.
3. Check the box “Share this folder”. To hide the User Files folder, add “$”
at the end of the “Files”. DO NOT click apply yet. We need to set access
permission first to secure sharing.

4. Click Permission button. Select and Remove “Everyone” in the list.

5. Click Add and type in “Domain Users” in the object box provided. Click
OK to continue.
6. Set full control permission to Domain Users object. Click Apply and OK
to continue.
 7. “User Files” folder now has been shared to all Domain Users.

To configure User Home Directory:

8. Go to Active Directory Users and Computers.

9. Right click the selected user and select Properties.
10. In the User Properties window, click Profile tab.
11. Select “Connect” and in the textbox provided, enter:

\\your_server’s_computername\name_of_shared_folder\%username%
e.g. : \\server-pc\User Files$\%username%

12. Click Apply and OK to continue.

13. Logoff client computer.
14. Once again, login as one of the domain users.
15. Open Computer library. You should see a network drive similar to
the image below.
Configure Folder Redirection

Folder Redirection policy allows a system administrator to redirect certain

folders from a user’s profile to a file server for backup purposes.

In this task, we will use the same folder we’ve created in Configuring User
Home Directory.

1. Open Group Policy Management consol. Go to Start > Administrative

Tools > Group Policy Management.

In this demo, I created a folder redirection policy on my Student OU

(Organizational Unit). If no existing organizational unit, you can select
the Default Domain Policy as your policy object for folder redirection.
2. Create a new policy. The name of your policy should be specific.

3. Right click the folder redirection policy and select edit.

4. In this demo, we will redirect all files and folders located in the user’s
documents library. Go to User Configuration > Policies > Windows
Settings > Folder Redirection. Right click Documents Folder and select
Properties.
5. Specify the target location or folder.
 Setting : Basic – Redirect everyone’s folder to the same location
 Target folder location : Create a folder for each user under the root
path
 Root path: \\server\shared folder, where server is the name or the
computer name of your server and share folder is the name of the
network shared folder as central file storage for all users.
6. Click on Settings tab. Uncheck the “Grant the user exclusive rights to
Documents” option. Once done, click OK and apply.

7. Update the policy on both computers by using the command gpupdate

/force.
Deploy Printer using Group Policy

1. In the Server Manager, click Add Roles and select Print and Document
Services Role in the Roles list.
2. Select Print Server in the Role services. This is the only service we need
to deploy our printer using group policy object (GPO

Just continue the installation and leave other settings by default until you
reach the installation succeeded window.

3. Connect the printer, install its driver and share.

Note: Refer to the printer manual on how to install its driver.

4. Go to Start > Administrative Tools > Print Management.
5. Click All Printers. Right click network printer and select Deploy with
Group Policy…

6. Specify where to deploy the printer. In this example, the network printer
will be deployed to Students OU (organizational unit).
7. Create a new policy. Right-click anywhere in the white space and select
New. Type “Printer Deployment” for example.
8. Deploy the printer by clicking Add button. Check both “The users that
this GPO applies” and “The computers that this GPO applies”

9. Click Apply and OK.

10. Update the policy on both computers using the command
gpupdate /force.
Configure Users for Remote Desktop Connection

1. In the Server Manager, click Add Roles and select Remote Desktop
Services Role.
2. Select only the following services:
 Remote Desktop Session Host - Users can connect to an RD
Session Host server to run programs, to save files, and to use
network resources on that server.
 Remote Desktop Connection Broker - This prevents a user with a
disconnected session from being connected to a different RD Session
Host server.
 Remote Desktop Licensing - manages the Remote Desktop
Services client access licenses (RDS CALs) that are required for each
device or user to connect to a Remote Desktop Session Host (RD
Session Host) server.

3. For level authentication, select Require Network Level of Authentication.

4. Leave other settings by default. Just click Next to continue the
installation.

By default, only Administrators group are allowed to access the server

remotely. Local security policy for terminal services should be configured to
allow users or groups to logon using remote desktop services.
 To allow users for remote desktop services, we will add Remote Desktop Users
Group in the list of allowed groups for remote connection.

1. Go to Start > Run. Type: secpol.msc. This will open a Local Security
Policy window.

2. In the Local Policy Window, navigate to Local Policies > User Rights
Assignment and double-click “Allow log on…Services “.

3. On the new Allow log on through Remote Desktop Services Properties

window, click Add User or Group button.
4. Enter the Remote Desktop Users group.
There you have Remote Desktop Users included in the list. Click OK to close.

Now, let’s configure the any Domain User available to be a member of

Remote Desktop Users.
1. Go to Start > Administrative Tools > Active Directory Users and
Computers.
2. Select any available Domain User.
3. Right click on the selected Domain user and select Properties.
4. Click Member Of tab.
5. Click Add button to add user groups.
6. Type or enter: Remote Desktop Users. Click OK to close.
 7. Done. The selected user is now allowed to logon using remote desktop
services.

To check:

1. Logon to client computer.

2. Go to Start > Run. Enter mstsc. You may also search “Remote Desktop
Connection” in the search bar.

3. Enter the computer name or IP address of the server.

4. On the next window, enter your domain account and password to
connect.
5. Done.