MCSA Lab Scenario - A.

Datum Corp – Part 2 Erfan Taheri

Scenario
A. Datum Corporation has deployed a new branch office in Yorkshire. This office has a single
server. To support the requirements of a branch staff, you must configure DFS. To avoid
performing backups remotely and, accessibility of corporation’s files a departmental file share in
the branch office will be replicated back to the head office for centralized backup, and branch
data files will be replicated to the branch server to provide quicker access.
Each network client within the Adatum domain is provided with a server-based home folder that
is used for storing personal documents or files that are works-in-progress. It has come to your
attention that home folders are becoming quite large, and may contain file types such as MP3
files that are not approved under corporate policy. You decided to implement FSRM quotas and
file screening to help address this issue.
LAB Setup

Virtual Machines (London) Lon-DC1.Adatum.local

Lon-SRV1.Adatum.local
Virtual Machines (Yorkshire) York-DC1.Adatum.local
York-SRV1.Adatum.local
Username Adatum\Administrator
Password Pa$$w0rd

Lon-DC1.Adatum.local and York-DC1.Adatum.local are promoted writable domain controllers in

the London an Yorkshire for the Adatum.local domain. You will configure Lon-SRV1.Adatum.local
and York-SRV1.Adatum.local during the Scenario.

Exercise 1: Installing the DFS Role Service Scenario

To support the creation of a replicated namespace, your managers have asked you to perform
the installation of the DFS server role for LON-SVR1 and York-SRV1. The main tasks for this
exercise are as follows:
1. Install the DFS role service on LON-SVR1
2. Install the DFS role service on York-SRV1
Task 1: Install the DFS role service on LON-SVR1
• On LON-SVR1, from Server Manager, under the File and Storage Management role, install the
DFS Namespaces and DFS Replication role services.
Task 2: Install the DFS role service on York-SRV1
• On York-SRV1, in Server Manager, under the File and Storage Management role, install the DFS
Namespaces and DFS Replication role services.

1
MCSA Lab Scenario - A. Datum Corp – Part 2 Erfan Taheri

Exercise 2: Configuring a DFS Namespace Scenario

You have been asked to configure a DFS namespace to support the newly requested file
structure at Adatum.com. Management has requested that the new structure include a file share
on York-SRV1 called ResearchTemplates and a file share on LON-SVR1 called DataFiles. Your
notes include:
• Namespace: \\Adatum.com\YorkDocs
• File shares to include: o \\York-SRV1\ResearchTemplates
o \\LON-SVR1\DataFiles
The main tasks for this exercise are as follows:
1. Create the YorkDocs namespace
2. Enable access-based enumeration for the YorkDocs namespace
3. Add the ResearchTemplates folder to the YorkDocs namespace
4. Add the DataFiles folder to the YorkDocs namespace
5. Verify the YorkDocs namespace
Task 1: Create the YorkDocs namespace
1. Switch to LON-SVR1 and then open Server Manager.
2. Open DFS Management.
3. Create a new namespace with the following properties:
• Server: LON-SVR1
• Name: YorkDocs
• Namespace type: Domain-based namespace, and select Enable Windows Server 2008
mode
4. Under the Namespaces node, verify that the namespace has been created.
Task 2: Enable access-based enumeration for the YorkDocs namespace
In DFS Management, in the \\Adatum.com\YorkDocs Properties dialog box, on the Advanced
tab, select the Enable access-based enumeration for this namespace check box.
Task 3: Add the ResearchTemplates folder to the YorkDocs namespace
• Add a new folder to the YorkDocs namespace:

2
MCSA Lab Scenario - A. Datum Corp – Part 2 Erfan Taheri

o Folder name: ResearchTemplates

o Add a folder target: Path: \\York-SRV1\ResearchTemplates
o Create share
o Local path: D:\YorkDocs\ResearchTemplates
o Permissions: All users have read and write permission
Task 4: Add the DataFiles folder to the YorkDocs namespace
• Add a new folder to the YorkDocs namespace:
o Folder name: DataFiles
o Add a folder target: Path: \\LON-SVR1\DataFiles
o Create share
o Local path: D:\YorkDocs\DataFiles
o Permissions: All users have read and write permissions
Task 5: Verify the YorkDocs namespace
1. On LON-SVR1, open File Explorer, in the address bar, type \\Adatum.com\YorkDocs\, and then
press Enter.
2. Verify that both ResearchTemplates and DataFiles folders display, and then close the window.

Exercise 3: Configuring DFS Replication Scenario

You have been asked to ensure that the files contained in the new DFS namespace are replicated
to both LON-SVR1 and York-SRV1 to ensure data availability.
The main tasks for this exercise are as follows:
1. Create another folder target for DataFiles
2. Configure replication for the namespace
3. Verify DFS Replication
4. To prepare for the next module
Task 1: Create another folder target for ResearchTemplates
1. In DFS Management, expand Adatum.com\YorkDocs, and then click ResearchTemplates.
2. In the details pane, notice that there is currently only one folder target.
3. Add a new folder target:

3
MCSA Lab Scenario - A. Datum Corp – Part 2 Erfan Taheri

• Path to target: \\Lon-SVR1\DataFiles

• Create share
• Local path: D:\YorkDocs\ResearchTemplates
• Permissions: All users have read and write permissions
• Create folder
4. In the Replication dialog box, click Yes. The Replicate Folder Wizard starts.
Task 2: Configure replication for the namespace
1. Complete the Replicate Folder Wizard:
• Primary member: York-SVR1
• No topology
• Use defaults elsewhere, and accept any messages.
2. Create a new replication topology for the namespace:
• Type: Full mesh
• Schedule and bandwidth: Use default settings
3. In the details pane, on the Memberships tab, verify that the replicated folder displays on both
York-SVR1 and LON-SVR1.
Task 3: Verify DFS Replication
1. Switch to LON-DC1.
2. Map a network drive to \\Adatum.com\YorkDocs.
3. Check the YorkDocs properties DFS tab to determine which server the volume is currently
referring to.
4. Open the ResearchTemplates folder, and create a new text document.
5. Add the text “Hello World”, and then save and close the file.
6. Switch to LON-SVR1, and force DFS Replication from LON-SVR1 to York-SVR1.
7. Shut down LON-SVR1.
8. Switch to LON-DC1, and then attempt to open the New Text Document in the
ResearchTemplates folder.

4
MCSA Lab Scenario - A. Datum Corp – Part 2 Erfan Taheri

Exercise 4: Yorkshire home folders

You are implementing FSRM quotas to control the size of home folders. Each home folder is
limited to 100 MB. To ensure that administrators are made aware of home folders that are
running out of space, an event is written to the event log when a user exceeds 85 percent of
their storage quota so that it can be tracked by administrators.
The main tasks for this exercise are as follows:
1. Create a quota template
2. Configure a quota based on the quota template
3. Test that the quota is functional
Task 1: Create a quota template
1. On York-SVR1, from Server Manager, install the File Server Resource Manager.
2. In the File Server Resource Manager console, use the Quota Templates node to configure a
template that sets a hard limit of 100 MB as the maximum folder size.
3. Configure the template to record an event in the Event Log when the folder reaches 85
percent capacity and 100 percent capacity.
Task 2: Configure a quota based on the quota template
1. Use the File Server Resource Manager console and the Quotas node to create a quota on the
D:\Homefolder folder by using the quota template that you created in Task 1.
2. Configure the quota to auto apply on existing and new subfolders.
3. Create an additional folder named Max in the D:\Homefolder folder, and ensure that the new
folder is listed in the quotas list in File Server Resource Manager.
Task 3: Test that the quota is functional
1. Open a Windows PowerShell window, and use the following commands to create a file in the
D:\Homefolder\MAX . Press Enter after each of the three commands:
D:
cd D:\Homefolder\MAX fsutil file createnew file1.txt 8940000

2. Check the Event Viewer for an Event ID of 12325.

3.Test that the quota works by attempting to create a file that is 16,400,000 bytes, and then
press Enter:
fsutil file createnew file2.txt 16400000

5
MCSA Lab Scenario - A. Datum Corp – Part 2 Erfan Taheri

4. Notice that the file cannot be created. The message returned from Windows references disk space, but
the file creation fails because it would exceed the quota limit. Close the Windows PowerShell window.

5. Close all open windows on York-SVR1.

Exercise 5: Configuring File Screening and Storage Reports Scenario

Managers are concerned that large media files are being stored in home folders, a practice that violates
corporate policy. Managers want to prevent media files such as video, audio, and graphics files from
being saved. You need to implement file screening to prevent media files from being stored in home
folders. However, you have also been made aware that several users store Microsoft Project files with the
extension .mpp in their home directories. You must ensure that the file screen you create does not
restrict the storage of these files.

You have also been asked to provide a report to your manager documenting any attempts to save
restricted media files on York-SVR1.

The main tasks in this exercise are:

• Create a file group.

• Create a file screen template.

• Create a file screen.

• Test the file screen.

• Generate an on-demand storage report. The main tasks for this exercise are as follows:

1. Create a file screen

2. Create a file group

3. Test the file screen

4. Generate an on-demand storage report

5. To prepare for the next lab

Task 1: Create a file screen

1. On York-SVR1, open File Server Resource Manager.

2. Create a File Screen based on the Block Audio and Video Files file screen template for the
D:\Homefolder Users directory.

Task 2: Create a file group

1. On York-SVR1, open the File Server Resource Manager Configuration Options dialog box, and, on the
File Screen Audit tab, enable the Record file screening activity in auditing database option.

Create a new File Group with the following properties:

• File group name: MPx Media Files

6
MCSA Lab Scenario - A. Datum Corp – Part 2 Erfan Taheri

• Files to include: *.mp*

• Files to exclude *.mpp

3. Modify the Block Audio and Video Files template to use only the MPx Media Files file group.

Task 3: Test the file screen 1.

Copy music a .mp3 file into D:\Homefolder\Max Users. You will be notified that the system was unable to
copy the file.

Task 4: Generate an on-demand storage report

1. Open the File Server Resource Manager console.

2. Right-click Storage Reports Management, select Generate Reports Now, and then provide the following
parameters:

• Generate only the File Screening Audit report

• Report on D:\Homefolder\

3. Review the generated reports in Internet Explorer.

Exercise 6: Configuring home folders

Task1: Share D:\Homefolder\ with appropriate permissions

Task2: Configure home folder for all Yorkshire Users

1. On York-SRV1.Adatum.local open active directory users and computers console.

2. Select all users in Yorkshire OU.
3. Configure home folder: \\York-SRV1.Adatum.local\homefolder\%username%
4. Connect H:

Exercise 7: Configuring Advanced Auditing Scenario

Your manager has asked you to track all access to file shares that are on York-SVR1. You also
need to be aware of any time a user accesses a file on a removable storage device that is
attached to the server. You have decided to implement the appropriate object access settings by
using Advanced Audit Policy Configuration.
The main tasks for this exercise are as follows:
1. Create a Group Policy Object (GPO) for Advanced Auditing
2. Verify Audit Entries
3. To Prepare for the Next Module

7
MCSA Lab Scenario - A. Datum Corp – Part 2 Erfan Taheri

Task 1: Create a Group Policy Object (GPO) for Advanced Auditing

1. On York-DC1, from Server Manager, open Active Directory Users and Computers.
2. Create a new organizational unit (OU) in Adatum.com named File Servers.
3. Move York-SVR1 from the Computers container to the File Servers OU.
4. On York-DC1, open Group Policy Management.
5. Create a new GPO named File Audit, and link it to the File Servers OU.
6. Edit the File Audit GPO, and then under Computer Configuration, browse to the Advanced
Audit Policy Configuration\Audit Policies\Object Access node.
7. Configure both the Audit Detailed File Share and Audit Removable Storage settings to record
Success and Failure events.
Task 2: Configure Auditing on ResearchTemplates folder
1. On York-SVR1 and LON-SVR1, on the D:\YorkDocs\ResearchTemplates, configure auditing on
the Marketing folder, with the following settings:
o Select a principal: Domain Users
o Type: All
o Permission: Full control
o Leave other settings with their default values
2. Refresh Group Policy by typing the following command at the Windows PowerShell prompt:
gpupdate /force

Task 3: Verify Audit Entries

1. On York-DC1, Open File Explorer, and then navigate to \\York-SVR1\YorkDocs\
ResearchTemplates.
3. Open testfile in Notepad, and then close Notepad.
4. Switch to York -SVR1.
5. Open Event Viewer, and then view the Audit Success events in the Security Log.
6. Double-click one of the log entries with a Source of Microsoft Windows security auditing, and
a Task Category of Detailed File Share.
7. Click the Details tab, and then note the access that was performed.