Professional Documents
Culture Documents
SPUS-ICT-001
January 2015 Issued by:
Setting up Computer
Date Revised:
Servers March 2015 Page 1 of 65
Computer Systems Developed by: SPUS
Servicing NC II Engr. John
Pearl Manungas Revision # 01
Table of Contents
INTRODUCTION ................................................................................... 3
HOW TO USE THIS COMPETENCY BASED LEARNING MATERIAL ..................... 4
LIST OF COMPETENCIES ..................................................................................... 6
MODULE CONTENT ........................................................................................ 7
LEARNING OUTCOME 1 SET UP USER ACCESS .................................................. 9
LEARNING EXPERIENCE 1................................................................................... 11
INFORMATION SHEET 3.1-1 ACTIVE DIRECTORY OF USERS & COMPUTERS .... 12
TASK SHEET 3.1-1 ............................................................................................... 32
LEARNING OUTCOME 2 CONFIGURE NETWORK SERVICES .......................... 34
LEARNING EXPERIENCE 2................................................................................... 36
TASK SHEET 3.2-1 CREATE LOCAL AREA CONNECTION .................................... 37
LEARNING OUTCOME 3 PERFORM TESTING, DOCUMENTATION & PRE-
DEPLOYMENT PRACTICES ........................................................................... 52
LEARNING EXPERIENCE 3................................................................................... 54
INFORMATION SHEET 2.3-1 IP ADDRESSING ..................................................... 55
SELF CHECK 3.3-1............................................................................................... 63
BIBLIOGRAPHY ............................................................................................ 65
You may already have some or most of the knowledge and skills covered in
this learner's guide because you have:
been working for some time
already completed training in this area.
At the end of this module is a Learner’s Diary. Use this diary to record
important dates, jobs undertaken and other workplace events that will assist
you in providing further details to your trainer or assessor. A Record of
Achievement is also provided for your trainer to complete once you complete
the module.
This module was prepared to help you achieve the required competency,
in Constructing Aquaculture Facilities. This will be the source of information
Date Developed: Document No. SPUS-ICT-001
January 2015 Issued by:
Setting up Computer
Date Revised:
Servers March 2015 Page 4 of 65
Computer Systems Developed by: SPUS
Servicing NC II Engr. John
Pearl Manungas Revision # 01
for you to acquire knowledge and skills in this particular trade independently
and at your own pace, with minimum supervision or help from your
instructor.
Talk to your trainer and agree on how you will both organize the
Training of this unit. Read through the module carefully. It is divided
into sections, which cover all the skills, and knowledge you need to
successfully complete this module.
Work through all the information and complete the activities in each
section. Read information sheets and complete the self-check.
Suggested references are included to supplement the materials
provided in this module.
Your trainer will tell you about the important things you need to
consider when you are completing activities and it is important that you
listen and take notes.
Use the self-check questions at the end of each section to test your own
progress.
When you are ready, ask your trainer to watch you perform the
activities outlined in this module.
As you work through the activities, ask for written feedback on your
progress. Your trainer keeps feedback/ pre-assessment reports for this
reason. When you have successfully completed each element, ask your
trainer to mark on the reports that you are ready for assessment.
When you have completed this module (or several modules), and feel
confident that you have had sufficient practice, your trainer will arrange
an appointment with registered assessor to assess you. The results of
your assessment will be recorded in your competency Achievement
Record.
Date Developed: Document No. SPUS-ICT-001
January 2015 Issued by:
Setting up Computer
Date Revised:
Servers March 2015 Page 5 of 65
Computer Systems Developed by: SPUS
Servicing NC II Engr. John
Pearl Manungas Revision # 01
COMPUTER HARDWARE SERVICING NC II
COMPETENCY-BASED LEARNING MATERIALS
List of Competencies
MODULE DESCRIPTOR:
This unit covers the knowledge, skills and attitudes needed to set-
up computer servers for LANs and SOHO systems. It consists of competencies
to set-up user access and configures network services as well as to perform
testing, documentation and pre-deployment procedures.
LEARNING OUTCOMES:
At the end of this module you MUST be able to:
ASSESSMENT CRITERIA:
1. User folder is created in accordance with network operating system (NOS)
features
2. User access level is configured based on NOS features and established
network access policies/end-user requirements.
3. Security check is performed in accordance with established network access
policies/end-user requirements.
4. Normal functions of server are checked in accordance with manufacturer’s
instructions
5. Required modules /add-ons are installed/updated based on NOS
installation procedures
6. Network services to be configured are confirmed based on user/system
requirements
7. Operation of network services are checked based on user/system
requirements
CONTENTS:
Network Diagram
User Access Hierarchy
NOS Features
Network usage policy
File Sharing / Centralized Files storage
ASSESSMENT CRITERIA:
CONDITIONS:
CONDITIONS:
Lecture
Discussion
Demonstration
Viewing multimedia
ASSESSMENT METHODS:
Written examination
Practical examination
Learning Objectives:
Introduction
Installation
Open Server Manager and click on roles, this will bring up the Roles Summary on
the right hand side where you can click on the Add Roles link.
This will bring up the Add Roles Wizard where you can click on next to see a list of
available Roles. Select Active Directory Domain Services from the list, you will be
Configuration
Open up Server Manager, expand Roles and click on Active Directory Domain
Services. On the right hand side click on the Run the Active Directory Domain
Services Installation Wizard (dcpromo.exe) link.
The message that is shown now relates to older clients that do not support the new
cryptographic algorithms supported by Server 2008 R2, these are used by default in
Server 2008 R2, click next to move on.
Now you can name your domain, we will be using a .local domain the reason why will be explained in
an upcoming article.
Choose a STRONG Active Directory Restore Mode Password and click next twice to
kick off the configuration.
When its done you will be notified and required to reboot your PC.
1. Click Start, click Administrative Tools, and then click Active Directory
Users and Computers. The Active Directory Users and Computers MMC
opens. If it is not already selected, click the node for your domain. For
example, if your domain is example.com, click example.com.
2. In the details pane, right-click the folder in which you want to add a user
account.
Where?
A domain is a collection of computers on a network with common rules and procedures that
are administered as a unit. Each domain has a unique name. Typically, domains are used for
workplace networks. To connect your computer to a domain, you'll need to know the name of
the domain and have a valid user account on the domain.
1. Open System by clicking the Start button , right-clicking Computer, and then
clicking Properties.
2. Under Computer name, domain, and workgroup settings, click Change settings. If
you're prompted for an administrator password or confirmation, type the password or
provide confirmation.
3. Click the Computer Name tab, and then click Change. Alternatively, click Network
ID to use the Join a Domain or Workgroup wizard to automate the process of
connecting to a domain and creating a domain user account on your computer.
4. Under Member of, click Domain.
To share items in your Public folder and its subfolders with other users of your
computer, you don’t need to do a thing. By default, all users with an account on your
computer can log on and create, view, modify, and delete files in the Public folders.
The person who creates a file in a Public folder (or copies an item to a Public folder)
is the file’s Owner and has Full Control access. All others who log on locally have
Modify access. For more information on access levels, see What are permissions?
To share items in your Public folder with network users, click the Start button ,
click Network, and then click Network and Sharing Center. Turn on Public Folder
Sharing (for information on how to do this, see Sharing files with the Public folder).
You can’t select which network users get access, nor can you specify different access
levels for different users. Sharing via the Public folder is quick and easy—but it’s
rigidly inflexible.
Whether you plan to share files and folders with other people who share your
computer or with those who connect to your computer over the network (or both),
the process for setting up shared resources is the same as long as the Sharing Wizard
is enabled. We recommend that you use the Sharing Wizard even if you normally
disdain wizards. It’s quick, easy, and almost certain to make all of the correct settings
for network shares and NTFS permissions—a sometimes daunting task if undertaken
manually. Once you’ve configured shares with the wizard, you can always dive in
and make changes manually if you want.
To make sure the Sharing Wizard is enabled, click the Start button , type “folder”
in the Search box, and then click Folder Options. Click the View tab. In the Advanced
settings box, scroll down the list and make sure the Use Sharing Wizard
(Recommended) check box is selected.
With the Sharing Wizard at the ready, follow these steps to share files or folders:
1. In Windows Explorer, select the folders or files you want to share. (You can
select multiple objects.)
2. In the Command bar, click Share. (Alternatively, right-click, and then click
Share.)
share files or folders, and then click Add. You can type a name in the box or
click the arrow to display a list of available names. Repeat for each person
you want to add.
The list includes all of the users who have an account on your computer, plus
Everyone. If you want to grant access to someone who doesn’t appear in the
list, you need to create a user account for that person (for information on how
to do this, see Create a user account).
Note
Reader. Users with this permission level can view shared files and run
shared programs, but cannot change or delete files. Selecting Reader in
the Sharing Wizard is equivalent to setting NTFS permissions to Read
& Execute.
Contributor. This permission level, which is available only for shared
folders (not shared files), allows the user to view all files, add files, and
change or delete files that the user adds. Selecting Contributor sets
NTFS permissions to Modify.
Co-owner. Users who are assigned the Co-owner permission have the
same privileges that you do as the Owner: They can view, change, add,
and delete files in a shared folder. Selecting Co-owner sets NTFS
permissions to Full Control for this user.
Note
You might see other permission levels if you return to the Sharing
Wizard after you set up sharing. The Custom permission level identifies
NTFS permissions other than Read & Execute, Modify, and Full Control.
The Mixed permission level appears if you select multiple items, and
Share. After a few moments, the wizard displays a page similar to the
page shown in the following illustration.
Confusingly, when you share one of your profile folders (or any other subfolder of
%SystemDrive%\Users), Windows Vista creates a network share for the Users
folder—not for the folder you shared. This isn’t a security problem; NTFS permissions
prevent network users from seeing any folders or files except the ones you explicitly
share. But it does lead to some long UNC paths to network shares.
For example, if you share the My Received Files subfolder of Documents (as shown
after step 5 in the previous section), the network path is \\CARL-
PC\Users\Carl\Documents\My Received Files. If this same folder had been
anywhere on your computer outside of the Users folder, no matter how deeply nested,
the network path would instead be \\CARL-PC\My Received Files. Other people to
whom you’ve granted access wouldn’t need to click through a series of folders to find
the files in the intended target folder.
Network users, of course, can map a network drive or save a shortcut to your target
folder to avoid this problem. But you can work around it from the sharing side, too:
Use advanced sharing to share the folder directly. (Do this after you’ve used the
Sharing Wizard to set up permissions.)
Make sure the share name you create doesn’t have spaces. Eliminating spaces
makes it easier to type a share path that works as a link.
If you want to stop sharing a particular shared file or folder, select it in Windows
Explorer, and then click Share. The Sharing Wizard appears, as shown in the
following illustration.
Use the Sharing Wizard to change sharing permissions or to stop sharing a file or
folder
If you click Change sharing permissions, the wizard continues as when you created
the share, except that all existing permissions are shown. You can add or remove
names and change permissions.
The Stop sharing option removes access control entries that are not inherited. In
addition, the network share is removed; the folder will no longer be visible in another
user’s Network folder.
If you disable the Sharing Wizard, Windows Vista reverts to a process similar to that
employed by earlier versions of Windows (except the aberration in Windows XP called
Simple File Sharing—nothing before or after is similar to that). Without the Sharing
Wizard, you configure network shares independently of NTFS permissions. (For more
With the Sharing Wizard disabled, when you select a folder, and then click Share,
rather than the wizard appearing, Windows opens the folder’s properties dialog box
and displays the Sharing tab, as shown in the next illustration. Even with the
Sharing Wizard enabled, you can get to the same place; right-click the folder, and
then choose Properties.
Note
The Sharing tab is part of the properties dialog box for a folder, but not for
files. Also, when the Sharing Wizard is disabled, the Share button appears on
the Command bar only when you select a single folder. Only the Sharing
Wizard is capable of making share settings for files and for multiple objects
simultaneously.
To create or modify a network share using advanced settings, follow these steps:
Note
If the folder is already shared, and you want to add another share name
(perhaps with different permissions), click Add, and then type the name for
the new share. The share name is the name that other users will see in their
own Network folders. Windows initially proposes to use the folder’s name as
its share name. That’s usually a good choice, but you’re not obligated to accept
it. If you already have a shared folder with that name, you’ll need to pick a
different name.
Permissions.
Everyone
Caution
When you share a folder, you also make that folder’s subfolders available on
the network. If the access permissions you set for the folder aren’t
appropriate for any of its subfolders, either reconsider your choice of access
permissions or restructure your folders to avoid the problem.
Group or user names box, select the name of the user or group you want
to manage. The share permissions for the selected user or group appear in the
permissions box.
Date Developed: Document No. SPUS-ICT-001
January 2015 Issued by:
Setting up Computer
Date Revised:
Servers March 2015 Page 29 of 65
Computer Systems Developed by: SPUS
Servicing NC II Engr. John
Pearl Manungas Revision # 01
Allow, Deny, or neither for each access control entry:
Full Control. Allows users to create, read, write, rename, and delete files in
the folder and its subfolders. In addition, users can change permissions and
take ownership of files on NTFS volumes.
Change. Allows users to read, write, rename, and delete files in the folder
and its subfolders, but not create new files.
Read. Allows users to read files but not write to them or delete them. If you
select neither Allow nor Deny, it is still possible that the user or group can
inherit the permission through membership in another group that has the
permission. If the user or group doesn’t belong to another such group, the
user or group is implicitly denied permission.
Note
o To remove a name from the Group or user names box, select the
name, and then click Remove. To add a name to the list, click Add.
Enter the names of the users and groups you want to add.
NTFS permissions apply to folders and files on an NTFS-formatted drive. They provide
extremely granular control over an object. For each user to whom you want to grant
access, you can specify exactly what they’re allowed to do: run programs, view folder
contents, create new files, change existing files, and so on. You set NTFS permissions
on the Security tab of the properties dialog box for a folder or file.
It’s important to recognize that the two types of permissions are combined in the
most restrictive way. If, for example, a user is granted Read permission on the
network share, it doesn’t matter whether or not the account has Full Control NTFS
permissions on the same folder; the user gets only Read access when connecting over
the network.
In determining the effective permission for a particular account, you must also
consider the effect of group membership. Permissions are cumulative; an account
that is a member of one or more groups is granted all of the permissions that are
granted explicitly to the account as well as all of the permissions that are granted to
each group of which it’s a member. The only exception to this rule is Deny
permissions, which take precedence over any conflicting Allow permissions.
Supplies/Materials :
Ethernet Cables
Mother Board manual
Network Drivers
Operating System Installer (Windows Server 2008 r2)
Steps/Procedure:
Assessment Method:
CRITERIA
YES NO
Did you….
1. Successfully installed the active directory of users and
computers?
CONTENTS:
ASSESSMENT CRITERIA:
CONDITIONS:
Lecture
Discussion
Demonstration
Viewing multimedia
ASSESSMENT METHODS:
Written examination
Practical examination
Learning Objectives:
Introduction
To do this, you will need a Windows Server 2008 system already installed and
configured with a static IP address. You will need to know your network’s IP address
range, the range of IP addresses you will want to hand out to your PC clients, your
DNS server IP addresses, and your default gateway. Additionally, you will want to
have a plan for all subnets involved, what scopes you will want to define, and what
exclusions you will want to create.
To start the DHCP installation process, you can click Add Roles from the Initial
Configuration Tasks window or from Server Manager à Roles à Add Roles.
When the Add Roles Wizard comes up, you can click Next on that screen.
Next, select that you want to add the DHCP Server Role, and click Next.
What the wizard is asking is, “what interface do you want to provide DHCP services
on?” I took the default and clicked Next.
Next, I entered my Parent Domain, Primary DNS Server, and Alternate DNS
Server (as you see below) and clicked Next.
Then, I was promoted to configure a DHCP scope for the new DHCP Server. I have
opted to configure an IP address range of 192.168.1.50-100 to cover the 25+ PC
Clients on my local network. To do this, I clicked Add to add a new scope. As you
see below, I named the Scope WBC-Local, configured the starting and ending IP
addresses of 192.168.1.50-192.168.1.100, subnet mask of 255.255.255.0, default
gateway of 192.168.1.1, type of subnet (wired), and activated the scope.
Back in the Add Scope screen, I clicked Next to add the new scope (once the DHCP
Server is installed).
I chose to Disable DHCPv6 stateless mode for this server and clicked Next.
Then, I confirmed my DHCP Installation Selections (on the screen below) and
clicked Install.
I clicked Close to close the installer window, then moved on to how to manage my
new DHCP Server.
While I cannot manage the DHCP Server scopes and clients from here, what I can
do is to manage what events, services, and resources are related to the DHCP
Server installation. Thus, this is a good place to go to check the status of the DHCP
Server and what events have happened around it.
However, to really configure the DHCP Server and see what clients have obtained IP
addresses, I need to go to the DHCP Server MMC. To do this, I went to Start à
Administrative Tools à DHCP Server, like this:
When expanded out, the MMC offers a lot of features. Here is what it looks like:
The DHCP Server MMC offers IPv4 & IPv6 DHCP Server info including all scopes,
pools, leases, reservations, scope options, and server options.
If I go into the address pool and the scope options, I can see that the configuration
we made when we installed the DHCP Server did, indeed, work. The scope IP
address range is there, and so are the DNS Server & default gateway.
So how do we know that this really works if we do not test it? The answer is that we
do not. Now, let’s test to make sure it works.
Also, I went to my Windows 2008 Server and verified that the new Vista client was
listed as a client on the DHCP server. This did indeed check out, as you can see
below:
Figure 14: Win 2008 DHCP Server has the Vista client listed under Address Leases
Supplies/Materials :
Ethernet Cables
Mother Board manual
Network Drivers
CRITERIA
YES NO
Did you….
1. Install the DHPC Server?
CONTENTS:
ASSESSMENT CRITERIA:
CONDITIONS:
Lecture
Discussion
Written examination
Practical examination
Learning Objectives:
System Administrator
KEY ROLE:
This job is responsible for planning, designing, testing and documenting software
systems for business applications. He/she is also responsible for designing
interfaces, coding and testing of application programs according to user
requirements.
SPECIFIC DUTIES:
2.2 Enters program codes into computer system. Designs program interfaces.
4. Helps the web admin in gathering resources for SPU Surigao Website.
KEY ROLE:
This job is responsible for monitoring and maintaining the stability of the
computer network system of the university at all times. A network administrator
is responsible for keeping the network functioning at optimal levels. This includes
the internal network (LAN), a company-wide network that encompasses multiple
locations (WAN) as well as the connection with the outside world. This job include
server maintenance and backup, email administration, assigning and
maintaining user logon and access privileges, the actual hard-wiring of jacks and
workstations and protecting internal users from outside threats, including
hackers, viruses, spyware and malware.
SPECIFIC DUTIES:
2. The network administrator provides the law and order of the network by
spelling out the rules and regulations of the university.
12. Assists the offices involved during the enrolment period when necessary to
ensure the smooth flow of the automated enrollment system.
Server
This document only addresses the procedure adopted for those servers managed by
the Information Technology Division.
PURPOSE
This procedure is designed to ensure that all ITD servers are deployed in an orderly
way.
PROCEDURE
REQUEST / APPROVAL
The System Administrator who intends to deploy the server to host a new or
existing service must log a Change Control call in RMS (at code 5) to initiate the
change request.
Upon receipt of the Change Control request, the Change Control Officer (CCO) will
change the status code to 24. This will automatically email a ‘Pre-Deployment Check
List” to the System Administrator. This check list must be completed and returned
to the CCO.
Server Name
1. What is the name of the server?
Environmental Design
2. Is this a Physical or Virtual server? (Note: If either physical server or
virtual host is required, see ITD Purchasing Procedure for tender process)
3. Is this a physical to virtual conversion of an existing server [Y/N]?
Data Infrastructure
9. Does the server require SAN connectivity [Y/N]?
10. If yes, please state if a LUN has been allocated [Y/N].
11. If yes, please state the disk space required (FC or SATA).
12. If yes, please state whether the server is to be mirrored.
Backup of Data
15. Does the server need to be backed up?
Other
16. If this is a rebuild of an existing server, has the application data been
backed up to a location off the server?
Upon receipt of the above information, the CCO will change the status code to 25
(Change Control circulation) and will then bring the request to the next weekly
Change Control Board meeting for approval.
Once the request has been approved, the CCO will change the status code to 45
and the System Administrator will be notified by email.
The System Administrator must then log the following calls in RMS (quoting the
CC reference number):
DEPLOYMENT
It is the responsibility of the Server Manager to build the server according to the
required specifications. (See ‘Best Practice for Servers Working Guideline’). If the
server is for an external department, charges will be applied according to the
Server Cost Model.
Once the server is built and ready for deployment, the Server Manager will close
the ‘request for server’ call in RMS.
POST-DEPLOYMENT
Once the server is deployed, the System Administrator will inform his/her Change
Control Board Section Representative who will notify the Change Control Board at
the next weekly meeting. The Change Control Officer will then change the status code
to 79. This will automatically email a ‘Post-Deployment Check List” to the System
Administrator. This checklist must be completed and returned to the Change
Control Officer.
Post-deployment Checklist
Once confirmation has been received, return the answers to the checklist questions
to the Change Control Officer, who will post the answers into the Notes field and
close the call in RMS at code 95.
RECORDS
Records of all servers are stored on the ITD Master Server List.
Records of RMS change requests are held in RMS for a period of 3 years.
PROCESS VERIFICATION
Instructions: Answer the following questions, write the answer in the space
provided.
5. This job is responsible for monitoring and maintaining the stability of the
computer network system of the university at all times. A network
administrator is responsible for keeping the network functioning at optimal
levels. This includes the internal network (LAN), a company-wide network that
encompasses multiple locations (WAN) as well as the connection with the
outside world. This job include server maintenance and backup, email
administration, assigning and maintaining user logon and access privileges,
the actual hard-wiring of jacks and workstations and protecting internal users
from outside threats, including hackers, viruses, spyware and malware.
1. PROCESS VERIFICATION
2. SERVER MANAGER
3. SERVER
4. SYSTEM ADMINISTRATOR
5. NETWORK ADMINISTRATOR
Websites
http://windows.microsoft.com/en-ph/windows/connect-computer-
domain#1TC=windows-7
https://technet.microsoft.com/en-
us/library/dd894463%28v=ws.10%29.aspx
https://msdn.microsoft.com/en-us/library/aa545347%28v=cs.70%29.aspx
http://www.windowsnetworking.com/articles-tutorials/windows-server-
2008/How-to-Install-Configure-Windows-Server-2008-DHCP-Server.html
http://www.howtogeek.com/99323/installing-active-directory-on-server-
2008-r2/
http://windows.microsoft.com/en-ph/windows-vista/share-files-and-
folders-over-the-network-from-windows-vista-inside-out
Other Materials