Cloud Server Administration Labs

1.2.
4Use the Windows Client Interface

In this lab, you will explore the features of the Windows 10 user interface. You need to complete a
specific task in each area you visit. Be sure to complete every task for full credit on the lab.
Complete this lab as follows:
1. Configure the screen saver settings.

a. Right-click Start and then select Settings.
b. Maximize the window for better viewing.
c. Select Personalization.
d. From the left pane, select Lock screen.
e. From the right pane, scroll down and select Screen saver
settings.
f. Under Screen Saver, use the drop-down to select Photos.
g. Configure the Wait time to 5 minutes.
h. Select On resume, display logon screen.
i. Select OK to close the Screen Saver Settings dialog.
j. In the top left, select Home to return to the Windows Settings
page.
2. Check for Windows updates.
a. From Windows Settings app, select Update & Security.
b. Select Check for updates.
c. In the top right, select Answer Questions.
d. Answer Question 1.
e. Minimize the Lab Questions dialog.
f. In the top left of the Settings app, select Home to return to the
Windows Settings page.
3. Install the SalesPrinter attached to the CorpFiles16 server and then set it as your
default printer.
a. From Windows Settings app, select Devices.
b. From the left pane, select Printers & scanners.
c. From the right pane, select Add a printer or scanner.
d. Select SalesPrinter on CorpFiles16.
e. Select Add device.
f. After the printer has been installed, under Printers & scanners,
select SalesPrinter on CorpFiles16.
g. Select Manage.
h. Select Set as default.
i. In the top left, select the Home icon to return to the Windows
Settings page.
4. Enable Remote Desktop.
a. From Windows Settings app, select System.
b. From the left pane, select Remote Desktop.
c. From the right pane, under Enable Remote Desktop, slide the
switch to On.
d. Select Confirm.
e. In the top left, select Home to return to the Windows Settings
page.
5. Enable a network adapter.
a. From Windows Settings app, select Network & Internet.
b. From the left pane, select Ethernet.
c. From the right pane, select Change adapter options.
d. Right-click Ethernet and select Enable.
e. Close the Network Connections window.
f. Close the Settings app.
6. Use PowerShell to identify the network addresses and routes.
a. Right-click Start and select Windows PowerShell (Admin).
c. From the PowerShell prompt, type ipconfig /all and then
press Enter.
d. View the IP addresses set for the default gateway and the DNS
Servers.
e. From the PowerShell prompt, type ping 192.168.0.5 and then
press Enter to ping the gateway.
f. In the top right, select Answer Questions.
g. Answer Question 2.
h. From the PowerShell prompt, type tracert 163.128.78.93 and then
press Enter to discover the path to the external DNS server.
i. From the Lab Questions dialog, answer Question 3.
j. Minimize the Lab Questions dialog.
k. Close the PowerShell window.
7. Use File Explorer to create a folder named Reports.
a. Right-click Start and select File Explorer.
b. From the left pane, select This PC.
c. From the right pane, double-click Data (D:) to open this drive.
d. From the right pane, right-click in the white space and
select New > Folder.
e. In the Name field, type Reports and then press Enter.
f. Close File Explorer.
8. Optimize the C: drive.
a. Select Start.
b. Select the letter A to access the alphabetic options.
c. Select the letter W to jump to the W section of the Start menu.
d. Expand and select Windows Administrative
Tools > Defragment and Optimize Drives.
e. Select System (C:).
f. Select Optimize.
Viewing the Current Status column, watch the optimization process
run.
g. Upon completion, select Close.
9. Configure the default minimum password length to 10 characters.
a. Select Start.
b. Scroll down and select Windows Administrative Tools and then
select Local Security Policy.
c. From the left pane, expand and select Account
Policies > Password Policy.
d. In the middle pane, double-click Minimum password length.
e. Increase the value to 10 characters and then select OK.
f. Close the Local Security Policy console.
10. Use Computer Management to configure the Application Identity service.
a. Right-click Start and then select Computer Management.
c. From the left pane, expand and select Services and
Applications > Services.
d. (Optional) For easier viewing, you can select the Standard tab at
the bottom.
e. From the middle pane, double-click the Application
Identity service.
f. Using the Startup type drop-down, select Automatic to allow the
service to start automatically at boot.
g. Under Service status, select Start to start the service.
h. Select OK.
i. Close Computer Management.
11. Score the lab.
a. In the top right, select Answer Questions.
b. Select Score Lab.
Lab Report
Time Spent: 12:58
Score: 13/13 (100%)
TASK SUMMARY
Required Actions & Questions
Configure the screen saver settingsShow Details
Check for Windows updates
Q1How many updates were available
Your answer:None, the device is up to date.
Correct answer:None, the device is up to date.
Install the SalesPrinter and make it your default printer
Enable Remote Desktop
Enable a network adapter
Identify the network addresses and routesShow Details
Q2Was the ping command successful
Your answer:Yes
Correct answer:Yes
Q3How many hops did it take to find the external DNS server
Your answer:5
Correct answer:5
Create the D:\Reports folder
Optimize the C: drive
Configure the default minimum password length to 10 characters
Use Computer Management to configure the Application Identity serviceShow Details
EXPLANATION
1. Configure the screen saver settings.

c. Select Personalization.
d. From the left pane, select Lock screen.
e. From the right pane, scroll down and select Screen saver settings.
f. Under Screen Saver, use the drop-down to select Photos.
g. Configure the Wait time to 5 minutes.
h. Select On resume, display logon screen.
i. Select OK to close the Screen Saver Settings dialog.
j. In the top left, select Home to return to the Windows Settings page.
2. Check for Windows updates.
a. From Windows Settings app, select Update & Security.
b. Select Check for updates.
c. In the top right, select Answer Questions.
f. In the top left of the Settings app, select Home to return to the Windows
Settings page.
3. Install the SalesPrinter attached to the CorpFiles16 server and then set it as your default
printer.
a. From Windows Settings app, select Devices.
b. From the left pane, select Printers & scanners.
c. From the right pane, select Add a printer or scanner.
d. Select SalesPrinter on CorpFiles16.
e. Select Add device.
f. After the printer has been installed, under Printers & scanners,
select SalesPrinter on CorpFiles16.
g. Select Manage.
h. Select Set as default.
i. In the top left, select the Home icon to return to the Windows Settings page.
4. Enable Remote Desktop.
a. From Windows Settings app, select System.
b. From the left pane, select Remote Desktop.
c. From the right pane, under Enable Remote Desktop, slide the switch to On.
d. Select Confirm.
e. In the top left, select Home to return to the Windows Settings page.
5. Enable a network adapter.
a. From Windows Settings app, select Network & Internet.
b. From the left pane, select Ethernet.
d. Right-click Ethernet and select Enable.
e. Close the Network Connections window.
6. Use PowerShell to identify the network addresses and routes.
c. From the PowerShell prompt, type ipconfig /all and then press Enter. There
should be a space between ipconfig and /all.
d. View the IP addresses set for the default gateway and the DNS Servers.
e. From the PowerShell prompt, type ping 192.168.0.5 and then press Enter to
ping the gateway.
f. In the top right, select Answer Questions.
h. From the PowerShell prompt, type tracert 163.128.78.93 and then
press Enter to discover the path to the external DNS server.
i. From the Lab Questions dialog, answer Question 3.
j. Minimize the Lab Questions dialog.
k. Close the PowerShell window.
7. Use File Explorer to create a folder named Reports.
a. Right-click Start and select File Explorer.
b. From the left pane, select This PC.
c. From the right pane, double-click Data (D:) to open this drive.
d. From the right pane, right-click in the white space and select New > Folder.
e. In the Name field, type Reports and then press Enter.
f. Close File Explorer.
8. Optimize the C: drive.
a. Select Start.
b. Select the letter A to access the alphabetic options.
c. Select the letter W to jump to the W section of the Start menu.
d. Expand and select Windows Administrative Tools > Defragment and
Optimize Drives.
e. Select System (C:).
f. Select Optimize.
Viewing the Current Status column, watch the optimization process run.
g. Upon completion, select Close.
9. Configure the default minimum password length to 10 characters.
a. Select Start.
b. Scroll down and select Windows Administrative Tools and then
select Local Security Policy.
c. From the left pane, expand and select Account Policies > Password Policy.
d. In the middle pane, double-click Minimum password length.
e. Increase the value to 10 characters and then select OK.
f. Close the Local Security Policy console.
10. Use Computer Management to configure the Application Identity service.
a. Right-click Start and then select Computer Management.
c. From the left pane, expand and select Services and Applications > Services.
d. (Optional) For easier viewing, you can select the Standard tab at the bottom.
e. From the middle pane, double-click the Application Identity service.
f. Using the Startup type drop-down, select Automatic to allow the service to
start automatically at boot.
g. Under Service status, select Start to start the service.
h. Select OK.
i. Close Computer Management.
11. Score the lab.
a. In the top right, select Answer Questions.
1.2.7 Use the Windows Server Interface

In this lab, you will explore the Windows Server 2022 user interface. Windows Server 2022 starts in
the desktop view with Server Manager open.
1. Clean up system files.

a. From Server Manager, select Tools > Disk Cleanup.
b. From the Disk Cleanup: Drive Selection window, verify
that System (C:) is selected and then select OK.
c. From the Disk Cleanup tab, under Files to delete, leave all items
currently marked as-is and then place a checkmark in each of the
following:
 Microsoft Defender Antivirus
 Windows error reports and feedback
 DirectX Shader Cache
 Delivery Optimization Files
 Setup Log files
 System queued Windows Error Reporting
d. Select OK.
e. Select Delete Files.
2. Launch Windows PowerShell and run tracert.
a. Right-click Start and then select Windows PowerShell.
b. At the PowerShell prompt, type tracert 163.128.80.93 and then
press Enter to discover the path to the external DNS server. Each
router in the path to the DNS server is displayed.
c. From the top right, select Answer Questions.
f. Close the PowerShell window.
3. Turn off the display in one hour.
a. Right-click Start and then select Power Options.
The Settings app is opened to the Power & sleep page.
b. Under Screen, use the drop-down to select 1 Hour.
4. Modify adapter settings.
a. From the top left of the Settings app, select Home.
b. Select Network & Internet settings.
Notice that there are several real and several virtual network
adapters.
d. Right-click vEthernet (External) and select Properties.
e. Select Internet Protocol Version 4 (TCP/IPv4) and then
select Properties.
f. Change the subnet mask to 255.255.255.0 and then select OK.
g. Select Close.
h. Close Network Connections.
5. Adjust the display setting.
b. Select System.
c. From the left pane, scroll down and select About.
d. Maximize the windows for better viewing.
e. From the right pane, scroll down and under Related
settings select Advanced system settings.
f. From the Advanced tab, under Performance, select Settings.
g. Select Adjust for best performance and then select OK.
h. Select OK to close System Properties.
i. Close the System window.
j. From the top right, select Answer Questions.
k. Select Score Lab.
After you have completed all of the assigned tasks, feel free to explore the operating system
interface in the lab. When you are ready to end the lab, from the top right, select Answer
Questions and then select Score Lab.
To score 100% on the lab, make sure that all assigned tasks are complete before you select Score
Lab.
Lab Report
Time Spent: 10:35
Score: 6/6 (100%)
TASK SUMMARY
Run the Cleanup system files in Disk CleanupHide Details
Cleared Microsoft Defender Antivirus
Cleared Windows error reports and feedback
Cleared DirectX Shader Cache
Cleared Delivery Optimization Files
Cleared Device Driver Packages
Cleared Temporary files
Cleared Thumbnails
Modify adapter settings by changing the subnet mask to 255.255.255.0
Q1How many hops does it take to get to 163.128.80.93
Your answer:5
Correct answer:5
Launch Command Prompt and run tracert 163.128.80.93
Set display to turn off in 1 hour in Power Options
Adjust the display settings for best performance in the System console
EXPLANATION
1. Clean up system files.

a. From Server Manager, select Tools > Disk Cleanup.
b. From the Disk Cleanup: Drive Selection window, verify that System (C:) is
selected and then select OK.
c. From the Disk Cleanup tab, under Files to delete, leave all items currently
marked as-is and then place a checkmark in each of the following:
 Microsoft Defender Antivirus
 Windows error reports and feedback
 DirectX Shader Cache
 Delivery Optimization Files
d. Select OK.
e. Select Delete Files.
2. Launch Windows PowerShell and run tracert.
a. Right-click Start and then select Windows PowerShell.
b. At the PowerShell prompt, type tracert 163.128.80.93 and then
press Enter to discover the path to the external DNS server. Each router in
the path to the DNS server is displayed.
f. Close the PowerShell window.
3. Turn off the display in one hour.
a. Right-click Start and then select Power Options.
The Settings app is opened to the Power & sleep page.
b. Under Screen, use the drop-down to select 1 Hour.
4. Modify adapter settings.
b. Select Network & Internet settings.
Notice that there are several real and several virtual network adapters.
d. Right-click vEthernet (External) and select Properties.
e. Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
f. Change the subnet mask to 255.255.255.0 and then select OK.
g. Select Close.
h. Close Network Connections.
5. Adjust the display setting.
b. Select System.
c. From the left pane, scroll down and select About.
d. Maximize the windows for better viewing.
e. From the right pane, scroll down and under Related settings select Advanced
system settings.
f. From the Advanced tab, under Performance, select Settings.
g. Select Adjust for best performance and then select OK.
h. Select OK to close System Properties.
i. Close the System window.
j. From the top right, select Answer Questions.
k. Select Score Lab.
1.2.10Use the Azure Interface

You are the network administrator for your company. You have decided to begin the configuration of
Azure to help manage your network. You need to create a resource group to organize your Azure
assets.
In this lab, your task is to create a resource group using the following information:
 Azure portal:
o Site: http://portal.azure.com
 Project details:
o Subscription name: CorpNet Production
o Resource group name: CorpNetCloud
 Resource details:
o Region: (US) West US2
Lab Report
Time Spent: 02:41
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Configure the project details for the resource groupHide Details
Subscription: CorpNet Production
Resource group name: CorpNetCloud
Configure the resource details for the resource group
EXPLANATION
1. Access the Azure portal.

a. From the taskbar, select Google Chrome.
b. In the browser's address field, type http://portal.azure.com and
press Enter.
c. Maximize the window for better viewing.
2. Create a resource group.
a. Under Navigate, select Resource groups.
b. From the Resource groups menu bar, select Create.
c. Configure the Project details as follows:
 Subscription: CorpNet Production
 Resource group (type in manually): CorpNetCloud
 Resource details: (US) West US2
d. From the bottom menu bar, select Review + create to validate the
configuration.
e. Select Create.
f. From the Resource groups page, select CorpNetCloud.
g. Review the options of the created resource group.
2.2.5 Install and Configure the File Server Role

You are using the CorpFiles16 server as a virtual file server. You can do basic file server
management for network users, but you need to be able to perform the following file server
management tasks:
 Define policies that prevent users from saving .wmv files in the home folders stored on
the server.
 Share files with UNIX-based clients.
In this lab, your task is to:
 Add the File Server Resource Manager (FSRM) role service, which allows you to
configure file screens to prevent users from saving specific file types in specific
folders.
 Add the Server for NFS role service to be able to share files with UNIX-based clients.
Lab Report
Time Spent: 06:07
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Add the File Server Resource Manager role service
Add the Server for Network File System role service
EXPLANATION
1. Access the CorpFiles16 virtual server.

a. From Hyper-V Manager, select CORPSERVER.
b. Maximize the window to view all virtual machines.
c. Double-click CorpFiles16 to access the server.
2. Add the File Server Resource Manager (FSRM) role service.
a. From Server Manager, select Manage > Add Roles and Features.
b. From the Add Roles and Features Wizard, select Next.
c. Make sure Role-based or feature-based installation is selected and then
select Next.
d. Make sure CorpFiles16.CorpNet.local is selected in the Server Pool area and
then select Next.
e. Expand File and Storage Services > File and iSCSI Services.
f. Select the File Server Resource Manager role.
g. Select Add Features.
3. Add the Server for NFS role service.
a. Under File and iSCSI Services, select the Server for NFS role.
b. Select Add Features.
c. Select Next.
d. On the Select features window, select Next.
e. Select Install.
f. When the installation is complete, select Close.
2.7.3 Allow Remote Desktop Connections

You need to customize Remote Desktop settings on your computer to allow Tom Plask, a help desk
technician, remote access to your system.
 Configure Office1 to allow connections from Remote Desktop.

 Add Tom Plask as a user that will be able to connect to Office1 using a Remote
Desktop connection.
 Verify that the firewall ports for Remote Desktop are opened appropriately.
Lab Report
Time Spent: 01:37
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Allow Remote Desktop connections
Allow Tom Plask to connect using Remote Desktop
Open the firewall port for Remote Desktop
EXPLANATION
1. Configure Office1 to allow connections from Remote Desktop.
a. Right-click Start and select Settings.

c. Select System.
d. From the left pane, select Remote Desktop.
e. Under Enable Remote Desktop, slide the button to the right.
f. Select Confirm.
2. Add Tom Plask as a user that will be able to connect to Office1 using a Remote Desktop
connection.
a. Under User accounts, click Select users that can remotely access this PC.
b. Select Add.
c. Enter Tom Plask.
d. Select OK to add the user.
e. Select OK to close the dialog.
3. Verify that the firewall ports for Remote Desktop are opened appropriately.
a. From the Settings app, select Home (upper left).

b. Select Update & Security.
c. Select Windows Security.
d. Select Firewall & network protection.
e. Select Allow an app through firewall.
f. Scroll down and verify that Remote Desktop is marked.
(The corresponding port is opened or closed automatically when you enable
or disable the service in System Properties.)
g. Select Cancel.
4.1.11Configure IP Addresses
You work as the IT administrator for a small corporate network. You need to configure the
workstation in the executive office so it can connect to the local network and the internet. The
workstation has two network interface cards (named Ethernet and Ethernet 2). Having two network
cards allows the workstation to connect to the local network (as shown in the exhibits) and another
small network, which is not yet built.
 For both network cards, configure the IP version 4 TCP/IP settings using the settings
specified in the table below.
 From the Exec computer, ping the preferred DNS server assigned to the Ethernet NIC
to verify that it can communicate successfully.
TCP/IP Ethernet Ethernet 2

Setting
or Info
Subnet 192.168.0.0/24 10.0.0.0/16
Use the last valid address on Use the last valid

IP address
the subnet. address on the subnet.
Use the default mask

Use the default mask that
Subnet mask that matches the Class
matches the Class C subnet.
B subnet.
Choose the appropriate

Default Do not configure a
address for the router as
gateway default gateway value.
shown in the exhibits.
Use the address of an external

Preferred DNS Do not configure a DNS
DNS server as shown in the
server address value.
exhibits.
Use the address of an external

Alternate DNS Do not configure a DNS
DNS server as shown in the
server address value.
exhibits.
Lab Report
Time Spent: 06:18
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Configure settings for Local Area ConnectionHide Details
Use 192.168.0.254 for the IP address
Use 255.255.255.0 for the subnet mask
Use 192.168.0.5 for the default gateway
Use 163.128.78.93 or 163.128.80.93 as the preferred DNS server
Configure settings for Local Area Connection 2Hide Details
Use 10.0.255.254 for the IP address
Use 255.255.0.0 for the subnet mask
Do not configure a default gateway address
Successfully ping the preferred DNS server
EXPLANATION
1. Access the properties for the NIC named Ethernet.

b. Select Network & Internet.
d. Right-click Ethernet and then select Properties.
2. Configure the IP version 4 TCP/IP settings for the Ethernet NIC.

a. Select Internet Protocol Version 4 (TCP/IPv4).
b. Select Properties.
c. Make sure Use the following IP address is selected.
This lets you manually configure the IP address and default gateway.
d. Configure the Internet Protocol information as follows:
 IP address: 192.168.0.254
 Subnet mask: 255.255.255.0
 Default gateway: 192.168.0.5
 Preferred DNS server: 163.128.78.93 or 163.128.80.93
e. Select OK.
f. Select Close.
3. Configure the IP version 4 TCP/IP settings for the Ethernet 2 NIC.
a. From the Network Connections window, right-click Ethernet 2 and then

select Properties.
b. Select Internet Protocol Version 4 (TCP/IPv4).
c. Select Properties.
d. Select Use the following IP address.
e. Configure the Internet Protocol information as follows:
 IP address: 10.0.255.254
 Subnet mask: 255.255.0.0
 Default gateway: None
 Preferred DNS server: None
f. Select OK.
g. Select Close.
4. Ping the preferred DNS server assigned to the Ethernet NIC.
a. Right-click Start and select Windows PowerShell.

b. From the PowerShell prompt, type one of the following:
 ping 163.128.78.93
 ping 163.128.80.93
c. Press Enter.
4.2.4Explore IP Configuration
You are a network technician for a small corporate network. The network is connected to the internet
and uses DHCP for address assignment. Employees in Office 1 and the Executive Office are
reporting problems with their network connections.
In this lab, your task is to explore, diagnose, and fix the reported TCP/IP configuration problems.
Use the following troubleshooting tools:
 The ping, ipconfig, or tracert command utilities

 The Network and Sharing Center in the Windows 10 or Windows 2022 operating
system
 The DHCP server console in the Windows 2019 operating system
 The network diagram/schematic as found in Exhibits
1. From CorpServer, mouse over the network icon in the Notification Area.
Notice that the Notification Area appears normal (a computer icon is shown), which
indicates a connection to the local network and the internet. When you mouse over
the network icon, you see the details of this status.
2. Access the Network Connections window.
The Settings Status diagram confirms that CorpServer is
connected to the local network and to the internet.
c. Close the Settings app.
3. Ping the ISP to verify connectivity through the router and the internet.
a. From the top right, select Exhibits.
b. Locate the IP address of the ISP.
e. Close the Exhibits window.
f. Right-click Start and select Windows PowerShell (Admin).
g. From the PowerShell prompt, type ping ISP_IPaddress and
press Enter.
Notice that the ping was successful, verifying a valid connection to
the internet.
4. Use the ipconfig and tracert commands to find the devices used to access the
ISP.
a. From the PowerShell prompt, type ipconfig /all and press Enter.
b. Locate and examine the vEthernet (External) configuration
settings and note the following:
 DHCP Enabled: No
This tells us that the server is configured with a static
IP address and is not enabled for DHCP.
 IPv4 Address: 192.168.0.10
 Subnet Mask: 255.255.255.0
The server is using the default subnet mask for the
Class C IP address range.
 Default Gateway: 192.168.0.5
The router's internal interface is configured as the
default gateway.
c. From the PowerShell prompt, type tracert ISP_IPaddress to see
the path to the ISP.
e. From the top right, select Exhibits.
f. Answer Question 3.
g. Minimize the Lab Questions window.
h. Close the Exhibits window.
5. From the Executive Office, check the status of the link and network activity lights.
a. From the top left, select Floor 1 Overview.
b. Under Executive Office, select Hardware.
c. Above the workstation, select Back to switch to the back view of
the workstation.
The link and network activity lights on the network card are on and
blinking. This indicates that there is a physical connection to the
switch and there is activity on the connection. This points to a
TCP/IP configuration problem.
6. Verify the connectivity on the Exec workstation.
a. On the Exec monitor, select Click to view Windows 10.
b. In the Notification Area, mouse over the network icon.
Notice that the pop-up indicates there is no internet access.
c. Right-click Start and then select Settings.
d. Select Network & Internet.
The Network Status diagram confirms that the Exec computer has
no connection to the internet.
e. Close the Settings app.
g. From the PowerShell prompt, type ping Exec and press Enter.
Notice that the ping was successful.
h. From the PowerShell prompt, type ping CorpServer and
press Enter.
Notice that the ping to CorpServer failed.
i. From the PowerShell prompt, type ipconfig /all and then
press Enter. From this command, the following is shown for the
Ethernet interface card:
 IPv4 Address: 192.168.0.62
 Subnet Mask: 255.255.255.240
This information provides the following clues to the problem:
 The network is using DHCP, but this workstation is

not enabled for DHCP.
 Given the workstation's current subnet mask, the
IPv4 address of the workstation and the default
gateway are not on the same network.
 The subnet mask is not the default subnet mask for
the Class C IP address range being used. With
255.255.255.240 as a subnet mask, the network
would only include addresses from 192.168.0.48 to
192.168.0.63.
 In Step 4, you learned that CorpServer
(192.168.0.10) had a default subnet mask for the
Class C IP address range (255.255.255.0), which
doesn't match Exec.
7. Fix the subnet mask for the Exec computer.
c. From the left pane, select Ethernet.
d. From the right pane, select Change adapter options.
e. Right-click Ethernet and select Properties.
f. Select Internet Protocol Version 4 (TCP/IPv4) and then
select Properties.
g. Change the Subnet mask to 255.255.255.0 and then select OK.
h. From the PowerShell prompt, type ping CorpServer and then
press Enter.
Notice that the ping is successful.
i. From the PowerShell prompt, type ping 198.28.2.254 (the ISP)
and then press Enter.
Notice that the ping is unsuccessful.
j. From the PowerShell prompt, type tracert 198.28.2.254 (the ISP)
The command times out, indicating that the gateway address on
Exec is not configured correctly. The gateway address (router) on
the network diagram is 192.168.0.5.
8. Fix the default gateway for the Exec computer.
a. From the Ethernet Properties dialog, select Internet Protocol
Version 4 (TCP/IPv4) and then select Properties.
b. Change the Default gateway to 192.168.0.5
c. Select OK and then select Close.
d. Close the Network Connections window.
e. From the Settings app, select Status.
The Status pane now shows a connection to the internet.
Notice that the network icon in the Notification Area is now
showing a computer, indicating a connection to the internet.
g. Type ping 198.28.2.254 from the PowerShell prompt.
The ping is now successful.
h. From the PowerShell prompt, type tracert 198.28.2.254 and
press Enter.
The route taken to get to the ISP is now shown.
Since there is now a valid connection to the internet, leave the
static address for now and begin to troubleshoot the computer in
Office 1.
9. From Office 1, troubleshoot for network connectivity.
b. Under Office 1, select Hardware.
c. Above the workstation, select Back to switch to the back view of
the workstation.
The link and network activity lights on the back of the workstation
are on and blinking, indicating that there is a physical connection to
the switch and there is activity on the connection. Once again, this
points to a TCP/IP configuration problem.
d. On the Office1 monitor, select Click to view Windows 10.
e. In the Notification Area, mouse over the network icon.
g. From the PowerShell prompt, type ipconfig /all and then
press Enter.
Examine the information for the Ethernet network card and note
the following:
o DHCP Enabled: Yes

This tells us that the workstation is configured to use a DHCP server.
o IPv4 Address: This address is in the APIPA range (169.254.0.1 to
169.254.255.254). This means that the workstation assigned itself an
IP address instead of receiving one from the DHCP server. The
workstation will only be able to communicate with other hosts on the
local network that have also configured their own IP address through
APIPA.
o Subnet Mask: 255.255.0.0. This is the default subnet mask for the
APIPA address.
o Default Gateway: The address is blank. This means that
communication is limited only to other workstations on the local
network.
o DHCP Server line is not shown. This means that the workstation was
unable to contact the DHCP server.
o DNS Servers line is not shown for IPv4.
Since DHCP is enabled, the rest of the information should have come
from the DHCP server. From this, you can conclude that there is an
issue with the DHCP server.
10. From CorpServer, access the CorpDHCP server.

b. Under Networking Closet, select CorpServer.
c. From the Hyper-V Manager, select CORPSERVER.
d. Maximize the window for better viewing.
e. Double-click CorpDHCP to connect to the CorpDHCP virtual
server.
11. From CorpDHCP, launch the DHCP console and activate the scope.
a. From CorpDHCP's menu bar, select Tools > DHCP.
b. Expand CorpDHCP.CorpNet.local > IPv4.
Notice that the folder icon for Scope [192.168.0.1] Subnet1 has a
down arrow, indicating that the DHCP scope is not active.
c. Right-click Scope [192.168.0.1] Subnet1 and select Activate.
12. From Office1, check to see if activating DHCP fixed the issue.
b. Under Office 1, select Office1.
c. From the PowerShell prompt, type ipconfig /renew and
press Enter. This command requests new IP address information
from the DHCP server.
Notice that the networking icon in the Notification Area still
indicates that Office1 has no connection to the internet.
d. From the PowerShell prompt, type ipconfig /all and press Enter.
Notice the line for the default gateway, DNS server, and DHCP
server (along with the new IP address) is now within the DHCP
scope for the local network.
e. From the PowerShell prompt, type ping CorpServer and
press Enter.
The ping command is successful.
f. From the PowerShell prompt, type ping 198.28.2.254 (the ISP)
Although you can ping CorpServer, you are still unable to ping the
ISP.
g. Review the output from the ipconfig command.
Notice that the default gateway does not match the default
gateway used by CorpServer or Exec. Since this IP information is
coming from the DHCP server, you need to check the DHCP
scope.
13. On CorpServer, from CorpDHCP, reconfigure the settings for the DHCP scope.
c. From the DHCP console, expand Scope [192.168.0.1] Subnet1.
d. Right-click Scope Options and then select Configure Options.
e. Highlight the 003 Router line.
f. Under IP address, select 192.168.0.2 and then click Remove.
g. In the IP address field, change the address to 192.168.0.5 and
then click Add.
h. Select OK.
14. From Office1, check to see if fixing the DHCP scope resolved the issue.
c. From the PowerShell prompt, type ipconfig /renew and then
press Enter. This command requests new IP address information
from the DHCP server.
Notice that the networking icon in the Notification Area now
indicates that Office1 has a connection to the internet.
d. From the PowerShell prompt, type ipconfig /all and then
press Enter.
Notice the line for the default gateway is now set to 192.168.0.5.
e. From the PowerShell prompt, type ping 198.28.2.254 (the ISP)
You can now ping the ISP.
15. On Exec, reconfigure the Ethernet connection to use DHCP.
b. Under Executive Office, select Exec.
e. Select Ethernet and then select Change adapter options.
f. Right-click Ethernet and then select Properties.
g. From the Ethernet Properties dialog, select Internet Protocol
Version 4 (TCP/IPv4) and then click Properties.
h. Select Obtain an IP address automatically.
i. Select Obtain DNS server address automatically.
j. Select OK and then select Close.
k. From the PowerShell prompt, type ipconfig /all and then
press Enter.
Notice that the Ethernet card is now using DHCP (DHCP Enable:
Yes).
l. From the PowerShell prompt, type tracert 198.28.2.254 and then
press Enter.
The command returns a path to the ISP through the gateway. The
network is now fully functional, and your troubleshooting is
complete.
16. Score the lab.
a. From the top right, select Answer Questions.
Lab Report
Time Spent: 32:23
Score: 8/8 (100%)
TASK SUMMARY
Q1What is the IP address of the ISP
Your answer:198.28.2.254
Correct answer:198.28.2.254
Q2How many hops did it take to access the ISP
Your answer:4
Correct answer:4
Q3What is the name of the device accessed on the third hop
Your answer:pfSense
Correct answer:pfSense
Fix the subnet mask on Exec
Fix the gateway on Exec
Enable the scope on the DHCP Server
Fix the 003 Router option on the DHCP Server
Configure Exec for DHCP
EXPLANATION
1. From CorpServer, mouse over the network icon in the Notification Area.
Notice that the Notification Area appears normal (a computer icon is shown), which
indicates a connection to the local network and the internet. When you mouse over the
network icon, you see the details of this status.
2. Access the Network Connections window.
The Settings Status diagram confirms that CorpServer is connected to the
local network and to the internet.
c. Close the Settings app.
3. Ping the ISP to verify connectivity through the router and the internet.
a. From the top right, select Exhibits.
b. Locate the IP address of the ISP.
e. Close the Exhibits window.
g. From the PowerShell prompt, type ping ISP_IPaddress and press Enter.
Notice that the ping was successful, verifying a valid connection to the
internet.
4. Use the ipconfig and tracert commands to find the devices used to access the ISP.
b. Locate and examine the vEthernet (External) configuration settings and
note the following:
This tells us that the server is configured with a static IP address
and is not enabled for DHCP.
 IPv4 Address: 192.168.0.10
 Subnet Mask: 255.255.255.0
The server is using the default subnet mask for the Class C IP
address range.
The router's internal interface is configured as the default
gateway.
c. From the PowerShell prompt, type tracert ISP_IPaddress to see the path to
the ISP.
e. From the top right, select Exhibits.
g. Minimize the Lab Questions window.
h. Close the Exhibits window.
5. From the Executive Office, check the status of the link and network activity lights.
b. Under Executive Office, select Hardware.
c. Above the workstation, select Back to switch to the back view of the
workstation.
The link and network activity lights on the network card are on and blinking.
This indicates that there is a physical connection to the switch and there is
activity on the connection. This points to a TCP/IP configuration problem.
6. Verify the connectivity on the Exec workstation.
a. On the Exec monitor, select Click to view Windows 10.
b. In the Notification Area, mouse over the network icon.
The Network Status diagram confirms that the Exec computer has no
connection to the internet.
e. Close the Settings app.
g. From the PowerShell prompt, type ping Exec and press Enter.
Notice that the ping was successful.
h. From the PowerShell prompt, type ping CorpServer and press Enter.
Notice that the ping to CorpServer failed.
i. From the PowerShell prompt, type ipconfig /all and then press Enter. From
this command, the following is shown for the Ethernet interface card:
 IPv4 Address: 192.168.0.62
 Subnet Mask: 255.255.255.240
This information provides the following clues to the problem:
 The network is using DHCP, but this workstation is not enabled

for DHCP.
 Given the workstation's current subnet mask, the IPv4 address of
the workstation and the default gateway are not on the same
network.
 The subnet mask is not the default subnet mask for the Class C IP
address range being used. With 255.255.255.240 as a subnet
mask, the network would only include addresses from
192.168.0.48 to 192.168.0.63.
 In Step 4, you learned that CorpServer (192.168.0.10) had a
default subnet mask for the Class C IP address range
(255.255.255.0), which doesn't match Exec.
7. Fix the subnet mask for the Exec computer.
e. Right-click Ethernet and select Properties.
f. Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
g. Change the Subnet mask to 255.255.255.0 and then select OK.
h. From the PowerShell prompt, type ping CorpServer and then press Enter.
Notice that the ping is successful.
i. From the PowerShell prompt, type ping 198.28.2.254 (the ISP) and then
press Enter.
Notice that the ping is unsuccessful.
j. From the PowerShell prompt, type tracert 198.28.2.254 (the ISP) and then
press Enter.
The command times out, indicating that the gateway address on Exec is not
configured correctly. The gateway address (router) on the network diagram is
192.168.0.5.
8. Fix the default gateway for the Exec computer.
a. From the Ethernet Properties dialog, select Internet Protocol Version 4
(TCP/IPv4) and then select Properties.
b. Change the Default gateway to 192.168.0.5
c. Select OK and then select Close.
d. Close the Network Connections window.
e. From the Settings app, select Status.
The Status pane now shows a connection to the internet.
Notice that the network icon in the Notification Area is now showing a
computer, indicating a connection to the internet.
g. Type ping 198.28.2.254 from the PowerShell prompt.
The ping is now successful.
h. From the PowerShell prompt, type tracert 198.28.2.254 and press Enter.
The route taken to get to the ISP is now shown.
Since there is now a valid connection to the internet, leave the static address
for now and begin to troubleshoot the computer in Office 1.
9. From Office 1, troubleshoot for network connectivity.
b. Under Office 1, select Hardware.
c. Above the workstation, select Back to switch to the back view of the
workstation.
The link and network activity lights on the back of the workstation are on and
blinking, indicating that there is a physical connection to the switch and there
is activity on the connection. Once again, this points to a TCP/IP configuration
problem.
d. On the Office1 monitor, select Click to view Windows 10.
e. In the Notification Area, mouse over the network icon.
g. From the PowerShell prompt, type ipconfig /all and then press Enter.
Examine the information for the Ethernet network card and note the
following:
o DHCP Enabled: Yes

This tells us that the workstation is configured to use a DHCP server.
o IPv4 Address: This address is in the APIPA range (169.254.0.1 to
169.254.255.254). This means that the workstation assigned itself an IP
address instead of receiving one from the DHCP server. The workstation will
only be able to communicate with other hosts on the local network that have
also configured their own IP address through APIPA.
o Subnet Mask: 255.255.0.0. This is the default subnet mask for the APIPA
address.
o Default Gateway: The address is blank. This means that communication is
limited only to other workstations on the local network.
o DHCP Server line is not shown. This means that the workstation was unable
to contact the DHCP server.
o DNS Servers line is not shown for IPv4.
Since DHCP is enabled, the rest of the information should have come from
the DHCP server. From this, you can conclude that there is an issue with the
DHCP server.
10. From CorpServer, access the CorpDHCP server.

c. From the Hyper-V Manager, select CORPSERVER.
e. Double-click CorpDHCP to connect to the CorpDHCP virtual server.
11. From CorpDHCP, launch the DHCP console and activate the scope.
a. From CorpDHCP's menu bar, select Tools > DHCP.
b. Expand CorpDHCP.CorpNet.local > IPv4.
Notice that the folder icon for Scope [192.168.0.1] Subnet1 has a down arrow,
indicating that the DHCP scope is not active.
c. Right-click Scope [192.168.0.1] Subnet1 and select Activate.
12. From Office1, check to see if activating DHCP fixed the issue.
c. From the PowerShell prompt, type ipconfig /renew and press Enter. This
command requests new IP address information from the DHCP server.
Notice that the networking icon in the Notification Area still indicates that
Office1 has no connection to the internet.
d. From the PowerShell prompt, type ipconfig /all and press Enter.
Notice the line for the default gateway, DNS server, and DHCP server (along
with the new IP address) is now within the DHCP scope for the local network.
e. From the PowerShell prompt, type ping CorpServer and press Enter.
The ping command is successful.
f. From the PowerShell prompt, type ping 198.28.2.254 (the ISP) and then
press Enter.
Although you can ping CorpServer, you are still unable to ping the ISP.
g. Review the output from the ipconfig command.
Notice that the default gateway does not match the default gateway used by
CorpServer or Exec. Since this IP information is coming from the DHCP
server, you need to check the DHCP scope.
13. On CorpServer, from CorpDHCP, reconfigure the settings for the DHCP scope.
c. From the DHCP console, expand Scope [192.168.0.1] Subnet1.
d. Right-click Scope Options and then select Configure Options.
e. Highlight the 003 Router line.
f. Under IP address, select 192.168.0.2 and then click Remove.
g. In the IP address field, change the address to 192.168.0.5 and then click Add.
h. Select OK.
14. From Office1, check to see if fixing the DHCP scope resolved the issue.
c. From the PowerShell prompt, type ipconfig /renew and then press Enter.
This command requests new IP address information from the DHCP server.
Notice that the networking icon in the Notification Area now indicates that
Office1 has a connection to the internet.
d. From the PowerShell prompt, type ipconfig /all and then press Enter.
Notice the line for the default gateway is now set to 192.168.0.5.
e. From the PowerShell prompt, type ping 198.28.2.254 (the ISP) and then
press Enter.
You can now ping the ISP.
15. On Exec, reconfigure the Ethernet connection to use DHCP.
e. Select Ethernet and then select Change adapter options.
g. From the Ethernet Properties dialog, select Internet Protocol Version 4
(TCP/IPv4) and then click Properties.
j. Select OK and then select Close.
k. From the PowerShell prompt, type ipconfig /all and then press Enter.
Notice that the Ethernet card is now using DHCP (DHCP Enable: Yes).
l. From the PowerShell prompt, type tracert 198.28.2.254 and then
press Enter.
The command returns a path to the ISP through the gateway. The network is
now fully functional, and your troubleshooting is complete.
16. Score the lab.
a. From the top right, select Answer Questions.
4.2.5Troubleshoot IP Configuration 1
and uses DHCP for address assignment. The employees in the IT Administration Office and Office 2
report that their workstations can communicate with some computers on the network but cannot
access the internet. You need to diagnose and fix the problem. The following IP addresses are used
in your network:
Device IP Address
CorpServer 192.168.0.10
ITAdmin 192.168.0.31
Office2 192.168.0.34
ns1.nethost.net
198.28.2.254
(ISP)
In this lab, your task is to troubleshoot and fix the issue using the following procedures:
 From the Office2 computer, use the ping and ipconfig commands to test connectivity
and gather information.
o Answer Questions 1 and 2.
 From the ITAdmin computer, use the ping and ipconfig commands to test connectivity
o Answer Questions 3 and 4.
 From the CorpServer computer, use the ping and ipconfig commands to test
connectivity and gather information.
o Answer Question 5 and determine which changes need to be made to
correct the issue.
 Using the CorpDHCP server, accessed as a VM from CorpServer, implement the fix to
the issue.
 Verify that the ITAdmin and Office2 computers can access the internet.
To see the network diagram and the wiring schematics of the network, use Exhibits.
Lab Report
Time Spent: 20:28
Score: 8/8 (100%)
TASK SUMMARY
Q1From Office2, which, if any, pings failed
Your answer:The ISP - 198.28.2.254
Correct answer:The ISP - 198.28.2.254
Q2What is the address of the default gateway assigned to Office2
Q3From ITAdmin, which, if any, pings failed
Your answer:The ISP - 198.28.2.254
Correct answer:The ISP - 198.28.2.254
Q4What is the IP address of the default gateway assigned to ITAdmin
Q5What do you see here that might explain why this computer can access the internet, but
Office2 and ITadmin can't
Your answer:The default gateway for CorpServer is different.
Correct answer:The default gateway for CorpServer is different.
Reconfigure the DHCP server with 192.168.0.5 as the default gateway
Verify that the ITAdmin workstation can communicate with the internet
Verify that the Office2 workstation can communicate with the internet
EXPLANATION
While completing this lab, use the following information:
Device IP Address
ITAdmin 192.168.0.31
Office2 192.168.0.34
ns1.nethost.ne
t 198.28.2.254
(ISP)
1. From the Office2 computer, use the ping and ipconfig commands to test connectivity
a. Right-click Start and select Windows PowerShell.
b. From the PowerShell prompt, type ping IP_address and press Enter.
c. Repeat steps 1b to ping the remaining computers.
d. From the top right, select Answer Questions.
e. Answer Question 1.
f. From the PowerShell prompt, type ipconfig /all and press Enter.
Notice that DHCP Enabled is set to Yes, meaning the IP information is
obtained from a DHCP server.
2. From the ITAdmin computer, use the ping and ipconfig commands to test connectivity
b. Under ITAdmin Office, select ITAdmin.
c. Right-click Start and select Windows PowerShell.
d. From the PowerShell prompt, type ping IP_address and press Enter.
e. Repeat steps 2d to ping the remaining computers.
g. From the PowerShell prompt, type ipconfig /all and press Enter.
Notice that DHCP Enabled is set to Yes, meaning the IP information is
obtained from a DHCP server.
h. Answer Question 4.
i. Minimize the Lab Questions dialog.
3. From the CorpServer computer, use the ping and ipconfig commands to test connectivity
c. Right-click Start and select Windows PowerShell.
d. From the PowerShell prompt, type ping Office2 and press Enter.
e. From the PowerShell prompt, type ping 198.28.2.254 and press Enter.
Notice that this computer can get to the internet.
f. From the PowerShell prompt, type ipconfig and press Enter.
g. From the top right, select Answer Questions.
Since Office2 and ITAdmin obtain their IP addresses from a DHCP server and
their default gateway is different from CorpServer (which can access the
internet), the problem is most likely related to the IP configuration for the
network.
i. Close PowerShell.
4. Access the CorpDHCP server.
c. Double-click CorpDHCP to connect to the server.
5. From the CorpDHCP server, use the DHCP console to reconfigure the settings for the
DHCP scope.
a. From Server Manager's menu bar, select Tools > DHCP to start the DHCP
console.
b. Expand and select CorpDHCP > IPv4 > Scope [192.168.0.1] Subnet1 > Scope
Options.
c. Right-click Scope Options and then select Configure Options.
d. Select the 003 Router option.
e. In the bottom pane, select 192.168.0.4 and then select Remove.
f. In the IP address field (the default gateway address), change the address
listed to 192.168.0.5 then select Add.
g. Select OK to apply the change.
6. Verify that the ITAdmin and Office2 computers can access the internet.
b. Under IT Administration, select ITAdmin.
c. From the PowerShell prompt, type ipconfig /renew.
This will request the new IP address information from the DHCP server and
reconfigure the settings for the Ethernet connection.
d. Enter ipconfig /all to check the Ethernet configuration.
Notice that the default gateway 192.168.0.5 is now correctly configured.
e. At the PowerShell prompt, type ping 198.28.2.254 (the ISP) and then
press Enter.
f. From the top left, select Floor 1 Overview.
g. Under Office2, select Office2.
h. Repeat steps 6c-6e to fix the problem for the second workstation.
i. Select Score Lab.
4.2.6Troubleshoot IP Configuration 2
and uses DHCP for address assignments. The owner of the company in the Executive Office and a
temporary employee in the IT Administrator office both report that their workstations can
communicate with some computers on the network, but cannot access the internet. You need to
diagnose and fix the problem.
While completing this lab, use the following IP addresses:
Computer
IP Address
Name
198.28.2.254
(Unknown)
(the ISP)
ITAdmin (Unknown)
Exec (Unknown)
In this lab, your task is to complete the following:
 To help troubleshoot the issue, use:

o The ping, ipconfig, and tracert commands from the above computers.
o The DHCP server console in the Windows Server 2019 operating
system, which is running as a VM on the CorpServer computer.
 Fix the problem at the workstation, the DHCP server, or both as necessary.
 Use the troubleshooting tools to confirm the resolution of the problem.
Use Exhibits to see the network diagram and the wiring schematics for the network.
Lab Report
Time Spent: 06:45
Score: 7/7 (100%)
TASK SUMMARY
Q1After looking at the exhibits and the results of the tracert command, which of the following IP
addresses is assigned to the building A network router
Q2Which of the following best describes what you have learned from your troubleshooting up
to this point
Your answer:The connections from building A to the ISP are working.
Correct answer:The connections from building A to the ISP are working.
Q3Mark all of the observations you found to be true after examining the results of the
ipconfig /all command
Your answer:The IP address is an APIPA address, not a valid address for this network.,The IP
information for the Ethernet adapter is obtained from a DHCP server.
Correct answer:The IP information for the Ethernet adapter is obtained from a DHCP server.,
The IP address is an APIPA address, not a valid address for this network.
Q4Which of the following is the most likely reason the ping tests to the ISP failed from Exec and
ITAdmin, but were successful from CorpServer
Your answer:The DHCP server is probably not assigning IP addresses correctly.
Correct answer:The DHCP server is probably not assigning IP addresses correctly.
Q5Why can the Exec and ITAdmin computers ping each other while they cannot ping
CorpServer or ISP
Your answer:Both are using an APIPA address.
Correct answer:Both are using an APIPA address.
In the Networking Closet, activate the DHCP scope for the local network
Verify that the Executive Office and IT Administrator workstations can communicate with the
internetShow Details
EXPLANATION
Troubleshoot
1. From the Exec computer, begin troubleshooting by verifying the scope of the
connectivity problem.
a. Under Executive Office, select Exec.
b. Right-click Start and then select Windows PowerShell (Admin).
c. From the PowerShell prompt, run the following ping commands.
Press Enter after each command:
 ping 192.168.0.10 (CorpServer).
 ping 198.28.2.254 (The Internet Service Provider, or ISP).
Notice that both pings are unsuccessful.
 ping ITAdmin (the name of the computer in the IT Administration
office).
Notice that the ping to ITAdmin is successful. However, it is
responding using an APIPA IP address. This indicates that this
computer is not getting its IP address from the DHCP as it should.
2. From CorpServer computer, continue troubleshooting the problem by trying to access
the ISP.
c. Right-click Start and then select Windows PowerShell (Admin).
d. From the PowerShell prompt, type ping 198.28.2.254 (the ISP).
Notice that the ping to the ISP is successful.
e. From the PowerShell prompt, type tracert 198.28.2.254 and press Enter.
f. From the top right, select Exhibits.
i. Close the Exhibits and Answer Questions windows.
3. From the ITAdmin computer, continue troubleshooting the problem by trying some
additional ping tests.
d. From the PowerShell prompt, run the following ping commands.
Press Enter after each command:
 ping 192.168.0.10 (CorpServer).
 ping 198.28.2.254 (the ISP).
Notice that the ping to the ISP fails.
 ping exec (the name of the computer in the Executive Office).
Notice that the ping to Exec is successful. However, the Exec
computer is responding with an APIPA IP address.
e. From the top right, select Answer Questions.
4. From ITAdmin, use the ipconfig /all command to continue troubleshooting.
b. Answer Questions 3 and 4.
5. From Exec, use the ipconfig /all command to continue troubleshooting.
c. From the PowerShell prompt, type ipconfig /all and press Enter.
d. Answer Questions 5.
Fix the Issue

Since it appears that the DHCP server is not functioning correctly, check the current state of the
DHCP services.
1. Access the CorpDHCP virtual server.

c. From Hyper-V Manager, select CORPSERVER.
d. Maximize the window to view all virtual machines.
e. Double-click CorpDHCP to connect to the server.
2. Confirm that the DHCP service is enabled and activated for the local network.
a. From Server Manager, select Tools > DHCP to start the DHCP console.
c. From the left pane, expand CorpDHCP.CorpNet.local > IPv4.
The down arrow for Scope [192.168.0.1] Subnet1 indicates that the scope is
not active.
d. Right-click Scope [192.168.0.1] Subnet1 and select Activate.
The down arrow for the scope is gone, and the DHCP service for the local
network is now active.
3. Verify the fix by viewing the IP information for Exec and using the ping command.
c. From the PowerShell prompt, type ipconfig /all and press Enter to check the
Ethernet configuration.
Notice the lines for the default gateway, DNS server, and DHCP server are
now configured, along with a new IP address within the DHCP scope for the
local network.
d. From the PowerShell prompt, type ping 198.28.2.254 and press Enter.
Notice that the ping to the ISP succeeds.
e. From the PowerShell prompt, type tracert 198.28.2.254 and press Enter.
f. (Optional) Repeat step 3 for the ITAdmin computer.
h. Select Score Lab.
4.2.7 Troubleshoot IP Configuration 3

and uses DHCP for IP address assignments. The employee in Office 1 reports that their workstation
can communicate with some computers on the network but not on the internet. You need to
diagnose and fix the problem.
While completing this lab, use the following IP addresses:
Computer
IP Address
Name
Office1 192.168.0.30
Exec 192.168.0.33
ITAdmin 192.168.0.34
198.28.2.254
(Unknown)
(the ISP)
 Use the following troubleshooting tools to diagnose the problem on the network:
o The ping, ipconfig, or tracert command line utilities
o The Network & Internet settings on the Windows 10 operating system
 Fix the problem at the applicable workstation(s) as necessary.
 Use the troubleshooting tools to confirm that the problem is resolved.
Lab Report
Time Spent: 02:45
Score: 7/7 (100%)
TASK SUMMARY
On the Office1 computer, configure the network connection to request the IP address
information from the DHCP server
Q1What is the subnet mask for ITAdmin
Q2What is the IP address for the first DNS server on ITAdmin
Q3What is the IP address for the subnet mask on Office1
Your answer:255.255.255.240
Q4What is the IP address for the first DNS server on Office1
Your answer:163.128.78.108
Q5How is Office1 obtaining its IP information
Your answer:Manually assigned
Correct answer:Manually assigned
Q6What is most likely causing the networking issues on Office1
Your answer:There are misconfigured IP addresses.
Correct answer:There are misconfigured IP addresses.
EXPLANATION
Troubleshooting
1. From Office 1, use the ping command to begin troubleshooting the problem by verifying
the scope of the connectivity issues.
a. Under Office 1, select Office1.
b. Right-click Start and then select Windows PowerShell.
c. From the PowerShell prompt, run the following ping commands
(press Enter after each command):
 ping 192.168.0.10 (CorpServer)
 ping 192.168.0.34 (ITAdmin)
 ping 198.28.2.254 (the internet service provider)
Notice that all the pings were unsuccessful.
2. From the IT Administration office, use the ping and ipconfig /all commands to continue
determining the scope of the connectivity issues.
c. Right-click Start and then select Windows PowerShell.
d. From the PowerShell prompt, run the following ping commands
 ping 192.168.0.30 (Office1)
 ping 192.168.0.33 (Exec)
Notice that all the pings were successful.
e. From the PowerShell prompt, type ipconfig /all and press Enter.
f. From the top right, select Answer Questions.
g. Answer Questions 1 and 2.
3. From Office1, use the ipconfig /all command to analyze the differences between Office1
and ITAdmin IP information.
b. Under Office1, select Office1.
c. From the PowerShell prompt, type ipconfig /all and then press Enter.
d. Answer Questions 3-6.
Fixing the Issue

From your troubleshooting steps, you found that Office1 was the only computer having connectivity
issues. As you examined and compared Office1's IP settings, you found that it was using the wrong
subnet mask and DNS server. Since DHCP was not being used (DHCP Enabled was set to NO), the IP
information must have been manually entered using bad or outdated information.
You will now rectify the issue by configuring the Office1 computer to obtain its IP information from
the DHCP server.
1. From Office1, configure the network connection to request the IP address information
from the DHCP server:
c. Select Ethernet.
e. Right-click Ethernet and then select Properties.
g. Select Obtain an IP address automatically.
h. Select Obtain DNS server address automatically.
i. Select OK.
j. Select Close.
k. Close the Networking Connections and Settings windows.
2. Verify that Office1 is now able to connect to the internet.
a. From the PowerShell prompt, type ipconfig /all. Verify the following settings:
 DHCP Enable: Yes
 Subnet mask: 255.255.255.0/24
 DNS Servers:
 192.168.0.11
 192.168.10.11
b. From the PowerShell prompt, run the following ping commands
 ping 192.168.0.34 (ITAdmin)
Notice that both pings are successful.
d. Scroll to the bottom and select Score Lab.
4.3.4 Explore Network Communications

In this lab, you will discover important facts about network communications by using
the ping, ipconfig, and tracert command utilities.
The following local network IP addresses are used in this lab:
Location Name IP Address
Office 1 Office1 192.168.0.30
Support Office Support 199.92.0.33
Router Network Router 192.168.0.5
IT
ITAdmin 192.168.0.33
Administration
ISP External DNS Server 163.128.78.93
Router Internet Router 198.28.56.1
1. Use the ping and ipconfig commands to troubleshoot network issues.

a. Right-click Start and then select Windows PowerShell (Admin).
b. At the PowerShell prompt, type ping 192.168.0.30 and
press Enter to ping Office1.
You can successfully ping the IP address of Office1 from ITAdmin.
c. Type ping 199.92.0.33 and press Enter to ping Support.
You cannot ping Support from ITAdmin. Notice that the IP address
for Support is on a different network (network 199.92.0.0 instead of
network 192.168.0.0). Devices on the same local network must
have IP addresses in the same network range. If you want to
communicate with Support, you need to change the IP address
assigned to Support.
d. Type ping 192.168.0.5 and press Enter to ping the router's
internal interface.
You can successfully ping the router's internal interface from
ITAdmin because ITAdmin and the router's address (192.168.0.5)
are on the same network.
e. Type ipconfig and then press Enter to view the IP settings.
Notice that there is no default gateway assigned.
f. Type ping 163.128.78.93 and press Enter to ping the external
DNS Server.
ITAdmin and the ISP are on a different network (network
192.168.0.0 and 163.128.78.0, respectively). Because ITAdmin
does not have a default gateway set, ITAdmin cannot
communicate with devices on other networks.
2. Use the tracert command to see how network packets are forwarded.
d. At the PowerShell prompt, type tracert 198.28.56.1 and
press Enter.
When you communicate with devices on other networks, the
packets go to the default gateway first (the router between the two
networks). The packets are sent to the router interface on the
same network as the sending host and then to the next hop in the
path. In this case, there are two IP addresses listed in
the tracert output, but only one router (hop) between Exec and the
internet router. The last address in the tracert output is the internet
router.
e. Enter tracert 163.128.78.93 and press Enter to trace the path to
one of the ISP's DNS servers.
When you trace the path between Exec and the ISP's DNS server,
the path has additional hops. The first lines in the tracert output are
the routers (hops) between Exec and the DNS server. The last
address in the tracert output is the DNS server.
Lab Report
Time Spent: 01:24
Score: 1/1 (100%)
TASK SUMMARY
Required Actions
Use tracert on ExecHide Details
Run tracert 198.28.56.1 (the router)
Run tracert 163.128.78.93 (the ISP's DNS server)
EXPLANATION
1. Use the ping and ipconfig commands to troubleshoot network issues.

a. Right-click Start and then select Windows PowerShell (Admin).
b. At the PowerShell prompt, type ping 192.168.0.30 and press Enter to ping
Office1.
You can successfully ping the IP address of Office1 from ITAdmin.
c. Type ping 199.92.0.33 and press Enter to ping Support.
You can't ping Support from ITAdmin. Notice that the IP address for Support
is on a different network (network 199.92.0.0 instead of network
192.168.0.0). Devices on the same local network must have IP addresses in
the same network range. If you want to communicate with Support, you will
need to change the IP address assigned to Support.
d. Type ping 192.168.0.5 and press Enter to ping the router's internal interface.
You can successfully ping the router's internal interface from ITAdmin
because ITAdmin and the router's address (192.168.0.5) are on the same
network.
e. Type ipconfig and then press Enter to view the IP settings.
Notice that there is no default gateway assigned.
f. Type ping 163.128.78.93 and press Enter to ping the external DNS Server.
ITAdmin and the ISP are on a different network (network 192.168.0.0 and
163.128.78.0, respectively). Because ITAdmin does not have a default
gateway set, it can't communicate with devices on other networks.
2. Use the tracert command to see how network packets are forwarded.
d. At the PowerShell prompt, type tracert 198.28.56.1 and press Enter.
When you communicate with devices on other networks, the packets go to
the default gateway first (the router between the two networks). The packets
are sent to the router interface on the same network as the sending host and
then to the next hop in the path. In this case, there are two IP addresses
listed in the tracert output, but only one router (hop) between Exec and the
internet router. The last address in the tracert output is the internet router.
e. Enter tracert 163.128.78.93 and press Enter to trace the path to one of the
ISP's DNS servers.
When you trace the path between Exec and the ISP's DNS server, the path
has additional hops. The first lines in the tracert output are the routers
(hops) between Exec and the DNS server. The last address in
the tracert output is the DNS server.
4.4.4 Configure a DHCP Server

You are a network technician for a small corporate network. You want to use DHCP to provide
TCP/IP address information to the workstations on the network. You already have a Windows Server
2022 server named CorpDHCP installed and running as a guest on CorpServer. You have installed
the DHCP server role, and now you are ready to configure an IPv4 scope.
 On the CorpDHCP server (running as a guest on CorpServer), create a DHCP IPv4 scope
with the following parameters:
o Scope name: Subnet1
o Address range: 192.168.0.20 to 192.168.0.200
o Length: 24
o Subnet mask: 255.255.255.0
o Exclusions and delays: Do not set
o Lease duration: Accept the default duration
o Scope option for the router (default gateway): 192.168.0.5
o Parent domain: Accept the default
o Scope option for DNS servers: 163.128.78.93
o WINS Servers: Do not set
 On CorpDHCP, activate the Subnet1 scope.
 On Gst-Lap in the Lobby, confirm the DHCP scope settings by configuring the local area
connection to obtain its IP and DNS addresses automatically from the DHCP server.
Lab Report
Time Spent: 10:38
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Configure the IPv4 DHCP scope on the serverHide Details
Scope name: Subnet1
Address range: 192.168.0.20 to 192.168.0.200
Subnet mask: 255.255.255.0
Lease duration: Accept the default
Default gateway (router): 192.168.0.5
DNS Server: 163.128.78.93
Activate the IPv4 DHCP scope on the server
Configure the laptop in the support office to obtain IP and DNS addresses automatically from
the DHCP server
EXPLANATION
1. Access the CorpDHCP Hyper-V server.

b. Resize the window to view all virtual machines.
c. Double-click CorpDHCP to access the server.
d. Maximize the CorpDHCP server for better viewing.
2. Access the DHCP New Scope Wizard.
a. From Server Manager's menu bar, select Tools > DHCP.
b. Expand CorpDHCP.CorpNet.local.
c. Right-click IPv4 and select New Scope.
3. Name the scope and configure the IP address range.
a. From the New Scope Wizard, select Next.
b. In the Name field, enter Subnet1 and then select Next.
c. Enter 192.168.0.20 in the Start IP address field.
d. Enter 192.168.0.200 in the End IP address field.
e. Make sure the length is set to 24.
f. Make sure the subnet mask is 255.255.255.0 and then select Next.
g. From the Add Exclusions and Delay window, select Next.
h. Use the default lease duration and select Next.
i. Make sure Yes, I want to configure these options now is selected and then
select Next.
4. Configure the default gateway and DNS server.
a. In the IP address field, enter 192.168.0.5 as the default gateway address.
b. Select Add and then select Next.
c. In the IP address field, enter 163.128.78.93 as the DNS server address.
d. Select Add and then select Next.
e. From the WINS Servers window, select Next.
5. Activate the scope just created.
a. Make sure Yes, I want to activate this scope now is selected and then
select Next.
b. Click Finish to close the wizard and create the scope.
6. Configure the laptop in the Lobby to obtain IP and DNS addresses automatically from
the DHCP server.
b. Under Lobby, select Gst-Lap.
c. In the notification area of the taskbar, right-click the network icon and
select Open Network and Internet settings.
d. From the left pane, select Ethernet.
e. From the right pane, select Change adapter options.
g. Select Internet Protocol Version 4 (TCP/IPv4) and then click Properties.
j. Select OK.
k. Click Close to close Ethernet Properties.
4.4.5Configure DHCP Options

You have just configured a scope on the CorpDHCP server to service the 192.168.0.0/24 subnet.
You need to configure additional TCP/IP parameters for all clients serviced by the CorpDHCP
server.
 Configure the following DHCP options for the CorpDHCP server (not on the Subnet1 scope):
o 006 DNS Servers (in the following order):
 192.168.0.11
 192.168.10.11
o 015 DNS Domain Name: CorpNet.local
 Configure Subnet1 scope options as follows:
o 003 Router (default gateway) as 192.168.0.5
Lab Report
Time Spent: 04:49
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Configure the 006 DNS Servers options on the server as 192.168.0.11 and 192.168.10.11
Configure the 015 DNS Domain Name option on the server as CorpNet.local
Configure the 003 Router option on the scope as 192.168.0.5
EXPLANATION
While completing this lab, the 006 DNS Servers options are 192.168.0.11 and 192.168.10.11 (in that
order).
1. Access the CorpDCHP virtual server.

b. Maximize the Hyper-V Manager window to view the available server.
c. Right-click CorpDHCP and select Connect.
2. Configure the DHCP server options.
a. From Server Manager, select Tools > DHCP.
b. Maximize the DHCP window for better viewing.
c. Expand CorpDHCP.CorpNet.local > IPv4.
d. Right-click Server Options and select Configure Options.
e. Under Available Options, select the 006 DNS Servers.
f. Enter 192.168.0.11 under IP Address.
g. Select Add to add the IP address to the list.
h. Under IP Address, enter 192.168.10.11 for the second server and then
select Add.
i. From the top pane, scroll down and select 015 DNS Domain Name.
j. In the String value field, enter CorpNet.local.
k. Select OK to save the options that you have defined.
3. Configure DHCP scope options.
a. Expand Scope [192.168.0.1] Subnet1.
b. Right-click Scope Options and select Configure Options.
c. Under Available Options, select 003 Router.
d. Enter 192.168.0.5 under IP address.
e. Select Add to add the IP address to the list.
f. Select OK to save the options you defined.
Server options apply to every scope on the server. Scope options override the server settings for a
specific scope.
4.4.6 Create DHCP Exclusions

You have just configured a scope on the CorpDHCP server to service the 192.168.0.0/24 subnet.
You defined a scope to distribute IP addresses between 192.168.0.1 and 192.168.0.254. However,
some of the servers and other network devices on the network have been assigned static IP address
in this range.
 Prevent the DHCP server from assigning addresses.

o Exclusion range: 192.168.0.1 to 192.168.0.29
Lab Report
Time Spent: 01:48
Score: 1/1 (100%)
TASK SUMMARY
Required Actions
Create an exclusion range from 192.168.0.1 to 192.168.0.29
EXPLANATION
1. Access the CorpDHCP Hyper-V server.

b. Resize the window to view all virtual machines.
c. Double-click CorpDHCP to access the server.
2. Exclude the IP address range.
a. From Server Manager's menu bar, select Tools > DHCP.

c. Expand CorpDHCP.CorpNet.local > IPv4 > Scope [192.168.0.1] Subnet1.
d. Right-click the Address Pool node and select New Exclusion Range.
e. Enter 192.168.0.1 in the Start IP address field.
f. Enter 192.168.0.29 in the End IP address field.
g. Select Add.
h. Select Close to close the Add Exclusion Range dialog.
4.4.7Create DHCP Client Reservations

You have several printers on Subnet1 that need static IP addresses assigned.
 Use the CorpDHCP server.

 Configure the IPv4 scope.
 Use the following reservation information:
Use a Support Type of DHCP only for each reservation.
Reservation
IP Address MAC Address
Name
LaserJet4240-
192.168.0.101 aa:61:82:df:04:54
1
LaserJet4240-
192.168.0.102 ce:fd:48:90:06:23
2
KonicaColor 192.168.0.103 c8:ba:99:cd:80:12

AcctPrinter 192.168.0.104 f1:a9:3e:f7:7d:3b
SalesPrinter 192.168.0.105 df:a9:99:cd:80:61
Lab Report
Time Spent: 04:32
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Create a reservation for LaserJet4240-1Hide Details
Name the reservation LaserJet4240-1
Assign the IP address of 192.168.0.101
Use aa:61:82:df:04:54 as the MAC address
Use the DHCP support type
Create a reservation for LaserJet4240-2Hide Details
Name the reservation LaserJet4240-2
Use ce:fd:48:90:06:23 as the MAC address
Create a reservation for KonicaColorHide Details
Name the reservation KonicaColor
Use c8:ba:99:cd:80:12 as the MAC address
Create a reservation for AcctPrinterHide Details
Name the reservation AcctPrinter
Use f1:a9:3e:f7:7d:3b as the MAC address
Create a reservation for SalesPrinterHide Details
Name the reservation SalesPrinter
Use df:a9:99:cd:80:61 as the MAC address
EXPLANATION
IP
Reservation Name MAC Address
Address
LaserJet4240-1 192.168.0.101 aa:61:82:df:04:54
LaserJet4240-2 192.168.0.102 ce:fd:48:90:06:23
KonicaColor 192.168.0.103 c8:ba:99:cd:80:12
AcctPrinter 192.168.0.104 f1:a9:3e:f7:7d:3b
SalesPrinter 192.168.0.105 df:a9:99:cd:80:61

c. Double-click CorpDCHP to connect to the server.
2. Configure the IP address.
c. From the left pane, expand CorpDHCP.CorpNet.local > IPv4 > Scope
[192.168.0.1] Subnet1.
d. Right-click Reservations and select New Reservation.
e. In the Reservation name field, enter a reservation name.
f. In the IP address field, enter the IP address.
g. In the MAC address field, enter the MAC address.
h. Under Supported types, select DHCP only (as needed).
i. Select Add to create the client reservation.
j. Select Yes to the DHCP prompt.
k. Repeat steps 2d - 2j for additional reservations.
l. Select Close.
4.5.4 Configure a DHCP Relay Agent

You just installed DHCP service on the CorpDHCP server. You configured two scopes. The scope
for Building A (Subnet1) is configured on the 192.168.0.0 network. The scope for Building B
(Subnet2) is configured on the 192.168.10.0 network. After activating the scopes, you find that
clients on Subnet1 receive IP addressing information from the DHCP server, but clients on Subnet2
have IP addresses in the 169.254.0.0/16 range. You realize that DHCP messages are not being
forwarded through the router.
 Use Routing and Remote Access to configure CorpServer2 as a DHCP Relay Agent by
performing the following:
o Add the DHCP Relay Agent routing protocol.
o Add NetTeam as a DHCP Relay Agent interface.
o Set the boot threshold to 0.
o Configure the DHCP Relay Agent properties to identify 192.168.0.14 as the DHCP
server.
 Renew the TCP/IP information on Exec2 (the client machine in Building B).
 Verify that Exec2 has a network connection.
Lab Report
Time Spent: 07:16
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Add the DHCP Relay Agent protocol
Add NetTeam as a DHCP Relay Agent interface
Set the boot threshold to 0
For the DHCP protocol, configure 192.168.0.14 as a DHCP server address
Refresh the IP address on Exec2Hide Details
Is connected to a network
Is connected to the internet
EXPLANATION
1. Add the DHCP Relay Agent routing protocol.
a. From Server Manager, select Tools > Routing and Remote Access.
b. Expand IPv4.
c. Right-click General and select New Routing Protocol.
d. Select DHCP Relay Agent and then select OK.
2. Add and configure a Relay Agent interface.
a. From the left pane, right-click DHCP Relay Agent and select New Interface.
b. Select NetTeam and then select OK.
c. Make sure Relay DHCP packets is selected.
d. Set the boot threshold to 0 (zero).
e. Select OK.
3. Configure the DHCP Relay Agent properties to identify the DHCP server.
a. Right-click DHCP Relay Agent and select Properties.
b. In the Server address field, enter 192.168.0.14 (the IP address of the DHCP
server).
c. Select Add and then select OK.
4. Renew the TCP/IP address and verify the connection.
a. From the top left, select Floor 1.
b. Under Manager Office, select Exec2.
c. Right-click Start and select Windows PowerShell (Admin).
d. In PowerShell, type ipconfig.
Notice that the current IP address is on the 169.254.0.0 network.
e. In PowerShell, type ipconfig /renew and then press Enter.
The computer should receive an address on the 192.168.10.0 network.
f. From the taskbar, select the network icon to view the connection status.
4.5.5 Add a DHCP Server on Another Subnet

You have just authorized the CorpDHCP server to assign IP addresses to client workstations on the
192.168.10.0 subnet. You now need to create an IPv4 scope on the CorpDHCP server for an
address range on this subnet.
 Create an IPv4 scope on CorpDHCP using the following specifications:

o IPv4 scope name: Sales
o Default gateway: 192.168.10.5
o DNS servers: 198.28.56.108 and 163.128.78.93
 Activate the new scope upon completion.
Lab Report
Time Spent: 03:29
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Set the name of the scope as Sales
Set the address rangeShow Details
Assign a default gateway address of 192.168.10.5 on the Sales scope
Assign DNS server addressesShow Details
Activate the Sales scope
EXPLANATION
c. Double-click CorpDHCP to connect to the server.
2. Create an IPv4 scope on the CorpDHCP.
b. Expand the CorpDHCP.CorpNet.local server node.
c. Right-click IPv4 and then select New Scope.
d. Select Next.
e. In the Name field, enter Sales and then select Next.
f. Enter 192.168.10.21 in the Start IP address field.
g. Enter 192.168.10.199 in the End IP address field.
h. Select Next > Next > Next > Next.
i. From the Router (Default Gateway) dialog, enter an IP address
of 192.168.10.5 and then select Add.
j. Select Next.
k. From the Domain Name and DNS Server dialog, add two DNS server
addresses as follows:
 In the IP address field, enter 198.28.56.108 and then select Add.
 In the IP address field, enter 163.128.78.93 and then select Add.
l. Select Next > Next.
m. From the Activate Scope dialog, make sure that Yes, I want to activate this
scope now is selected and then select Next.
n. Select Finish to complete the process of creating the DHCP scope.
4.6.4Configure DHCP Failover 1

The CampusDHCP_1 server is currently the only DHCP server for clients on the 10.10.10.0/24
subnet. It has a scope that distributes addresses between 10.10.10.1 and 10.10.10.254 with an
exclusion for static addresses for servers from 10.10.10.1 to 10.10.10.29.
To provide DHCP fault tolerance for this subnet, you plan to configure DHCP failover for the scope
with the CampusDHCP_2 server (located on subnet 10.10.20.0/24 in Campus 2). Routers have
been configured to pass DHCP requests between subnets.
 Explore the DHCP configuration on CampusDHCP_1. Which scopes, exclusions, and

options are configured?
 Explore the DHCP configuration on CampusDHCP_2. Which scopes, exclusions, and
options are configured?
 On CampusDHCP_1, configure failover of the Campus1 scope with the CampusDHCP_2
server.
o Failover mode: Load balanced
o Load balance percentage for the local server: 75%
o Load balance percentage for the partner server: 25%
o Shared secret: HelpMyDHCP123
 Which scopes, exclusions, and options have been added to the CampusDHCP_2 server?
Use the navigation tabs to switch between servers and campus locations. CampusServer1 and
CampusServer2 are Hyper-V host machines. The DHCP servers run as guest virtual machines on
these servers.
Lab Report
Time Spent: 04:12
Score: 1/1 (100%)
TASK SUMMARY
Required Actions
Configure failover for the Campus1 scopeHide Details
Partner server: CampusDHCP_2
Failover mode: Load balanced
Local server percentage: 75
Partner server percentage: 25
Shared secret: HelpMyDHCP123
EXPLANATION
1. (Optional) Explore the DHCP configuration for CampusDHCP_1.

a. From Hyper-V Manager, select CAMPUSSERVER1.
b. Under Virtual Machines, double-click CampusDHCP_1.
c. From Server Manager, select Tools > DHCP.
e. From the left pane,
expand CampusDHCP_1.partnercorp.xyz > IPv4 > Scope [10.10.10.1]
Campus1.
f. Select Address Pool.
Notice that there is currently an exclusion range of 10.10.10.1 to 10.10.10.29
and an address range of 10.10.10.1 to 10.10.10.254 to allow for static server
addresses.
g. Select Scope Options.
Notice that there are currently options configured for 003 Router, 006 DNS
Servers, and 015 DNS Domain Name.
2. (Optional) Explore the DHCP configuration for CampusDHCP_2.
a. From the top left, select Sites.
b. Under Campus2, select CampusServer2.
c. In Hyper-V Manager, select CAMPUSSERVER2.
d. Double-click CampusDHCP_2.
e. From Server Manager, select Tools > DHCP.
f. Maximize the window for better viewing.
g. From the left pane,
expand CampusDHCP_2.partnercorp.xyz > IPv4 > Scope [10.10.20.1]
Campus2.
h. Select Address Pool.
i. Notice that there is currently an exclusion range of 10.10.20.1 to 10.10.20.29
and an address range of 10.10.20.1 to 10.10.20.254 to allow for static server
addresses.
j. Select Scope Options.
3. Configure failover of the Campus1 scope with the CorpDHCP_2 server.
c. Right-click Scope [10.10.10.1] Campus1 and select Configure Failover.
d. Unmark Select all.
e. Under Available scopes, select 10.10.10.0 and then select Next.
f. Select Add Server.
g. Select This authorized DHCP server.
h. Select CampusDHCP_2.partnercorp.xyz.
i. Select OK.
j. Select Next.
k.
Enter 75 for Local Server under Load Balance Percentage.
l.
Make sure 25% is showing for the Partner Server.
m.
In the Shared Secret field, enter HelpMyDHCP123 and then select Next.
n.
Read the sentence at the top to verify that failover will be set up between
CampusDHCP_1 and CampusDHCP_2.
o. Select Finish.
p. Select Close.
4. From CampusServer2, explore the new scope.
c. From the left pane, right-click IPv4 and select Refresh.
d. From the left pane, expand CampusDHCP_2.partnercorp.xyz > IPv4.
e. Notice that a copy of the Campus1 scope is on this server.
f. From the left pane, expand Scope [10.10.10.1] Campus1.
g. Select Address Pool.
The address ranges have been duplicated.
h. Select Scope Options.
The applicable scope options have been duplicated.
4.6.5 Configure DHCP Failover 2

CampusDHCP_3 is currently the only DHCP server for clients on the 10.10.30.0/24 subnet. It has a
scope that distributes addresses between 10.10.30.1 and 10.10.30.254 with an exclusion for static
addresses for servers from 10.10.30.1 to 10.10.30.29. To provide DHCP fault tolerance for this
subnet, you want to configure DHCP failover for the scope with the CampusDHCP_2 server (located
on subnet 10.10.20.0/24 in Campus 2). Routers have been configured to pass DHCP requests
between subnets.
 On CampusDHCP_3, configure failover of the Campus3 scope with the CampusDHCP_2

server.
o Failover mode: Hot Standby
o Role of Partner Server: Standby
o Addresses reserved for the standby server: 10%
o Shared Secret: HelpMyDHCP456
 Which scopes, exclusions, and options have been added to the CampusDHCP_2 server?
Use the top navigation menu to switch between servers and campus locations. CampusServer2 and
CampusServer3 are Hyper-V host machines. The DHCP servers run as guest virtual machines on
these servers.
Lab Report
Time Spent: 04:39
Score: 1/1 (100%)
TASK SUMMARY
Required Actions
Configure failover on the Campus3 scopeHide Details
Failover partner server: CampusDHCP_2
Failover mode: Hot Standby
Role of Partner Server: Standby
Addresses reserved for the standby server: 10%
Shared Secret: HelpMyDHCP456
EXPLANATION
1. Access the DHCP settings on CampusServer3.

b. Under Virtual Machines, double-click CampusDHCP_3.
c. From Server Manager, select Tools > DHCP.
2. Configure DHCP failover for hot standby.
a. From the left pane, expand CampusDHCP_3 > IPv4.
b. Right-click Scope [10.10.30.1] Campus3 and select Configure Failover.
c. Select Next to accept the default to configure all scopes.
d. Select Add Server.
e. Select This authorized DHCP server.
f. Select CampusDHCP_2.
g. Press Ctrl and select CampusDHCP_3.
h. Select OK.
i. Select Next.
j. Use the Mode drop-down list to select Hot standby.
k. For the Role of Partner Server field, make sure Standby is selected.
l. Enter 10 in the Addresses reserved for standby server field.
m. In the Shared Secret field, enter HelpMyDHCP456 as the shared secret.
n. Select Next.
o. Select Finish.
p. Select Close.
3. Access the DHCP settings on CampusServer2.
a. From the top left, select the Sites.
c. In Hyper-V Manager, select CAMPUSSERVER2.
d. Under Virtual Machines, double-click CampusDHCP__2.
e. From Server Manager, select Tools > DHCP.
f. Maximize the window for better viewing.
4. Explore the new scope.
a. From the left pane, expand CampusDHCP_2.partnercorp.xyz > IPv4.
Notice that the new copy of the Campus3 scope is on this server.
b. From the left pane, expand Scope [10.10.30.1] Campus3.
c. Select Address Pool.
The address range of 10.10.30.1 to 10.10.30.254 has been duplicated.
d. From the left pane, select Scope Options.
Scope options have been duplicated.
4.6.7 Configure a Scope for an Additional Subnet

You have authorized the CorpDHCP server to assign IP addresses to client workstations on the
192.168.10.0 subnet. Now you need to create an IPv4 scope on the CorpDHCP server for an
address range on this subnet.
 Access the Hyper-V server name CorpDHCP.

 Create an IPv4 scope on CorpDHCP using the following parameters:
o IPv4 scope name: Bldg-A Subnet
o Router (default gateway): 192.168.10.5
o DNS servers: 198.28.56.108 and 163.128.78.93
 Activate the new scope upon completion.
Lab Report
Time Spent: 04:57
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Create an IPv4 scope on CorpDHCPHide Details
Name the scope Bldg-A Subnet
Set the address range
Use 192.168.10.21 as the first address in the range for Bldg-A Subnet
Use 192.168.10.199 as the last address in the range for Bldg-A Subnet
Assign a default gateway address of 192.168.10.5 on the Bldg-A Subnet scope
Assign DNS server addresses
Use 198.28.56.108 for one of the DNS server addresses in the Bldg-A Subnet scope
Use 163.128.78.93 for the other DNS server address in the Bldg-A Subnet scope
Activate the Bldg-A Subnet scope
EXPLANATION
1. Connect to the CorpDHCP server.

a. From Server Manager, select Tools > Hyper-V Manager.
b. From Hyper-V Manager, select CORPSERVER.
c. Maximize the window for easier viewing.
d. Under Virtual Machines, double-click CorpDHCP to connect to the servers.
2. Create a scope.
b. From the left pane, expand CorpDHCP.CorpNet.local.
c. Right-click IPv4 and select New Scope.
d. Select Next.
e. In the Name field, enter Bldg-A Subnet and select Next.
f. Configure the start and end IP addresses as follows:
 Start IP address: 192.168.10.21
 End IP address: 192.168.10.199
g. Select Next.
h. For the Add Exclusions and Delay dialog, select Next.
i. For the Lease Duration dialog, select Next.
j. Make sure that Yes, I want to configure these options now is selected and
select Next.
k. Under IP address, enter 192.168.10.5 for the router (default gateway) and
then select Add.
l. Select Next.
m. Under IP address, enter 198.28.56.108 for the DNS server and then
select Add.
n. Under IP address, enter 163.128.78.93 for the second DNS server.
o. Select Add and then select Next.
p. From the WINS Servers dialog, select Next.
3. Activate the scope.
a. Make sure Yes, I want to activate this scope now is selected.
b. Select Next.
c. Select Finish to complete the process of creating the DHCP scope.
4.6.8 Configure a Split Scope
The CorpDHCP server is the only DHCP server for clients on the 192.168.0.0/24 subnet. This server
has a scope that distributes addresses between 192.168.0.1 and 192.168.0.254 and an exclusion for
static addresses for servers from 192.168.0.01 to 192.168.0.29. To provide DHCP fault tolerance for
this subnet, you plan to split the scope with the CorpDHCP2 server (located on the 192.168.10.0/24
subnet in Building B). Routers have been configured to pass DHCP requests between subnets.
 Explore the DHCP configuration on CorpDHCP and identify which scopes, exclusions, and
options are currently configured.
 Add the CorpDHCP2 server to the DHCP console.
 Explore the DHCP configuration on CorpDHCP2 and identify which scopes, exclusions, and
options are configured.
 On CorpDHCP, use the Split-Scope wizard to split the Subnet1 scope between CorpDHCP
and CorpDHCP2.
o Configure CorpDHCP to handle 85 percent of the IP addresses.
o Configure CorpDHCP2 to handle 15 percent of the IP addresses.
o Configure a 2 millisecond delay for the target server response.
o Identify which exclusions have been added to the CorpDHCP server.
o Identify which scopes, exclusions, and options have changed on the CorpDHCP2
server.
 Activate the backup scope for Subnet1 on CorpDHCP2.
This lab begins on CorpDHCP.
Lab Report
Time Spent: 07:30
Score: 4/4 (100%)
TASK SUMMARY
Required Actions
On CorpDHCP, configure an exclusion for 15 percent of the address range
On CorpDHCP2, configure an exclusion for 85 percent of the address range
Configure a 2 millisecond delay on the target server
Activate the backup scope
EXPLANATION
1. Explore the DHCP configuration.

c. Expand CorpDHCP.CorpNet.local > IPv4.
Notice that there is currently only one scope for the 192.168.0.0 network
named Subnet1.
d. Expand and select Scope [192.168.0.1] Subnet1 > Address Pool.
Notice that there is currently an exclusion range of 192.168.0.1 to
192.168.0.29 to allow for static server addresses and an address range of
192.168.0.1 to 192.168.0.254.
e. Select Scope Options.
2. Add the CorpDHCP2 server to the DHCP console.
a. From the left pane, right-click DHCP and select Add Server.
b. Select This authorized DHCP server.
c. Select CorpDHCP2.CorpNet.local and select OK.
3. Explore the DHCP configuration on CorpDHCP2.
a. Expand CorpDHCP2.CorpNet.local > IPv4.
Notice that there is currently one scope for the 192.168.10.0 network named
Subnet2.
b. Expand and select Scope [192.168.10.1] Subnet2 > Address Pool.
Notice that there is currently an exclusion of 192.168.10.1 to 192.168.10.29
to allow for static server addresses and an address range of 192.168.10.1 to
192.168.10.254.
c. Select Scope Options.
4. Configuring a DHCP Split-Scope.
a. Under CorpDHCP, right-click Scope [192.168.0.1] Subnet1 and
select Advanced > Split-Scope.
b. Select Next to begin the Dhcp Split-Scope Configuration Wizard.
c. Select Add Server to select the target DHCP server:
d. Select This authorized DHCP server.
e. Select CorpDHCP2.CorpNet.local from the list of authorized DHCP servers;
then select OK.
f. Select Next.
g. For Percentage of IPv4 Addresses Serviced, under Host DHCP Server, enter 85.
h. Under Added DHCP Server, select the field and verify that the value was
automatically changed to 15; then select Next.
i. Under Added DHCP Server, enter 2 milliseconds for the response delays;
then select Next.
j. Select Finish.
k. Select Close.
l. Select Address Pool. Note the new exclusion for 192.168.0.217 to
192.168.0.254, excluding 15 percent of the address range.
5. Explore and activate the new scope.
a. Under CorpDHCP2, expand IPv4 > Scope [192.168.0.1] Subnet1.
b. Select Address Pool.
Notice that there is currently an exclusion of 192.168.0.1 to 192.168.0.216 to
exclude 85 percent of the address range, and the address range of
192.168.0.1 to 192.168.0.254 has been duplicated.
c. Select Scope Options.
Notice that the scope options were duplicated.
d. For CorpDHCP2, right-click Scope [192.168.0.1] Subnet1 and
select Activate to enable the backup scope.
4.7.5 Configure Alternate Addressing

You work as the IT administrator for a small corporate network. The receptionist in your office has a
laptop. He took it home and configured a static connection to his home network. When he returned
to the office, he could no longer connect to the office network, which uses a DHCP server for IP
address configuration. You need to configure the laptop to work on both networks (home and office).
 Verify the current state of the wireless network.

o Answer the question.
 Configure the Wi-Fi adapter to obtain its:
o IP address automatically
o DNS server address automatically
 Configure the alternate TCP/IP information using the following information:
o IP Address: 172.16.0.12
o Subnet Mask: 255.255.0.0
o Default Gateway: 172.16.255.254
o Preferred DNS Server: 198.60.22.2
Lab Report
Time Spent: 06:36
Score: 4/4 (100%)
TASK SUMMARY
Q1What is the current state of the wireless network?
Your answer:The computer does not have a connection.
Correct answer:The computer does not have a connection.
Configure automatic IP addressing through DHCP
Configure automatic DNS addressing
Configure an alternate TCP/IP addressHide Details
IP address: 172.16.0.12
Subnet mask: 255.255.0.0
Default gateway: 172.16.255.254
DNS Server: 198.60.22.2
EXPLANATION
1. Determine the current state of the wireless network.
a. From the Notification area, select the wireless network icon to view the
current state of the wireless network.
b. In the top right, select Answer Questions.
c. Answer Question 1.
d. Minimize the Lab Questions dialog.
2. Configure the TCP/IPv4 properties to obtain IP and DNS information automatically.

b. Select Network & internet.
e. Right-click Wi-Fi and select Properties.
g. Select Obtain an IP address automatically.
h. Select Obtain DNS server address automatically.
3. Configure the alternate TCP/IP settings.
a. From the Internet Protocol Version 4 dialog, select the Alternate

Configuration tab to define an alternate configuration for TCP/IP
addressing.
b. Select User configured to configure alternate IP settings.
c. Configure the properties as follows:
 IP Address: 172.16.0.12
 Subnet Mask: 255.255.0.0
 Preferred DNS Server: 198.60.22.2
d. Select OK.
e. Select Close.
f. Close the Network Connections window.
4. Determine the current state of the wireless network.
a. Select the wireless network icon in the Notification area and notice that it is
now currently connected to the network.
b. In the top right, select Answer Questions.
c. Select Score Lab.
4.7.6Troubleshoot DHCP 1
and uses DHCP for address assignments. The employees in the Exec Office and Office 2 report that
their workstations can communicate with some computers on the network, but not on the internet.
The IP address for the ISP and internet is 198.28.2.254. The CorpDHCP server is a virtual server
that runs on CorpServer.
 Diagnose and fix the problem.
Use the following troubleshooting tools to accomplish the task:
 Command line utilities:

o ping
(ping IP address or hostname)
o ipconfig
(ipconfig /all or ipconfig /renew)
o tracert
(tracert IP address or hostname)
 Network and Sharing Center.
 Network & Internet settings.
 The DHCP server console in the Windows Server operating system.
 The network diagram and schematic found in Exhibits.
Lab Report
Time Spent: 03:20
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Reconfigure the DHCP server with 192.168.0.5 as the default gateway
Verify that the Exec workstation can access the internet
Verify that the Office2 workstation can access the internet
EXPLANATION
1. Use Office2 to verify the connectivity problem by pinging Exec, CorpServer, and the
internet service provider (ISP).
b. At the PowerShell prompt, type ping Exec and press Enter.
Notice that Support is translated to 192.168.0.30, and the ping is returned.
c. Type ping Corpserver and press Enter.
Notice that CorpServer is translated to 192.168.0.10, and the ping is
returned.
d. Type ping 198.28.2.254 (the ISP) and press Enter.
The request times out.
2. Use Exec to verify the connectivity problem by pinging Office2, CorpServer, and the
a. From the top navigation tabs, select Floor 1 Overview.
d. At the PowerShell prompt, type ping Office2 and press Enter.
Notice that Office2 is translated to 192.168.0.34, and the ping is returned.
e. Type ping Corpserver and press Enter.
Notice that CorpServer is translated to 192.168.0.10, and the ping is
returned.
f. Type ping 198.28.2.254 and press Enter.
3. Use ipconfig /all to check the Ethernet adapter configuration.
a. At the PowerShell prompt, type ipconfig /all and press Enter.
Notice that the Ethernet adapter is configured with DHCP Enabled, and the
DHCP server has an IP address of 192.168.0.14. This is the correct IP address.
The Ethernet adapter is receiving its IP address, default gateway address, and
DNS addresses from the correct DHCP server.
However, notice that the default gateway address is incorrectly configured as
192.168.0.4. The Exhibit shows that the default gateway should be
192.168.0.5. The DHCP server must be giving out the wrong default gateway
address. This is probably why the workstation can't communicate with the
ISP and the internet.
4. Use CorpServer to access CorpDHCP and reconfigure the default gateway settings for
the DHCP scope.
c. From Hyper-V Manager, select CORPSERVER.
e. Under Virtual Machines, double-click CorpDHCP to connect to the virtual
server.
f. From Server Manager, select Tools > DHCP.
g. Maximize the window for better viewing.
h. From the left pane, expand CorpCHCP.CorpNet.local > IPv4 > Scope
[192.168.0.1] Subnet1.
i. Select Scope Options.
j. In the center pane, double-click 003 Router.
k. Under IP address, select 192.168.0.4.
l. Select Remove.
m. Enter 192.168.0.5 in the IP address field.
n. Select Add.
o. Select OK.
5. Renew the IP address configurations on the Ethernet adapter for the Support
workstation.
c. At the PowerShell prompt, type ipconfig /renew and press Enter.
Notice that the default gateway address is now correctly configured as
192.168.0.5.
d. Type ping 198.28.2.254 and press Enter.
Notice the reply from the ISP address.
6. Renew the IP address configurations on the Ethernet adapter for the Office2
workstation.
c. At the PowerShell prompt, type ipconfig /renew and press Enter.
Notice that the default gateway address is now correctly configured as
192.168.0.5.
d. Type ping 198.28.2.254 and press Enter.
4.7.7Troubleshoot DHCP 2
and uses DHCP for address assignments. The owner of the company (in the Executive Office) and a
temporary employee (in the IT Administrator office) both report that their workstations can
communicate with some computers on the network, but not on the internet. The IP address for the
ISP and the internet is 198.28.2.254.
 Diagnose and fix the problem.
Use the following troubleshooting tools to accomplish the task:
 PowerShell/command line utilities:

o ping
(ping IP address or hostname)
o ipconfig
(ipconfig /all or ipconfig /renew)
o tracert
(tracert IP address or hostname)
 Network & Internet settings.
 The DHCP server console in the CorpDHCP server. The CorpDHCP server is a virtual server
that runs on CorpServer.
 The network diagram and schematic found in Exhibits.
Lab Report
Time Spent: 02:26
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Activate the DHCP scope for the local network
Verify that the Executive Office and IT administrator workstations can access the internetHide
Details
Exec computer is connected to the internet
ITadmin computer is connected to the internet
EXPLANATION
1. On Exec, verify the connectivity problem by pinging ITAdmin, CorpServer, and the
a. Under Executive Office, select Exec.
b. Right-click Start and select Windows PowerShell (Admin).
c. At the PowerShell prompt, type ping ITAdmin and press Enter.
Notice that ITAdmin is translated to 169.254.201.14, and the ping is returned.
The IP address for ITAdmin is in the APIPA range (169.254.0.1 to
169.254.255.254). Since Exec can communicate with ITAdmin, it is likely that
Exec has been assigned an APIPA address as well.
d. Type ping CorpServer and press Enter.
e. Type ping 198.28.2.254 and press Enter. This is the IP address for the ISP.
The request times out. There is probably no default gateway configured so
that the workstation can send traffic to another network.
f. Type ipconfig /all and press Enter.
Notice that DHCP is enabled, but there is no default gateway address or
DHCP server entry.
Notice that the Autoconfiguration IPv4 Address is 169.254.201.10.
This confirms that Exec is using an APIPA address. It also indicates that there
is a problem getting IP configurations from a DHCP server.
2. On ITAdmin, verify the connectivity problem by pinging Exec, CorpServer, and the
d. At the PowerShell prompt, type ping exec and press Enter.
Notice that Exec is translated to 169.254.201.10, and the ping is returned.
e. Type ping CorpServer and press Enter.
f. Type ping 198.28.2.254 and press Enter.
g. Type ipconfig /all and press Enter.
Notice that DHCP is enabled, but there is no default gateway address or
DHCP server entry.
Notice that the Autoconfiguration IPv4 Address is 169.254.201.14.
This is the same problem that occurred with the Exec workstation.
3. Activate the scope.
c. In Hyper-V Manager, CORPSERVER.
d. Maximize the window for easier viewing.
e. Under Virtual Machines, double-click CorpDHCP to connect to the virtual
server.
f. In Server Manager, select Tools > DHCP.
g. In the left pane, expand and select CorpCHCP.CorpNet.local > IPv4.
In the center pane, notice that the Scope [192.168.0.1] Subnet1 is inactive. (It
has a small red down arrow added to the folder icon.)
h. Right-click Scope [192.168.0.1] Subnet1 and select Activate.
4. Verify that activating the DHCP scope resolved the issues for the Exec computer.
c. At the PowerShell prompt, type ipconfig /all to view the IP address
information.
Notice that the IPv4 address is now 192.168.0.35, the default gateway
address is now 192.168.0.5, and the DHCP server is now 192.168.0.14.
Notice the reply from CorpServer.
e. Type ping 198.28.2.254 and press Enter.
f. Type ping ITAdmin and press Enter. The request is successful because the
IP address is updated automatically.
5. (Optional) Verify that activating the DHCP scope resolved the issues for the ITAdmin
computer.
c. At the PowerShell prompt, type ipconfig /all and press Enter.
Notice that the IPv4 address is now 192.168.0.36, the default gateway
address is now 192.168.0.5, and the DHCP server is now 192.168.0.14.
Notice the reply from CorpServer.
e. Type ping 198.28.2.254 and press Enter.
f. Type ping exec and press Enter.
Notice the reply from Exec.
4.8.8 Configure an IPv6 Address

You are the IT administrator for a small corporate network. The company has obtained the
registered, globally unique IPv6 /48 network address 2620:14F0:45EA. You need to configure your
server with this address so you can begin testing IPv6 in your internal network. This is your first
network, so you will use a subnet address of 0001. Your network router is not configured for IPv6
yet, so you must manually configure the address for now. To simplify the configuration, use the
server's IPv4 address to create the interface ID.
 Locate the current IPv4 IP address for the external vEthernet network adapter.
 Answer Question 1.
 Configure the external vEthernet network adapter with the following IPv6 address:
o Prefix: 2620:14F0:45EA:0001
o Interface ID: Use the current IPv4 address (in the correct format) for this
adapter
o Subnet prefix length: 64
 Use ipconfig to verify the information.
Lab Report
Time Spent: 03:23
Score: 4/4 (100%)
TASK SUMMARY
Q1What is the IP address for the external vEthernet network adapter
Use 2620:14F0:45EA:0001:192:168:0:10 as the IPv6 address on the vEthernet (external) network
adapter
Use 64 as the subnet prefix length for the IPv6 address
Verify the IPv6 settings using ipconfig
EXPLANATION
1. Locate the current IPv4 IP address for the external vEthernet network adapter.
d. Right-click the vEthernet (External) adapter and select Properties.
e. Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.
f. From the top right, select Answer Questions.
h. From the TCP/IPv4 Properties page, select OK.
2. Configure the external vEthernet network adapter.
a. Select Internet Protocol Version 6 (TCP/IPv6) and then select Properties.
b. Select Use the following IPv6 address and configure the settings as follows:
 IPv6 address: 2620:14F0:45EA:0001:192:168:0:10
 Subnet prefix length: 64
c. Select OK.
d. Select Close.
3. Verify the IPv6 address.
a. Right-click Start and select Windows PowerShell (Admin) to verify the
address configuration.
b. At the prompt, type ipconfig /all and press Enter to view the IPv6 address.
c. From the Lab Questions window, select Score Lab.
4.10.4 Configure NIC Teaming

You are the IT administrator for a small corporate network. You use CorpServer for your production
server and need to have the most throughput possible. As a result, you need to configure NIC
teaming.
In this lab, your task is to configure a NIC team on CorpServer as follows:
 Move the network cable from the onboard adapter in the CorpServer to the 4 port NIC in
CorpServer.
 Connect network cables from the 4 port NIC on CorpServer to switch ports 19, 20, and 22.
 Configure the adapter ports as members of a NIC team using the following parameters:
o Team name: NetTeam
o Configure Ethernet 3 through Ethernet 6 as members of the team.
o Teaming mode: LACP
o Load balancing mode: Address Hash
o Standby adapter: None (all adapters Active)
 Configure the Hyper-V Virtual Switch Manager to use the new NIC team for the External
network, using the Microsoft Network Adapter Multiplexor Driver.
 Verify the status of the team and your network connection in Network and Sharing Center.
Lab Report
Time Spent: 17:42
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Connect the 4 port NIC to the switchHide Details
Connect Network Port 1 to the Switch (Ports 19 - 22)
Create the NIC teamHide Details
Team name: NetTeam
Add all four ports to the team
Ethernet 3
Ethernet 4
Ethernet 5
Ethernet 6
Standby adapter: None
Teaming Mode: LACP
Load balancing mode: Address Hash
Configure the External network to use NetTeam
EXPLANATION
1. Move the network cable from the onboard adapter in CorpServer to the 4 port NIC in
CorpServer.
a. Above the rack, select Back to switch to the back view of the rack.
b. Drag the network cable from the onboard network adapter on CorpServer
(the 1U server) to a free port on the 4 port NIC in CorpServer.
c. Above the rack, select Front to switch to the front view of the rack.
d. In the Selected Component window, verify that the other end of the network
cable is connect to port 21 on the switch.
2. Connect network cables from the 4 port NIC on CorpServer, to switch ports 19, 20, and
22.
a. Under Shelf, expand Cables.

b. Select Cat6a Cable, RJ45.
c. From the Selected Component pane, drag an unconnected RJ45 cable end
to a port (19, 20, or 22).
d. Repeat steps 2b-2c for two more cables.
e. Above the rack, select Back.
f. From Partial Connections:
 Drag a cable to an open port on the 4 port NIC in CorpServer.
 Repeat the previous step until there are no more cables in Partial
Connections.
3. Configure the adapter ports as members of a NIC team.
a. On the CorpServer monitor, select Click to view Windows Server 2022.

b. From Server Manager, select Local Server from the menu on the left.
c. Next to NIC Teaming, select Disabled to enable and configure NIC Teaming.
d. In the Teams panel, select Tasks > New Team.
e. Type NetTeam in the Team name field.
f. Select adapters Ethernet 3 through Ethernet 6 to be included in the team.
g. Expand Additional Properties.
h. Configure the additional properties as follows:
 Teaming mode: LACP
 Load balancing mode: Address Hash
 Standby adapter: None (all adapters Active)
i. Select OK to close the NIC Teaming dialog.
j. Close the NIC Teaming window.
4. Configure the Hyper-V Virtual Switch Manager to use the new NIC team for the External
network.
a. From Server Manager's menu bar, select Tools > Hyper-V Manager.
b. Right-click CORPSERVER and then select Virtual Switch Manager.
c. In the left panel, under Virtual Switches, select the External switch for
configuration options.
d. Under Connection type, use the External network drop-down to select
the Microsoft Network Adapter Multiplexor Driver.
e. Select OK.
5. Verify the status of the team and your network connection using the Network and
Sharing Center.
a. From the system tray, right-click on the network icon and then select Open
Network and Sharing Center.
b. Verify that the NetTeam NIC has an internet connection. Also notice that the
network icon in the system tray shows that the server is connected.
5.1.4 Configure DNS Addresses

You are helping a friend in college with his network connection. The dormitory where he lives has
installed a 1000BaseT Ethernet network. This network uses a DHCP server to assign the IP
addressing. You would like to configure your friend's computer (named Dorm-PC) to use a different
set of DNS server addresses than the ones being delivered by the DHCP server.
 Configure the IPv4 settings for the Ethernet network card to use the following DNS server
addresses:
o Preferred DNS server: 208.67.222.222
o First alternate DNS server: 208.67.222.220
o Second alternate DNS server: 208.67.220.123
o Validate the static DNS server information.
Lab Report
Time Spent: 07:22
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Use static DNS server addresses
Add 208.67.222.222 as a DNS server
Configure DNS server addresses in the required order
EXPLANATION
While completing this lab, use the following DNS information:
 Preferred DNS server: 208.67.222.222

 First alternate DNS server: 208.67.222.220
 Second alternate DNS server: 208.67.220.123
1. Access the Ethernet properties dialog.
a. Under Dorm Room, select Dorm-PC.

b. Right-click the Network icon in the taskbar's notification area and
select Open Network & Internet settings.
d. Right-click Ethernet and select Properties.
2. Configure the new DNS addresses.
a. Select Internet Protocol Version 4 (TCP/IPv4).

b. Select Properties.
c. Select Use the following DNS server addresses to manually configure the
DNS server addresses.
d. Select Advanced to configure more than two DNS server addresses.
e. Select the DNS tab.
f. Under DNS server addresses, select Add to configure DNS server addresses.
g. Enter the DNS server address and then select Add.
h. Repeat steps 2f–2g to configure the two additional DNS server addresses.
i. Select OK.
3. Validate the new DNS settings.
a. From the Internet Protocol Version 4 (TCP/IP4) Properties window,

select Validate settings upon exit.
b. Select OK.
c. Select Close to close Ethernet Properties.
5.1.5 Create Standard DNS Zones

The accounting department is testing a new payroll system server. To facilitate their tests, they
would like to add the payroll server to DNS to support name resolution. You need to create a new
zone to support their request and accelerate lookups. You also need to place a copy of this zone on
the DNS server in Building B.
 Create a primary forward lookup zone on CorpDC using the following parameters:
o Deselect Store the zone in Active Directory.
o Use acct.CorpNet.local as the zone name.
o Use the default name for the zone file.
o Do not allow dynamic updates.
o Allow zone transfers to any server.
 Create a secondary forward lookup zone called acct.CorpNet.local on CorpDC3.
o Specify 192.168.0.11 or CorpDC.CorpNet.Local as the master DNS server for the
zone.
Lab Report
Time Spent: 10:21
Score: 4/4 (100%)
TASK SUMMARY
Required Actions
Create the acct.CorpNet.local primary forward lookup DNS zone on CorpDCHide Details
Zone name: acct.CorpNet.local
Zone type: Primary
Deselect Store the zone in Active Directory
Select Do not allow dynamic updates
Allow zone transfers to any server
Create the acct.CorpNet.local secondary zone on CorpDC3Hide Details
Zone name: acct.CorpNet.local
Zone type: Secondary
Configure CorpDC (192.168.0.11) as the master server for the zone
EXPLANATION
1. Access the CorpDC virtual server.

b. Double-click CorpDC to connect to the server.
2. Create a primary forward lookup zone.
a. From Server Manager, select Tools > DNS.
c. Expand CORPDC (the server that will host the zone).
d. Right-click Forward Lookup Zones and select New Zone.
e. In the New Zone wizard, select Next.
f. Make sure Primary zone is selected.
g. Clear Store the zone in Active Directory (this option is only available for
domain controllers) and then select Next.
h. In the Zone name field, enter acct.CorpNet.local for the zone and then
select Next.
i. Verify that Create a new file with this file name is selected and then click Next.
j. Make sure Do not allow dynamic updates is selected and then click Next.
k. Select Finish to complete the New Zone wizard.
3. Configure zone transfers.
a. Expand Forward Lookup Zones.
b. Right-click acct.CorpNet.local (the new zone) and select Properties.
c. Select the Zone Transfers tab.
d. Verify that Allow zone transfers is selected.
e. Select To any server.
f. Select OK.
4. Create a forward secondary zone.
a. Expand CORPDC3 (the server that will host the new zone).
b. Right-click Forward Lookup Zones and then select New Zone.
c. Select Next.
d. Select Secondary zone as the zone type and then select Next.
e. In the Zone name field, enter acct.CorpNet.local and then select Next.
f. In the Master Servers box, select Click here.
g. Enter 192.168.0.11 or CorpDC.CorpNet.Local as the server that hosts a copy
of the zone.
h. Press Enter or click away from the IP address to begin validation.
i. After validation is complete, select Next.
j. Click Finish to complete the New Zone wizard.
5.1.6 Create Host Records

You work as the IT administrator for a small corporate network. You have two servers and a DNS
server that use static IP addresses on the 192.168.0.0/24 subnet. You plan to install three more
servers soon, so you need to create DNS records for these servers on the CorpDC server.
 Create an IPv4 Active Directory-integrated primary reverse lookup zone for subnet
192.168.0.0/24. Be sure to accept the default replication and dynamic update settings.
 Create A records and PTR records under CorpNet.local for the following hosts:
Host Name IP Address

CorpFiles1
192.168.0.12
6
CorpFiles1
192.168.0.13
2
CorpDHCP 192.168.0.14
CorpWeb 192.168.0.15
If you create the A records before creating the reverse lookup zone, the PTR records will not be
created automatically.
Lab Report
Time Spent: 06:30
Score: 6/6 (100%)
TASK SUMMARY
Required Actions
Create a reverse lookup zone for the 192.168.0 subnet
Create A and PTR records for CorpServer.CorpNet.localHide Details
Create the CorpServer A record using 192.168.0.10
PTR record created for CorpServer
Create A and PTR records for CorpFiles16.CorpNet.localHide Details
Create the CorpFiles16 A record using 192.168.0.12
PTR record created for CorpFiles16
Create A and PTR records for CorpFiles12.CorpNet.localHide Details
Create the CorpFiles12 A record using 192.168.0.13
PTR record created for CorpFiles12
Create A and PTR records for CorpDHCP.CorpNet.localHide Details
Create the CorpDHCP A record using 192.168.0.14
PTR record created for CorpDHCP
Create A and PTR records for CorpWeb.CorpNet.localHide Details
Create the CorpWeb A record using 192.168.0.15
PTR record created for CorpWeb
EXPLANATION
Host
IP Address
Name
CorpFiles16 192.168.0.12
CorpFiles12 192.168.0.13
CorpDHCP 192.168.0.14
CorpWeb 192.168.0.15

2. Create a primary reverse lookup zone.
a. From Server Manager, select Tool > DNS.
b. Expand CORPDC.
c. Right-click Reverse Lookup Zones and select New Zone.
d. Select Next.
e. Make sure that Primary zone is selected.
f. Make sure that Store the zone in Active Directory is selected and then
select Next.
g. Keep the default replication scope setting and select Next.
h. Keep the default reverse lookup zone settings and select Next.
i. For Network ID, use 192.168.0 as the network ID.
j. Select Next.
k. Keep the default dynamic update settings and then select Next.
l. Select Finish.
3. Create a host (A) and associated pointer (PTR) record.
a. From DNS Manager, expand Forward Lookup Zones.
b. Right-click CorpNet.local and select New Host (A or AAAA).
c. In the Name field, enter the hostname.
d. In the IP address field, enter the IP address.
e. Select Create associated pointer (PTR) record as needed. The reverse
lookup zone must exist for this record to be created.
f. Select Add Hosts.
g. Select OK for the prompt shown.
h. Repeat steps 3c through 3g to add the additional host records.
i. Select Done.
5.1.7 Create CNAME Records

The sales department wants to create an intranet for all sales employees. Internet Information
Services (IIS) is installed on CorpWeb and will be used to host the intranet site. Employees need the
ability to access the web server using any of the following URLs:
 http://sales.private
 http://intranet.sales.private
 http://www.sales.private
You have already created the sales.private forward lookup zone on the CorpDC server.
 Allow connections to the web server by creating the following ALIAS (CNAME) records in the
zone using the following information:
ALIAS Name Target Host (FQDN)

(leave blank) CorpWeb.CorpNet.local
intranet CorpWeb.CorpNet.local
www CorpWeb.CorpNet.local
When creating ALIAS records, use CorpWeb.CorpNet.local as the fully qualified domain name.
Lab Report
Time Spent: 04:11
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Create the ALIAS (CNAME) record with a blank name pointing to CorpWeb.CorpNet.localHide
Details
Make sure the record type is Alias (CNAME)
Leave the name blank
Use CorpWeb.CorpNet.local as the target host
Create the intranet ALIAS (CNAME) record pointed to CorpWeb.CorpNet.localHide Details
Use intranet as the record name
Create the www ALIAS (CNAME) record pointed to CorpWeb.CorpNet.localHide Details
Use www as the record name
EXPLANATION

2. For the sales.private zone, create the ALIAS (CNAME) record with a blank name pointing
to CorpWeb.CorpNet.local.
c. Expand CORPDC > Forward Lookup Zones.
d. Right-click the sales.private zone and select New Alias (CNAME).
e. Configure the new record as follows:
 Alias name: Leave blank
 Fully qualified domain name (FQDN) for target
host: CorpWeb.CorpNet.local
f. Select OK.
3. For the sales.private zone, create the intranet ALIAS (CNAME) record pointed to
CorpWeb.CorpNet.local.
a. Right-click the sales.private zone and select New Alias (CNAME).
b. Configure the new record as follows:
 Alias name: intranet
c. Select OK.
4. For the sales.private zone, create the www ALIAS (CNAME) record pointed to
a. Right-click the sales.private zone and select New Alias (CNAME).
b. Configure the new record as follows:
 Alias name: www
c. Select OK.
5.1.8 Troubleshoot DNS Records

You are the administrator for the CorpNet.local domain. The CorpDC and CorpDC3 servers are the
DNS servers for the domain. You are responsible for CorpDC, which resides in Building A. Some
users report that they are unable to contact the CorpWeb server.
 Test the connectivity to CorpWeb using the ping command.

o Ping CorpWeb.CorpNet.local
o Ping 192.168.0.15 (the IP address for CorpWeb).
o Answer Question 1.
 Create any DNS records needed to fix the problem using the following information:
o Host name: CorpWeb
o IP address: 192.168.0.15
 Test the connectivity to CorpWeb using the ping command.
o Ping CorpWeb.CorpNet.local
o Ping 192.168.0.15 (the IP address for CorpWeb).
Lab Report
Time Spent: 03:18
Score: 3/3 (100%)
TASK SUMMARY
Lab Questions
Q1While testing connectivity, which ping commands were successful, if any?
Your answer:ping 192.168.0.15
Correct answer:ping 192.168.0.15
Create an A record for CorpWeb using 192.168.0.15
Q2After implementing your fix, which ping commands were successful?
Your answer:ping CorpWeb.CorpNet.local,ping 192.168.0.15
Correct answer:ping CorpWeb.CorpNet.local, ping 192.168.0.15
EXPLANATION
1. Test the connectivity to CorpWeb using the ping command.

b. At the prompt, type ping CorpWeb.CorpNet.local and press Enter.
c. At the prompt, type ping 192.168.0.15 (the IP address for CorpWeb) and
press Enter.
d. From the top right, select Answer Questions.
e. Answer Question 1.
f. Close PowerShell.
3. Create any DNS records needed to fix the problem.
a. In Server Manager, select Tools > DNS.
b. Expand CORPDC > Forward Lookup Zones.
c. Right-click CorpNet.local and select New Host (A or AAAA).
d. In the Name field, enter CorpWeb.
Notice that the fully qualified domain name (FQDN) is now
e. Enter 192.168.0.15 in the IP Address field.
f. Select Create associated pointer (PTR) record to automatically create the
PTR record for the new host.
g. Select Add Host.
h. Select OK.
i. Select Done to close the New Host dialog.
4. Test the connectivity to CorpWeb using the ping command.
b. At the prompt, type ping 192.168.0.15 (the IP address for CorpWeb) and
press Enter.
c. At the prompt, type ping CorpWeb.CorpNet.local and press Enter.
e. Select Score Lab.
5.2.5 Configure Forwarders

You work as the IT administrator for a small corporate network. The server CorpDC is your domain
controller and DNS server. This server hosts the CorpNet.xyz zone. For name resolution requests in
other zones, you want CorpDC to forward requests to name servers at the ISP.
In this lab, your task is to configure the DNS service on CorpDC using the following settings:
 Forward name resolution requests outside of the CorpNet.xyz domain to the following ISP
DNS servers:
o 163.128.80.93
o 163.128.78.93
 Use root hints for requests if the ISP DNS servers are unavailable.
Lab Report
Time Spent: 02:57
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Configure CorpDC to use 163.128.80.93 as a forwarder
Configure CorpDC to use 163.128.78.93 as a forwarder
Use root hints if the forwarding server is unavailable
EXPLANATION
1. Connect to the CorpDC virtual machine.

b. From the Virtual Machines pane, double-click CorpDC to connect to this
server.
2. Create the forward name resolution requests.
b. From the left pane, right-click CORPDC and select Properties.
c. Select the Forwarders tab.
d. Select Edit.
e. From the Edit Forwarders window, select Click here.
f. Enter an 163.128.80.93 as a forwarding server.
g. Click in a blank area below the IP addresses shown, and verify that a server is
located.
h. Select Click here.
i. Enter an 163.128.78.93 as a second forwarding server.
j. Click in a blank area below the IP addresses shown, and verify that a server is
located.
k. Select OK.
l. Ensure that Use root hints if no forwarders are available is marked.
m. Select OK to exit the Properties window.
5.2.6 Create a Root Zone

You work as the IT administrator for a small business and are responsible for the corporate network.
A partner company has asked you to help configure their DNS server.
CAMPUSDC1 is a Windows Server 2022 server that holds the primary copy of the PartnerNet.xyz
domain. The server is in a screened subnet, or demilitarized zone (DMZ), and provides name
resolution for the domain for internet hosts.
The partner company wants to prevent CAMPUSDC1 from performing name resolution requests for
domains other than the PartnerNet.xyz domain. In other words, they do not want internet hosts to be
able to obtain name resolution from CAMPUSDC1 for domains outside the company.
 Verify that Root Hints are being provided.

 Create a new forwarding lookup zone on CAMPUSDC1.
o Zone named: . (a dot to represent the root zone.)
o Do not allow dynamic updates.
 Verify that root hints are no longer configured on the server.
Lab Report
Time Spent: 04:21
Score: 5/5 (100%)
TASK SUMMARY
Q1How many root hints are being shown
Your answer:13
Correct answer:13
Create the root zone named . (a dot to represent the root zone)
Create the root zone as a primary zone
Do not allow dynamic updates
Q2Regarding root hints, select the answer that best matched the results of your new zone
Your answer:All of the root hints have been eliminated.
Correct answer:All of the root hints have been eliminated.
EXPLANATION
1. Verify that root hints are being provided.

c. From the left pane, right-click CAMPUSDC1 and then select Properties.
d. Select the Root Hints tab.
e. From the top right, select Answer Questions.
f. Answer Question 1 then minimize window.
g. Close the CAMPUSDC1 Properties window.
2. Create a new forwarding zone.
a. Expand CAMPUSDC1.
b. Right-click Forward Lookup Zones and select New Zone.
c. Select Next to start the New Zone Wizard.
d. Make sure Primary zone is selected; then select Next.
e. Make sure To all DNS servers running on domain controllers in this domain:
partnercorp.xyz is selected; then select Next.
f. Type . (a dot to represent the root zone) for the zone name and then
select Next.
g. Select Do not allow dynamic updates and then select Next.
h. Select Finish to complete the New Zone wizard.
3. Verify that root hints are no longer configured on the server.
a. Right-click CAMPUSDC1 and select Properties.
b. Select the Root Hints tab.
e. Select Score Lab.
5.3.7 Create an Active Directory-Integrated Zone

The marketing department wants to create an intranet site that is only accessible from the private
network. You have selected mrktg.private as the domain name that will hold all records for the zone.
You want all client computers in the domain to update their records automatically using DNS.
Because security is important, you need to make sure that only the computer that created the DNS
record can update it.
You also need to create an Active Directory–integrated zone to store the zone data in Active
Directory. Using an Active Directory–integrated zone lets you use a multi-master approach to storing
zone data. These types of zones also support secure dynamic DNS updates. You can only create
Active Directory–integrated zones on DNS servers that are domain controllers.
 Create a forward lookup zone on the CorpDC DNS server using the following guidelines:
o Zone type: Primary (stored in Active Directory)
o Replicate data: To all DNS servers in the CorpNet.local forest
o Zone name: mrktg.private
o Dynamic update type: Allow only secure dynamic updates
Lab Report
Time Spent: 01:59
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Configure the mrktg.private zone as a primary zone
Replicate data with all domain controllers in the domain
Create the mrktg.private forward lookup zone
Allow only secure dynamic updates
Configure the mrktg.private zone as an Active Directory-integrated zone
EXPLANATION
1. Connect to the CorpDC virtual server.

a. In Hyper-V Manager, select CORPSERVER.
b. Double-click CorpDC to connect to this server.
2. Create a forward lookup zone on the CorpDC DNS server.
c. Expand CORPDC.
d. Right-click Forward Lookup Zones and select New Zone.
e. From the New Zone Wizard, select Next.
f. Make sure that Primary zone is selected as the zone type.
g. Make sure that Store the zone in Active Directory is selected and then
select Next.
h. Select To all DNS servers running on domain controllers in this forest.
i. Select Next.
j. Enter the mrktg.private and then select Next.
k. Make sure that Allow only secure dynamic updates is selected; then
select Next.
l. Select Finish.
5.3.8 Convert a Zone to Active Directory-integrated

The CorpDC server currently stores the sales.private standard primary DNS zone. You need to
configure the sales.private zone to store all the data in Active Directory.
 Convert the sales.private zone to an Active Directory-integrated zone.

 Change the replication scope to store data on all DNS servers in the domain.
The zone must exist on a domain controller before it can be converted to an Active Directory-
integrated zone.
Lab Report
Time Spent: 02:31
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Convert the sales.private zone to an Active Directory-integrated zone
Replicate zone data with all DNS servers in the domain
EXPLANATION
b. Double-click CorpDC to connect to this server.
2. Convert the sales.private zone to an Active Directory-integrated zone.
c. Expand CORPDC > Forward Lookup Zones.
d. Right-click sales.private and select Properties.
e. For Type, select Change.
f. Make sure that Primary zone is selected.
g. Select Store the zone in Active Directory and then select OK.
h. Select Yes to confirm Active Directory integration.
3. Change the replication scope to store data on all DNS servers in the domain.
a. For Replication, select Change.
b. Select To all DNS servers in this domain, and then select OK.
c. Select Yes to confirm your changes.
d. Select OK to close the Properties window.
5.4.5 Explore nslookup

You are the administrator for the CorpNet.local domain. The CorpDC and CorpDC3 servers are the
DNS servers for the domain. CorpDC resides in Building A, and CorpDC3 resides in Building B.
Users in Building B report that they are unable to contact the CorpWeb server.
 Use nslookup to query the DNS for the CorpWeb server using its fully qualified domain name
(CorpWeb.CorpNet.xyz).
o What are your results?
 Use nslookup to query the CorpDC3 DNS server for CorpWeb. Use the fully qualified domain
name for both CorpDC3 and CorpWeb.
o What are your results?
o What is the problem?
o How would you resolve this problem?
o How would you verify that the problem has been fixed?
Lab Report
Time Spent: 11:25
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Run nslookup on CorpWeb.CorpNet.xyz
Explore DNS with nslookup
EXPLANATION
1. Use nslookup to query the DNS for the CorpWeb server using its fully qualified domain
name.
b. At the PowerShell prompt, type nslookup CorpWeb.CorpNet.xyz and
press Enter.
The CorpDC DNS server responds with the name resolution information for
CorpWeb.
2. Use nslookup to query the CorpDC3 DNS server for CorpWeb.
a. Type nslookup CorpWeb.CorpNet.xyz CorpDC3.CorpNet.local and
press Enter.
The CorpDC3 DNS server responds that it can't find CorpWeb. CorpDC3 does
not have a DNS record for CorpWeb.
3. Answer the following questions:
What is the Problem?

The information between the DNS databases is not consistent. Since this DNS zone is an
Active Directory-integrated zone, this indicates that Active Directory is not synchronizing
properly.
How would you resolve this problem?

You would likely attempt to force replication between the Active Directory domain
controllers. If CorpDC held a primary zone and CorpDC3 held a secondary zone, you
would likely initiate a zone transfer to make sure that the DNS records were consistent
between servers.
How would you verify that the problem has been fixed?
After implementing the above solution, you could verify that the problem was fixed by
repeating step 2. The CorpDC3 DNS server should respond with name resolution
information for CorpWeb.
5.5.8 Configure DNSSEC

Your partner company is increasing security as they prepare to launch a web server. They want to
implement DNSSEC so users of the partner website have a high degree of confidence that they are
communicating with the host they expect to communicate with, PartnerCorp.xyz.
In this lab, your task is to use DNSSEC to sign the PartnerCorp.xyz zone as follows:
 Make CampusDC1 the Key Master.

 Add a Key Signing Key with the following non-default parameters:
o Key length (Bits): 1024
o Rollover frequency (days): 730
 Add a Zone Signing Key with the following non-default parameters:
o Key length (Bits): 1024
o Rollover frequency (days): 730
 Use NSEC3 to generate and use a random salt length of 8.
 Enable the distribution of trust anchors.
 Configure Signing and Polling parameters as follows:
o DS record TTL (seconds): 4800
o DNSKEY record TTL (seconds): 4800
 Refresh the zone to make sure the records have been signed.
Lab Report
Time Spent: 14:24
Score: 6/6 (100%)
TASK SUMMARY
Required Actions
Make CampusDC1 the Key MasterHide Details
Zone is Signed
Enable Trust Anchors
Add a Key Signing KeyHide Details
Key Length: 1024
Rollover Frequency: 730
Add a Zone Signing KeyHide Details
Key Length: 1024
Rollover Frequency: 730
Configure NSEC3 - Random salt of length 8
Enable the distribution of trust anchors
Configure Signing and Polling ParametersHide Details
DS Record TTL: 4800
DNSKey Record TTL: 4800
EXPLANATION
1. Configure the Key Master.

c. Expand CAMPUSDC1 > Forward Lookup Zones.
d. Right-click partnercorp.xyz and select DNSSEC > Sign the Zone.
e. Select Next to start using the wizard.
f. Select Next to use the default of Customize zone signing parameters.
g. Select Next to use the default of The DNS server CampusDC1 is the Key Master.
h. Select Next.
2. Configure the Key Signing Key.
a. From the Key Signing Key window, select Add.
b. Under Key Properties, use the drop-down list for Key length (Bits) to
select 1024.
c. Use 730 for the Rollover frequency (days) field.
d. Select OK.
e. Select Next.
f. Select Next.
3. Configure the Zone Signing Key.
a. From the Zone Signing Key window, select Add.
b. Under Key Properties, use the drop-down list for Key length and select 1024.
c. Use 730 in the Rollover frequency (days) field.
d. Select OK.
e. Select Next.
4. Use NSEC3 to generate and use a random salt of length.
a. Make sure Generate and use a random salt of length is selected.
b. For the Generate and use a random salt of length field, use 8.
c. Select Next.
5. Configure distribution of trust anchors and rollover keys.
a. From the Trust Anchors windows, select Enable the distribution of trust
anchors for this zone.
b. Select Next.
6. Configure the Signing and Polling Parameters.
a. For the DS record TTL (seconds) field, use 4800 for the time to live.
b. For the DNSKEY record TTL (seconds) field, use 4800 for the time to live.
c. Select Next.
d. In the DNS Security Extensions window, select Next.
e. Select Finish.
7. Right-click partnercorp.xyz and select Refresh to view the signed zone records.
6.3.7Create RODC Accounts
You are the IT administrator for a growing corporate network. Your network has a main office and
two branch offices. Due to a recent expansion, you will be opening a new branch office. The new
office will be part of the main site and will connect to the main office with a WAN link.
For security reasons, you plan to install a read-only domain controller in the new location.
In this lab, your task is to pre-create the RODC account in Active Directory as follows:
 Create a global security group named Branch3-RODC Admins in the Users container.
Members of this group will be able to manage the read-only domain controller at the new
location.
 Create the following RODC account in the Domain Controllers OU:
o Name: Branch3-RODC
o Specify your current credentials to complete the installation.
o Add the account to the Main-Site site.
o Make the domain controller a global catalog server and DNS server.
o Identify the Branch3-RODC Admins group to manage the read-only domain
controller.
Lab Report
Time Spent: 04:35
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Create the RODC administrator group
Create the Branch3-RODC accountHide Details
Create the RODC account
Add the RODC account to Main-Site
Make the RODC a global catalog server
Make the RODC a DNS server
Allow the Branch3-RODC Admins group to manage the RODC
EXPLANATION

b. Under Virtual Machines, double-click CorpDC to open the virtual server.
2. Create a global security group named Branch3-RODC Admins.
a. From Server Manager, select Tools > Active Directory Users and
Computers.
b. From the left pane, expand CorpNet.local.
c. Right-click Users and select New > Group.
d. Enter Branch3-RODC Admins in the group name field.
e. Under Group scope, make sure Global is selected.
f. Under Group type, make sure Security is selected.
g. Select OK.
3. Pre-create a read-only domain controller (RODC) account.
a. From the left pane, right-click Domain Controllers,and select Pre-create
Read-only Domain Controller account.
b. Select Next to start the wizard.
c. Select Next to accept the current credentials.
d. Enter Branch3-RODC in the Computer name field.
e. Select Next.
f. Under Sites, make sure Main-Site is selected and then select Next.
g. Select Next to accept the additional domain controller options.
h. Select Set to configure a group to manage the RODC.
i. Enter Branch3-RODC Admins under Enter the object names to select.
j. Select OK.
k. Select Next.
l. Review the Summary dialog and then click Next.
m. Select Finish.
6.3.8 Edit the Password Replication Policy

You have just completed the installation of two read-only domain controllers, Branch3-RODC and
Branch4-RODC. To allow logon when the WAN link to these sites is down, you want to configure the
password replication policy to cache passwords for users who are likely to be at those locations. To
increase security, you do not want to cache passwords for users who shouldn't be at that site.
You examine the users at each location and learn that:
 All members of the Sales team could use either the Branch3 or the Branch4 location.
 Only members of the Research-Dev team should use the Branch4 location.
 Mark Woods, a member of the Accounting department, will travel to both branches when
performing audits.
In this lab, your task is to configure the password replication policy for Branch3-RODC and Branch4-
RODC to cache only the necessary passwords using the following parameters:
 Edit the Allowed RODC Password Replication Group group in the Users container. Add the
following as members of the group:
o Sales group
o Mark Woods user account
o To allow caching of computer account passwords, add:
 All computer accounts in the Sales OU (Sales1 through Sales5).
 The Acct2 computer account from the Accounting OU.
 Edit the properties for the Branch4-RODC account. Configure the password replication policy
as follows:
o Remove the group Allowed RODC Password Replication Group.
o Add the group Allowed RODC Password Replication Group to the policy again,
but with Deny permissions.
o Add the Research-Dev group with Allow permissions.
o Add the Mark Woods user account with Allow permissions.
o Add the following computer accounts with Allow permissions to allow caching of
computer account passwords:
 From the Research OU: ResM1, ResM2, and ResM3
 From the Accounting OU: Acct2
Lab Report
Time Spent: 08:07
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Add members to the Allowed RODC Password Replication GroupHide Details
Add the Sales group as a member
Add Mark Woods as a member
Add the Acct2 computer account as a member
Add all computer accounts in the Sales OU as members (Sales1 through Sales5)
Modify the password replication policy for Branch4-RODCHide Details
Deny the Allowed RODC Password Replication Group
Allow the Mark Woods account
Allow the Research-Dev group
Allow the Acct2 account
Allow the ResM1, ResM2, and ResM3 accounts
EXPLANATION

b. Under Virtual Machines, double-click CorpDC to open the virtual server.
2. Modify the group membership.
Computers.
c. From the left pane, expand and select CorpNet.local > Users.
d. From the right pane, right-click Allowed RODC Password Replication
Group and select Properties.
e. Select the Members tab.
f. Select Add.
g. Select Object Types.
h. From the Object Types pane, select Computers and Contacts.
i. Make sure Users and Groups are selected; then select OK.
j. In the Enter the object names to select field, enter Sales; Mark Woods; Acct2;
Sales1; Sales2; Sales3; Sales4; Sales5
k. Select Check Names.
l. Verify that all the names were found.
m. Select OK to accept the names.
n. Select OK to close the Password Replication Group Properties window.
3. Deny the Allowed RODC Password Replication Group.
a. In the left pane, select Domain Controllers.
b. From the right pane, right-click Branch4-RODC and select Properties.
c. Select the Password Replication Policy tab.
d. Select Allowed RODC Password Replication Group.
e. Select Remove.
f. Select Yes.
g. Select Add.
h. Select Deny passwords for the account from replicating to this RODC;
then select OK.
i. In the Enter the object names to select box, enter Allowed RODC Password
Replication Group.
j. Select Check Names.
k. Select OK to add the group.
4. Add Allow permissions for the Branch4-RODC account.
a. Select Add.
b. Select Allow passwords for the account to replicate to this RODC; then
select OK.
c. In the Enter the object names to select box, enter Research-Dev; Mark Woods;
Acct2; ResM1; ResM2; ResM3
d. Select Check Names.
e. Select OK to add the new objects.
f. Select OK to save your changes.
6.4.6 Transfer RID and PDC Masters
You are the IT administrator for a small corporate network. When you installed the CorpDC domain
controller, you created a new domain in a new forest. Since then, you've added additional domain
controllers. You would like to move some of the operation master roles to CorpDC3 to provide role
separation. You are currently logged on to the CorpServer2 computer, which is the Hyper-V host for
CorpDC3.
 Transfer the Relative ID (RID) master role to CorpDC3.

 Transfer the Primary Domain Controller (PDC) emulator role to CorpDC3.
Lab Report
Time Spent: 12:25
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Transfer the RID master to CorpDC3
Transfer the PDC master to CorpDC3
EXPLANATION
1. Access the CorpDC3 virtual server.

a. From Hyper-V Manager, select CORPSERVER2.
b. Under Virtual Machines, double-click CorpDC3.
2. Transfer the master RID role.
Computers.
b. From the left pane, right-click CorpNet.local and select Operations
Masters.
c. From the RID tab, select Change.
d. Select Yes to confirm the transfer.
e. Select OK to acknowledge the transfer.
3. Transfer the master PDC role.
a. Select the PDC tab.
b. Select Change.
c. Select Yes to confirm the transfer.
d. Select OK to acknowledge the transfer.
e. Select Close.
6.4.7 Transfer the Infrastructure Master

As your network has grown, you've added additional domains to the forest root domain. As a result,
you would like to modify the operations master configuration on your network. You are currently
logged on to the CorpServer2 computer, but you will complete these tasks using Hyper-V and the
CorpDC4 server.
 Transfer the Domain Naming Master role from CorpDC to CorpDC4.
This means that CorpDC will only host the infrastructure master role.
 Remove the global catalog from CorpDC.
This is required because you will create additional domains in the forest, and you want to
follow Microsoft's recommendation not to place the infrastructure master on a global catalog
server.
Lab Report
Time Spent: 01:27
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Transfer the domain naming master role to CorpDC4
Remove the global catalog from CorpDC
EXPLANATION
1. Access the CorpDC4 server.

a. From Hyper-V Manager, select CORPSERVER2.
2. Transfer the Domain Naming Master role to CorpDC4.
a. From Server Manager, select Tools > Active Directory Domains and Trusts.
b. From the left pane, right-click Active Directory Domains and Trusts and
select Operations Master.
c. Select Change.
f. Select Close.
g. Close the Active Directory Domains and Trusts dialog.
3. Remove the global catalog from CorpDC.
a. From Server Manager, select Tools > Active Directory Sites and Services.
b. From the left pane, expand Sites > Main-Site > Servers > CorpDC.
c. Right-click NTDS Settings and select Properties.
d. Unmark Global Catalog.
e. Select OK.
6.4.8 Troubleshoot Operations Masters

You are the IT administrator for a small corporate network. These are the four domain controllers at
the main location:
Domain
Current Role(s)
Controller
CorpDC Infrastructure master
CorpDC2 None
PDC emulator
CorpDC3
RID master
CorpDC4 Domain naming master

Lately, you have had some problems creating new user objects in the domain. You suspect that one
of your domain controllers has an intermittent problem connecting to the network. All domain
controllers are currently working, but you want to prevent future problems of this nature.
 Identify the operations master role that could cause the symptoms explained in the scenario.
 Transfer the correct operations master roles to the CorpDC2 domain controller.
Lab Report
Time Spent: 00:44
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Transfer the RID master to CorpDC2 based on the symptoms
Transfer the PDC emulator to follow Microsoft's recommendations
EXPLANATION
1. Access the CorpDC2 server.

2. Transfer the master RID role.
Computers.
b. From the left pane, right-click CorpNet.local and select Operations
Masters.
c. From the RID tab, select Change.
3. Transfer the master PDC role.
a. Select the PDC tab.
b. Select Change.
c. Select Yes to confirm the transfer.
d. Select OK to acknowledge the transfer.
e. Select Close.
6.4.11 Configure Global Catalog Servers

You are the IT administrator for a small corporate network. You have four domain controllers in your
main location, CorpDC, CorpDC2, CorpDC3, and CorpDC4. During installation, CorpDC2 and
CorpDC3 were not made global catalog servers, but now you need some additional global catalog
servers.
In this lab, your task is to designate CorpDC2 and CorpDC3 as global catalog servers.
Lab Report
Time Spent: 01:06
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Designate CorpDC2 as a global catalog server
Designate CorpDC3 as a global catalog server
EXPLANATION
1. Access the CorpDC server.

b. Under Virtual Machines, double-click CorpDC.
2. Designate global catalog servers.
Computers.
b. From the left pane, expand and select CorpNet.local > Domain Controllers.
c. From the right pane, right-click CorpDC2 and select Properties.
d. From the General tab, select NTDS Settings.
e. Select Global Catalog.
f. Select OK to accept the new NTDS settings.
g. Select OK to close the Server Properties dialog.
h. Repeat steps 2c–2g to designate an additional global catalog server
for CorpDC3.
6.4.12 Enable Universal Group Membership

Caching
You are the IT administrator for a small corporate network. You have a branch site with about 50
employees that is connected to the main site with a WAN link. A single domain controller named
BranchDC2 is configured in the branch location. Because the WAN link is slow and unreliable, you
have not configured BranchDC2 as a global catalog server. You find that when the WAN link goes
down, users at the branch location cannot log on to the network. Even when the WAN link is up,
users complain that the logon process is slow. You want to minimize Active Directory traffic across
the WAN link, but you also want to let branch users log on to the network even when the WAN link is
down.
In this lab, your task is to enable universal group membership caching in the branch office.
You can perform this task from any of the writeable domain controllers in the network (CorpDC or
CorpDC2).
Lab Report
Time Spent: 01:26
Score: 1/1 (100%)
TASK SUMMARY
Required Actions
Enable Universal group membership caching for the Branch2-Site site
EXPLANATION

b. Under Virtual Machines, double-click CorpDC.
2. Enable universal group membership caching in the branch office.
b. From the left pane, expand and select Sites > Branch2-Site.
c. From the right pane, right-click NTDS Site Settings and select Properties.
d. Select Enable Universal Group Membership Caching.
e. Select OK.
6.5.3 Create a Forest Root Trust

You are the administrator for the CorpNet.local forest. Your network has the following domains:
CorpNet.local, Branch1.CorpNet.local, and Branch2.CorpNet.local.
Your company works closely with another company. Their network has a single domain named
PartnerCorp.xyz.
You need to let users in both forests access resources in both forests using the minimum number of
trusts. Forest root trusts are transitive, meaning that the trust allows access to all child domains
within the forest.
In this lab, your task is to create a forest root trust between the CorpNet.local and PartnerCorp.xyz
forests.
 Create a forest root trust using the following settings:

o Name of trust: PartnerCorp.xyz
o Trust type: Forest trust
o Direction of trust: Two-way
o Sides of trust: Domain only
o Outgoing trust authentication level: Forest-wide authentication
o Trust password: Trust@urF@r3st
o Do not confirm the trust.
 Create a forest root trust using the following settings:
o Name of trust: CorpNet.local
o Sides of trust: Domain only
o Outgoing trust authentication level: Forest-wide authentication
o Trust password: Trust@urF@r3st
o Confirm the outgoing and incoming trust.
Lab Report
Time Spent: 09:50
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Create a trust from Corpnet.local to PartnerCorp.xyzHide Details
Create the trust to the PartnerCorp.xyz domain
Create a forest trust
Create a two-way trust
Use forest-wide authentication
Use Trust@urF@r3st for the password
Create a trust from PartnerCorp.xyz to Corpnet.localHide Details
Create the trust to the Corpnet.local domain
Create a forest trust
Use forest-wide authentication
Use Trust@urF@r3st for the password
EXPLANATION
1. Create the trust from CorpNet.local to PartnerCorp.xyz.
b. Right-click CorpNet.local and select Properties.
c. Select the Trusts tab.
d. Select New Trust.
e. Select Next to start the wizard.
f. Enter PartnerCorp.xyz as the target domain and then select Next.
g. Select Forest trust and then select Next.
h. Make sure Two-way is selected as the direction for the trust and then
select Next.
i. Make sure This domain only is selected and then select Next.
j. Make sure Forest-wide authentication is selected and then select Next.
k. In the Trust password field, enter Trust@urF@r3st as the password.
l. In the Confirm trust password field, enter Trust@urF@r3st and then
select Next.
m. Select Next to create the trust.
n. Select Next to verify the trusts.
o. Select Next to use No, do not confirm the outgoing trust.
p. Select Next to use No, do not confirm the incoming trust.
q. Select Finish.
r. Select OK.
2. Create the trust from PartnerCorp.xyz to CorpNet.local.
a. From the top left, select Domains.
b. Under PartnerCorp.xyz, select CampusDC1.
c. From Server Manager, select Tools > Active Directory Domains and Trusts.
d. Right-click the PartnerCorp.xyz and select Properties.
e. Select the Trusts tab.
f. Select New Trust.
g. Select Next to start the wizard.
h. Enter CorpNet.local as the target domain and then select Next.
i. Select Forest trust and then select Next.
j. Make sure Two-way is selected as the direction for the trust and then
select Next.
k. Make sure This domain only is selected and then select Next.
l. Make sure Forest-wide authentication is selected and then select Next.
m. In the Trust password field, enter Trust@urF@r3st as the password.
n. In the Confirm trust password field, enter Trust@urF@r3st and then
select Next.
o. Select Next to create the trust.
p. Select Next to verify the trusts.
q. Select Yes, confirm the outgoing trust, and then select Next.
r. Select Yes, confirm the incoming trust, and then select Next.
s. Select Finish.
t. Select OK.
6.5.6 Design Trusts

You are the assistant IT administrator for a network with a single domain named PartnerCorp.xyz.
Your company network has three domains, CorpNet.local, Branch1.CorpNet.local, and
Branch2.CorpNet.local.
Management has decided that the full cross-forest trust you created is too much of a security risk.
However, the board of directors for PartnerNet still needs access to financial resources that are in
the Branch1.CorpNet.local domain.
Only the members of the Directors group should be allowed to access the domain. Other users at
PartnerNet should not be able to access Branch1.CorpNet.local, and users in CorpNet should not be
able to access the PartnerCorp.xyz domain.
In this lab, your task is to create trust relationship(s) with the CorpNet network to meet the
requirements specified in the scenario above.
 You are currently working at CampusServer1, which is a Hyper-V host. Domain controllers
for the PartnerCorp.xyz domain run as guests on this server.
 Create both sides of the trust.
 As necessary, use the following usernames and passwords to connect to the destination
domain:
Domain Username Password
CorpNet.local Administrator 1Drowss@p!@#
Branch1.CorpNet.local Administrator 2ManyP@ssw0rds
Branch2.CorpNet.local Administrator goingFISHing@5
 Any additional configuration required in the CorpNet.local forest beyond creating the trust
relationship will be performed by administrators in their respective domains.
Lab Report
Time Spent: 03:39
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Create the trust to the Branch1.CorpNet.local domain
Create an external trust
Create an incoming trust
Create the trust in the target domain
Configure selective authentication in the target domain
EXPLANATION
1. Access the CampusDC1 virtual server.

b. Under Virtual Machines, double-click CampusDC1 to open the virtual server.
2. Access the properties of the PartnerCorp.xyz domain.
c. From the left pane, right-click PartnerCorp.xyz and select Properties.
3. Create the new trust relationships.
a. From the PartnerCorp.xyz properties dialog, select the Trusts tab.
b. Select New Trust.
c. Select Next to start the wizard.
d. In the Name field, enter Branch1.CorpNet.local and select Next.
e. Select One-way: incoming and then select Next.
f. Select Both this domain and the specified domain, and then select Next.
g. Enter Administrator in the User name field.
h. In the Password field, enter 2ManyP@ssw0rds (0 is a zero), and then
select Next.
i. Select Selective authentication, and then click Next.
j. Select Next to create the trust.
k. Select Next to configure the new trust.
l. Select Yes, confirm the incoming trust, and then click Next.
m. Select Finish.
n. Select OK on the SID filtering prompt.
o. Select OK to close the domain properties dialog.
6.5.7 Create a Shortcut Trust

Your company has the following Active Directory domains:
 CorpNet.local
 Branch1.CorpNet.local
 Branch2.CorpNet.local
Users in the Branch1.CorpNet.local and Branch2.CorpNet.local domains frequently share resources.

Users have commented that authentication is slow. You want to speed up authentication between
these two domains. You are currently on the BranchDC1 server.
 Create a new shortcut trust between the Branch1.CorpNet.local and Branch2.CorpNet.local

domains. This can be accomplished from either domain. When creating the trust, use the
following parameters:
Domain Password
Branch1.CorpNet.local 2ManyP@ssw0rds
Branch2.CorpNet.local goingFISHing@5
 Create a shortcut trust using the following settings:

o Username: Administrator
o Sides of trust: Both this domain and the specified domain
o Local domain trust authentication level: Domain-wide authentication
o Specified domain trust authentication level: Domain-wide authentication
o Confirm the outgoing and incoming trust.
Lab Report
Time Spent: 02:48
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Create a shortcut trust from Branch1.CorpNet.local to Branch2.CorpNet.localHide Details
Create a shortcut trust
Confirm the outgoing trust
Create a shortcut trust from Branch2.CorpNet.local to Branch1.CorpNet.localHide Details
Create a shortcut trust
Confirm the incoming trust
EXPLANATION
1. Access the New Trust Wizard for the desired branch.

c. Right-click the trusting domain and select Properties.
d. Select the Trusts tab.
e. Select New Trust.
2. Create the new trust.
a. Select Next to start the wizard.
b. In the Name field, enter the target trusted domain and then select Next.
c. Make sure Two-way is selected and then select Next.
d. Select Both this domain and the specified domain and then select Next.
e. In the User name field, enter Administrator. This is the username on the
target domain.
f. In the Password field, enter the password. This is the password of the user
account on the target domain.
g. Select Next.
h. Make sure Domain-wide authentication is selected for the local domain
and select Next.
i. Make sure Domain-wide authentication is selected for the specified
domain and select Next.
j. Select Next to create the trust.
k. Select Next to configure the new trust.
l. Select Yes, confirm the outgoing trust and then select Next.
m. Select Yes, confirm the incoming trust and then select Next.
n. Select Finish.
o. Select OK.
6.6.4 Configure Sites

You are assisting the administrator of the CorpNet.local domain. Your company has three office
locations named Main, Branch1, and Branch2. All of the locations are connected to each other with
wide area network (WAN) links. Domain controllers are installed for each location, but each domain
controller is still located in the Default-First-Site-Name site.
In this lab, your tasks is to:
 Rename the Default-First-Site-Name site to Main-Site.

 Create new sites for the branch offices using DEFAULTSITELINK as the site link object.
 Move the branch servers into their respective sites.
 Create a subnet for all the sites and choose the corresponding site object.
Configure sites and subnets using the following table:

Site Name Server Subnet
CorpDC
CorpDC2 192.168.0.0/24
Main-Site
CorpDC3 192.168.10.0/24
CorpDC4
BranchDC
Branch1-Site 192.168.20.0/24
1
BranchDC
Branch2-Site 192.168.30.0/24
2
Lab Report
Time Spent: 10:05
Score: 8/8 (100%)
TASK SUMMARY
Required Actions
Rename the Default-First-Site-Name site
Create the Main-Site siteHide Details
Create the site
Leave CorpDC in the Main-Site
Leave CorpDC2 in the Main-Site
Create the Branch1-Site siteHide Details
Create the site
Place BranchDC1 into the site
Create the Branch2-Site siteHide Details
Create the site
Place BranchDC2 into the site
Create the 192.168.0.0/24 subnetHide Details
Create the subnet
Link the subnet to Main-Site
Create the subnet
Link the subnet to Main-Site
Create the subnet
Link the subnet to Branch1-Site
Create the subnet
Link the subnet to Branch2-Site
EXPLANATION
Site Name Server Subnet
Main-Site CorpDC 192.168.0.0/24

CorpDC2 192.168.10.0/24
CorpDC3
CorpDC4
Branch1-
BranchDC1 192.168.20.0/24
Site
Branch2-
BranchDC2 192.168.30.0/24
Site

b. Under Virtual Machines, double-click CorpDC to connect to the server.
2. Rename the default site to Main-Site.
b. From the left pane, expand Sites.
c. Right-click Default-First-Site-Name and select Rename.
d. Enter Main-Site.
3. Create new sites for the branch offices.
a. Right-click Sites and select New > New Site.
b. Enter the site name.
c. Select DEFAULTSITELINK as the site link.
d. Select OK.
e. Repeat steps 3a–3d to create the additional site.
4. Move the branch servers into the correct sites.
a. Expand Main-Site.
b. Expand Servers.
c. Right-click the server and select Move.
d. Select the destination site and select OK.
e. Repeat steps 4b–4d to move the remaining server.
5. Create subnets for all three sites.
a. Right-click Subnets and select New Subnet.
b. In the Prefix field, enter the subnet address and prefix (for example,
192.168.40.0/24).
c. Under Site Name, select a site for the new subnet.
d. Select OK.
e. Repeat steps 5a–5d for additional subnets.
6.6.5Manage Sites and Subnets

You are assisting the administrator for the PartnerNet.xyz domain. The company has three office
locations, which are named Campus1, Campus2, and Campus3. All locations are connected to each
other using wide area network (WAN) links (see exhibits). Domain controllers for each location have
been installed, but each domain controller is still located in the Default-First-Site-Name site.
 Delete the Default-First-Site-Name site or rename it as one of the three sites in the table.
 Create and configure three sites and subnets as follows:
Site Name Subnet Servers

Campus1-Main- CampusDC1
10.10.10.0/24
Site CampusDC4
Campus2-Site 10.10.20.0/24 CampusDC2
 Move the domain controllers into their applicable corresponding sites.

 Delete the DEFAULTIPSITELINK site link or rename and configure it as one of your three
site links in the table.
 Create and configure three site links as follows:
Site Link Name Sites in the Site Link
Campus1-Main-Site
Campus1-Campus2
Campus2-Site
Campus1-Main-Site
Campus1-Campus3
Campus3-Site
Campus2-Site
Campus2-Campus3
Campus3-Site
Lab Report
Time Spent: 16:08
Score: 11/11 (100%)
TASK SUMMARY
Required Actions
Create the Campus1-Main-Site siteHide Details
Create the site
Place CampusDC1 into the site
Create the Campus2-Site siteHide Details
Create the site
Create the Campus3-Site siteHide Details
Create the site
Create the subnet
Link the subnet to Campus1-Main-Site
Create the subnet
Link the subnet to Campus2-Site
Create the subnet
Link the subnet to Campus3-Site
Create the Campus1-Campus2 site linkHide Details
Add Campus1-Main-Site to the site link
Add Campus2-Site to the site link
Do not add Campus3-Site to the site link
Do not add Campus1-Main-Site to the site link
Add Campus1-Main-Site to the site link
Do not add Campus2-Site to the site link
Delete or rename the Default-First-Site-Name site
Delete or rename the DEFAULTIPSITELINK site link
EXPLANATION
Site Name Subnet Servers
CampusDC1
Campus1-Main-Site 10.10.10.0/24
CampusDC4
Sites in the Site

Site Link Name
Link
Campus1-Main-Site
Campus1-Campus2
Campus2-Site
Campus1-Main-Site
Campus1-Campus3
Campus3-Site
Campus2-Site
Campus2-Campus3
Campus3-Site
1. Rename the default site.

c. From the left pane, expand Sites.
d. Right-click Default-First-Site-Name and select Rename.
e. Enter Campus1-Main-Site and then press Enter.
2. Create additional sites.
a. From the left pane, right-click Sites and select New Site.
b. In the Name field, enter the site name.
c. Under Link Name, select DEFAULTIPSITELINK and then select OK.
d. Repeat steps 2a–2c to create the additional site.
3. Create subnets.
a. From the left pane, right-click Subnets and select New Subnet.
b. In the Prefix field, enter the subnet IP address followed by
the prefix (example, 192.168.40.0/24).
c. From the lower pane, select the site name that goes to the selected IP
address and prefix.
d. Select OK.
e. Repeat steps 3a–3d to add the additional subnets.
4. Move the servers into their correct sites.
a. From the left pane, expand Campus1-Main_Site.
b. Select Servers.
c. From the right pane, right-click the server to move and select Move.
d. Select the destination site name and then select OK.
e. Repeat steps 4b–4d to move the additional servers.
5. Rename and modify the site link properties.
a. From the left pane, expand and select Inter-Site Transports > IP.
b. From the right pane, right-click DEFAULTIPSITELINK and select Rename.
c. Enter Campus1-Campus2 and then press Enter.
d. From the right pane, right-click Campus1-Campus2 and select Properties.
e. Under Sites in this site link, select Campus3-Site and then select Remove.
f. Select OK
6. Create the site links.
a. From the left pane, right-click IP and select New Site Link.
b. In the Name field, type the new site link name.
c. Under Sites not in this site link, select the appropriate site(s).
d. Select Add.
e. Select OK.
f. Repeat steps 6a–6e to create the additional site links.
6.7.5Configure Intrasite Replication

You are the IT administrator for a growing corporate network. You want to make sure new users can
log on to the network using any of the site's domain controllers as soon as possible after a user
account is created.
 Connect to the CorpDC virtual server.

 Configure the NTDS Site Settings for the Main-Site with a replication schedule that replicates
as often as possible per hour.
Lab Report
Time Spent: 02:29
Score: 1/1 (100%)
TASK SUMMARY
Required Actions
Configure intrasite replication to occur 4 times per hour every hour of every day
EXPLANATION

2. Configure the NTDS Site Settings for the Main-Site.
b. From the left pane, expand and select Sites > Main-Site.
c. From the right pane, right-click NTDS Site Settings and select Properties.
d. Select Change Schedule.
e. With the schedule highlighted, select Four Times per Hour.
f. Select OK to close the NTDS Site Settings dialog.
g. Select OK to close the NTDS Site Settings Properties.
6.7.6 Configure Intersite Replication

You are assisting the administrator of the PartnerCorp.xyz domain. The company has three main
campus locations, Campus1, Campus2, and Campus3. All locations are connected to each other
using wide area network (WAN) links. You have configured a site for each physical site location in
Active Directory Sites and Services. You have also configured a site link for each WAN link.
You need to customize Active Directory replication to accomplish the following goals:
 Replication between the Campus2 and Campus3 sites should use the 20 Mbps line only if
one of the links to the Campus1 site is unavailable. In other words, Active Directory
replication should use the site links from Campus3 to Campus1 and from Campus1 to
Campus2.
 To reduce WAN traffic on the link, replication between Campus1 and Campus2 should only
occur during the hours of 8:00 p.m. and 6:00 a.m. Monday through Friday. Replication is
allowed during all hours on the weekend.
 Replication from Campus1 to Campus2, and from Campus1 to Campus3 should occur once
per hour during the hours that replication is allowed.
 Replication between sites originating from the Campus1 site should only use CampusDC1.
CampusDC4 should not be used for inter-site replication.
In this lab, your task is to customize replication as follows:
 For the Campus1-Campus2 site link, use the following settings:

o Cost: 110
o Replication frequency: 60 minutes
o Replication schedule:
 Sunday: allow all day
 Monday through Friday: allow 8:00 p.m. to 6:00 a.m.
 Saturday: allow all day
 For the Campus2-Campus3 site link, use the following settings:
o Cost: 300
 Sunday through Friday: allow all day
 Saturday: allow 12:00 a.m. to 5:00 p.m.
 For the Campus1-Campus3, site link use the following settings:
o Cost: 110
 Sunday through Friday: allow all day
 Saturday: allow 12:00 a.m. to 5:00 p.m.
 Designate CampusDC1 as the preferred bridgehead server for IP.
7.1.4 Create Organizational Units

You have just installed Active Directory on a new Hyper-V guest server named CorpDC. You need to
create an Active Directory organizational structure. The Active Directory structure will be based on
the company's departmental structure.
In this lab, your task is to create OUs on CorpDC as follows:
 Beneath the domain, create the following OUs:

o Accounting
o Admins
o Marketing
o Research-Dev
o Sales
o Servers
o Support
o Workstations
 Within the Sales OU, create the following OUs:
o SalesManagers
o TempSales
 Prevent accidental deletion of each OU you create.
Lab Report
Time Spent: 05:54
Score: 10/10 (100%)
TASK SUMMARY
Required Actions
Accounting OUHide Details
Create the Accounting OU
Prevent accidental deletion of the Accounting OU
Admins OUHide Details
Create the Admins OU
Prevent accidental deletion of the Admins OU
Marketing OUHide Details
Create the Marketing OU
Prevent accidental deletion of the Marketing OU
Research-Dev OUHide Details
Create the Research-Dev OU
Prevent accidental deletion of the Research-Dev OU
Sales OUHide Details
Create the Sales OU
Prevent accidental deletion of the Sales OU
Servers OUHide Details
Create the Servers OU
Prevent accidental deletion of the Servers OU
Sales\SalesManagers OUHide Details
Create the Sales\SalesManagers OU
Prevent accidental deletion of the Sales\SalesManagers OU
Sales\TempSales OUHide Details
Create the Sales\TempSales OU
Prevent accidental deletion of the Sales\TempSales OU
Support OUHide Details
Create the Support OU
Prevent accidental deletion of the Support OU
Workstations OUHide Details
Create the Workstations OU
Prevent accidental deletion of the Workstations OU
EXPLANATION
 Create the following domain OUs:
o Accounting
o Admins
o Marketing
o Research-Dev
o Sales
o Servers
o Support
o Workstations
 Within the Sales OU, create the following OUs:
o SalesManagers
o TempSales

b. Double-click CorpDC to connect to the virtual server.
2. Create the OUs beneath the domain.
Computers.
c. Select CorpNet.local.
d. Select the Create a new organizational unit in the current container icon
from the menu bar.
e. Enter the name of the OU.
f. Make sure that Protect container from accidental deletion is selected to
prevent the OU from being deleted.
g. Select OK.
h. Repeat steps 2c-2g for each additional OU.
3. Create the OUs beneath the Sales OU.
a. From the left pane, select Sales.
b. Select the Create a new organizational unit in the current container icon
from the menu bar.
c. Enter the name of the OU.
d. Make sure that Protect container from accidental deletion is selected to
prevent the OU from being deleted.
e. Select OK.
f. Repeat steps 3a-3e for each additional OU.
7.1.5 Delete Organizational Units

You have just installed Active Directory on a new Hyper-V guest server named CorpDC. You have
created an Active Directory structure based on the company's departmental structure.
While creating the structure, you added an OU named Workstations in each of the departmental
OUs. After further thought, you decide to use one Workstations OU for the company. As a result, you
need to delete the departmental workstation OUs.
In this lab, your task is to
 Delete the Workstations OUs from within the:

o Marketing OU
o Research-Dev OU
o Sales OU
Lab Report
Time Spent: 04:31
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Delete the Marketing\Workstations OU
Delete the Research-Dev\Workstations OU
Delete the Sales\Workstations OU
EXPLANATION
Delete the Workstations OUs from within the:
 Marketing OU
 Research-Dev OU
 Sales OU

2. Delete the unneeded Workstation OUs.
Computers.
c. Select View > Advanced Features.
d. Browse the Active Directory structure to the required OU.
e. Right-click the OU and select Properties.
f. Select the Object tab.
g. Unmark Protect object from accidental deletion and then select OK.
h. Right-click the OU again and select Delete.
i. Select Yes to confirm deleting the OU.
j. Repeat steps 2d-2i to delete the other OUs.
k. Select View > Advanced Features again to turn off the advanced features
view.
7.2.4 Create Computer Accounts

You are the IT administrator for a small corporate network. The company has ordered several laptop
computers for the Sales team. The laptops will arrive with Windows 11 pre-installed. You will need to
add them to the domain.
 Create the following computer accounts in the Workstations OU of the CorpNet.local domain:
o Sales1
o Sales2
o Sales3
o Sales4
o Sales5
Lab Report
Time Spent: 01:51
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Create the Sales1 computer account in the Workstations OU
EXPLANATION
 Create the following computer accounts in the Workstations OU:

o Sales1
o Sales2
o Sales3
o Sales4
o Sales5

2. Create computer accounts in the Workstations OU.
Computers.
c. Expand CorpNet.local.
d. Right-click Workstations and select New > Computer.
e. In the Computer name field, enter the computer name.
f. Select OK.
g. Repeat steps 2d–2f to create additional computer accounts.
7.3.10 Create User Accounts

You are the IT administrator for a small corporate network. You recently added an Active Directory
domain to the CorpDC server to manage network resources centrally. You now need to add user
accounts in the domain.
In this lab, your task is to create the following user accounts on CorpDC:
User Job Role Departmental OU
Juan Suarez Marketing manager Marketing\MarketingManagers
Permanent sales
Susan Smith Sales\PermSales
employee
Mark Burnes Sales manager Sales\SalesManagers
Borey Chan Temporary sales employee Sales\TempSales
Use the following user account naming standards and specifications as you create each account:
 Create the user account in the departmental OU corresponding to the employee's job role.
 User account name: First name + Last name
 Logon name: firstinitial + lastname with @CorpNet.local as the domain
 Original password: asdf1234$ (must change after the first logon)
 Configure the following for the temporary sales employee:
o Limit the logon hours to allow logon only
from 8:00 a.m. to 5:00 p.m., Monday through Friday.
o Set the user account to expire on December 31st of the current year.
Lab Report
Time Spent: 08:37
Score: 4/4 (100%)
TASK SUMMARY
Required Actions
Create the Juan Suarez accountHide Details
Create the Juan Suarez account in the Marketing\MarketingManagers OU
Set the first name, last name, and full name properties
Use jsuarez for the logon name with @CorpNet.local appended as the domain
Set the password to asdf1234$
Require a password change at next logon
Enable the account
Create the Susan Smith accountHide Details
Create the Susan Smith account in the Sales\PermSales OU
Use ssmith for the logon name with @CorpNet.local appended as the domain
Enable the account
Create the Mark Burnes accountHide Details
Create the Mark Burnes account in the Sales\SalesManagers
Use mburnes for the logon name with @CorpNet.local appended as the domain
Enable the account
Create the Borey Chan accountHide Details
Create the Borey Chan account in the Sales\TempSales OU
Use bchan for the logon name with @CorpNet.local appended as the domain
Enable the account
Limit the logon hours of Borey Chan to allow logon only from 8 am to 5 pm, Monday through Friday.
Expire the Borey Chan account on December 31st
EXPLANATION
As you complete this lab, use the following information:
User Job Role Departmental OU
Juan Suarez Marketing manager Marketing\MarketingManagers
Permanent sales
Susan Smith Sales\PermSales
employee
Mark Burnes Sales manager Sales\SalesManagers
Borey Chan Temporary sales employee Sales\TempSales
1. Access Active Directory Users and Computers on the CorpDC server.

b. From the Virtual Machines pane, double-click CorpDC.
c. From Server Manager's menu bar, select Tools > Active Directory Users
and Computers.
2. Create the domain user accounts.
a. From the left pane, expand CorpNet.local.
b. Browse to the appropriate OU.
c. Right-click the OU and select New > User.
d. In the First name field, enter the user's first name.
e. In the Last name field, enter the user's last name.
f. In the User logon name field, enter the user's logon name which should be
the first letter of the user's first name together with their last name. (e.g.
jsuarez)
The domain, @CorpNet.local, is appended automatically to the end of the

logon name.
g.Select Next.
h.In the Password field, enter asdf1234$.
i.In the Confirm password field, enter asdf1234$.
j.Make sure User must change password at next logon is selected and then
select Next.
k. Select Finish to create the object.
l. Repeat steps 2b–2k to create the additional users.
3. Modify user account restrictions for the temporary sales employee.
a. Right-click Borey Chan and select Properties.
b. Select the Account tab.
c. Select Logon hours.
d. From the Logon Hours dialog, select Logon Denied to clear the allowed
logon hours.
e. Select the time range of 8:00 a.m. to 5:00 p.m., Monday through Friday.
f. Select Logon Permitted to allow logon.
g. Select OK.
h. Under Account expires, select End of.
i. In the End of field, use the drop-down calendar to select 31 December of
the current year.
j. Select OK.
7.3.11 Manage User Accounts
You are the IT administrator for a small corporate network. You recently added an Active Directory
domain on the CorpDC server to manage network resources centrally. Organizational units in the
domain represent departments. User and computer accounts are in their respective departmental
OUs. Over the past few days, several personnel changes have occurred that require changes to
user accounts.
In this lab, your task is to use the following information to make the necessary user account changes
on CorpDC:
 Mary Barnes from the Accounting Department has forgotten her password, and now her
account is locked.
o Unlock the account.
o Reset the password: asdf1234$
o Require a password change at the next logon.
 Mark Woods has been fired from the accounting department. Disable his account.
 Pat Benton is returning to the Research-Dev department from maternity leave. Her account
is disabled to prevent logon. Enable her account.
 Andrea Simmons from the Research-Dev department has recently married.
o Rename the account: Andrea Socko
o Change the last name: Socko
o Change the display name: Andrea Socko
o Change the user logon and the pre-Windows 2000 user logon name: asocko
 For all users in the Support OU (but not the SupportManagers OU), allow logon only to the
Support computer.
Lab Report
Time Spent: 08:58
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Unlock the Mary Barnes user accountHide Details
Unlock the account
Reset the password to asdf1234$
Require a password change at the next logon
Disable the Mark Woods user account
Enable the Pat Benton user account
Modify the Andrea Simmons user accountHide Details
Rename the account to Andrea Socko
Change the last name to Socko
Change the display name properties to Andrea Socko
Change the user logon name to asocko
Change the pre-Windows 2000 user logon name to asocko
Restrict Janice Rons and Tom Plask to use only the Support computer
EXPLANATION

and Computers.
2. Unlock the Mary Barnes account.
a. From the left pane, expand CorpNet.local.
b. Select Accounting.
c. Right-click Mary Barnes and select Reset Password.
d. Enter asdf1234$ in the New password field.
e. Enter asdf1234$ in the Confirm password field.
f. Make sure the following are selected:
 User must change password at next logon
 Unlock the user's account
g. Select OK.
h. Select OK to confirm the changed.
3. Disable the Mark Woods account.
a. From the right pane, right-click Mark Woods and select Disable Account.
b. Select OK to confirm the change.
4. Enable Pat Benton's account.
a. From the left pane, select Research-Dev.
b. From the right pane, right-click Pat Benton and select Enable Account.
c. Select OK to confirm the change.
5. Rename the Andrea Simmons account.
a. Right-click Andrea Simmons and select Rename.
b. Enter Andrea Socko and press Enter. This opens the Rename User dialog.
c. Enter Socko in the Last name field.
d. Replace the old logon name with asocko in the User logon name field.
e. Select OK.
6. Configure user account restrictions.
a. From the left pane, select Support.
b. From the right pane, press Ctrl and select both the Tom Plask and Janice
Rons users to edit multiple users at the same time.
In Safari, press Command and select each user.
c. Right-click the highlighted user accounts and select Properties.

d. Select the Account tab.
e. Select Computer restrictions.
f. Select Log On To.
g. Select The following computers.
h. In the Computer name field, type Support.
i. Select Add.
j. Select OK.
k. Select OK.
7.4.5 Create Global Groups

You are the IT Administrator for the CorpNet.local domain. You are in the process of implementing a
group strategy for your network. You have decided to create global groups as shadow groups for
specific departments in your organization. Each global group will contain all users in the
corresponding department.
 Create the following global security groups on the CorpDC server in their corresponding
OUs:
OU Creation New Group Name

Location
Accounting Accounting
Research-
Research-Dev
Dev
Sales Sales
 Add all user accounts in the corresponding OUs and sub-OUs as members of the newly
created groups.
Lab Report
Time Spent: 11:46
Score: 6/6 (100%)
TASK SUMMARY
Required Actions
Create a global security group named Accounting in the Accounting OU
Add the correct employees as members of the Accounting groupHide Details
Add Mark Woods as a member of the Accounting group
Add Mary Barnes as a member of the Accounting group
Create a global security group named Research-Dev in the Research-Dev OU
Add the correct employees as members of the Research-Dev groupHide Details
Add Andrea Socko as a member of the Research-Dev group
Add Arlene Kimbly as a member of the Research-Dev group
Add Pat Benton as a member of the Research-Dev group
Add Scott Trans as a member of the Research-Dev group
Add Stella Hanson as a member of the Research-Dev group
Add Tre Julian as a member of the Research-Dev group
Add Wendy Pots as a member of the Research-Dev group
Create a global security group named Sales in the Sales OU
Add the correct employees as members of the Sales groupHide Details
Add Susan Smith as a member of the Sales group
Add Mark Burnes as a member of the Sales group
Add Borey Chan as a member of the Sales group
EXPLANATION
OU Creation
New Group Name
Location
Accounting Accounting
Research-Dev Research-Dev
Sales Sales

and Computers.
e. From the left pane, expand CorpNet.local.
2. Create the groups.
a. Right-click the OU where the new group is to be added and
select New > Group.
b. In the Group name field, enter the name of the group.
c. Make sure the following are selected:
 Group scope: Global
 Group type: Security
d. Select OK.
3. Add users to the groups.
a. In the right pane, right-click the user account(s) and select Add to a group.
(Use the Ctrl or Shift keys to select and add multiple user accounts to a group
at one time.)
b. In the Enter the object names to select field, enter the name of the group.
c. Select Check Names and verify that the object name was found.
d. Select OK to accept the groups added.
e. Select OK to acknowledge the change.
f. If a sub-OU with users exist, double-click on the sub-OU and then repeat step
3. Do this for each sub-group.
4. Repeat steps 2 - 3 for additional groups and users.
7.4.6 Create a Distribution Group

You are the IT administrator for the CorpNet.local domain. The CorpDC server is the domain
controller. You are implementing a group strategy for your network. Managers in various
departments need to send and receive emails between other department managers only.
 Create an Active Directory group account named Managers in the Users folder.
 Configure the Managers group with a domain local group scope and a distribution group
type.
 Add the following user accounts as members of the Managers group:
o Juan Suarez
o Mark Burnes
o Shelly Emery
Lab Report
Time Spent: 03:46
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Create the Managers domain local distribution group in the Users containerHide Details
Create the Managers group
Create a domain local group
Create a distribution group
Add the correct objects as members of the Managers distribution groupHide Details
Add Juan Suarez as a member of the Managers domain local distribution group
Add Mark Burnes as a member of the Managers domain local distribution group
Add Shelly Emery as a member of the Managers domain local distribution group
EXPLANATION

b. Double-click CorpDC to open the virtual server.
2. Create a domain local distribution group.
Computers.
c. From the left pane, expand CorpNet.local.
d. Right-click Users and select New > Group.
e. Enter Managers in the Group name field.
f. From the Group scope pane, select Domain local.
g. From the Group type pane, select Distribution.
h. Select OK.
3. Add user accounts to the Managers group.
a. From the right pane, right-click Managers and select Properties.
b. Select the Members tab.
c. Select Add.
d. In the Enter the object names to select field, enter the following including the
semicolon:
Juan Suarez; Mark Burnes; Shelly Emery
e. Select Check Names and verify that the object names were found.
f. Select OK to add the new group member.
g. Select OK to apply the changes.
7.4.7Change the Group Scope

You are the IT administrator for the CorpNet.local domain. You recently created a domain local
distribution group named Managers in the Users container on CorpDC because department
managers need to email other department managers.
You created the group and added several individual user accounts as members of the group. Now
you would like to use the group to assign permissions to company managers.
 Change the Managers group scope to Global.

 Change the Managers group type to Security.
Lab Report
Time Spent: 01:42
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Change the Managers group scope to Global
Change the Managers group type to Security
EXPLANATION
2. Configure the group named Managers.
Computers.
b. Maximize the window for easier viewing.
c. In the left pane, expand CorpNet.local.
d. Select Users.
e. From the right pane, right-click Managers and select Properties.
f. Under Group scope, select Universal.
g. Select Apply. The Global option is now available for selection.
h. Select Global.
i. Under Group type, select Security.
j. Select OK to apply the changes.
7.4.8 Implement a Group Strategy

You are the IT administrator for the CorpNet.local domain. You are in the process of implementing a
group strategy for your network. The CorpNet.local domain has a Support OU. All support
employees in the domain have user accounts within the Support OU or within the Support sub-OUs.
All support employees need access to the support department's shared folders and printers.
Your group strategy must minimize administration when:
 Granting and removing resource access to support employees.

 Groups of other employees (such as managers) request access to support resources.
 Support resources are added or removed.
 Permissions to the resources need to be granted or removed.
The recommended group strategy is to:
 Make user accounts members of global groups.

 Make global groups members of domain local groups.
 Assign permissions to the domain local groups.
In this lab, your task is to implement a group strategy that meets the above requirements on CorpDC
as follows:
 Create the following groups in the Support OU:

o Support
o Support Resources
 For each group, configure the appropriate group scope, group type, and membership based
on the following information:

Group Group
Group Name Members
Scope Type
All user accounts in the Support and

Support Global Security
Support sub-OUs
Support Domain
Security Support group
Resources local
Lab Report
Time Spent: 07:38
Score: 6/6 (100%)
TASK SUMMARY
Required Actions
Create the Support groupHide Details
Set the group scope for Support to Global
Set the group type for Support to Security
Create the Support Resources groupHide Details
Set the group scope for Support Resources to Domain Local
Set the group type for Support Resources to Security
Add Tom Plask as a member of the Support group
Add Shelly Emery as a member of the Support group
Add Janice Rons as a member of the Support group
Add the Support group as a member of the Support Resources group
EXPLANATION

2. Create the group named Support.
a. In Server Manager, select Tools > Active Directory Users and Computers.
c. In the left pane, expand CorpNet.local.
d. Right-click Support and select New > Group.
e. Type Support in the Group name field.
f. Under Group scope, make sure Global is selected.
g. Under Group type, make sure Security is selected.
h. Select OK.
3. Create the group named Support Resources.
a. Right-click Support and select New > Group.
b. Type Support Resources in the Group name field.
c. Under Group scope, select Domain local.
d. Under Group type, make sure Security is selected.
e. Select OK.
4. Modify the membership for the Support group.
a. From the right pane, right-click Support and then select Properties.
c. Select Add.
d. Select Advanced.
e. Select Find Now.
f. Under Search results, hold down the Ctrl key and select the users you need
to add.
g. Select OK to use the selected users or group.
h. Select OK to add the new group members.
i. Select OK to close the Properties dialog.
5. Modify the membership for the Support Resources group.
a. From the right pane, right-click Support Resources and then
select Properties.
c. Select Add.
d. In the Enter the object names to select box, enter Support.
e. Select OK to add the new group members.
f. Select OK to close the Properties dialog.
7.7.8 Delegate Administrative Control

You are the IT administrator for a small corporate network. As your network grows, you need to
delegate common administrative tasks. You have defined the following administrative roles:
 PasswordAdmins – can reset passwords for any user in the domain and force password
change at next logon
 ComputerAdmins – can join computers to the domain
 GPOLinkAdmins – can manage GPO links for Accounting, Marketing, Research-Dev, Sales,
and Support OUs
 Create the following global security groups in the Users container for each administrative
role:
o PasswordAdmins
o ComputerAdmins
o GPOLinkAdmins
 Use the Delegation of Control wizard to delegate the necessary permissions at the correct
level to each group. In the wizard, use the common tasks option for delegating control.
You must run the Delegation of Control wizard at each level and for each different
administrative role. For example, to delegate permissions for the GPOLinkAdmins group, you
must run the wizard five times and select a different OU each time.
Lab Report
Time Spent: 21:24
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Create and delegate permissions to the PasswordAdmins groupHide Details
Create the group in the Users container
Create the group as a Global security group
Permission delegated to PasswordAdmins at CorpNet.local
Granted Reset user passwords and force password change at next logon permission
Create and delegate permissions to the ComputerAdmins groupHide Details
Permission delegated to ComputerAdmins at CorpNet.local
Granted Join a computer to the domain permission
Create and delegate permissions to the GPOLinkAdmins groupHide Details
Delegate permissions to manage GPO links for the Accounting OU
Delegate permissions to manage GPO links for the Marketing OU
Delegate permissions to manage GPO links for the Research-Dev OU
Delegate permissions to manage GPO links for the Sales OU
Delegate permissions to manage GPO links for the Support OU
EXPLANATION
While completing this lab, use the following groups:
 PasswordAdmins – can reset passwords for any user in the domain and force password
change at next logon.
 ComputerAdmins – can join computers to the domain.
 GPOLinkAdmins – can manage GPO links for Accounting, Marketing, Research-Dev, Sales,
and Support OUs.

b. Under Virtual Machines, double-click CorpDC to access the virtual server.
2. Create a group.
Computers.
c. Right-click Users and select New > Group.
d. In the Group name field, enter the name of the group.
e. Make sure Global is selected as the group scope.
f. Make sure Security is selected as the group type.
g. Select OK.
h. Repeat steps 2c–2g for the remaining groups.
3. Delegate the necessary permissions.
a. From the left pane, browse to CorpNet.local or the OU where you want to
delegate control (such as Accounting or Marketing).
b. Right-click CorpNet.local or the OU and select Delegate Control.
c. Select Next to start the wizard.
d. Select Add.
e. In the Enter the object names to select field, enter the name of the group to be
added.
f. Select Check names and then select OK.
g. Select Next.
h. Select the task you want to delegate and then select Next.
i. Select Finish.
j. Repeat steps 3b–3i for each delegation.
8.1.8 Create and Link a GPO

You are the IT security administrator for a small corporate network. You are using Group Policy to
enforce settings for certain workstations on your network. You have prepared and tested a security
template file that contains policies that meet your company's requirements.
In this lab, your task is to configure Group Policy on CorpDC as follows:
 Create a GPO named Workstation Settings.

 Link the Workstation Settings GPO to the following OUs:
o The TempMarketing OU (in the Marketing OU)
o The TempSales OU (in the Sales OU)
o The Support OU
 Import security settings from the security template (ws_sec.inf) located in C:\Templates for
the Workstation Settings GPO.
Lab Report
Time Spent: 06:47
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Create the Workstation Settings GPO
Link the GPO to the TempMarketing OU
Link the GPO to the TempSales OU
Link the GPO to the Support OU
Import the policy from C:\Templates\ws_sec.inf
EXPLANATION
 Link the Workstation Settings GPO to the following organizational units (OUs):
o Marketing > TempMarketing
o Sales > TempSales
o Support
1. Access the CorpNet.local domain.
a. From Server Manager, select Tools > Group Policy Management.

c. Expand Forest: CorpNet.local > Domains > CorpNet.local.
2. Create the Workstation Settings GPO and link it to the CorpNet.local domain.
a. Right-click the Group Policy Objects OU and select New.

b. In the Name field, use Workstation Settings and then select OK.
3. Link OUs to the Workstation Settings GPO.
a. Right-click the OU and select Link an Existing GPO.

b. Under Group Policy Objects, select Workstation Settings and then
select OK.
c. Repeat step 3 to link the additional OUs.
4. Import the ws_sec.inf security policy template.
a. Expand Group Policy Objects.

b. Right-click Workstation Settings and select Edit.
c. Under Computer Configuration, expand Policies > Windows Settings.
d. Right-click Security Settings and select Import Policy.
e. Browse to the C:\Templates.
f. Select ws_sec.inf and then click Open.
8.1.9 Create a Starter GPO

You are the IT administrator of a large network. You need to create a starter GPO to use as a
template, and then create a new GPO using that starter GPO. This needs to be completed on the
CorpDC server.
 Enable the Administrative Templates central store by creating a Starter GPOs folder.
 Create a starter GPO named DNS Settings.
 Configure the DNS Settings policies:
o DNS Servers:
 State: Enable
 IP addresses: 192.168.0.11 and 192.168.10.11
(Use a space to separate the two addresses.)
o Primary DNS Suffix:
 State: Enable
 DNS suffix: CorpNet.local
o Register PTR Records:
 State: Enabled
 Option: Register
o Dynamic Update:
 State: Enabled
o Turn off smart multi-home Name Resolution:
 State: Enabled
(Enabling the policy turns off LLMNR.)
 Create a new GPO named CommonGPO using the new starter GPO you created. Do not
link the GPO at this time.
 Verify that the starter GPO settings were applied to the CommonGPO.
Lab Report
Time Spent: 45:32
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Create the Starter GPOs folder
Create the DNS Settings starter GPO
Configure the DNS Settings GPO policiesHide Details
DNS Servers Policy
Enabled
IP addresses: 192.168.0.11 and 192.168.10.11
Primary DNS Suffix Policy
Enabled
DNS suffix: CorpNet.local
Register PTR Records Policy
Enabled
Always register PTR records
Enable dynamic updates
Disable multicast name resolution
Create the CommonGPO GPO
Verify the CommonGPO policy settingsHide Details
DNS server settings verified
Enabled
IP addresses: 192.168.0.11 and 192.168.10.11
CorpNet.local as the primary DNS suffix verified
Enabled
DNS suffix: CorpNet.local
Always register PTR records verified
Enabled
Always register PTR records
Enable dynamic updates verified
Disable multicast name resolution verified
EXPLANATION
While completing this lab, use the following policy information:
Policy State
Enabled with a value of 192.168.0.11

DNS Servers
192.168.10.11 (separate each address with a space)
Primary DNS Suffix Enabled with a value of CorpNet.local
Register PTR Records Enabled with a value of Register
Dynamic Update Enabled
Turn off smart multi-home

Enabled (enabling the policy turns off LLMNR)
Name Resolution

2. Create a starter GPO folder.
c. Expand Forest: CorpNet.local > Domains > CorpNet.local.
d. Select Starter GPOs.
e. From the right pane, select Create Starter GPOs Folder.
3. Create a starter GPO.
a. From the left pane, right-click Starter GPOs and select New.
b. In the Name field, use DNS Settings for the name of the starter GPO and
then select OK.
4. Configure the starter GPO policies.
a. Right-click DNS Settings and select Edit.
b. Under Computer Configuration, expand and select Administrative
Templates > Network > DNS Client.
c. From the right pane, double-click the policy you want to edit.
d. Select Enabled or Disabled for the setting.
e. Configure additional parameters as required.
f. Select OK.
g. Repeat steps 4c-4f for each policy.
h. Close the Group Policy Starter GPO Editor.
5. Create a GPO using a starter GPO.
a. From the left pane, expand Starter GPOs.
b. Right-click DNS Settings and select New GPO From Starter GPO.
c. Use the name of CommonGPO for the new GPO and then select OK.
6. Verify the CommonGPO policy settings.
a. From the left pane, select Group Policy Objects.
b. From the right pane, right-click CommonGPO and select Edit.
d. Under Computer Configuration, expand Administrative
Templates > Network.
e. Select DNS Client.
f. Verify that the values set in the starter GPO have been applied to the new
policy.
8.3.4 Configure and Manage AD DS Passwords
You are the IT administrator for a small corporate network. You must configure a password policy for
the domain on the CorpDC server.
In this lab, your task is to edit the Default Domain Policy and configure the account policy settings as
follows:
 Configure the password polices.

o New passwords must be different from the previous 10 passwords.
o Users must change passwords every 90 days.
o Users cannot change a new password for at least 14 days.
o Passwords must be at least 10 characters long.
o Passwords must contain uppercase letter, lowercase letter, number, and symbol
characters.
 Configure the account lockout policies.
o If 5 incorrect passwords are entered, lock the account.
o After a failed logon attempt, lock the account for 10 minutes.
o Keep accounts locked for 60 minutes and then unlock the account automatically.
Lab Report
Time Spent: 08:06
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Configure the password policesHide Details
Enforce password history to remember 10 passwords
Users must change passwords every 90 days
Users cannot change a new password for at least 14 days
Passwords must be at least 10 characters long
Enforce password complexity
Configure the account lockout policiesHide Details
If 5 incorrect passwords are entered, lock the account
After a failed logon attempt, lock the account for 10 minutes
Keep accounts locked for 60 minutes and then unlock the account automatically
EXPLANATION

b. Under Virtual Machines, double-click CorpDC to connect to the virtual server.
2. Modify the password policies.
c. From the left pane, expand Forest:
CorpNet.local > Domains > CorpNet.local.
d. Right-click Default Domain Policy and select Edit.
e. Maximize the window for better viewing.
f. Under Computer Configuration, expand Policies > Windows
Settings > Security Settings > Account Policies.
g. Select Password Policy.
h. From the right pane, double-click the policy you want to edit.
i. Make sure Define this policy setting is selected.
j. Edit the value for the policy, and then select OK.
k. Repeat steps 2h–2j for each policy.
3. Modify account lockout policies.
a. From the left pane, select Account Lockout Policy.
b. From the right pane, double-click the policy you want to edit.
c. Make sure Define this policy setting is selected.
d. Edit the value for the policy and then select OK.
e. Repeat steps 3b–4d for additional policies.
8.4.4 Configure Audit Policies

You work as the IT security administrator for a small corporate network. As part of an ongoing
program to improve security, you want to implement an audit policy for all workstations. You plan to
audit user logon attempts and other critical events.
In this lab, your task is to configure the following audit policy settings in WorkstationGPO:
Local Policies Setting
Audit: Force audit policy subcategory settings (Windows Vista or later) to

Enabled
override audit policy category settings
Audit: Shut down system immediately if unable to log security audits Enabled
Event Log Setting
Retention method for security Define: Do not overwrite events (clear log
log manually)
Advanced Audit Policy Configuration Setting
Success and
Account Logon: Audit Credential Validation
Failure
Success and
Account Management: Audit User Account Management
Failure
Success and
Account Management: Audit Security Group Management
Failure
Account Management: Audit Other Account Management Success and

Events Failure
Account Management: Audit Computer Account Management Success
Detailed Tracking: Audit Process Creation Success
Success and
Logon/Logoff: Audit Logon
Failure
Logon/Logoff: Audit Logoff Success
Policy Change: Audit Authentication Policy Change Success
Success and
Policy Change: Audit Audit Policy Change
Failure
Success and
Privilege Use: Audit Sensitive Privilege Use
Failure
Success and
System: Audit System Integrity
Failure
Success and
System: Audit Security System Extension
Failure
Success and
System: Audit Security State Change
Failure
Success and
System: Audit IPsec Driver
Failure
Do not use the old audit policies located in Computer Configuration > Policies > Windows
Settings > Security Settings > Local Policies > Audit Policies.
Lab Report
Time Spent: 17:10
Score: 9/9 (100%)
TASK SUMMARY
Required Actions
Enable Audit PoliciesHide Details
Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy
category settings:--Enabled
Audit: Shut down system immediately if unable to log security audits--Enabled
Enable Event Log Policy
Enable Account Logon Audit Policy
Enable Account Management Audit PoliciesHide Details
Audit User Account Management: Success and Failure
Audit Security Group Management: Success and Failure
Audit Other Account Management Events: Success and Failure
Audit Computer Account Management: Success
Enable Detailed Tracking Audit Policy
Enable Logon-Logoff Audit PoliciesHide Details
Audit Logon: Success and Failure
Audit Logoff: Success
Enable Policy Change Audit PoliciesHide Details
Audit Authentication Policy Change: Success
Audit Audit Policy Change: Success and Failure
Enable Privelege Use Audit Policy
Enable System Audit PoliciesHide Details
Audit System Integrity: Success and Failure
Audit Security System Extension: Success and Failure
Audit Security State Change: Success and Failure
Audit IPsec Driver: Success and Failure
EXPLANATION
While completing this lab, use the following WorkstationGPO settings:
Local Policies Setting
Audit: Force audit policy subcategory settings (Windows Vista or later) to

Enabled
override audit policy category settings
Audit: Shut down system immediately if unable to log security audits Enabled
Event Log Setting
Retention method for security Define: Do not overwrite events (clear log
log manually)
Advanced Audit Policy Configuration Setting
Account Logon: Audit Credential Validation Success and Failure
Account Management: Audit User Account Management Success and Failure
Account Management: Audit Security Group Management Success and Failure
Account Management: Audit Other Account Management

Success and Failure
Events
Account Management: Audit Computer Account Management Success
Detailed Tracking: Audit Process Creation Success
Logon/Logoff: Audit Logon Success and Failure
Logon/Logoff: Audit Logoff Success
Policy Change: Audit Authentication Policy Change Success
Policy Change: Audit Audit Policy Change Success and Failure
Privilege Use: Audit Sensitive Privilege Use Success and Failure
System: Audit System Integrity Success and Failure
System: Audit Security System Extension Success and Failure
System: Audit Security State Change Success and Failure
System: Audit IPsec Driver Success and Failure

Edit Audit Policies as follows:
1. Using Group Policy Management, access CorpNet.local's Group Policy

Objects > WorkgroupGPO.
a. From Server Manager's menu bar, select Tools > Group Policy
Management.
c. Expand Forest: CorpNet.local > Domains > CorpNet.local > Group Policy
Objects.
2. Access the WorkstationGPO's Security Settings Local Policies.
a. Right-click WorkstationGPO and select Edit.
c. Navigate to Computer Configuration > Policies > Windows
Settings > Security Settings > Local Policies.
d. Select Security Options.
3. Modify Local Policies.
a. From the right pane, double-click the policy you want to edit.
b. Select Define this policy setting.
c. Select the policy settings as required.
d. Select OK.
e. Select Yes to confirm changes as necessary.
f. Repeat steps 3a - 3e for the additional policy setting.
4. Modify the Event Log.
a. From the left pane, select Event Log.
b. From the right pane, double-click the Retention method for security log.
c. Select Define this policy setting.
d. Select Do not overwrite events.
e. Select OK.
5. Modify Advanced Audit Policy Configuration.
a. From the left pane, expand Advanced Audit Policy Configuration > Audit
Policies.
b. Select the audit policy category.
c. From the right pane, double-click the policy you want to edit.
d. Select Configure the following audit events.
e. Select the policy settings as required.
f. Select OK.
g. Repeat steps 5b–5f for additional policy settings.
8.5.4 Configure User Rights

You are working on improving the security of network resources.
In this lab, your task is to add the following groups to the associated User Rights Assignment policy,
located in the ServerGPO policy object, from the CorpDC server:
User Rights Assignment Policy Group
Allow log on locally Administrators
Allow log on through Remote Desktop

Administrators
Services
Manage auditing and security log Event Log Readers
Perform volume maintenance tasks Administrators
Shut down the system Administrators
Lab Report
Time Spent: 04:35
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Configure Allow log on locally in ServerGPO
Configure Allow log on through Remote Desktop Services in ServerGPO
Configure Manage auditing and security log in ServerGPO
Configure Perform volume maintenance tasks in ServerGPO
Configure Shut down the system in ServerGPO
EXPLANATION
User Rights Assignment Policy Group
Allow log on locally Administrators
Allow log on through Remote Desktop

Administrators
Services
Manage auditing and security log Event Log Readers
Perform volume maintenance tasks Administrators
Shut down the system Administrators

2. Access the Group Policy Management Editor for the ServerGPO group policy object.
b. Expand Forest:CorpNet.local > Domains > CorpNet.local > Group Policy
Objects.
c. Right-click ServerGPO and select Edit.
3. Configure the User Rights Assignments.
a. Under Computer Configuration, expand Policies > Windows
b. Select User Rights Assignment.
c. Double-click the policy you want to edit.
d. Select Define these policy settings.
e. Select Add User or Group.
f. Enter the name of the group (or use Browse, if desired), and then select OK.
g. Select OK.
h. Repeat steps 3c-3g to define the remaining policy settings.
8.6.3 Configure Security Options

You are the IT administrator for a small corporate network. After a security review, you have decided
to improve network security.
 Configure the following security policies on CorpDC using Group Policy.
Group Policy
Policy Setting
Object
Accounts: Guest account status Disabled
Accounts: Rename administrator account skycaptain
Interactive logon: Do not display last user

Enabled
name
Default Domain
Policy Network access: Allow anonymous SID/Name
Disabled
translation
Network access: Do not allow anonymous

Enabled
enumeration of SAM accounts
Network access: Do not allow anonymous

Enabled
enumeration of SAM accounts and shares
Interactive logon: Number of previous logons to

0
cache
Interactive logon: Require Domain Controller

Enabled
authentication to unlock workstation
SupportGPO
Network security: Force logoff when logon
Enabled
hours expire
Shutdown: Allow system to be shut down

Disabled
without having to log on
 Disable the User Configuration portion of the GPO.

This is required because all GPO settings in the SupportGPO are in the Computer
Configuration portion.
Lab Report
Time Spent: 13:40
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Edit the Default Domain Policy security optionsHide Details
Disable the local guest account
Rename the local administrator account skycaptain
Do not display the last logon username
Do not allow anonymous SID/name translation
Do not allow anonymous SAM account enumeration
Do not allow anonymous SAM account and share enumeration
Edit the SupportGPO security optionsHide Details
Do not cache previous logons
Require domain controller authentication to unlock the computer
Force logoff when logon hours expire
Do not allow system shutdown without a logon
Disable the user settings in SupportGPO
EXPLANATION
While completing this lab, use the following onformation:
Group Policy
Policy Setting
Object
Accounts: Guest account status Disabled
Accounts: Rename administrator account skycaptain
Interactive logon: Do not display last user name Enabled
Default Domain
Network access: Allow anonymous SID/Name translation Disabled
Policy
Network access: Do not allow anonymous enumeration of

Enabled
SAM accounts
Network access: Do not allow anonymous enumeration of

Enabled
SAM accounts and shares
Interactive logon: Number of previous logons to cache 0
Interactive logon: Require Domain Controller

Enabled
authentication to unlock workstation
SupportGPO
Network security: Force logoff when logon hours expire Enabled
Shutdown: Allow system to be shut down without having

Disabled
to log on

b. Under Virtual Machines, double-click CorpDC to access the server.
2. Edit the Default Domain Policy security options.
c. From the left pane, expand Forest:
CorpNet.local > Domains > CorpNet.local.
d. Right-click Default Domain Policy and select Edit.
e. Maximize the window for easier viewing.
f. Under Computer Configuration, expand Policies > Windows
g. Select Security Options.
h. From the right pane, double-click the policy you want to edit.
i. Select Define this policy setting.
j. Select Enabled or Disabled.
k. Configure the values for the policy as needed.
l. Select OK.
m. Repeat steps 2h–2l to configure the additional policies.
n. Close Group Policy Management Editor.
3. Configure SupportGPO security options.
a. From the Group Policy Management dialog, expand Support.
b. Right-click SupportGPO and select Edit.
c. Maximize the window for easier viewing.
d. Under Computer Configuration, expand Policies > Windows
e. Select Security Options.
f. From the right pane, double-click the policy you want to edit.
g. Select Define this policy setting.
h. Select Enabled or Disabled.
i. Configure the values for the policy as needed.
j. Select OK.
k. Repeat steps 3f–3j for additional policies.
l. Close Group Policy Management Editor.
4. Disable user settings in the SupportGPO.
a. From the Group Policy Management console, expand Group Policy Objects.
b. Right-click SupportGPO and select GPO Status > User Configuration
Settings Disabled.
c. Close the Group Policy Management window.
8.6.8 Enforce User Account Control

You are the IT administrator for a small corporate network. The company has a single
Active Directory domain named CorpNet.local. You need to increase the domain's
authentication security. You need to make sure that User Account Control (UAC)
settings are consistent throughout the domain and in accordance with industry
recommendations.
In this lab, your task is to configure UAC settings in the Default Domain Policy on
CorpDC as follows:
User Account Control Setting
Admin Approval mode for the built-in Administrator

Enabled
account
Allow UIAccess applications to prompt for elevation

Disabled
without using the secure desktop
Behavior of the elevation prompt for administrators in

Prompt for credentials
Admin Approval mode
Automatically deny
Behavior of the elevation prompt for standard users
elevation requests
Detect application installations and prompt for

Enabled
elevation
Only elevate executables that are signed and validated Disabled
Only elevate UIAccess applications that are installed in

Enabled
secure locations
Run all administrators in Admin Approval mode Enabled
Switch to the secure desktop when prompting for

Enabled
elevation
Virtualize file and registry write failures to per-user

Enabled
locations
User Account Control policies are set in a GPO linked to the domain. In this scenario,
edit the Default Domain Policy and configure settings in the following path:
Computer Configuration > Policies > Windows Settings > Security
Settings > Local Policies > Security Options.
 Start Lab
Lab Report
Time Spent: 08:03
Score: 10/10 (100%)
TASK SUMMARY
Required Actions
Admin Approval mode for the built-in Administrator account: Enabled
Allow UIAccess applications to prompt for elevation without using the secure desktop: Disabled
Behavior of the elevation prompt for administrators in Admin Approval mode: Prompt for
credentials
Behavior of the elevation prompt for standard users: Automatically deny elevation requests
Detect application installations and prompt for elevation: Enabled
Only elevate UIAccess applications that are installed in secure locations: Enabled
Only elevate executables that are signed and validated: Disabled
Run all administrators in Admin Approval mode: Enabled
Switch to the secure desktop when prompting for elevation: Enabled
Virtualize file and registry write failures to per-user locations: Enabled
EXPLANATION
While completing this lab, use the following information when configuring the UAC settings.
User Account Control Setting
Admin Approval mode for the built-in Administrator

Enabled
account
Allow UIAccess applications to prompt for elevation

Disabled
without using the secure desktop
Behavior of the elevation prompt for administrators in
Prompt for credentials
Admin Approval mode
Automatically deny
Behavior of the elevation prompt for standard users
elevation requests
Detect application installations and prompt for elevation Enabled
Only elevate executables that are signed and validated Disabled
Only elevate UIAccess applications that are installed in

Enabled
secure locations
Run all administrators in Admin Approval mode Enabled
Switch to the secure desktop when prompting for

Enabled
elevation
Virtualize file and registry write failures to per-user

Enabled
locations
1. On CorpDC, access the CorpNet.local domain for Group Policy Management.

b. Double-click CorpDC.
c. From Server Manager, select Tools > Group Policy Management.
d. Maximize the window for easy viewing.
e. Expand Forest: CorpNet.local > Domains > CorpNet.local.
2. Configure the UAC settings.
a. Right-click Default Domain Policy and select Edit.

c. Under Computer Configuration, expand and select Policies > Windows
Settings > Security Settings > Local Policies > Security Options.
d. From the right pane, double-click the policy you want to edit.
e. Select Define this policy setting.
f. Select Enable or Disable as necessary.
g. Edit the value for the policy as needed and then select OK.
h. Repeat steps 2d–2g for each policy setting.

Cloud Server Administration Labs

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cloud Server Administration Labs

Uploaded by

Copyright:

Available Formats

1.2.

4Use the Windows Client Interface

Complete this lab as follows:

1. Configure the screen saver settings.

1. Configure the screen saver settings.

1.2.7 Use the Windows Server Interface

Complete this lab as follows:

1. Clean up system files.

1. Clean up system files.

1.2.10Use the Azure Interface

1. Access the Azure portal.

2.2.5 Install and Configure the File Server Role

In this lab, your task is to:

1. Access the CorpFiles16 virtual server.

2.7.3 Allow Remote Desktop Connections

In this lab, your task is to:

 Configure Office1 to allow connections from Remote Desktop.

1. Configure Office1 to allow connections from Remote Desktop.

a. Right-click Start and select Settings.

a. From the Settings app, select Home (upper left).

In this lab, your task is to:

TCP/IP Ethernet Ethernet 2

Subnet 192.168.0.0/24 10.0.0.0/16

Use the last valid address on Use the last valid

Use the default mask

Choose the appropriate

Use the address of an external

Use the address of an external

1. Access the properties for the NIC named Ethernet.

a. Right-click Start and then select Settings.

2. Configure the IP version 4 TCP/IP settings for the Ethernet NIC.

3. Configure the IP version 4 TCP/IP settings for the Ethernet 2 NIC.

a. From the Network Connections window, right-click Ethernet 2 and then

4. Ping the preferred DNS server assigned to the Ethernet NIC.

a. Right-click Start and select Windows PowerShell.

Use the following troubleshooting tools:

 The ping, ipconfig, or tracert command utilities

Complete this lab as follows:

This information provides the following clues to the problem:

 The network is using DHCP, but this workstation is

o DHCP Enabled: Yes

10. From CorpServer, access the CorpDHCP server.

This information provides the following clues to the problem:

 The network is using DHCP, but this workstation is not enabled

o DHCP Enabled: Yes

10. From CorpServer, access the CorpDHCP server.

Complete this lab as follows:

While completing this lab, use the following IP addresses:

In this lab, your task is to complete the following:

 To help troubleshoot the issue, use:

Fix the Issue

1. Access the CorpDHCP virtual server.

4.2.7 Troubleshoot IP Configuration 3

While completing this lab, use the following IP addresses:

In this lab, your task is to:

Fixing the Issue

4.3.4 Explore Network Communications

Location Name IP Address

Office 1 Office1 192.168.0.30

Support Office Support 199.92.0.33

Router Network Router 192.168.0.5

ISP External DNS Server 163.128.78.93

Router Internet Router 198.28.56.1

In this lab, your task is to: