Lab Project

ARBAMINCH POLYTECHNIC AND SATELLITE INSTITUTE
Department of information technology

Project based learning (PBL)
Occupation:-hardware & network servicing
Prepared by:-Mebratu.G (instructor IVI)
ARBAMINCH, ETHIOPIA
2006 E.C
Unit of competence
1. Monitoring and Administrating system and network security &
2. Identify and Resolve Network Problems

2. Identify and Resolve Network Problems Page 2
Exercise 1
Installing Windows
Server 2008

Exercise 1 : Installing Windows Server 2008
In this section, you should be able to :
Describe the different editions of Server 2008

Describe the requirements for a full installation
Get a free evaluation copy of Windows Server 2008 (if you don‟t already hav e
one) and how to install it.
Perform Full Installation of Server 2008
Hardware Requirements
Table 1.1 lists the basic system requirements for Windows Server 2008 editions.
Standard Enterprise Datacenter

Processor (min) 1 GHz (x86) 1 GHz (x86) 1 GHz (x86)
1.4 GHz (x64) 1.4 GHz (x64) 1.4 GHz (x64)
Processor (recommended) 2 GHz or faster 2 GHz or faster 2 GHz or faster
Memory (min) 512 MB 512 MB 512 MB
Memory (recommended) 2 GB or more 2 GB or more 2 GB or more
Memory (max) 4 GB (32 bit) 64 GB (32 bit) 64 GB (32 bit)

32 GB (64 bit) 2 TB (64 bit) 2 TB (64 bit)
Disk space (min) 10 GB 10 GB 10 GB
Disk space (recommended) 40 GB 40 GB 40 GB
TABLE 1.1 Hardware requirements for Windows Server 2008 editions.
Hardware resources would need to be increased for any systems using Hyper-V
technology and running virtual machines. For example, if you‟re running three virtual
servers within a Windows Server 2008 Enterprise edition, you would need additional
processing power, more memory, and more disk space.
How to Obtain a Copy of Windows Server 2008?
It‟s common for Microsoft to provide free evaluation copies of Server operating systems
for use. Currently, you can download Windows Server 2008 30-day and 60-day
evaluation editions free of charges at :
http://www.micosoft.com/windowsserver2008/en/us/trial-software.aspx

Beware, though. These files are quite large. If you‟re using a slower dial-up link, you
might want to see whether Microsoft is currently offering an evaluation DVD via regular
mail. There‟s a nominal cost involved with this option, but it‟s better than trying to
download more than 2GB at 56KB.
The download is an .iso image of the actual DVD. Search with your favorite search
engine for Download Windows Server 2008, and you‟ll find the link.
Once you download the .iso image, you can burn it to a DVD. If you don‟t have the
software needed to burn it to DVD, you can use one of many freeware utilities (such as
ImgBurn) to burn the .iso image to your DVD.
EXERCISE 1.1
Installing Windows Server 2008
1. Insert the Windows Server 2008 DVD into your DVD drive. Boot your PC using
Windows Server 2008 DVD.
2. Language and Keyboard Options.
This allows you to specify your language and your keyboard layout. By default,
text input language and method is : US Keyboard layout (Figure 0001).
Figure 0001 : Language and Keyboard Options
2.1. Click Next to continue.

3. Windows Server 2008 Setup
You are presented with options to Install, brief information about Server 2008 or
repair (Figure 0002).
Figure 0002 : Windows Server 2008 Setup
3.1 Click Install now to start setup Windows Server 2008 on this computer.
4. Product Key and Activation
Figure 0003 : Product Key and Activation
4.1 Enter your "Product Key" for activation now or you can enter it later (Figure
0003).

4.2. Click Next to
continue.
Figure 0004 : Product Key Warning
4.3. If you leave the product key box blank, the warning window will appear (Figure
0004); just click No to continue.
5. Windows Server Version
5.1. Select Windows Server 2008 Enterprise (Full Installation), (as shown in the
Figure 0005).
Figure 0005 : Windows Version
5.2. Tick the box of I have selected the edition of Windows that I purchased.
5.3. Click Next.

6. Windows Server 2008 License Agreement
6.1. Read the terms of the license agreement.
If you accept (which, of course, you have to do to continue installation), tick the
box of I accept the license terms (Figure 0006).
Figure 0006 : Windows Server 2008 License Agreement
6.2. Click Next to continue.

7. Installation Options.
You are presented with options to Upgrade or Custom (advanced).
Click Custom (advanced), (Figure 0007).
Figure 0007 : Installation Options
8. Partition Options
8.1. Click Drive options (advanced), (Figure 0008).

8.2. Click New, (Figure
0009).
Figure 0009 : New Partition
8.3. Change the size to 40,000 MB, (Figure 0010).
Figure 0010 : Partition Size
8.4. Click Apply.

8.5. Select Disk 0 Partition 1 (Figure 0011).
Figure 0011 : Partition
8.6. Click Next. The partition will be formatted with NTFS as part of the installation. At
this point, take a break. The installation will continue on its own.
Figure 0012 : Installing Windows

9. First Time Login
When you first time login, the windows warning will appear ask you to change the
user password before logging on for the first time (Figure 0013).
Figure 0013 : First time login
9.1 Click OK.
10. Change Administrator Password.
4.1 Enter a new password in the two test boxes (Figure 0014). Enter
Pr@ctice in this exercise. It meets complexity requirements and doesn‟t
require you to remember multiple passwords. Don‟t use this password on
a production server.
Figure 0014 : Change Administrator password
10.2 Hit Enter button after the passwords are entered.

Figure 0015 : Password changed successfully
10.3 Once the password has been changed, the screen indicates success
(Figure 0015). Click OK.
Congratulation! You have finish install the Windows Server 2008.
Summary
In this section you installed Windows Server 2008 on a computer. In the following
exercises you will setting time zone, install Active Directory and other services, creating
a small network for you to administer.

Exercise 2
Initial Configuration

Exercise 2 : Initial Configuration
In this section, you should be able to :
Complete the Initial Configuration Tasks
Setup time zone for your server.
Configure networking on your server
Change your server name
Setting Time Zone

In this section, you‟ll learn how to setup time zone for your server.
EXERCISE 2.1
Setting Time Zone
1. In Initial Configuration Tasks, select Set time zone (Figure 0016).
Figure 0016 : Set time zone
2. Click Change time zone (Figure 0017).

3. Select time zone appropriate for your location.
e.g. (GMT+08:00) Kuala Lumpur, Singapore (Figure 0018).
Figure 0018 : Time zone
4. Click OK.
5. Click OK again (Figure 0019).
Figure 0019 : Change time zone

Configuring Network
In this section, you‟ll learn how to configure networking on your server. Make sure you
have hook up your server to the network before you start.
EXERCISE 2.2
Configuring Network
1. In Initial Configuration Tasks, select Configure networking (Figure 0020).
Figure 0020 : Configure networking
2. Double-click Local Area Connection (Figure 0021).
Figure 0021 : Local Area Connection

3. Click Properties button (Figure 0022).
Figure 0022 : Local Area Connection Properties
4. Uncheck Internet Protocol Version 6 (TCP/IPv6), because we only use

TCP/IPv4 only (Figure 0023).
Figure 0023 : TCP/IPv6

5. Select Internet Protocol Version 4 (TCP/IPv4), and click Properties button
(Figure 0024).
Figure 0024 : TCP/IPv4
6. Now set your server IP address, and ensure that you are using a static IP
address. For this exercise, I‟m using number 21 as my server station number
(Figure 0025).
Tips:
Use the following IP address:
IP address : 192.168.2.SN (server station number)

Subnet mask : 255.255.255.0
Default gateway : 192.168.2.ISIP (internet server IP address)
Use the following DNS server address:

Preferred DNS server : 192 . 168 . 2 . DNS (1stDNS server IP address)
Alternate DNS server : ___ . ___ . ___ . ___ (2ndDNS server IP address)

Figure 0025 : Static IP address
7. Click Advanced button after complete setting your IP address (Figure 0025).
8. Select the DNS tab (Figure 0026).
Figure 0026 : Advanced TCP/IP Setting
9. Specify myserver.com as the DNS suffix for this connection (Figure 0026).
10. Tick Use this connection’s DNS suffix in DNS registration box (Figure 0026).
11. Click OK (Figure 0026).
12. Click OK again.
13. Click Close button to close Local Area Connection Properties (Figure
0027).
14. Click Close button to close Local Area Connection Status.
15. Close Network Connection properties (Figure 0028).
Figure 0028 : Network Connection properties

Changing Computer Name
In this section, you‟ll learn how to change your server name.
EXERCISE 2.3
Changing Computer Name
1. In Initial Configuration Tasks, select Provide computer name and domain

(Figure 0029).
Figure 0029 : Provide computer name and domain
2. Click Change... button (Figure 0030).
Figure 0030 : System Properties

3. Key-in your server name at Computer name: box. In this exercise I user
server21 as my computer name (Figure 0031). And click OK.
Figure 0031 : Computer Name
4. Windows remind you to restart your computer to apply the changes. Click OK.
Figure 0032 : Computer Name – Restart Reminder

5. Click Close button on System Properties dialog box (Figure 0033).
6. Click Restart Now to reboot your computer (Figure 0034).
Figure 0034 : Restart Computer

7. After restart, login your server as Administrator (Figure 0035)
Figure 0035 : Login
Summary
In this section you have configure Time Zone, Networking and Computer Name for your
Server 2008. In the following exercises you will install Active Directory and other
services for you to administer.

Exercise 3
Installing and
Configuring DNS

Exercise 3 : Installing and Configuring DNS
Installing Domain Name System (DNS) Services Role

In this section, you‟ll learn how to implement a domain name server for your network.
Domain Name System (DNS) provides a standard method for associating names with
numeric Internet addresses. This makes it possible for users to refer to network
computers by using easy-to-remember names instead of a long series numbers.
Windows DNS services can be integrated with Dynamic Host Configuration Protocol
(DHCP) services on Windows, eliminating the need to add DNS records as computers
are added to the network.
The first step is required to ensure that you are using a static IP address and that the
DNS settings on the computer have been correctly configured. Make sure your have
hook up your PC to the network and you are using a static IP address before you start.
EXERCISE 3.1
Installing Domain Name System (DNS) Services Role
1. Login your server as Administrator.
2. Launch Server Manager. Click Start ►Administrator Tools ► Server Manager

(Figure 0036).
Figure 0036 : Launch Server Manager

3. In Server Manager, select Roles (Figure 0037).
Figure 0037 : Roles
4. Select Add Roles (Figure 0038).
Figure 0038 : Add Roles
5. On the Before You Begin page, review the requirements, and click Next (Figure
0039).
Figure 0039 : Add Roles – Before You Begi

6. On the Select Server Role page, select the check box next to DNS Server, and
click Next (Figure 0040).
Figure 0040 : Server Roles – DNS Server
7. On the DNS Server page, review the information, and click Next (Figure 0041).
Figure 0041 : DNS Server

8. On the Confirm Installation Selections page, click Install (Figure 0042).
Figure 0042 : Confirm Installation Selections
Please wait. This operation will take a few minutes.
Figure 0043 : Installation Progress

9. On the Installation Result page, review the information.
Click Close to continue (Figure 0044).
Figure 0044 : Installation Result

EXERCISE 3.2
Configuring Domain Name System (DNS)
10. Launch DNS Manager. Click Start ►Administrator Tools ► DNS (Figure 0045)
Figure 0045 : Launch DNS Manager
11. Double-click on the computer icon to expand the DNS Server (Figure 0046).
Figure 0046 : DNS Manager

EXERCISE 3.2.1
Configuring Forward Lookup Zones
12. Click on Forward Lookup Zones first, and then right-click on it.
13. Select New Zone (Figure 0047)
Figure 0047 : Create New Zone
14. New Zone welcome wizard appear. Click Next to continue (Figure 0048).
Figure 0048 : New Zone Welcome Wizard

15. Select Primary zone and click Next button (Figure 0049).
Figure 0049 : Zone Type
16. The New Zone Wizard dialog box requests the name for the zone. Enter the
name that has been assigned to your domain (this example uses myserver.com).
(Figure 0050).
Figure 0050 : Zone Name
17. Once you have entered the correct name for the zone name, click Next button to
continue.

18. The dialog box now displays the name that will be used to the new zone file.
Leave the filename as suggested, then click Next (Figure 0051).
Figure 0051 : Zone File
19. Select the option "Allow both nonsecure and secure dynamic updates". Click
Next to continue (Figure 0052).
Figure 0052 : Dynamic Update

20. Click Finish to close the wizard and create the new zone (Figure 0053).
Figure 0053 : Successfully Completed the New Zone Wizard

EXERCISE 3.2.2
Creating Forward Lookup Zones New Host
21. Double click to expand Forward Lookup Zones.
22. Right click myserver.com and select New Host (Figure 0054).
Figure 0054 : Create New Host
23. Enter IP address for DNS server (myserver.com) and click Add Host (Figure
0055).
Figure 0055 : New Host
24. Click OK button.
25. Click Done button to exit New Host Wizard.

26. After finish configuring Forward Lookup Zones, recheck myserver.com must have
minimum three(3) types resource record – (SOA), (NS) and (A). (Figure 0056).
Figure 0056 : Forward Lookup Zones

EXERCISE 3.3
Configuring Reverse Lookup Zones
27. Click on Reverse Lookup Zones.
28. Right click Reverse Lookup Zones and select New Zone (Figure 0057).
Figure 0057 : Add a New Zone
29. New Zone welcome wizard appear. Click Next to continue (Figure 0058)
Figure 0058 : New Zone Welcome Wizard

30. Select Primary zone and click Next button (Figure 0059)
Figure 0059 : Zone Type
31. Select IPv4 Reverse Lookup Zone and click Next to continue (Figure
0060).
Figure 0060 : Reverse Lookup Zone Name

32. A reverse zone maps IP addresses to computer names, so it has to know what
range of IP addresses it will be responsible for.
Enter the first 3 octets of the IP address that has been allocated to your network
domain (Figure 0061).
Figure 0061 : Network ID
33. After entering the network ID, click Next button to continue.
34. The wizard will display the name of the reverse zone file that it will create. Leave
the filename as suggested, then click Next (Figure 0062).
Figure 0062 : Zone File

35. Select the option "Allow both nonsecure and secure dynamic updates". Click
Next to continue (Figure 0063)
Figure 0063 : Dynamic Updates
36. Click Finish to close the wizard and create the new zone (Figure 0064).
Figure 0064 : Successfully Completed the New Zone Wizard

EXERCISE 3.3.1
Creating Reverse Lookup Zones New Pointer (PTR)
37. In the DNS manager window, double-click the computer icon and expand the
Reverse Lookup Zone field.
38. Expand the subnet field.
39. Right-click the subnet field and select New Pointer (Figure 0065).
Figure 0065 : Create New Pointer
40. Enter the IP address of your domain server (Figure 0066).
Figure 0066 : Host IP Address
41. Click Browse button to browse for host name.

42. Double click your server icon (Figure 0067).
Figure 0067 : Browse Host Name - Domain
43. Double click Forward Lookup Zones (Figure 0068).
Figure 0068 : Browse Host Name - Forward Lookup Zones

44. Double click your domain (Figure 0069).
Figure 0069 : Browse Host Name – Domain.com
45. Double click Host (A) record (Figure 0070).
Figure 0070 : Browse Host Name – Host (A)

46. Click OK to create new pointer (Figure 0071).
Figure 0071 : New Pointer Complete Data
47. After finish configuring Reverse Lookup Zones, recheck the subnet field. The
subnet field must have minimum three(3) types resource record – (SOA), (NS)
and (PTR). (Figure 0072).
Figure 0072 : Reverse Lookup Zones

EXERCISE 3.4
Testing The DNS Server
In this section you verify that the DNS Server is installed, running, and correctly
configured.
48. In the DNS manager window, right-click the computer icon and select properties
(Figure 0073).
Figure 0073 : DNS Manager – Server Properties
49. Click the Monitoring tab (Figure 0074).
Figure 0074 : DNS Server Properties

50. Enable both tests and click Test Now button (Figure 0075).
Figure 0075 : DNS Server Properties - Monitoring
Do not proceed till the test results for Simple Query indicate Pass. Your
recursive query result will indicate Fail because we did not configure our DNS to
query to other DNS server.
51. Click OK to continue
52. Close the DNS Manager.

EXERCISE 3.5
Testing The DNS Server Using NSLOOKUP To Query DNS
In this exercise you will use a client tool to check the operation of the DNS
server. You
will query both a forward and reverse lookup.
53. Launch Run. Click Start ►Run (Figure 0076).
Figure 0076 : Launch RUN

54. Enter nslookup and click OK (Figure 0077).
Figure 0077 : Launch Nslookup Program
55. A command prompt DOS window will appear with the program nslookup running
in it (Figure 0078).
The default server name and IP address of the DNS server will be shown.
Figure 0078 : Running Nslookup
56. To perform a forward lookup (resolve a computer name to an IP address) enter

the name of the computer (e.g. myserver.com) (Figure 0079).
Figure 0079 : Query Forward Lookup

57. Press ENTER. Your query result will be same as Figure 0080 below.
Figure 0080 : Query Forward Lookup Result
58. To perform a reverse lookup (resolve an IP address to a computer name), enter

the IP address given in step 56 and press ENTER (Figure 0081).
Figure 0081 : Query Reverse Lookup
59. Close the command prompt windows (Figure 0081).
Summary
The DNS server is a database that manages computer names and their IP addresses.
Zone files are used to store this information. Within a zone, a forward lookup resolves
computer names to IP addresses. A reverse zone resolves IP addresses to computer
names.
A client tool such as NSLOOKUP can be used to test the operation of a DNS server.

Exercise 4
Installing Active
Directory

Exercise 4 : Installing Active Directory
In this exercise you will install active directory services (ADS) and change to native
mode (where the server acts purely with ADS). Once ADS is installed, you will be able to
take advantage of many of the new features of Windows 2008 in managing users,
computers and sites.
Adding Active Directory Domain Services Role
EXERCISE 4.1
Adding Active Directory Domain Services Role
1. Login your server as Administrator.
2. Launch Server Manager. Click Start ►Administrator Tools ► Server Manager

(Figure 0082).
Figure 0082 : Launch Server Manager

3. In Server Manager, select Roles (Figure 0083).
Figure 0083 : Roles
4. Select Add Roles (Figure 0084).
Figure 0084 : Add Roles
5. On the Before You Begin page, review the requirements, and click Next (Figure 0085).
Figure 0085 : Add Roles – Before You Begin

6. On the Select Server Role page, select the check box next to Active Directory
Figure 0086 : Server Roles
7. On the Active Directory Domain Services page, review the information, and click
Next (Figure 0087).
Figure 0087 : Active Directory Domain Services

8. On the Confirm Installation Selections page, click Install (Figure 0088).
Figure 0088 : Confirm Installation Selections
Please wait. This operation will take a few minutes.
Figure 0089 : Installation Progress

9. On the Installation Result page, review the information.
Click Close (Figure 0090).
Figure 0090 : Installation Result
Note : You still must run the Active Directory Domain Services Installation Wizard
(DCPromo) to make the server a fully functional domain controller.

Installing Active Directory Domain Services
In this section, you‟ll learn how to installing Active Directory Domain Services.
EXERCISE 4.2
Installing Active Directory Domain Services
10. Logon into a Windows Server 2008 server as Administrator.
11. Click Start ►Run. At the Run line, enter DCPromo, and click OK (Figure 0091).
Figure 0091 : Run dcpromo
12. On the Welcome screen, click Next (Figure 0092).
Figure 0092 : Welcome Screen

13. On the Operating System Compatibility screen, review the information, and click
Next (Figure 0093).
Figure 0093 : Operating System Compatibility Screen
14. On the Choose a Deployment Configuration screen, select Create a New

Domain in a New Forest.
Click Next (Figure 0094).
Figure 0094 : Choose a Deployment Configuration Screen

If your computer were part of an existing forest, you could create a replica
domain controller within an existing domain. However, this exercise is assuming
your server will be the first domain controller in the forest.
15. On the Name the Forest Root Domain screen, enter MYServer.com as the fully
qualified domain name.
Figure 0095 : Name the Forest Root Domain Screen
16. If Domain NetBIOS Name page appears, accept the default of MYSERVER.
17. On the Set Forest Functional Level screen, select the Forest functional level of
Windows Server 2008. This ensures that any new domains created in this forest
will automatically operate at the Windows Server 2008 domain functional level,
which does provide unique features. If you had a network that has a Windows
2000 Remote Access Server, you would select the compatible option (Figure
0096).
Figure 0096 : Set Forest Functional Level Screen

18. Click Next to continue.
19. On the Additional Domain Controller Options screen, note that both the DNS
server and the global catalog are selected as options. Active Directory Domain
Services requires DNS, and if not available on the network, DCPromo will give
you the option of installing it. Additionally, the first domain controller within a
domain is a global catalog server.
Figure 0097 : Additional Domain Controller Options Screen
Note : If you have dynamically assigned IP addresses, a warning will appear

indicating you must assign static IP addresses for both IPv4 and IPv6. Either
assign static IP addresses or click Yes; the computer will use a dynamically
assigned IP address and configure static IP addresses later. As a best practice,
domain controllers should use statically assigned IP addresses.
Click Next to continue (Figure 0097).

20. If this server is on an isolated network without other DNS servers, a warning
dialog box will appear indicating that a delegation for this DNS server can‟t be
created and other hosts may not be able to communicate with your domain from
outside the domain. This is normal when installing DNS for the first domain
controller in a forest.
Click Yes to continue (Figure 0098).
Figure 0098 : Warning Dialog Box
21. On the Location for Database, Log Files, and SYSVOL screen, accept the
defaults.
Figure 0099 : Location for Database, Log Files, and SYSVOL Screen

22. On the Directory Services Restore Mode Administrator Password screen, enter
@xercisE in both the Password and Confirm password boxes. This password is
needed if you need to restore Active Directory Domain Services. On a production
domain controller, a more secure password would be required.
Figure 0100 : Directory Services Restore Mode Administrator Password Screen
23. On the Summary screen, review your selections, and click Next (Figure 0101).
Active Directory Domain Services will be installed.
Figure 0101 : Summary Screen

24. After a few minutes, the wizard will complete (Figure 0102).
Figure 0102 : AD Installation Progress
25. If a warning message appeared same as below, just click OK. This message
appeared because we already created the DNS zone before (Figure 0103).
Figure 0103 : Warning Message
26. On the Completion screen, click Finish (Figure 0104).
Figure 0104 : Completion Screen

27. On the Active Directory Domain Services dialog box, click Restart Now (Figure
0105).
Once your system reboots, Active Directory Domain Services will be installed.
Figure 0105 : Restart Confirmation Screen
28. After restart, login your server as Administrator (Figure 0106).
Figure 0106 : Login

EXERCISE 4.3
Recheck Network Configuration
Now you need to recheck your network configuration because sometime after
installing Active Directory Domain Services, the network configurations change to
29. Launch Network and Sharing Center. Click Start ► Right click Network ►
Properties (Figure 0107).
Figure 0107 : Network Properties

30. Under myserver.com (Domain network), click View status (Figure 0108).
Figure 0108 : View Network Status
31. Click Properties button to open Local Area Connection Properties (Figure 0109).
Figure 0109 : Local Area Connection Status

32. Select Internet Protocol Version 4 (TCP/IPv4), and click Properties button
(Figure 0110).
Figure 0111 : Internet Protocol Version 4 (TCP/IPv4) Properties

33. Check your network configurations; make sure the configurations correct (Figure
0112).
Figure 0112 : Network Configurations
34. Now click the Advanced button (Figure 0112).
35. Select the DNS tab (Figure 0113).
36. Specify myserver.com as the DNS suffix for this connection (Figure 0113).
37. Tick Use this connection’s DNS suffix in DNS registration box (Figure 0113).
39. Click OK again.

Figure 0113 : Advanced TCP/IP Setting
40. Close all remaining windows.
Summary
Windows Server 2008 brings a lot of new features and benefits that will drive a
lot of migrations to the new operating system. This chapter presented many of these
new additions.
One of the significant benefits of Windows Server 2008 is virtualization. Three

editions (Windows Server 2008 Standard with Hyper-V, Windows Server 2008
Enterprise with Hyper-V, and Windows Server 2008 Datacenter with Hyper-V) support
virtualization.
Each edition can be purchased with or without Hyper-V, which is the technology
that supports virtualization. The Standard edition supports one virtual server, the
Enterprise edition supports as many as four virtual servers, and the Datacenter edition
supports an unlimited number of virtual servers. Virtualization is supported only on 64-bit
operating systems.
In this chapter, you learned about the new features of Windows Server 2008.
These included Server Manager, Server Core, PowerShell, Windows Deployment
Services, and read-only domain controllers.
Exercises led you through the process of installing Windows Server 2008 on a
PC. After reviewing many of the basics of Active Directory Domain Services, you learned
how to promote the server to a domain controller.

Exercise 5
Creating
Organization Units
And Users

Exercise 5 : Creating Organizational Units And Users
In this section, you‟ll use active directory to view the default settings that apply to user
accounts when they are created. These settings can be overridden for a particular user,
a group of users, or all users.
You will create a number of organizational units. An OU acts as a container that holds
objects such as users.
Creating Organization Units

In the following exercise, you will create some organizational units that will act as
containers for some users. These organizational units model the departments within a
small organization.
EXERCISE 5.1
Creating Organization Units
1. Logon server as administrator.
2. Launch Active Directory Users and Computers. Click Start ► Administrative

Tools ► Active Directory Users and Computers (Figure 0114)
Figure 0114 : Run Active Directory Users and Computers

3. Click on the myserver.com icon to select it (Figure 0115).
Figure 0115 : Expand Domain
4. On the menu bar, click Action, New, Organizational Unit (Figure 0116).
Figure 0116 : Create New Organization Unit

5. Enter Stkm as the name for the new organizational unit (Figure 0117).
6. Uncheck Protect container from accidental deletion (Figure 0117).
Figure 0117 : Create Organization Unit
8. Repeat step 3 to 7 to create the organizational units Sted and Sklr (Figure
0118).
Creating organizational units lets you place users directly into units and assign
permissions and rights based on these units. This leads to better administration
and delegation control than if you placed users directly into the user container.
When users move from one department to another, it is a simple matter to move
the user to the corresponding organizational unit. In this way, they inherit all the
new features and rights and of the new organizational unit, ensuring they have
full access to all the resources they are entitled to.

EXERCISE 5.2
Creating Users within Organizational Units
For proper control, it is better to create users within an OU rather than the Users
container. In the following exercise you will create a number of users, modify
their
properties, and move them from one organizational unit to another.
9. Click the Stkm OU to highlight it (Figure 0119).
Figure 0119 : Stkm OU
Creating new user accounts for Zul

10. Right click Stkm and select New ► User from the menu (Figure 0120).
Figure 0120 : Stkm OU

11. Enter the following details for Zul (Figure 0121).
First Name Last Name Full Name User logon name

Zul Zcomby Zul Zcomby zul.zcomby
Figure 0121 : Create New User
12. Click Next.

13. Enter the password as comby. Check the boxes “User cannot change password”
and “Password never expires”, then click Next (Figure 0122).
Figure 0122 : Create Password

14. Click Finish to create the new user Zul (Figure 0123).
Figure 0123 : New User Account Confirmation
15. The warning below will appear. This warning appears because your password
does not meet the password policy requirements. Click OK to continue (Figure
0124).
Figure 0124 : Password Policy Warning
16. Click Cancel to close new user account confirmation window (Figure 0125).
Figure 0125 : New User Account Confirmation

EXERCISE 5.2.1
Configuring Password Policy
17. To disable password policy requirements; launch Group Policy Management.

Click Start ► Administrative Tools ► Group Policy Management (Figure 0126)
Figure 0126 : Launch Group Policy Management

18. Double click to expand Forest: myserver.com.
19. Expand Domains.

20. Expand myserver.com.
21. Click Default Domain Policy (Figure 0127).
Figure 0127 : Group Policy Management
22. If any warning box appeared; just click OK (Figure 0128).
Figure 0128 : Group Policy Management Console Warning

23. Right click Default Domain Policy and select Edit (Figure 0129).
Figure 0129 : Group Policy Management – Default Domain Policy
24. Double click to expand Policies (Figure 0130).
25. Expand Windows Settings.
26. Expand Security Settings (Figure 0130).
Figure 0130 : Group Policy Management – Security Settings

27. Double click to expand Account Policies (Figure 0131).
Figure 0131 : Group Policy Management – Password Policy
28. Click Password Policy (Figure 0132).
29. Double click Password must meet complexity requirements under Password
Policy to open Password must meet complexity requirements Properties.
Figure 0132 : Group Policy Management - Password Must Meet Complexity Requirements

30. Select Disabled under Security Policy Setting tab (Figure 0133).
Figure 0133 : Password Must Meet Complexity Requirements

Properties
31. Click OK.
32. Double click Minimum password length under Password Policy to open
Minimum password length Properties (Figure 0134).
Figure 0134 : Group Policy Management - Minimum Password

Length

33. Set No password required to 0 characters (Figure 0135).
Figure 0135 : Minimum Password Length Properties
34. Click OK.
35. Recheck your configuration. Your configuration should be same as figure below
(Figure 0136).
Figure 0136 : Group Policy Management - Password Policy
36. Close all windows and RESTART your server.
After restarting server, login as Administrator and start create user Zul Zcomby
again (follow step 10 to 14). There should be no problem anymore.

Creating Users within Organizational Units (EXERCISE 5.2 - Continue)
37. Now create the new user Ocah in the Stkm OU using the following properties
(Figure 0137).
First Name Ocah

Last Name Blue
Full Name Ocah Blue
Password ocah
User cannot change password
Password never expires
Figure 0137 : Ocah Blue Properties
38. Create the following user account in the Sted OU (Figure 0138).
First Name Ahmad

Last Name Akmal
Full Name Ahmad Akmal
User logon name zul.akmal
Password akmal
Figure 0138 : Ahmad Akmal Properties
39. Create the following user account in the Sklr OU.
First Name Ain

Last Name Syahmi
Full Name Ain Syahmi
User logon name ain.syahmi
Password ain
Figure 0139 : Ain Syahmi Properties

First Name Ali
Last Name Uddin
Full Name Aliuddin
User logon name ali.zul
Password ali
Figure 0140 : Aliuddin Properties
First Name Wan

Last Name Saad
Full Name Md Saad
User logon name wan.saad
Password masuri
User must change password at next logon
Account is disabled
Figure 0141 : Md Saad Properties
40. Note the down arrow that appears on the icon for the user Md Saad,
indicating this account has been disabled (Figure 0142).
Figure 0142 : AD Users and Computers – User Disabled

EXERCISE 5.3
Moving Users within Organizational Units
41. It is easy to delete, rename or move a user from an organization unit. In

the
above exercise the user Md Saad was inadvertently placed in the wrong
OU.
Right-click the user Md Saad and select move from the list (Figure
0143).
Figure 0143 : Move Users
42. Click Stkm as the destination OU (Figure 0144).
Figure 0144 : Move Users – Stkm OU
43. Click OK

44. Expand the Stkm OU to confirm that the user Md Saad is now a member of Stkm
OU (Figure 0145).
Figure 0145 : Stkm OU Members
You have now created a number of users within the organizational units created
earlier. At this stage, you cannot see the benefits of doing this. However, the later
exercises will start to illustrate why this has been done, by allocating resources to
organizational units.
Thus, a user will get access to a resource based on their OU membership

properties. If a user moves from one organizational unit to another, they will
inherit all the resources associated with the new OU.

EXERCISE 5.4
Updating User Information
In this exercise we will look at default user properties such as logon times and how often
they need to change their passwords.
Active Directory allows organizations to store significantly more information than in

previous versions of Windows. For example, you can store telephone and office
information in the Active Directory with the user information.
45. Double click the user Md Saad in the Stkm OU (Figure 0146).
Figure 0146 : User Properties
46. Enter the following details (Figure 0147).
Office 012-5740157
Telephone Number md.saad@myserver.com
E-Mail
Job Title (Organization) Senior Instructor
Department Computer Technology Figure 0147 :
Company IKM User Details

Figure 0148 : Md Saad Properties - General
Figure 0149 : Md Saad Properties - Organization
47. Click OK to apply the changes.

EXERCISE 5.5
Restrict User Logon Hours
48. Double click the user Md Saad in the Stkm OU (Figure 0150).
Figure 0150 : Md Saad Properties

49. Click Account tab (Figure 0151).
Figure 0151 : Md Saad Properties - Account

50. Click the Logon Hours button (Figure 0152).
Figure 0152 : Logon Hours
51. Select all areas and click Logon Denied (Figure 0153).
Figure 0153 : Logon Hours for Md Saad – Logon Denied
Restrict the logon hours (under Account Tab) to Monday-Friday, 8am-5pm.

52. Select the areas Monday to Friday and 8am to 5pm (Figure 0154).
Figure 0154 : Logon Hours for Md Saad – Select Areas

53. Select Logon Permitted (Figure 0155).
Figure 0155 : Logon Hours for Md Saad – Set Logon Permitted
54. Click the OK button.

55. Click the OK button again.
In the above exercise you assigned some organizational information to a

user.
You also explored some of the properties that can be applied.

Exercise 6
Configuring Client
Computer
97

Exercise 6 : Configuring a Client Computer
In this section you will configure Windows XP Professional on the other computer that
will be part of your network. This computer will act as a client computer that users of
your network can use to access shared resources such as files, software and printers.
Make sure that the Windows Server 2008 previously installed is running.
Please refer to the following table for client configuration.
Name of This Computer clientxpSN
Name of Organization IKM
Role of This Computer Client Workstation
Name of Installer
same domain name as you did for the Server
Domain Name
192.168.2.SN
TCP/IP Address
TCP/IP Subnet mask 255.255.255.0
TCP/IP Gateway 192.168.2.ServerNumber
Preferred DNS server 192.168.2.ServerNumber
Note : SN = Station Number
Use the same domain name as you did for the Server.

EXERCISE 6.1
Network Setting (Windows XP)
1. Run Network Connections application program. Click Start ► All

Programs
►Accessories ►Communications ►Network Connections (Figure 0156).
Figure 0156 : Run Network Connections
2. Right click Local Area Connection (Figure 0157).
Figure 0157 : Local Area Connection
3. Select Properties (Figure 0157).

4. Double click Internet Protocol (TCP/IP) (Figure 0157).
5. Now set your client (Windows XP) IP address, and ensure that you are using a
static IP address. For this exercise, I‟m using number 61 as my Windows XP
client station number (Figure 0159).
Use the following IP address:
IP address : 192.168.2.SN (client station number)

Subnet mask : 255.255.255.0
Default gateway : 192.168.2.ServerNumber (server IP address)
Use the following DNS server address:
Preferred DNS server : 192 . 168 . 2 . ServerNumber (1stserver IP address)

Alternate DNS server : ___ . ___ . ___ . ___ (2ndserver IP address)

Figure 0159 : Internet Protocol (TCP/IP) Properties
7. Click the “OK” button (Figure 0159).
8. Click “OK” button (Figure 0160) and close all remaining windows.

EXERCISE 6.2
Joining Domain (Windows XP client)
9. Click Start ►Right-click My Computer (Figure 0161).
Figure 0161 : My Computer
10. Select Properties. (Figure 0162).
Figure 0162 : My Computer - Properties

11. Click the Computer Name tab, and then click Change. (Figure 0163).
12. Click the More button. (Figure 0164).
Figure 0164 : Computer Name Changes - Workgroup

13. Specify yourdomain.com as the Primary DNS Suffix for This Computer (Figure
0165).
Figure 0165 : DNS Suffix and NetBIOS Computer Name
15. Change Computer Name to clientxpSN (Figure 0166).
16. Select "Member of ....... Domain" and enter the name of your Domain (Figure 0166).
Figure 0166 : Computer Name Changes - Domain

104

18. Now Domain Server will prompt you for Username and Password. Enter any
username and password you have created before. (Figure 0167).
Figure 0167 : Join Domain Verification
19. If you get this welcome message : Windows : "Computer Name Changes" -
Welcome to the ....... domain"; it means you are successfully joining a domain.
(Figure 0168).
Figure 0168 : Domain Welcome Message
20. Since joining a domain is a major change in the security configuration of your
system, you will be reminded that you have to restart your system. Click OK
(Figure 0169).
Figure 0169 : Restart Reminder

21. You will be back in the System Properties, where you are now listed as being
part of a domain (Figure 0170).
Figure 0170 : System Properties – Computer Name
22. Click OK to close the remaining dialog boxes (Figure 0170).
23. Click YES to restart the computer. (Figure 0171).
Figure 0171 : Restart Confirmation

Exercise 7
Viewing Computer
In Active Directory

Exercise 7 : Viewing Computer In Active Directory
In this section you will use Active Directory Users and Computers to view information for
computers and servers.
When a client workstation is installed using Windows XP Professional or Windows 2000

Professional or Windows Vista or Windows 7, it has its own accounts database and
rights. When that client computer joins a domain or Windows Server 2008 network, this
means that the domain wide accounts are available for use at the workstation. When a
user logs on using the client computer, any policies are applied to the client computer.
Client workstations running Windows XP Professional have their own local accounts
database. This means it is possible for an administrator on the workstation to create a
local workstation account, which is not the same as the domain account, and allow
users to logon to the local computer rather than the domain.
Currently, you should have the Windows Server 2008 and a Windows XP Professional
client workstation running.
Log on as administrator to the Windows Server 2008.
EXERCISE 7.1
Viewing Computers and Servers in Active Directory
In this exercise, you will use Active Directory Users and Computers to view the
workstations and servers in the domain.
1. Log on the Windows Server 2008 as administrator.


Figure 0172 : Launch Active Directory Users and Computers
3. Expand the domain icon (Figure 0173).
Figure 0173 : AD – myserver.com

4. Click on the Computers folder from the list (Figure 0174).
Figure 0174 : AD – Computers
You can see CLIENTXP61 listed under Computer folder.
5. Double-click on the CLIENTXP61 to display its properties (Figure 0175).
Figure 0175 : CLIENTXP61 Properties
Now you can see the general information about CLIENTXP61 including it DNS
name and it role.

6. Click on the Operating System tab (Figure 0176).
Figure 0176 : CLIENTXP61 Properties - Operating System
Here you can find information about Operating System, version and service pack
using by client.
7. Click OK to close the properties box.
8. Click on the Domain Controllers folder under myserver.com (Figure 0177)
Figure 0177 : AD - Domain Controllers

9. Double-click on the domain controllers to display its properties (Figure 0178).
Figure 0178 : SERVER21 Properties
10. Click on the Operating System tab (Figure 0179.)
Figure 0179 : SERVER21 Properties - Operating System
Here you can find information about Operating System, version and service pack
using by server.
11. Click OK to close the properties box and close all remaining dialog box.
In this exercise you viewed properties of workstations and servers in your

network using Active Directory.

EXERCISE 7.2
Using the Local Workstation Account
In this exercise you will log on the Windows XP Professional workstation using a local
administrator account.
12. Logon the Windows XP Professional as administrator (Figure 0180).
Figure 0180 : Log on to Windows XP
13. Logoff the client computer. Click Start ► Shutdown and select Logoff
Administrator (Figure 0181).
Figure 0181 : Log off Windows XP

Figure 0182 : Log off Windows XP Administrator
EXERCISE 7.3
Using Domain wide account at the client computer
In this exercise you will log on the client computer using a domain account.
15. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0183).
Figure 0183 : Windows XP Logon

16. Log on the Windows XP Professional as zul.zcomby and comby as password
(Figure 0184).
17. Click OK.
18. You will receive a Logon Message. Why? (Figure 0185)
Because zul.zcomby not created on the local client account, it was created in the
server active directory account.
Just now, you were tried to logon to the client using active directory user account.
Figure 0185 : Logon Message
19. Click OK to dismiss the dialog box.

20. Now, look at the logon box. There is an extra field displayed, called Logon to:
(Figure 0186).
21. Click the Logon to: box, and select MYSERVER (Figure 0187)
Figure 0187 : Log on to server

22. Enter the same user credentials as previously (Figure 0188).
Figure 0188 : Log on to server using client workstation
23. Click OK.
What happened? Could you log on? It should be no problem.
24. Log off the client computer. But leave it running Windows XP Professional (do
not shut the computer down yet).
25. If you are currently logged in to the Windows Server 2008, log off.
26. Attemp to log on to the server as zul.zcomby.
26.1. Click Switch User button (Figure 0189).
Figure 0189 : Switch User button
26.2. Click Other User button (Figure 0190).
Figure 0190 : Other User button

26.3. Enter user as zul.zcomby and password as comby (Figure 0191).
Figure 0191 : Logon to server using user account
26.4. Press ENTER.
27. What happened? Could you log on?
A error message appeared (Figure 0192).
Figure 0192 : Logon Error Message
Why?
Because the user account you are using to login into server do not have
permission to login into server directly.
28. Click OK.
29. Logon to the server as administrator.

Tools ► Active Directory Users and Computers (Figure 0193).
31. Click on the Stkm Organizational Unit (Figure 0194).
Figure 0194 : Active Directory Users and Computers - Stkm

32. Double-click on the user Zul Zcomby to display the properties box (Figure 0195).
Figure 0195 : Zul Zcomby Properties
33. Click the Member Of tab (Figure 0196).
Figure 0196 : Zul Zcomby Properties - Member Of

34. Click Add… button (Figure 0197).
Figure 0197 : Add Button
35. Click Advanced button (Figure 0198).
Figure 0198 : Select Groups
36. Click Find Now button (Figure 0199).
Figure 0199 : Select Groups - Advanced

37. Double-click Server Operators from the list (Figure 0200).
Figure 0200 : Select Groups – Find Now
38. Click OK.
Figure 0201 : Select Groups

Figure 0202 : Zul Zcomby Properties - Member Of
41. Log off server. Click Start ► Log Off (Figure 0203).
Figure 0203 : Log Off Server
42.1. Press Ctrl + Alt + Del.

42.4. Enter user as zul.zcomby and password as comby (Figure

0206).
42.5. Press ENTER.
What happened? Could you log on? It should be no problem.
Summary
Servers do not allow normal users to logon locally. Servers run the network and provide
resources, which users connect to remotely across a network. Servers are not designed
to have users physically sitting at their keyboards trying to log on and run programs.
Users actually logon to a client computer in the network and access resources using a
network connection.
Client computers running Windows XP Professional have their own accounts database.

Exercise 8
Delegating
Management Of
Users

Exercise 8 : Delegating Management Of Users
In this exercise you will create new local groups and look at assigning managers to
users and organizational units.
EXERCISE 8.1
DelegatingControl
In this portion of the exercise you will make zul.zcomby a manager of the Stkm
organizational unit. Once he is a manager, he will be able to modify user accounts within
the Stkm OU.
1. Log on the Windows Server 2008 as administrator.


Figure 0208 : AD – myserver.com
4. Right click the Stkm OU and select Delegate Control (Figure 0209).
Figure 0209 : AD – Stkm
5. This starts the Delegation of Control Wizard (Figure 0210).
Figure 0210: Delegation of Control Wizard

6. Click Next (Figure 0210).
7. Click the Add… button (Figure 0211).
Figure 0211: Delegation of Control Wizard – Users or Groups
8. Click the Advanced… button (Figure 0212).
Figure 0212: Select Users, Computers, or Groups

9. Click the Find Now button (Figure 0213).
Figure 0213: Select Users, Computers, or Groups – Advanced
10. Select Zul Zcomby account (Figure 0214).
Figure 0214: Select Users, Computers, or Groups – Find Now

Figure 0215: Select Users, Computers, or Groups – User Added
Figure 0216: Delegation of Control Wizard – Users Added

14. Delegate the following tasks as illustrated (Figure 0217).
Figure 0217: Task to Delegate
16. Click Finish (Figure 0218).
Figure 0218: Delegation of Control Wizard – Finish

17. Log off server. Click Start ► Log Off (Figure 0219).
Figure 0219 : Log Off Server

EXERCISE 8.2
Managing Users
In this portion of the exercise you will log on to server as zul.zcomby and attempt to
manage users.
18.5. Press ENTER.

1
3
3

Figure 0223: Launch Active Directory Users and Computers
20. You will be asked to reenter your password for security measure. Just reenter
password for zul.zcomby (Figure 0224).
Figure 0224: User Account Control Permission

Figure 0225: Active Directory Users and Computers - Domain
22. Click on the Stkm OU (Figure 0226).
Figure 0226: Active Directory Users and Computers - Stkm
23. Double-click the user Ocah Blue (Figure 0227).
Figure 0227: Active Directory Users and Computers – User

24. Click the Account tab (Figure 0228).
Figure 0228: Ocah Blue Properties
25. Click the Logon Hours… button (Figure 0229).
Figure 0229: Logon Hours button

26. Select all areas and click Logon Denied (Figure 0230).
Figure 0230 : Logon Hours for Ocah Blue – Logon Denied
Change Ocah’s the logon hours (under Account Tab) to Monday-Friday,

8am-
5pm.
27. Select the areas Monday to Friday and 8am to 5pm (Figure 0231).
Figure 0231 : Logon Hours for Ocah Blue – Select Areas

28. Select Logon Permitted (Figure 0232).
Figure 0232 : Logon Hours for Ocah Blue – Set Logon Permitted
29. Click OK.

30. Click OK again.
31. Click the Sklr OU (Figure 0233).
Figure 0233: Active Directory Users and Computers – Sklr

32. Double-click Ain Syahmi user account to display the properties of this user
(Figure 0234).
Figure 0234: Active Directory Users and Computers – User
33. Attemp to change the logon hours of this user. Click Account tab (Figure 0235).
Figure 0235: Ain Syahmi Properties

34. Click the Logon Hours… button (Figure 0236).
Figure 0236: Logon Hours Button
35. A warning message will be displayed (Figure 0237).
Why do you think you are not able to modify this account?
Figure 0237: AD Error Message
Because Zul Zcomby only have permission to modify user under Stkm OU only.
He only have read permissioin for other OU‟s.
36. Click OK to close the message (Figure 0237).
37. Close all remaining windows except Active Directory Users and Computers.
38. Click the Stkm OU (Figure 0238).
Figure 0238: Active Directory Users and Computers – Stkm

39. Right-click Ocah Blue account and select Reset Password… from the list
(Figure 0239).
Figure 0239: AD – Ocah Blue – Reset Password
This display a reset password box that will allow the password to be changed.
40. Click Cancel (Figure 0240).
Figure 0240: Reset Password
42. Log off the server.
In the above exercise you delegated control of an Organizational Unit to a user. You
then modified account details of users belonging to that OU as the designated
manager of the OU.
Delegating control of users using the delegation control wizard is simple. When
control of users and groups is delegated, administrators can be relieved of simple
administrative tasks such as resetting passwords and modification of user accounts.

Exercise 9
Exploring Group
Scopes and Types

Exercise 9 : Exploring Group Scopes and Types
EXERCISE 9.1
Exploring Group Scopes and Types
In the following exercise you will create a number of groups. These groups will be used
to demonstrate group scope. From the notes, group scope determines who can be a
member and where that group can be used in the enterprise.
Group Scope
Type
Local User accounts, Global groups and Universal groups from any domain in the
forest, as well as local groups from the same domain.
Global User accounts and global groups from the same domain.
Universal User accounts, global groups and universal groups from any domain in the
forest.
The recommended strategy for using groups in Windows Server 2008 is to use both
global and domain local groups. Place users into global groups and then place the global
groups into domain local groups and assign permissions to the domain local groups.
Global groups have access to accounts in the local domain. Where the enterprise
consists of more than one domain, local groups allow the use of accounts across all the
domains. Where the enterprise has combined a number of domains into a forest,
Universal groups provide access to any accounts in the forest.
1. Log on server as Administrator (Figure 0241).
Figure 0241 : Administrator Login

3. Right-click the domain icon and select New - Group from the list (Figure 0243).
Figure 0243 : Active Directory Users and Computers – New Group

4. Create a global group called Technical Support (Figure 0244).
4.1 Key-in Technical Support in the Group name: box

4.2 Verify Group scope set to Global.
4.3 Verify the Group type is set to Security.
Figure 0244 : New Object - Group
6. Add Ali Uddin as a member of Technical Support.
6.1 Double-click Technical Support (Figure 0245).
Figure 0245 : Active Directory Users and Computers – Technical

Support

6.2 Click Members tab (Figure 0246).
Figure 0246 : Technical Support Properties
6.3 Click Add … button (Figure 0247).
Figure 0247 : Add button
6.4 Click Advanced … button (Figure 0248).
Figure 0248 : Select Users, Contacts, Computers, or Group box

6.5 Click Find Now button (Figure 0249).
Figure 0249 : Select Users, Contacts, Computers, or Group -

Advanced
6.6 Select Ali Uddin user account (Figure 0250).

ntacts, Computers, or Group – Find Now

6.7 Cick OK (Figure 0250).
Figure 0251 : Select Users, Contacts, Computers, or Group

7. Create a new Domain Local group called Intranet Users (Figure 0253).
7.1. Right-click the domain icon and select New - Group from the list (Figure
0253).
Figure 0253 : Active Directory Users and Computers – New Group
7.2. Key-in Intranet Users in the Group name: box (Figure 0254).
7.3. Verify Group scope set to Domain Local (Figure 0254).
7.4. Verify the Group type is set to Security (Figure 0254).
Figure 0254 : New Object - Group
7.5. Click OK (Figure 0254).

8 Double-click Intranet Users (Figure 0255).
Figure 0255: Active Directory Users and Computers
9 Add the Intranet Users group as a Member Of Technical Support.
9.1. Click Member Of tab (Figure 0256).
Figure 0256 : Intranet Users Properties
9.2. Click Add … button (Figure 0257).

9.3. Click Advanced … button (Figure 0258).
Figure 0258 : Select Groups - Add
9.4. Click Find Now button (Figure 0259).

9.5. Select Technical Support. What happened? (Figure 0260).
Figure 0260 : Select Groups – Search Results
Can you find Technical Support? Why do you think this

happened?
9.6. Close all windows except Active Directory Users and Computers.
10 Now try adding the Technical Support group as a Member Of Intranet

Users.
10.1. Double-click Technical Support group (Figure 0261).

ers - Technical Support

10.2. Click Member Of tab (Figure 0262).
10.3. Click Add … button (Figure 0263)
10.4. Click Advanced … button (Figure 0264)
Figure 0264 : Select Groups - Add

10.5. Click Find Now button (Figure 0265)
10.6. Select Intranet Users and click OK button (Figure 0266).
Figure 0266 : Select Groups – Search Result
What happened?
10.7. Click OK button (Figure 0267).
Figure 0267 : Select Groups – Intranet Users Group Added
Can you add the Technical Support group as a Member Of Intranet

Users?
Why do you think this is so?
11 Click OK button (Figure 0268).
Figure 0268 : Technical Support Properties – Member Of Intranet Users
12 Log off Administrator.
Summary
Windows Server 2008 running in native mode supports the use of different group types.
Global groups have access to user accounts and other global groups in the same
domain. Local groups allow you to access accounts outside the current domain, and
universal groups provide access across organizations (forests).

Exercise 10
Creating And
Applying Group
Policies

Exercise 10 : Creating And Applying Group Policies
In this exercise you will create a new group policy and apply it to users within an
organizational unit.
Group Policies
Group policies are settings or configurations that can be applied to users, groups,
organizational units and domains. An administrator can create a group policy that
configures the computer or user settings, such as menu and desktop settings, folder
locations and default password settings.
Windows NT 4 and Windows 98 introduced system policies. Windows 2000, 2003 and
2008 extends these further using group policies.
EXERCISE 10.1
Creating a Group Policy

2. Launch Group Policy Management. Click Start ► Administrative Tools ►
Group Policy Management (Figure 0270).
3. Expand the Forest (Figure 0271).
Figure 0271 : Group Policy Management - Forest

4. Expand the Domains (Figure 0272).
Figure 0272 : Group Policy Management – Domains
5. Expand your domain.com (Figure 0273).
Figure 0273 : Group Policy Management – myserver.com
Now, you will create a new group policy for the Stkm OU. This new policy will apply to all
members of the Stkm OU though in another exercise that follows, you will override this.
6. Right-click the Stkm OU and select the Create a GPO in this domain, and
Link it here… (Figure 0274).
Figure 0274 : Group Policy Management – Create new GPO

7. Rename the policy as STKM Group Policy (Figure 0275).
Figure 0275 : Create New GPO
8. Click OK to continue (Figure 0275).
9. Right-click the STKM Group Policy and select Edit (Figure 0276).
10. The group policy editor allows you to specify user and computer settings. In the
following steps, you will change some of these settings (Figure 0277).
Figure 0277 : Group Policy Management Editor

11. Expand User Configuration (Figure 0278).
Figure 0278 : Group Policy Management Editor – User Configuration
12. Expand the Policies folder (Figure 0279).
Figure 0279 : Group Policy Management Editor – Policies
13. Expand the Administrative Templates folder (Figure 0280).
Figure 0280 : Group Policy Management Editor – Administrative Templates
14. Click the Start Menu and Taskbar folder (Figure 0281).
Figure 0281 : Group Policy Management Editor – Start Menu and Taskbar

15. A large list of selections is available. Double click the option Add Logoff to the
Start Menu (Figure 0282).
Figure 0282 : Group Policy Management Editor – Add Logoff to the Start Menu
16. The Add Logoff to the Start Menu Properties appears. Click the Disabled button
to disable this setting (Figure 0283).
Figure 0283 : Add Logoff to the Start Menu Properties
17. Click OK to apply setting (Figure 0283).
18. The setting now displays as Disabled in the Group Policy Editor (Figure 0284).
Figure 0284 : Add Logoff to the Start Menu – Disabled

19. Configure the following settings.
Remove Run menu from Start Menu – Enabled
Remove Clock from the system notification area – Enabled
Desktop\Desktop\Enable Active Desktop – Enabled
Desktop Wallpaper – Enabled
Wallpaper Name : C:\WINDOWS\Web\Wallpaper\Autumn.jpg
Wallpaper Style : Stretch
(This uses wallpaper from the Windows XP Pro installed on C drive of client PC)
20. Close the group policy editor.
21. Refresh the Group Policy Management. On the Menubar; click Action ► Refresh
(Figure 0285).
Figure 0285 : Group Policy Management – Refresh
22. Close the Group Policy Management windows.

Update Group Policy
23. Launch the Run application. Click Start ► Run… (Figure 0286).
Figure 0286 : Launch the Run Application
24. Key-in gpupdate in the Open : box (Figure 0287).
Figure 0287 : Run Windows
25. Click OK to run the gpupdate (Figure 0288).
Figure 0288 : Updating Policy

EXERCISE 10.2
Test the Group Policy
The group policy has been applied to members of the Stkm Organizational Unit. There
are two members; Zul Zcomby and Ocah Blue. You will now test this policy to see if it
works.
27. Log on the server as zul.zcomby.
27.5. Press ENTER.

28. Do you have the RUN command on the Start Menu?
YES / NO
29. Do you have Clock on the system notification area?
YES / NO
Now verify that the settings are also applied to the client computer. Log on to the
Client computer as ocah.blue.
31. Log on the client computer as ocah.blue and ocah as password (Figure 0293).
Figure 0293 : Log On To Server Using Client Workstation
166

32. Do you have the RUN command on the Start Menu?
YES / NO
33. Do you have Clock on the system notification area?
YES / NO
34. Were the wallpaper displayed on the client computer?
YES / NO
35. All the group policy setting should be applied (Figure 0294).
Figure 0294 : Client Computer – Ocah Blue
36. Log off the client computer.
37. Log off the Server.

Log on to client computer as zul.akmal
39. Log on the Windows XP Professional as zul.akmal and akmal as password

(Figure 0296).
40. Were the group policy setting applied?

YES / NO
41. If not, why do you think this is so?

Because zul.akmal not a member of the Stkm OU. The group policy applied only
to the members of the Stkm OU.

EXERCISE 10.3
Disabling The Group Policy
In this exercise you will disable the group policy of Stkm OU.



You are now going to disable the policy of Stkm OU. This is a better option than
removing the policy, as if you decide to re-implement the policy at a later date, it will still
be there.
48. Expand the Stkm OU (Figure 0302).
Figure 0302 : Group Policy Management – Stkm
49. Click the Stkm Group Policy (Figure 0303).
Figure 0303 : Group Policy Management – STKM Group Policy
50. A warning box appears. The Group Policy Management remind you that you
have selected a link to a GPO and changes you make will impact all other
locations linked with the GPO (Figure 0304).
Figure 0304 : Group Policy Management Console – Warning
51. Click OK to continue (Figure 0304).

52. Right-click the Stkm Group Policy and select Link Enabled (Figure 0305).
Figure 0305 : STKM Group Policy – Details
53. Now you can see under Link Enabled; the status Yes have changed to No
(Figure 0306).
Figure 0306 : STKM Group Policy – GPO Status
54. Close the Group Policy Management windows.

Update Group Policy
Figure 0308 : Run Windows

Now verify that the group policy is disabled. Log on to the Client computer as
zul.zcomby.
60. Log on the Windows XP as zul.zcomby and comby as password (Figure 0311).
61. Were the policies now disabled?

YES / NO
Summary
In this exercise you created a group policy and applied it to an organizational unit.
Only a fraction of the available settings were explored. Applying a group policy is a
way of controlling security and configuring groups of users with common settings.
This can help reduce the cost of ownership and the level of administrator support by
restricting what users can do or change on their computers.

Exercise 11
Creating And
Sharing Resources

Exercise 11 : Creating And Sharing Resources
One important aspect of a Windows Domain is the ability to share applications, files,
printers and other resources on the network. Resources created on Windows Server
computers are available to all users in the domain, and it is a simple administration task
to allocate permissions to users.
Preliminary Setup
Add zul.akmal, ocah.blue and ain.syahmi to the Intranet Users group.


3. Click myserver.com (your domain.com) and double-click the Intranet Users
group from the list (Figure 0314).
Figure 0314 : Active Directory Users and Computers – Intranet Users Group
4. Click the Members tab (Figure 0315).
Figure 0315 : Active Directory Users and Computers – Intranet Users Properties
5. Add Ocah Blue as a member of Intranet Users.
5.1 Click Add … button (Figure 0316).
Figure 0316 : Add button

5.2 Click Advanced … button (Figure 0317).
Figure 0317 : Select Users, Contacts, Computers, or Group box
5.3 Click Find Now button (Figure 0318).
Figure 0318 : Select Users, Contacts, Computers, or Group -

Advanced

5.4 Select Ocah Blue user account (Figure 0319).
Figure 0319 : Select Users, Contacts, Computers, or Group – Find

Now

5.7 You can see Ocah Blue is added as a member of Intranet Users group
(Figure 0321).
Figure 0321 : Intranet Users Properties
6. Now repeat steps 5 to add zul.akmal and ain.syahmi as a member of Intranet

Users group.
7. After finish adding the entire user to Intranet Users group, your Intranet Users
properties should be same as figure below (Figure 0322).
Figure 0322 : Active Directory Users and Computers – Intranet Users Properties
8. Cick OK to finish added members to Intranet Users group (Figure 0322).

EXERCISE 11.1
Creating and Sharing a Resource Using Windows Explorer
In this exercise, you will use Windows Explorer to create a folder and verify the NTFS file
permissions. The folder will then be shared and permissions assigned. You will then
access this shared resource from the client computer.
1. Log on to the server as Administrator (Figure 0323).
2. Launch Windows Explorer. Click Start ► Right-click Computer ► select Explore

(Figure 0324).
Figure 0324 : Launch Windows Explorer

3. Access D: drive (Figure 0325).
(Make sure your D drive are NTFS formatted. If not, you have to convert or
format it to NTFS)
Figure 0325 : Windows Explorer – D Drive
4. Create a folder named tempSN (SN represents you‟re Station Number).
In previous exercise I use number 21 as my Station Number. So in this exercise

my folder named will be temp21.
4.1. Right-click D drive ► select New ► Folder (Figure 0326).
Figure 0326 : Windows Explorer – Create New Folder

4.2. Rename the folder as temp21 (Figure 0327).
Figure 0327 : Rename Folder
5. Open the temp21 folder properties. Right-click temp21 folder ► select

Properties (Figure 0328).
Figure 0328 : Open the temp21 folder properties
6. Click the Security tab. A list of security permissions is displayed. Note that the
group Administrators is given Full Control access at the folder level (Figure
0329).
Figure 0329 : temp21 Folder Properties

When users access a folder across the network, both the share and NTFS
permission lists define the user permissions.
7. Click the Sharing tab (Figure 0330).
Figure 0330 : temp21 Folder Properties - Sharing
8. Click Advanced Sharing… button (Figure 0331).
Figure 0331 : Advanced Sharing… button
9. Enable the Share this folder option (Figure 0332).
Figure 0332 : Advanced Sharing

10. Specify the share name as Common (Figure 0333).
Figure 0333 : Advanced Sharing – Share name
11. Click the Permissions button (Figure 0334).
Figure 0334 : Permissions button
Now you will restrict permissions at the share level. Remember that user permissions
to a network resource are made up of the share permissions and the NTFS
permissions.
12. Remove the Everyone group.
12.1. Select the Everyone group from the list (Figure 0335).
Figure 0335 : Permissions for Common

12.2. Click the Remove button (Figure 0336).
Figure 0336 : Remove button
13. Click the Add… button (Figure 0337).
Figure 0337 : Add… button
14. Add the Tech Support group with permissions of Full Control.
14.1. Click the Advanced… button (Figure 0338).
Figure 0338 : Advanced… button
14.2. Click the Find Now button (Figure 0339).
Figure 0339 : Find Now button
14.3. Select the Technical Support from the list of Search results (Figure 0340).
Figure 0340 : Search Results
14.4. Click OK button (Figure 0340).

14.5. Click OK button to add Technical Support (Figure 0341).
14.6. Click the Full Control allow box to enable the Full Control permission
(Figure 0342).
Figure 0342 : Permission for Common – Full Control
15. Repeat steps 13 to 14 to add the Intranet Users group with Read permissions.
16. The share permissions should look like same as figure below (Figure 0343).
Figure 0343 : Permission for Common

17. Once you have set the permissions as describe, click OK button to close the
dialog box (Figure 0343).
18. Click OK to close the advanced sharing dialog box for folder temp21 (Figure 0344).
Figure 0344 : Advanced Sharing
19. Click Close button to close temp21 properties (Figure 0345).
Figure 0345 : temp21 Properties

20. In the Explorer window you will note a small double head icon on the
folder D:\temp21, which indicates the folder is now shared (Figure
0346).
Figure 0346 : Windows Explorer – temp21 Folder
22. Log on the client computer as ali.zul and ali as password (Figure
0347).

23. Launch My Computer. Start My Computer (Figure 0348).
Figure 0348 : Launch My Computer
24. Click the My Network Places (Figure 0349).

25. Click the Entire Network (Figure 0350).
Figure 0350 : Entire Network Link
26. Double-click the Microsoft Windows Network (Figure 0351).
Figure 0351 : Entire Network
27. Double-click the Myserver workgroup (Figure 0352).
Figure 0352 : Microsoft Windows Network

28. Double-click the Server21 and view the available resources (Figure 0353).
Figure 0353 : Myserver Workgroup
29. You should see the Common resource listed (Figure 0354).
Figure 0354 : Server21 Resources
30. Double-click the Common resources so that you are connected to it (Figure 0354).
31. A new window will open up and display the contents of the folder (it will be empty
as there are no files in the folder) (Figure 0355).
Figure 0355 : Common Folder on Server21

32. Attempt to create a new text file.
32.1. Right-click in the windows and select New Text Document (Figure 0356).
Figure 0356 : Create New Text Document
32.2. Could you create the file? YES / NO
32.3. Log off the client computer.
33. Log on the client computer as ocah.blue (Figure 0357).


36. Click the Entire Network (Figure 0360).
Figure 0360 : Entire Network Link
37. Double-click the Microsoft Windows Network (Figure 0361).
Figure 0361 : Entire Network
38. Double-click the Myserver workgroup (Figure 0362).
Figure 0362 : Microsoft Windows Network

39. Double-click the Server21 and view the available resources (Figure 0363).
Figure 0363 : Myserver Workgroup
40. You should see the Common resource listed (Figure 0364).
Figure 0364 : Server21 Resources
41. Double-click the Common resources so that you are connected to it (Figure 0364).
42. A new window will open up and display the contents of the folder (Figure 0365).
Figure 0365 : Common Folder on Server21

43. Attempt to create a new text file.
43.2. Could you create the file?
YES / NO
If NO, why do you think this happened?
Before we begin this exercise, we have done some preliminary setup.

We add mad.akmal, ocah.blue and ain.syahmi to the Intranet Users group
and we set permissions to the folder temp21 as Read only for Intranet
Users. But for Tech Support group, we set Full Control permissions.
In the earlier exercise, we add ali.zul as member of the Tech Support

group. That‟s why user ali.zul can create new text document in the
Common folder on the Server21.

EXERCISE 11.2
Creating Network Drive Mapping
Instead of using My Network Places, you can map a drive letter to the resource. This is
an alternative way of accessing the resource, but requires that you know the location of
the resource (you can use My Network Places to view the available resources, so you
don‟t really need to know the location)
45. Log on the client computer as ali.zul and ali as password (Figure 0367).
46. Launch Map Network Drive wizard.

Start right-click My Computer Map Network Drive… (Figure 0368).
Figure 0368 : Launch Map Network Drive Wizard

47. Select Z as drive and enter the location of the network resource in the Folder:
box (Figure 0369).
You must specify the name of the server and the share name.
In this exercise, it is \\Server21\Common.
Figure 0369 : Map Network Drive Wizard
48. Click Finish button to apply.
49. A new window will open up and display the contents of the Common folder
(Figure 0370).
Figure 0370 : Common Folder on „Server 21‟

50. Attempt to create a new test file (Figure 0371).
50.2. Could you create the file?
YES / NO

EXERCISE 11.3
Publishing a Shared Resource in Active Directory
One of the problems of publishing shares in the way you have just done (which is the
way they done in NT 4 or 98) is that you have to browse the network or know which
server the resource is located on in order to find it. This can be time-consuming and
frustrating for users.
Resources can be published in Active Directory, making them easy to find. In the next
exercise you will publish the resource into Active Directory.
52. Log on to the server as Administrator (Figure 0372).

54. Right-click domain (myserver.com) and select New ► Shared Folder (Figure 0374).
Figure 0374 : Launch Shared Folder Wizard
55. Enter the name as Common Files and the Network path as your server name
and share name – in this exercise it is \\Server21\Common (Figure 0375).
Figure 0375 : Shared Folder Wizard
56. Click OK button to finish.
57. The new shared folder appears in the right windows pane of Active Directory
(Figure 0376).
Figure 0376 : Active Directory Users and Computer

58. Close Active Directory Users and Computer windows.

EXERCISE 11.4
Locating a Shared Resource in Active Directory
Now that the shared folder is published in Active Directory, it is easy for users to locate
and connect to the resource.
59. Log on to the client computer as ocah.blue (Figure 0377).

62. Click the Search Active Directory (Figure 0380).
Figure 0380 : My Network Places

63. In the Find drop box, select Shared Folders and in the In drop box, select you
domain - myserver (Figure 0381).
Figure 0381 : Find Shared Folders
64. Click Find Now button (Figure 0382).
Figure 0382 : Find Now button
65. A list of shared folders available is displayed (Figure 0383).
Figure 0383 : Find Shared Folders – Find Now

66. Right-slick the Common Files shared folder from the list and select Map
Network Drive (Figure 0384).
Figure 0384 : Find Shared Folders - Map Network Drive
67. Select U as drive and enter the location of the network resource in the Folder:
box (Figure 0385).
Note how the location for the server share is filled in automatically.
Figure 0385 : Map Network Drive Wizard
68. Click Finish button to apply.

71. There are now one additional drive appears at the bottom (Figure
0387).

Summary
Permissions are assigned at the SHARE and at the File system level. By default,
Windows Server 2003 places every use created into the group EVERYONE, and, when
creating a new directory or share, automatically assigns rights to that resource so the
group EVERYONE can access it.
If you want to secure any resources by restricting access, you should ensure that the
appropriate permissions have been set at both the share and file system level.
Publishing shared folders in Active Directory simplifies the task of locating resources.

Exercise 12
Logon Scripts

Exercise 12 : Logon Scripts
In this exercise you will create logon and logoff scripts and apply these to users in an
organizational unit. You will specify a network home directory for users and arrange for
this directory to be mapped when the user logs on. Finally, you will specify disk space
restrictions for specific users.
EXERCISE 12.1
Logon Scripts
A logon script is a sequence of commands that executes when a user logs onto the
network.


6. Right-click the STKM Group Policy and select Edit (Figure 0393).
Figure 0393 : STKM Group Policy - Edit

7. The group policy editor allows you to specify user and computer settings. In the
following steps, you will change some of these settings (Figure 0394).
Figure 0394 : Group Policy Management Editor
8. Expand User Configuration (Figure 0395).

10. Expand the Windows Setting folder (Figure 0397).
Figure 0397 : Group Policy Management Editor – Windows

Setting
11. Click the Scripts (Logon/Logoff) (Figure 0398).
Figure 0398 : Group Policy Management Editor – Scripts

(Logon/Logoff)
12. Double-click Logon (Figure 0399).
Figure 0399 : Group Policy Management Editor – Logon

13. In the Logon Properties windows, click Show Files… button (Figure 0400).
Figure 0400 : Logon Properties
14. Create new text document.
Right-click inside the new windows and select New ► Text Document (Figure
0401).

15. Double-click the text document. This will load the Notepad editor. Type the
following text into the file (Figure 0402).
echo off
cls
echo This is a log on script for the Stkm OU
echo Welcome %USERNAME% , member of the Stkm OU
pause
Figure 0402 : Notepad editor – New Text Document
16. Save the file as Stkm.cmd
16.1. From Menu bar, click File ► Save As… (Figure 0403).
Figure 0403 : Menu bar - Save As…
16.2. Enter Stkm.cmd in the “File name:” box (Figure 0404).
Figure 0404 : Save As – File Name

16.3. Select All Files from the “Save as type:” drop menu (Figure 0405).
Figure 0405 : Save As Type – All Files
16.4. Click Save button (Figure 0406).
Figure 0406 : Save Button
17. Close the Notepad editor.
18. Close the Script windows by clicking the X button at the right top corner of the
windows (Figure 0407).
Figure 0407 : Script Windows

19. On the Logon Properties window, click Add… button (Figure 0408).
Figure 0408 : Logon Properties – Add…
20. Click Browse… button on the Add a Script window (Figure 0409).
Figure 0409 : Add a Script – Browse…

21. Select Stkm.cmd file from the list (Figure 0410).
Figure 0410 : Browse – Stkm.cmd
22. Click Open button (Figure 0411).
Figure 0411 : Open Button
23. Now you can see the Stkm.cmd appear in the “Script Name:” box. Click OK
button to continue (Figure 0412).
Figure 0412 : Add a Script Window

24. Stkm.cmd now listed under Logon Properties Script. Click OK button to close
the Logon Properties window (Figure 0413).
Figure 0413 : Logon Properties window
25. Close the Group Policy Management Editor window.
26. On the Group Policy Management window, right-click STKM Group Policy and
uncheck all options except Link Enabled (Figure 0414).
Figure 0414 : Link Enabled

27. Open STKM Group Policy.
Right-click the STKM Group Policy and select Edit (Figure 0415).
Figure 0415 : STKM Group Policy - Edit
28. In the Group Policy Management Editor, expand User Configuration (Figure
0416).

30. Expand the Administrative Templates folder (Figure 0418).
Figure 0418 : Group Policy Management Editor – Administrative Templates
31. Expand the System folder (Figure 0419).
Figure 0419 : Group Policy Management Editor – System
32. Click the Scripts folder (Figure 0420).
Figure 0420 : Group Policy Management Editor – Scripts

33. Double-click the Run logon scripts visible option (Figure 0421).
Figure 0421 : Group Policy Management Editor – Run logon scripts visible
34. The Run logon scripts visible Properties appear. Click the Enabled button to
enable this setting (Figure 0422).
Figure 0422 : Run logon scripts visible Properties
36. In the same folder, double-click the Run logon scripts synchronously option
(Figure 0423).
Figure 0423 : Group Policy Management Editor – Run logon scripts synchronously

37. The Run logon scripts synchronously Properties appear. Click the Enabled
button to enable this setting (Figure 0424).
Figure 0424: Run logon scripts visible Properties
39. The setting now displays as Enabled in the Group Policy Editor (Figure 0425).
Figure 0425 : Run logon scripts visible – Enabled
40. Close the Group Policy Management Editor.
41. On Group Policy Management, click Refresh button and close the Group
Policy Management window.

Update Group Policy
Figure 0427 : Run Window

Test The Logon Script
46. Log on to the client computer as ocah.blue (Figure 0429).
47. The logon script should appear same as figure below (Figure 0430).
Figure 0430 : Logon Script
48. Press ENTER or any key to continue.
Summary
Scripts allow for both user and computer environments to be configured. The
four scripts
available are startup, shutdown, logon and logoff.


Lab Project

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lab Project

Uploaded by

Copyright:

Available Formats

ARBAMINCH POLYTECHNIC AND SATELLITE INSTITUTE

Department of information technology

Occupation:-hardware & network servicing

Prepared by:-Mebratu.G (instructor IVI)

1. Monitoring and Administrating system and network security &

1. Monitoring and Administrating system and network security &

Describe the different editions of Server 2008

Standard Enterprise Datacenter

Memory (min) 512 MB 512 MB 512 MB

Memory (recommended) 2 GB or more 2 GB or more 2 GB or more

Memory (max) 4 GB (32 bit) 64 GB (32 bit) 64 GB (32 bit)

Disk space (recommended) 40 GB 40 GB 40 GB

TABLE 1.1 Hardware requirements for Windows Server 2008 editions.

How to Obtain a Copy of Windows Server 2008?

1. Monitoring and Administrating system and network security &

Installing Windows Server 2008

2. Language and Keyboard Options.

Figure 0001 : Language and Keyboard Options

2.1. Click Next to continue.

1. Monitoring and Administrating system and network security &

Figure 0002 : Windows Server 2008 Setup

4. Product Key and Activation

Figure 0003 : Product Key and Activation

1. Monitoring and Administrating system and network security &

Figure 0004 : Product Key Warning

5. Windows Server Version

Figure 0005 : Windows Version

5.3. Click Next.

1. Monitoring and Administrating system and network security &

6.1. Read the terms of the license agreement.

Figure 0006 : Windows Server 2008 License Agreement

6.2. Click Next to continue.

1. Monitoring and Administrating system and network security &

You are presented with options to Upgrade or Custom (advanced).

Click Custom (advanced), (Figure 0007).

Figure 0007 : Installation Options

8.1. Click Drive options (advanced), (Figure 0008).

1. Monitoring and Administrating system and network security &

Figure 0009 : New Partition

8.3. Change the size to 40,000 MB, (Figure 0010).

Figure 0010 : Partition Size

8.4. Click Apply.

1. Monitoring and Administrating system and network security &

Figure 0011 : Partition

Figure 0012 : Installing Windows

1. Monitoring and Administrating system and network security &

Figure 0013 : First time login

9.1 Click OK.

10. Change Administrator Password.

Figure 0014 : Change Administrator password

10.2 Hit Enter button after the passwords are entered.

1. Monitoring and Administrating system and network security &

Congratulation! You have finish install the Windows Server 2008.

1. Monitoring and Administrating system and network security &

1. Monitoring and Administrating system and network security &

Setting Time Zone

Setting Time Zone

1. In Initial Configuration Tasks, select Set time zone (Figure 0016).

Figure 0016 : Set time zone

2. Click Change time zone (Figure 0017).

1. Monitoring and Administrating system and network security &

Figure 0018 : Time zone

5. Click OK again (Figure 0019).

Figure 0019 : Change time zone