Cloud Server Administration Labs 2

8.7.
4 Configure Restricted Groups

You are the IT security administrator for a small corporate network. A group of desktop
administrators needs administrative rights to all of the workstations in the domain. The workstations
are located in the Workstations OU on CorpDC.
In this lab, your task is to:
 Create a global security group named Desktop Admins in the Admins OU. (Members of the
group will be added later.)
 Configure a restricted group policy in the WorkstationGPO object that adds the domain
Desktop Admins group to the local Administrators group on all the workstations.
You can browse for domain groups, but for local group names, you need to type the group
name into the Group field.
Lab Report
Time Spent: 03:22
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Create the Desktop Admins group
Configure the Restricted Group
EXPLANATION
Complete this lab.
1. Access the CorpDC virtual server.

a. From Hyper-V Manager, select CORPSERVER.
b. Double-click CorpDC to access the server.
2. Create a group.
a. From Server Manager, select Tools > Active Directory Users and
Computers.
b. From the left pane, expand CorpNet.local.
c. Right-click the Admins and select New > Group.
d. In the Group name field, enter Desktop Admins.
e. Select OK.
f. Close Active Directory Users and Computers.
3. Create a restricted group.
a. From Server Manager, select Tools > Group Policy Management.
b. Maximize the window for better viewing.
c. Expand Forest: CorpNet.local > Domains > CorpNet.local > Group Policy
Objects.
d. Right-click WorkstationGPO and select Edit.
e. Under Computer Configuration, expand Policies > Windows
Settings > Security Settings.
f. Right-click Restricted Groups and select Add Group.
g. Select Browse.
h. In the Enter the object names to select box, enter Desktop Admins and then
select OK.
i. Select OK to add the group.
j. For This group is a member of, select Add.
k. Enter Administrators (do not browse) and then select OK.
l. Select OK.
8.8.4 Configure AppLocker
You work as the IT administrator for a small business and are responsible for the corporate network.
You are increasing network security by implementing AppLocker. Your first step is to prevent
applications from running on computers that are not located in the Windows directory or the Program
Files directory. In addition, there is a custom call center application used by the support team. The
call center application runs from C:\CallCenter\CallStart.exe and must be allowed to run. You also
want future versions of the call center application to run without having to change any settings.
In this lab, your task is to configure AppLocker in the WorkstationGPO on CorpDC as follows:
 Configure AppLocker to enforce executable rules.

 For AppLocker, create default executable rules to ensure you maintain access to:
o All files located in the Program Files folder.
o All files located in the Windows folder.
 Create an AppLocker rule using the following file attributes:
o Allow the Support group to run the call center software.
o Make sure the application is signed by the software publisher.
o Use C:\CallCenter\CallStart.exe as the reference file.
o Allow the rule to be applied to only the publisher of the file.
o Do not add exclusions to the rule.
Lab Report
Time Spent: 04:44
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Create the Default RulesHide Details
Allow all files located in the Program Files folder
Allow all files located in the Windows folder
Configure a Publisher rule to allow for future updates from the same vendor
Allow the support group to run the Call Center software
EXPLANATION
Complete this lab as follows:

b. Double-click CorpDC to connect to the virtual server.
c. Maximize the window for better viewing.
2. Enforce AppLocker rules for executable rules.
c. From the left pane,
expand Forest:CorpNet.local > Domains > CorpNet.local > Group Policy
Objects.
e. Maximize the window for better viewing.
f. Under Computer Configuration, expand Policies > Windows
Settings > Security Settings > Application Control Policies.
g. Select AppLocker.
h. From the right pane, select Configure rule enforcement.
i. Under Executable rules, select Configured.
j. Make sure Enforce rules appears in the drop-down list.
k. Select OK.
3. Create default executable rules.
a. From the left pane, expand AppLocker.
b. Right-click Executable Rules and select Create Default Rules.
c. From the right pane, notice that the three default executable rules that allow
the group Everyone access to the Windows and Program Files directories
were created.
4. Configure a Publisher rule and allow the Support group to run the call center software.
a. From the left pane, right-click Executable Rules and select Create New
Rule.
b. Select Next.
c. Make sure Allow is selected.
d. For User or group, click Select.
e. Enter Support for the required group and then select OK.
f. Select Next.
g. Make sure Publisher is selected and then select Next.
h. For Reference files, select Browse.
i. Browse to and select C:\CallCenter\CallStart.exe.
j. Select Open.
k. Slide the pointer from File version to Publisher and then select Next.
l. Select Next.
m. Select Create to accept the default name.
Notice that the Publisher rule was created.
8.9.4 Configure Power Options in a GPO

You are the IT administrator for a small corporate network. You have noticed that several computer
monitors are still on late at night, long after employees have left. You would like to use Group Policy
to set consistent power options for computers throughout the company. All workstations are
Windows 11 and reside in the Workstations OU.
In this lab, your task is to configure the following Power Option policy settings in the
WorkstationGPO policy:
 Set the policy Action to Update.

 Set the Balanced power plan as the active power plan for all workstations.
 Set the following advanced settings:
Setting On Battery Plugged in
60
Hard disk: Turn off hard disk after 120 Minutes
Minutes
30
Display: Turn off display after 60 Minutes
Minutes
Lab Report
Time Spent: 04:03
Score: 4/4 (100%)
TASK SUMMARY
Required Actions
Set the policy Action to Update
Set the Balanced plan as the active plan
Set Turn off hard disk afterHide Details
On battery: 60 Minutes
Plugged in: 120 Minutes
Set Turn off display afterHide Details
On battery: 30 Minutes
Plugged in: 60 Minutes
EXPLANATION
1. Access the CorpDC2 virtual server.

b. Under Virtual Machines, double-click CorpDC2 to access the server.
2. Access the WorkstationGPO Power Option policy.
c. From the left pane, expand Forest:
CorpNet.local > Domains > CorpNet.local > Group Policy Objects.
3. Start a new power plan.
a. From the left pane, under Computer Configuration, expand Preferences.
b. Expand Control Panel Settings.
c. Right-click Power Options and select New > Power Plan (At least Windows
7).
4. Configure your new power plan.
a. From the Action drop-down list, make sure Update is selected.
b. From the list of power plans, make sure Balanced is selected.
c. Select Set as the active power plan.
d. Expand Hard disk > Turn off hard disk after.
e. Select On battery.
f. In the On battery field, enter 60.
g. Select Plugged in.
h. In the Plugged in field, enter 120.
i. Expand Display > Turn off display after.
j. Select On battery.
k. In the On battery field, enter 30.
l. Select Plugged in.
m. In the Plugged in field, enter 60.
n. Select OK.
8.9.5 Deploy Desktop Shortcuts in a

GPO
You are the IT administrator for a small corporate network. The Support department uses a call
center application that runs from the network. They would like to make sure that all support
computers have a shortcut to this application on the desktop for all users.
In this lab, your task is to create a shortcut for all computers in the SupportGPO using the preference
settings as follows:
 Action: Update
 Name: CallStart
 Target Type: File System Object
 Location: All Users Desktop
 Target Path: \\CorpFiles\CallCenter\CallStart.exe
Lab Report
Time Spent: 09:49
Score: 1/1 (100%)
TASK SUMMARY
Required Actions
Create the CallStart policyHide Details
Action: Update
Name: CallStart
Target type: File System Object
Location: All Users Desktop
Target path: \\CorpFiles\CallCenter\CallStart.exe
EXPLANATION

a. In Hyper-V Manager, select CORPSERVER.
b. Under Virtual Machines, right-click CorpDC and select Connect.
2. Open the SupportGPO in the Group Policy Management Editor.
a. In Server Manager, select Tools > Group Policy Management.
c. In the left pane, expand Forest:
CorpNet.local > Domains > CorpNet.local > Group Policy Objects.
d. Right-click SupportGPO and select Edit.
3. Create a new shortcut policy.
a. Under Computer Configuration, expand Preferences > Windows Settings.
b. Right-click Shortcuts and select New > Shortcut.
c. Enter CallStart in the Name field.
d. Using the Location drop-down, select All Users Desktop.
e. Enter \\CorpFiles\CallCenter\CallStart.exe in the Target path field.
f. Select OK.
9.2.4 Configure PowerShell Remoting

You are a network technician for a large corporate network. Your office is in building A. An employee
in Building B, named Jacob, is having trouble connecting to a required website. Before you spend
too much time troubleshooting this issue, you want to see if Jacob's computer can connect to the
internet service provider (ISP) being used for building B.
Since Jacob works in another building across campus, you don't have time to walk to his office.
In this lab, your task is to test Jacob's connection to the ISP using remote PowerShell commands.
 From Sales 1, acting as if you were Jacob:

o Use PowerShell to view the IP addresses assigned to Sales1.
o Answer Questions 1 and 2.
o Configure the Sales1 computer to receive PowerShell remote commands.
In a live environment, you would call Jacob and tell him how to enable PowerShell
remoting.
 From ITAdmin, as the network technician:

o Use PowerShell to view the IP addresses assigned to the ITAdmin computer.
o Answer Question 3.
o Start a PowerShell interactive session with 192.168.10.31 (Sales1).
o Use remote PowerShell to run the tracert 198.28.2.254 command on Jacob's
computer. This is the IP address for the ISP for building B.
o Answer Question 4.
Lab Report
Time Spent: 04:43
Score: 7/7 (100%)
TASK SUMMARY
Required Actions & Questions
Q1What is the IP address assigned to Sales1
Your answer:192.168.10.31
Correct answer:192.168.10.31
Q2What is the default router for Sales1
Windows PowerShell remoting enabled on Sales1
Q3What is the default router for ITAdmin
Initiate an interactive PowerShell session with the Sale1 computer from ITAmin
Run a remote tracert to the ISP
Q4Was tracert able to find the ISP
EXPLANATION
1. On Sales1, find the default router and enable PowerShell remoting.

a. Right-click Start and then select Windows PowerShell (Admin).
b. Type ipconfig /all and then press Enter.
c. From the top right, select Answer Questions.
d. Answer questions 1 and 2. Minimize questions window.
e. From PowerShell, configure the Sales1 computer to receive PowerShell
remote commands by typing Enable-PSRemoting and then press Enter.
2. On ITAdmin, start a PowerShell interactive session with Sales1 and test Sales1's
connection to the ISP.
a. From the top left, select Building B.
b. Under Building A, select Floor 1.
c. Under IT Administration, select ITAdmin.
d. Right-click Start and then select Windows PowerShell (Admin).
e. From PowerShell, type ipconfig /all and then press Enter.
f. Answer Question 3.
g. To start a PowerShell interactive session with Sales1, type Enter-PSSession
192.168.10.31 and then press Enter.
h. From the PowerShell prompt, type tracert 198.28.2.254 (the IP address of
the ISP for building B) and then press Enter.
i. Answer Question 4.
j. Run Exit-PSSession from the PowerShell prompt.
k. Select Score Lab.
9.3.5 Manage Windows Servers by Using

Azure Arc
Your company has a Windows server located in the southern UK (United Kingdom). To help you
manage this server from multiple locations, you want to add this server to Azure Arc.
In this lab, your task is to use Azure Arc to generate a script that will add a single server to Azure Arc
using the following information:
 Project details:
o Subscription: CorpNet Production
o Resource group: CorpUK
 Server details:
o Region: (Europe) UK South
o Operating system: Windows
 Connectivity method:
o Public endpoint
 Download the script that was just created to onboard your Windows server.
 Verify that the OnboardingScript has been downloaded to the Downloads folder.
Lab Report
Time Spent: 03:13
Score: 4/4 (100%)
TASK SUMMARY
Required Actions
Configure the project details for the new serverHide Details
Subscription = CorpNet Production
Resource group = CorpUK.
Configure the server details for the new serverHide Details
Region = (Europe) UK South.
Operating system = Windows
Configure the connectivity method
Download the Onboarding script
EXPLANATION
1. Add the server with the Azure Arc wizard.

a. Maximize the Azure Services window.
b. Under Azure Services, select Azure Arc.
c. From the left pane, under Infrastructure, select Servers.
d. From the menu bar, select Add.
e. For Add a single server, select Generate script.
2. Configure the resource group details and tags.
a. Review the prerequisites and then select Next.
b. Configure the resource details as follows:
 Subscription: CorpNet Production
 Resource group: CorpUK
This is the resource group that will hold your
metadata.
 Region: (Europe) UK South
 Operating system: Windows
 Connectivity method: Public endpoint
c. Select Next.
d. Select Next skip the process of adding tags.
3. Download the script to onboard your Windows server.
a. Review the script that has been generated.
b. Select Download to download the default Azure Arc script.
c. Select Close.
d. From the Add servers with Azure Arc window, select the X in the upper right to
close the view.
4. Verify that the script was download.
a. Minimize or close Google Chrome.
b. From the Windows taskbar, select File Explorer.
c. From the left pane of File Explorer, select Downloads.
d. Verify that the OnboardingScript is shown.
9.4.8 Manage IaaS Virtual Machines

(VMs) in Azure That Run Windows
Server
You are the network administrator for your company. You have decided to begin the configuration of
Azure to help manage your network. As part of this setup, you need to create a virtual server in
Azure.
In this lab, your task is to create an Azure virtual machine using the following information:
 Virtual machine type: Azure virtual machine

 Project details:
o Subscription name: CorpNet Production
o Resource group name: CorpNetCloud
 Instance details:
o Virtual machine name: CorpCloud1
o Region: (US) West US2
o Image: Windows Server 2022 Datacenter: Azure Edition - Gen2
o Size: Standard_D4s_v3 - 4 vcpu, 16 GiB memory ($327.04/month)
 Administrator account:
o Username: CorpAdmin
o Password: corpP@ssw0rd
 Disk options:
o Set Standard HDD as the OS disk type.
o Make sure that the Delete with VM box is selected.
 Use the default network parameters.
Lab Report
Time Spent: 03:36
Score: 4/4 (100%)
TASK SUMMARY
Required Actions
Configure the project details for the new VMHide Details
Subscription: CorpNet Production
Resource Group: CorpNetCloud
Configure the instance details for the new VMHide Details
Server Name: CorpCloud1
Location: (US) West US2
Size: Standard_D4s_v3 - 4 vcpu, 16 GiB memory ($327.04/month)
Configure the administrator account for the new VMHide Details
Username: CorpAdmin
Password: corpP@ssw0rd
Configure the disks for the new VM
EXPLANATION
1. Configure the virtual machine's basic settings.

a. Maximize the Google Chrome window for better viewing.
b. Under Azure Services, select Virtual machines.
c. From the menu bar, select Create > Azure virtual machine.
d. Under Project details, configure the following:
 Resource group: CorpNetCloud
e. Under Instance details, configure the following:
 Virtual machine name: CorpCloud1
 Region: (US) West US2
 Image: Windows Server 2022 Datacenter: Azure Edition - Gen2
 Size: Standard_D4s_v3 - 4 vcpu, 16 GiB memory
($327.04/month)
f. Under Administrator account, configure the following:
 Username: CorpAdmin
 Password: corpP@ssw0rd
 Confirm password: corpP@ssw0rd
2. Configure the disks for the new virtual machine.
a. From the bottom menu bar, select Next: Disks.
b. Under Disk options, configure the following:
 OS disk type: Standard HDD
 Delete with VM: Make sure that this box is selected.
3. Configure the network connectivity for your virtual machine.
a. From the bottom menu bar, select Next: Networking.
b. Under Network Interface, verify the following settings:
 Virtual network: (new) CorpNetCloud-vnet
 Subnet: (new) default (10.0.0.0)/24)
 Public IP: (new) CorpCloud1-ip
4. Review and validate the new virtual machine.
a. From the bottom menu bar, select Review + create.
b. Review the virtual machine details.
5. Create the virtual machine.
a. From the bottom menu bar, select Create.
b. Monitor the creation process until the deployment is complete.
c. After the deployment is complete, select Go to resource and verify that the
machine has been created.
9.7.4 Assign Azure Policy Guest
Configuration
You are the network administrator for your company. You are using Azure Arc to help manage your
servers. To be able to view compliance, you have decided to assign a guest configuration policy to
your server.
In this lab, your task is to assign an Azure policy using the following information:
 Azure Arc server:

o NYC-SRV1
 Policy definition:
o Configure Log Analytics extension on Azure Arc enabled Windows servers
 Log Analytics workspace:
o ws-corp-cloud-log-analytics
Lab Report
Time Spent: 05:40
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Select the policy definition
Assign the log analytics workspace
EXPLANATION
1. Access the NYC-SVR1 Azure server.

b. Under Azure Services, select Azure Arc.
c. From the left pane, under Infrastructure, select the Servers blade.
A list of previously added servers is displayed.
d. Select the server named NYC-SRV1.
2. Assign an Azure policy.
a. From the left, under Operations, select the Policies blade.
b. Select Assign policy.
c. Under Basics, to the right of Policy definition, select the box containing "...".
d. Type windows servers in the Search field.
e. Select Configure Log Analytics extension on Azure Arc enabled Windows
servers.
f. From the bottom, click Select.
The Policy definition and Assignment name fields are populated.
g. From the bottom, select Next.
h. Use the Log Analytics workspace drop-down menu to select ws-corp-cloud-
log-analytics.
i. Select Review + create.
j. Select Create.
10.1.8 Configure Volumes

Until now, the network has consisted only of workstations accessing the internet through a
consumer-grade switch. You have convinced management that adding a server would ease your
administrative burden. As a result, you are testing various configurations of the Windows Server
operating system.
You have installed Windows Server on a new computer and named the new server CorpServer2.
During installation, you created a single volume for the operating system using 200 GB on the first
disk. You also have two additional unused disks installed in the server.
 Extend the System (C:) volume to use the remaining space on Disk 0.
 Create a new volume using Disk 1 and Disk 2 with the following settings:
o Use all the disk space on Disk 1 and 600 GB (614400 MB) on Disk 2.
o Use M as the drive letter.
o Use the NTFS file system.
o Use Data as the volume label.
Lab Report
Time Spent: 05:09
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Extend the C: volume
Create the Data volumeHide Details
Create a Spanned volume
Total volume size: 4600 GB (4 TB Disk 1 + 600 GB Disk 2)
Use 600 GB from Disk 2
Assign drive letter M
Use NTFS File System
Create the Data volume
EXPLANATION
1. Extend the System (C:) volume.

a. Right-click Start and select Disk Management.
b. Select OK to initialize all of the new disks.
c. From the top pane, right-click on the System (C:) volume and select Extend
Volume.
d. Select Next to start the wizard.
e. Make sure Disk 0 614050 MB is highlighted and select Next to use the
remaining space on Disk 0.
f. Select Finish.
2. Convert disk 1 and 2 to a dynamic disk.
a. From Disk Management, right-click Disk 1 and select Convert to Dynamic
Disk.
b. Make sure Disk 1 is marked and select Disk 2.
c. Select OK to convert both disks to dynamic disks.
3. Create a spanned volume.
a. From Disk Management, right-click the unallocated space on Disk 1 and
select New Spanned Volume.
b. Select Next.
c. Under Available, select Disk 2 and then select Add.
d. Under Selected, select Disk 2.
e. In the Select the amount of space in MB field, enter 614400 MB to adjust the
amount of space used in the new volume.
f. Select Next.
g. Using the drive letter drop-down, select drive letter M.
h. Select Next.
i. In the Volume label field, type Data and then select Next.
j. Select Finish.
10.2.5 Configure and Manage Storage

Spaces
You are the network administrator for a small company. The sales department has grown recently,
and they would like additional disk storage space on the CorpiSCSI server. You have decided to
provide this storage using storage spaces.
In this lab, your task is to complete the following:
 Using Server Manager, create a new storage space pool.

o Type: Physical disks
o Name: CorpiSCSI Pool
o Use all available disks
 Create a new virtual disk for the pool just created.
o Name: CorpiSCSI Virtual Disk
o Storage Layout: Parity (single)
o Provisioning type: Thin
o Size: 10 TB
 Create a volume and assign a drive letter to the new virtual disk using the following:
o Drive letter: S
o File system: NTFS
o Allocation unit size: Default
o Volume label: Sales
 Verify the creation of the new virtual storage space drive and create a new folder.
o Create the S:\Clients folder on the new volume.
Lab Report
Time Spent: 06:11
Score: 4/4 (100%)
TASK SUMMARY
Required Actions
Create a storage pool named CorpiSCSI PoolHide Details
Create a new storage space pool named CorpiSCSI Pool
Use all available disks
Hard disk 1 used
Hard disk 2 used
Hard disk 3 used
Create the virtual diskHide Details
Virtual disk name = CorpiSCSI Virtual Disk
Storage Layout: Parity (single)
Provisioning type: Thin
Size: 10 TB
Create a volumeHide Details
Volume assigned to drive S:
File system: NTFS
Allocation unit size: Default
Volume name of Sales
Create a folder on S: named Clients
EXPLANATION
1. Create a new storage space pool.

a. From the left pane of Server Manager, select File and Storage Services.
c. From the left navigation pane, select Storage Pools.
d. Under PHYSICAL DISKS, use the TASKS drop-down list to select New Storage
Pool.
e. From the Before you begin page, select Next to start the wizard.
f. From the Specify a storage pool name and subsystem page, enter CorpiSCSI
Pool in the name field.
g. Select Next.
h. Select all available disks and then select Next.
i. Select Create.
j. Select Close.
2. Create a new virtual disk.
a. Under STORAGE POOLS, select the CorpiSCSI Pool.
b. Under VIRTUAL DISKS, use the TASKS drop-down list to select New Virtual
Disk.
c. Select OK to use the CorpiSCSI Pool.
d. Select Next to begin the New Virtual Disk Wizard.
e. In the Name field, enter CorpiSCSI Virtual Disk and then select Next.
f. Select Next to use the default Enclosure Awareness options.
g. Select Parity for the Storage Layout and then select Next.
h. For the Resiliency type, make sure Single parity is selected and then
select Next.
i. Select Thin for the provisioning type and then select Next.
j. For Specify size field, use 10 and change the drop-down to TB.
k. Select Next.
l. Select Create.
m. Select Close.
The New Volume Wizard starts automatically.
3. Create a volume and assign a drive letter to the new virtual disk.
a. Select Next to start the New Volume Wizard.
b. Select Next to use the default server and virtual disk.
c. Select Next to use the default volume size.
d. Under Assign to, use the drop-down list to select S as the drive letter and then
select Next.
e. Configure the File System Settings as follows:
 File system: NTFS
 Allocation unit size: Default
 Volume label: Sales
f. Select Next.
g. Review your configuration and select Create.
h. Select Close.
4. Verify the creation of the new virtual storage space drive and create a new folder.
a. From the taskbar, select File Explorer.
b. From the left pane, select This PC.
c. From the right pane, double-click Sales (S:).
d. Right-click in the white space and select New > Folder.
e. Name the new folder Clients.
10.6.6 Configure NTFS Permissions

You need to manage the permissions assigned to various folders. Department data is stored on
CorpFiles16 in a folder named D:\Departments. Within the Departments folder, each department has
a subfolder where they can publish files to the rest of the company. The default permissions
inherited by the D:\Departments folder and each subfolder currently allow all users to read and
execute files.
In this lab, your task is to configure permissions for each departmental subfolder so that only users
within each department can change their department's files. To complete this task, assign the
permissions specified in the following table:
Folder Domain Local Group Permissions
D:\Departments\
Accounting Resources Full Control
Accounting
D:\Departments\Research Research Resources Full Control
D:\Departments\Sales Sales Resources Full Control
D:\Departments\Support Support Resources Full Control
Lab Report
Time Spent: 08:54
Score: 4/4 (100%)
TASK SUMMARY
Required Actions
Give the Accounting Resources group Full Control to D:\Departments\Accounting
Give the Research Resources group Full Control to D:\Departments\Research
Give the Sales Resources group Full Control to D:\Departments\Sales
Give the Support Resources group Full Control to D:\Departments\Support
EXPLANATION
While completing this lab, use the following information:
Domain Local
Folder Permissions
Group
D:\Departments\Accounting Accounting Resources Full Control
D:\Departments\Research Research Resources Full Control
D:\Departments\Sales Sales Resources Full Control
D:\Departments\Support Support Resources Full Control

1. Connect to the CorpFiles16 virtual server.

b. Maximize the window to view all virtual machines.
c. Double-click CorpFiles16 to connect to the virtual server.
d. Maximize the window for better viewing.
2. Configure permissions for each departmental subfolder.
a. From the taskbar of CorpFiles16, select File Explorer.
c. From the right pane, open Data (D:) > Departments.
d. Right-click the folder and select Properties.
e. Select the Security tab.
f. Select Edit.
g. Select Add.
h. In the Enter the object names to select field, type the name of each security
principal that receives permission to the shared folder and then select OK.
i. With the security principal still highlighted, under Allow, select Full control.
j. Select OK twice.
k. Repeat steps 2d-2j for each domain local group.
10.6.7 Remove Inherited Permissions

Confidential personnel data is stored on the CorpFiles16 file server in a shared directory named
Personnel. You need to configure NTFS permissions for this folder so that only managers are
authorized to access the folder.
 Grant the group named Managers the Full Control permission to the H:\Personnel folder.
 Remove all inherited permissions that are flowing to the H:\Personnel folder.
You know that you need to prevent permission inheritance if a permission appears grayed out when
you try to modify it.
Lab Report
Time Spent: 01:15
Score: 6/6 (100%)
TASK SUMMARY
Required Actions
Prevent inherited permissions on the H:\Personnel folder
Grant the Managers group Full Control to H:\Personnel
Remove CREATOR OWNER from the permission list
Remove Administrators from the permission list
Remove SYSTEM from the permission list
Remove Users from the permission list
EXPLANATION

2. Configure NTFS permissions.
c. From the right pane, double-click Projects (H:).
d. Right-click Personnel and select Properties.
f. Select Edit.
g. Select Add.
h. In the Enter the object names to select field, type Managers and then
select OK.
i. With the Managers group selected, under Allow, select Full control.
j. Select OK.
3. Prevent inherited permissions from parent objects.
a. From the Security tab, select Advanced.
b. Select Disable inheritance.
c. Select Remove all inherited permissions from this object.
d. Select OK to close the Advanced Security Settings for Personnel dialog.
e. Select OK to close the Properties dialog.
10.6.8 Enable Quota Restrictions

Recently, you installed Windows Server 2022 on a new server called CorpFiles. This server will host
the home directories for users. Management is concerned that some users will use a large amount
of disk space. To prevent this from happening, you need to enable quota management on the
shared drive.
 Enable quota management on the D: drive using the following specifications:

o Limit disk usage to 500 MB per new user
o Give users a warning at 450 MB.
o Deny additional space to users exceeding the quota limit.
o Log an event each time a user hits the warning level.
Lab Report
Time Spent: 01:39
Score: 4/4 (100%)
TASK SUMMARY
Required Actions
Enable quota management for D: drive
Set the default quota limit to a 500 MB limit with a 450 MB warning
Deny users disk space exceeding their quota limit
Enable logging an event when users exceeding their warning level
EXPLANATION
1. Connect to the CorpFiles virtual server.

c. Double-click CorpFiles to connect to the server.
2. Enable quota management.
c. From the right pane, right-click Data (D:) and then select Properties.
d. Select the Quota tab.
e. From the Quota tab, select Enable quota management.
f. Select Deny disk space to users exceeding quota limit to deny additional
space exceeding the quota limit.
g. Select Limit disk space to.
h. In the Limit disk space to field, use 500 MB and then use its drop-down to
select MB.
i. In the Set warning level to field, use 450 MB and then use its drop-down to
select MB.
j. Select Log event when a user exceeds their warning level.
k. Click OK to enable the quota system.
10.6.9 Create a Quota Entry

For security reasons, you want to know if anyone uses the domain Guest account to save any files
on the CorpFiles server D: drive of the CorpFiles server. Disk quotas have already been enabled.
 Create a new quota entry for the Guest account.

o Set the quota limit to 500 MB.
o Set the warning level to 1 KB.
Lab Report
Time Spent: 07:35
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Create a quota entry for the Guest account
Set the quota limit to 500 MB for the Guest account
Set the warning level to 1 KB for the Guest account
EXPLANATION

c. Double-click CorpFiles to connect to the server.
2. Configure Quota for the Guest account.
e. From the Quota tab, select Quotas Entries.
f. Select Quotas > New Quotas Entry.
g. Under Enter the object names to select, enter Guest and then select OK.
h. Select Limit disk space to and then in it's field, enter 500 MB.
i. Select OK.
j. Close the Quota Entries window.
k. From the Data (D:) Properties window, select OK.
10.6.10 Modify Quota Limits

While the CorpFiles server was configured, a 5 MB disk quota warning for the D: drive was applied
to the Administrators account. As a result, the server logs many warning messages.
In this lab, your task is to remove all quota limits for the Administrators account.
Lab Report
Time Spent: 01:06
Score: 1/1 (100%)
TASK SUMMARY
Required Actions
Select Do not limit disk usage in the quota entry for the Administrators account
EXPLANATION

c. Double-click CorpFiles to connect to the virtual server.
2. Remove all quota limits for the Administrators account
a. On the taskbar, select File Explorer.
e. At the bottom, select Quotas Entries.
f. Right-click the existing Administrator quota entry and then
select Properties.
g. Select Do not limit disk usage.
h. Select OK to save the change.
i. Close the Quotas Entries window.
j. Select OK to close the Properties window.
10.7.4 Configure NTFS and Share

Permissions
You are creating a share for the H:\Components folder on the CorpFiles16 server. The Research
and Development department employees need to store programming components in this shared
folder.
Data in a shared folder on an NTFS partition has two sets of permissions (share permissions and
NTFS permissions). Each user's data access is determined by the most restrictive of these two
permissions. You need to secure the data in the folder as follows:
 Members of the Research Resources group should have full control over the folder.
 All other users should be able to view the contents of the folder.
 Permissions should apply to network access through both the share and local access.
In this lab, your task is to implement a combined share and NTFS permission strategy as follows:
 Share the H:\Components folder using the default share name of Components.
 Configure share permissions by giving the Everyone group Full Control share permissions.
 Configure NTFS permissions for the H:\Components folder by giving the Research
Resources group Full Control permissions.
 Keep the remaining NTFS permissions. This allows administrators full control and allows all
other users to read the folder contents.
Lab Report
Time Spent: 04:27
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Share H:\Components as Components
Grant the group Everyone the Full Control share permissions
Grant the Research Resources group Full Control NTFS permissions to H:\Components
EXPLANATION
1. Share the H:\Components folder using the default share name.

c. From the right pane, double-click Projects (H:).
d. Right-click the Components folder and select Properties.
e. Select the Sharing tab.
f. Select Advanced Sharing.
g. Select Share this folder.
h. Use the default name of Components for the Share name field, .
i. Select Apply.
2. Configure the shared folder's permissions.
a. Select Permissions to configure shared folder permissions.
b. With the group named Everyone highlighted, select Full Control and then
select OK.
c. Select OK to save the changes and close the Advanced Sharing dialog.
3. Configure NTFS permissions.
a. Select the Security tab.
b. Select Edit.
c. Select Add.
d. In the Enter the object names to select box, enter Research Resources and
then select OK.
e. Under Allow, select Full Control.
f. Select OK.
g. Select OK to save the changes.
11.1.6 Share a Folder with a Second
Name
You are configuring the file system of a Windows Server computer named CorpFiles. The D:\Users
folder has already been shared using the share name Users.
 Add an additional share, named Home Folders, to the D:\Users folder.

 Keep the default user limits, share permissions, and offline files settings that were set when
the original share was created.
Lab Report
Time Spent: 01:52
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Share D:\Users as Home Folders
Keep the default permissions
EXPLANATION

c. Double-click CorpFiles to connect to the virtual server.
2. Add a share name of Home Folders for the D:\Users folder.
b. From the left pane, expand and select This PC > Data (D:).
c. From the right pane, right-click Users and select Properties.
d. Select the Sharing tab.
e. Select Advanced Sharing.
f. Select Add.
g. Enter Home Folders in the Share name field.
h. Select OK to add the new share.
i. Select OK to save the changes.
11.1.7 Remove a Shared Folder

You are configuring the file system of a Windows Server named CorpFiles16. The H:\Projects folder
is shared using two share names, Projects and Builds. You no longer want the H:\Projects folder to
be accessible through the share name Builds.
 Remove the share named Builds from the H:\Projects folder.
Lab Report
Time Spent: 02:34
Score: 1/1 (100%)
TASK SUMMARY
Required Actions
Remove the share name Builds from the H:\Projects folder
EXPLANATION

2. Remove the share named Builds from the H:\Projects folder.
a. From the taskbar, open File Explorer.
b. From the left pane, expand and select This PC > Projects (H:).
c. From the right pane, right-click Projects and select Properties.
f. Use the Share name drop-down list to select Builds.
g. Select Remove.
The Remove button is only available when there are at least two share names
for the folder or drive.
h. Select OK to close the Advanced Sharing dialog.

i. Select OK to close the Projects Properties dialog.
11.1.8 Enable Share Caching

You are configuring the file system on the CorpFiles16 Windows Server. The H:\Archives folder has
been previously shared, and users have read-only access to the Archives shared folder. When a
client computers accesses a file in the Archives shared folder, you want to automatically cache a
copy to the user's workstation. This will optimize system performance by preventing unnecessary
network use when files are accessed in the future.
 Make all files and programs that users open from the H:\Archives shared folder
automatically available offline.
 Optimize performance by caching programs and files.
Lab Report
Time Spent: 02:42
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Enable automatic caching for the Archives shared folder.
Optimize for performance by allowing automatic caching of program files and data files.
EXPLANATION
1. Access the CorpFiles16 virtual server.

2. Configure offline file caching.
a. From the taskbar, open File Explorer.
b. From the left pane, expand and select This PC > Projects (H:).
c. Right-click the Archives and select Properties.
f. Select Caching.
g. Select All files and programs that users open from the shared folder are
automatically available offline to enable automatic caching of files.
3. Optimize performance by caching programs and files.
a. Make sure Optimize for performance is enabled.
b. Select OK to close the Offline Settings dialog.
c. Select OK to save your setting changes.
11.1.9 Disable Share Caching

You need to configure the file system of a Windows Server computer named CorpFiles16. You want
to make sure that no data from the D:\Confidential shared folder ever gets cached to local
computers.
 Disable caching for the D:\Confidential folder.
Lab Report
Time Spent: 01:16
Score: 1/1 (100%)
TASK SUMMARY
Required Actions
Disable caching for the Confidential shared folder
EXPLANATION
Disable offline caching for a folder as follows:
1. Access the CorpFiles16 virtual server.

2. Disable caching for the D:\Confidential folder.
a. On the CorpFiles16 server, open File Explorer.
b. From the left pane, expand and select This PC > Data (D:).
c. From the right pane,
d. Right-click Confidential and select Properties.
f. On the Sharing tab, select Advanced Sharing.
g. Select Caching.
h. Select No files or programs from the shared folder are available
offline to disable caching.
i. Select OK to close the Offline Settings dialog.
j. Select OK to close the Advanced Sharing dialog and to save your changes.
11.1.10 Configure Share Permissions
You are configuring the file system for the CorpFiles Windows server. You have shared the D:\
Shared folder for common file access. The group named Everyone has complete NTFS permissions
to the folder (except permission to change file and folder permissions).
Network users report that they can only read data in the Shared folder. They should be able to
create, edit, and delete all folders and files. You want to enable these permissions using the least
administrative effort.
In this lab, your task is to fix the user access problem by granting the Everyone group the Change
share permission for the Shared folder.
Lab Report
Time Spent: 01:13
Score: 1/1 (100%)
TASK SUMMARY
Required Actions
Grant Everyone Change share permissions
EXPLANATION
1. Access the CorpFiles virtual server.

c. Double-click CorpFiles to access the virtual server.
2. Grant the Change share permission for the Shared folder.
c. From the right pane, double-click Data (D:).
d. Right-click Shared and select Properties.
f. Select Advanced Sharing.
g. Select Permissions.
h. Under Group or users names, make sure that Everyone is highlighted.
i. Under Allow, select Change and then select OK.
j. Select OK to save the changes.
11.4.5 Add Role Services for DFS and

Create a Namespace
You are the IT administrator for a small corporate network. You need to simplify file access for
various departments using the Distributed File System (DFS).
Your implementation should be configured as follows:
 The CorpDC2 server will host a domain namespace and several replicated folders.
 The server will replicate with other servers running DFS.

 Add the DFS Namespace role services.
 Add the DFS Replication role services.
 Create a namespace using the following parameters:
o Use the CorpDC2 server.
o Name: SharedFiles
o Use a domain-based namespace.
o Configure the namespace to use access-based enumeration.
 Create folders with targets as follows:
Folder Name Target
Accounting \\CorpFiles\Accounting
\\CorpFiles16\
Marketing
Marketing
Sales \\CorpFiles16\Sales
The File Server role service is automatically added to manage shared folders that are targets of DFS
folders.
Lab Report
Time Spent: 05:56
Score: 4/4 (100%)
TASK SUMMARY
Required Actions
Add the DFS Namespaces role service
Add the DFS Replication role service
Add the SharedFiles NamespaceHide Details
Name is \\CorpNet.local\SharedFiles
2008 mode domain-based
Create namespace folders and targetsHide Details
Accounting folder
Marketing folder
Sales folder
EXPLANATION
Folder
Target
Name
Accounting \\CorpFiles\Accounting
Marketing \\CorpFiles16\Marketing
Sales \\CorpFiles16\Sales
1. Access the CorpDC2 virtual server.

b. Double-click CorpDC2 to access the virtual server.
2. Add the DFS role services.
a. From Server Manager, select Manage > Add Roles and Features.
b. Select Next to begin the Add Roles and Features Wizard.
c. Select Next to use Role-based or feature-based installation.
d. Select Next to accept the default options of:
 Select a server from the server pool
 Name: CorpDC2.CorpNet.local
e. Expand and select File and Storage Services > File and iSCSI Services > DFS
Namespaces.
f. Select Add Features to include the management tools.
g. Select Next.
h. Select Next.
i. Select Install.
j. After the role services install, select Close.
3. Create a domain-based DFS namespace.
a. From Server Manager, select Tools > DFS Management.
b. Right-click Namespaces and select New Namespace.
c. In the Server field, enter CorpDC2 and then select Next.
d. In the Name field, enter SharedFiles and then select Next.
e. Select Enable Windows Server 2008 mode to allow access-based
enumeration.
f. Select Next.
g. Select Create.
h. Select Close.
4. Add folders.
a. Right-click \\CorpNet.local\SharedFiles and select New Folder.
b. In the Name field, enter the folder name and then select Add.
c. Enter the path to the target folder.
d. Select OK.
e. Select OK.
f. Repeat steps 4a – 4e to add the additional folders.
11.5.4 Create Azure File Sync Service

You are the network administrator for your company. You are configuring Azure to help manage your
network. You want to begin synchronizing on-premise files to the cloud. The first step is to create an
Azure File Sync service.
In this lab, your task is to create an Azure File Sync service using the following information:
 Recent resource: CorpNetCloud

o Resource group: CorpNetCloud
o Storage sync service name: CorpFileSyncService
Lab Report
Time Spent: 04:58
Score: 4/4 (100%)
TASK SUMMARY
Required Actions
Resource group: CorpNetCloud
Storage sync service name: CorpFileSyncService
Region: (US) West US2
EXPLANATION
1. Create an Azure File Sync service.

b. Under Resources > Recent, select CorpNetCloud.
c. From CorpNetCloud's menu bar, select Create.
d. In the search window, begin typing file sync and then select Azure File
Sync when it appears.
e. From the Azure File Sync page, next to Plan, select Create.
f. Configure the Deploy Azure File Sync options as follows:
 Storage sync service name (type in
manually): CorpFileSyncService
g. Select Review + Create.
h. Select Create.
Wait for the deployment to complete.
2. Once the deployment is complete, select Go to resource to view the CorpFileSyncService
page.
11.5.5 Create an Azure Storage Account

and a File Share
network. You are synchronizing on-premise files to the cloud. The next step is to create an Azure
Storage Account with a File Share to sync the files to.
 Create a storage account with the following options:

o Resource group: CorpNetCloud
o Storage account name (case sensitive): corpnetstorageaccount
o Redundancy: Geo-redundant storage (GRS)
 Create a file share named corpnetfileshare from within the storage account you created.
Lab Report
Time Spent: 07:53
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Create a Storage AccountHide Details
Resource Group: CorpNetCloud
Storage account name: corpnetstorageaccount
Region: (US) West US2
Redundancy: Geo-redundant storage (GRS)
Create a file share: corpnetfileshare
EXPLANATION
1. Create a storage account.

b. Under Resources > Recent, select CorpNetCloud.
c. From the CorpNetCloud menu bar, select Create.
d. Under Popular Products, select the Storage account.
e. From the Create a storage account page, configure the following options:
 Storage account name: corpnetstorageaccount
 Redundancy: Geo-redundant storage (GRS)
f. Select Review.
g. Review the options and then select Create.
h. When deployment is complete, select Go to resource.
2. Create a File Share.
a. From within the new storage account, under Data Storage, select the File
shares blade.
b. From the top row, select + File share.
c. In the Name field, enter corpnetfileshare as the name of the new file share.
d. Select Create.
e. Select the new file share (corpnetfileshare).
There are currently no files in this share.
After you create a sync group, register the on-premise server, and create the server
endpoint, you will come back to this location and view the files that have synced to the
storage account from the on-premise server.
11.5.7 Create Sync Groups

network. You are synchronizing on-premise files to the cloud. The next step is to create an Azure
Sync Group.
 Create Sync Group using the following parameters:

o Sync group name: CorpNetFileSyncGroup
o Storage Account: corpnetstorageaccount
o Azure File Share: corpnetfileshare
Lab Report
Time Spent: 01:29
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Sync Group Name: CorpNetFileSyncGroup
Azure file share: corpnetfileshare
EXPLANATION
1. Create a Sync Group.

b. Under Resources > Recent, select CorpFileSyncService.
c. Select + Sync group.
d. From the Sync Group page, configure the following options:
 Sync group name: CorpNetFileSyncGroup
 Click Select storage account and then
select corpnetstorageaccount
 Azure File Share: Use the drop-down to select corpnetfileshare.
e. Select Create.
The Cloud endpoint is assigned to the Sync group when it is created.
11.6.4Create Server Endpoints

network. You are synchronizing on-premise files to the cloud. The last step is to add the Server
Endpoint. You have already downloaded the Azure File Sync agent and installed it on your on-
premise server CorpFiles. The Azure File Sync agent registers the server with Azure.
 Add CorpFiles as a Server Endpoint to CorpFilesSyncGroup.

 Synchronize the entire D:\ drive from CorpFiles with the Azure file share.
 Browse the folders to see what files have been synced from the on-premise server.
Lab Report
Time Spent: 02:32
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Add CorpFiles as a Server Endpoint
Synchronize D:\
EXPLANATION
1. Add the on-premise server as a Server Endpoint.

b. From Recent Resources, select CorpFileSyncService.
c. Select the CorpNetSyncGroup.
d. Select Add server endpoint.
e. Under Registered Server, select CorpFiles.
f. Under Path, type the path to the files you want to sync from the registered
server (D:\).
g. Select Create.
2. Verify that files are syncing from the server to the Azure storage account.
a. In the top left, select Home.
b. Under Recent Resources, select corpnetstorageaccount.
c. Under Data Storage, select the File shares blade.
d. Select corpnetfileshare.
e. Browse the folders to see what files have been synced from the on-premise
server.
12.2.14 Create Virtual Machines

You have installed Hyper-V on the server named CorpServer. You are experimenting with creating
virtual machines.
In this lab, your task is to create two virtual machines named VM1 and VM2. Use the following
settings as specified for each machine:
VM1:
 Virtual machine name: VM1

 Virtual machine location: D:\HYPERV
 Virtual machine generation: Generation 1
 Startup memory: 1024 MB - Do not use Dynamic Memory
 Networking connection: External
 Virtual hard disk name: VM1.vhdx
 Virtual hard disk location: D:\HYPERV\Virtual Hard Disks
 Virtual hard disk size: 50 GB
 Operating system will be installed later
VM2:
 Virtual machine name: VM2

 Virtual machine location: D:\HYPERV
 Generation: Generation 2
 Startup memory: 2048 MB - Use Dynamic Memory
 Networking connection: Internal
 Virtual hard disk name: VM2.vhdx
 Virtual hard disk location: D:\HYPERV\Virtual Hard Disks
 Virtual hard disk size: 250 GB
 Operating system will be installed later
 Minimum RAM: 512 MB
 Maximum RAM: 4096 MB
Lab Report
Time Spent: 05:25
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Create virtual machine VM1Hide Details
Virtual machine name: VM1
Virtual machine location: D:\HYPERV
Generation 1
Startup memory: 1024 MB
Networking connection: External
Virtual hard disk name and location: D:\HYPER\Virtual Hard Disks\VM1.vhdx
Virtual hard disk size: 50 GB
Set to install operating system later
Create virtual machine VM2Hide Details
Virtual machine name: VM2
Virtual machine location: D:\HYPERV
Generation 2
Startup memory: 2048 MB
Networking connection: Internal
Virtual hard disk name: VM2.vhdx
Virtual hard disk location: D:\HYPERV\Virtual Hard Disks
Virtual hard disk size: 250 GB
Set to install operating system later
Minimum RAM: 512 MB
Maximum RAM: 4096 MB
EXPLANATION
1. Create VM1 on CorpServer.

a. From Server Manager, select Tools > Hyper-V Manager.
b. Right-click CORPSERVER.
c. Select New > Virtual Machine.
d. From the Before You Begin window, select Next.
e. In the Name field, use VM1 for the name of the new virtual machine.
f. In the Location field, make note of the location where the virtual machine will
be created, and then select Next.
g. Make sure Generation 1 is selected and then select Next.
h. In the Startup memory field, enter 1024 and then select Next.
i. Use the Connection drop-down list to select External, and then select Next.
j. Make sure Create a virtual hard disk is selected.
k. Configure the new hard disk as follows:
 Name: VM1.vhdx
 Location: D:\HYPERV\Virtual Hard Disks\
 Size: 50
l. Select Next.
m. Make sure that Install an operating system later is selected, and then
select Next.
n. Select Finish to create the virtual machine.
2. Create VM2 on CorpServer.
a. Right-click CORPSERVER.
b. Select New > Virtual Machine.
c. From the Before You Begin window, select Next.
d. In the Name field, use VM2 for the name of the new virtual machine.
e. In the Location field, make note of the location where the virtual machine will
be created, and then select Next.
f. Select Generation 2, and then select Next.
g. In the Startup memory field, enter 2048 MB.
h. Select Use Dynamic Memory for this virtual machine, and then
select Next.
i. Use the Connection drop-down list to select Internal, and then select Next.
j. Make sure Create a virtual hard disk is selected.
k. Configure the new hard disk as follows:
 Name: VM2.vhdx
 Location: D:\HYPERV\Virtual Hard Disks\
 Size: 250
l. Select Next.
m. Make sure that Install an operating system later is selected, and then
select Next.
n. Select Finish to create the virtual machine.
3. Adjust virtual machine memory.
a. From Hyper-V Manager, right-click the VM2.
b. Select Settings.
c. From the left pane, select Memory.
d. Configure the memory as follows:
 Minimum RAM: 512 MB
 Maximum RAM: 4096 MB
e. Select OK.
12.3.8 Create Virtual Hard Disks

You have installed Hyper-V on CorpServer. You are experimenting with virtual hard disks.
In this lab, use the Hyper-V Manager utility to create two virtual hard disks in the D:\HYPERV\Virtual
Hard Disks directory. Name these disks Test1 and Test2.
Use the following settings for Test1:
 Name: Test1
 Disk Format: VHD
 Disk Type: Fixed size
 File name: Test1.vhd
 Location: D:\HYPERV\Virtual Hard Disks
 Size: 500 GB
Use the following settings for Test2:
 Name: Test2
 Disk Format: VHDX
 Disk Type: Dynamically expanding
 File name: Test2.vhdx
 Location: D:\HYPERV\Virtual Hard Disks
 Size: 4 TB (4096 GB)
Lab Report
Time Spent: 03:04
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Create the Test1.vhd virtual diskHide Details
Create the virtual disk
Create the disk as a fixed size disk
Configure a size of 500 GB
Create the Test2.vhdx virtual diskHide Details
Create the virtual disk
Create the disk as a dynamically expanding disk
Configure a maximum size of 4 TB (4096 GB)
EXPLANATION
1. Create a virtual disk named Test1.

b. Right-click CORPSERVER and select New > Hard Disk.
c. From the Before You Begin window, select Next.
d. Select the VHD, and then select Next.
e. Select the Fixed size, and then select Next.
f. In the Name field, enter Test1.vhd, and then select Next.
g. In the Size field, enter 500 GB, and then select Next.
h. Review your configuration, and then select Finish.
2. Create a virtual disk named Test2.
a. Right-click CORPSERVER and select New > Hard Disk.
b. From the Before You Begin window, select Next.
c. Make sure that VHDX is selected, and then select Next.
d. Make sure Dynamically expanding is selected, and then select Next.
e. In the Name field, enter Test2.vhdx, and then select Next.
f. In the Size field, enter 4096 GB, and then select Next.
g. Review your configuration, and then select Finish.
The Disk Management utility can be used to create virtual disks. However, this lab is designed to
only use Hyper-V Manager to create the virtual disks
12.3.9 Create a Parent Virtual Machine

You installed Hyper-V on the server named CorpServer. You are experimenting with virtual hard
disks. You plan to run several instances of Windows Server as virtual machines. Because these
virtual machines will use a similar configuration, you are considering using differencing disks to
conserve disk space.
 Create a virtual hard disk using the following parameters:

o Disk format: VHDX
o Disk type: Fixed size
o Virtual hard disk name: ParentDisk.vhdx
o Location: D:\HYPERV\Virtual Hard Disks\
o Size: 50 GB
 Create the parent virtual machine using the following parameters:
o Virtual machine name: ServerParent
o Location: D:\HYPERV\
o Generation: Generation 1
o Startup Memory: 2048 MB (do not use dynamic memory)
o Network: Not Connected
o Use the D:\HYPERV\Virtual Disks\ParentDsk.vhdx disk previously created.
 Configure the virtual machine to use a DVD linked to the D:\ISOs\
en_windows_server_2022_x64_dvd.iso image file.
In this lab, you will not perform the final configuration steps of starting the machine and installing the
operation system.
Lab Report
Time Spent: 06:04
Score: 3/3 (100%)
TASK SUMMARY
Required Actions
Create the virtual hard diskHide Details
Create the ParentDisk.vhdx virtual hard disk
Create the disk as a Fixed disk
Create the virtual machineHide Details
Create the virtual machine called ServerParent
Save the virtual machine in D:\HYPERV\
Use Generation 1
Use 2048 MB of RAM
Network is not connected
Use the ParentDisk.vhdx virtual hard disk
Configure the virtual machine to use the Windows Server 2022 ISO file
EXPLANATION
1. Create a virtual hard disk.

c. Select Next.
d. Select Next to use the default of VHDX.
e. Select Fixed size as the disk type, and then select Next.
f. In the Name field, use ParentDisk.vhdx as the name for the hard disk file.
g. Select Next.
h. In the Size field, use 50 GB as the size for the new virtual disk, and then
select Next.
i. Review your configuration, and then select Finish.
2. Create a virtual machine.
a. From Hyper-V Manager, right-click CORPSERVER and select New > Virtual
Machine.
b. Select Next.
c. In the name field, use ServerParent as the name for the virtual machine,
and then select Next.
d. Select Next to use the default of Generation 1.
e. In the Startup memory field, use 2048 MB as the amount of memory to use
with the virtual machine.
f. Select Next.
g. Select Next to use the default of Not connected.
h. Select Use an existing virtual hard disk.
i. For the location field, select Browse.
j. Browse to and select the D:\HYPERV\Virtual Hard Disks\
ParentDisk.vhdx hard disk file created in step 1.
k. Select Open.
l. Select Next.
m. Review your configuration, and then select Finish.
3. Configure the virtual machine.
a. From Hyper-V Manager, right-click ServerParent and select Settings.
b. From the left pane, under the Hardware section and IDE Controller 1,
select DVD Drive.
c. From the right pane, in the Media section, select Image file.
d. Select Browse.
e. Browse to and select the D:\ISOs\en_windows_server_2022_x64_dvd.iso file
to be used by the virtual DVD drive.
f. Select Open.
g. Select OK.
12.3.10 Create Child Virtual Machines

You have previously installed an operating system and applications on the ServerParent virtual
machine. Using differencing hard disks, you now want to create two new virtual machines based on
the virtual hard disk that was used in the ServerParent machine. This will allow you to make changes
to the data or operating system in the new virtual machines without affecting the parent disk.
 Delete the ServerParent virtual machine.

 Set the D:\HYPERV\Virtual Hard Disks\ParentDisk.vhdx file to Read-only.
 Create two new differencing hard disks using the following parameters (each hard disk has a
different name, but uses the same disk format, disk type, location, and parent disk):
o Disk format: VHDX
o Disk type: Differencing
o Name: Server1.vhdx and Server2.vhdx
o Location: D:\HYPERV\Virtual Hard Disks
o Parent disk: ParentDisk.vhdx
 Create two new virtual machines using the following parameters (each virtual machine uses
a different name and virtual hard disk, but the same location, generation, size, and network):
o Name: Server1 and Server2
o Location: D:\HYPERV\
o Generation: Generation 2
o Size: 4096 MB
o Network: External
o Virtual hard disk: Server1.vhdx and Server2.vhdx (respectively)
Lab Report
Time Spent: 08:44
Score: 6/6 (100%)
TASK SUMMARY
Required Actions
Delete the ServerParent virtual machine
Set the ParentDisk.vhd file to Read Only
Create the Server1.vhdx diskHide Details
Create the virtual hard disk
Create a differencing disk
Use ParentDisk.vhdx as the parent disk
Create the Server2.vhdx diskHide Details
Create a differencing disk
Use ParentDisk.vhdx as the parent disk
Create the Server1 virtual machineHide Details
Create the virtual machine
Use D:\HYPERV\ for the location
Generation 2
Use 4096 MB of RAM
Use the External network
Configure the virtual machine to use Server1.vhdx
Create the Server2 virtual machineHide Details
Create the virtual machine
Use D:\HYPERV\ for the location
Generation 2
Use 4096 MB of RAM
Use the External network
Configure the virtual machine to use Server2.vhdx
EXPLANATION
 New virtual hard disk names: Server1.vhdx and Server2.vhdx

 New virtual machine names: Server1 and Server2
1. Delete the ServerParent virtual machine while maintaining its virtual hard disk.
b. Select CORPSERVER.
c. Right-click ServerParent and select Turn Off.
d. Confirm your decision by selecting Turn Off.
e. Right-click ServerParent and select Delete.
f. Confirm your decision by selecting Delete.
2. Make the virtual hard disk that was used in the ServerParent VM read-only.
b. Browse to, and open, the D:\HYPERV\Virtual Hard Disks folder – the
location of the virtual hard disk.
c. Right-click ParentDisk.vhdx and select Properties.
d. At the bottom, select Read-only and then select OK.
e. Close File Explorer.
3. Create two differencing hard disks.
a. From Hyper-V Manager, right-click CORPSERVER and select New > Hard
Disk.
b. Select Next to begin the wizard.
c. Select Next to use the default VHDX disk format.
d. Select Differencing as the disk type, and then select Next.
e. Enter the name for the new hard disk file and then select Next.
f. For Location, select Browse to find the ParentDisk.vhdx parent disk.
g. Double-click ParentDisk.vhdx to use this disk and then select Next.
h. Review your configuration and then select Finish.
i. Repeat step 3 to create the second differencing hard disk.
4. Create two new virtual machines using the two new virtual hard disks just created.
a. From Hyper-V Manager, right-click CORPSERVER and select New > Virtual
Machine.
b. Select Next to begin the wizard.
c. In the Name field, use the name of the virtual machine, and then
select Next.
d. Select the Generation 2 for the virtual machine, and then select Next.
e. In Startup memory, use 4096, and then select Next.
f. Use the Connection drop-down list to select External, and then select Next.
g. Select Use an existing virtual hard disk.
h. Select Browse.
i. Double-click the new existing virtual hard disk just created (such as
Server1.vhdx) to use that disk.
j. Select Next and review your configuration.
k. Select Finish.
l. Repeat step 4 to create the second virtual machine.
12.4.6 Create Virtual Switches

You have installed Hyper-V on CorpServer because you want to create virtual machines. Prior to
creating the virtual machines, you are experimenting with virtual switches.
 Create a private virtual switch named Switch 1.
With a private switch, virtual machines can communicate with each other, but cannot
communicate with the management operating system or access the physical network.
 Create an internal virtual switch named Switch 2.
With an internal switch, virtual machines can communicate with one another and with the
management operating system, but cannot access the physical network.
Lab Report
Time Spent: 02:08
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Create the Switch 1 virtual switch Hide Details
Create the virtual switch
Use Private as the switch type
Create the Switch 2 virtual switch Hide Details
Create the virtual switch
Use Internal as the switch type
EXPLANATION
1. Create Switch 1.
b. Right-click CORPSERVER and select Virtual Switch Manager.
c. With New virtual network switch highlighted, select Private.
d. Select Create Virtual Switch.
e. In the Name field, use Switch 1 and select Apply.
2. Create Switch 2.
a. From the left pane, select New virtual network switch.
b. Select Internal.
c. Select Create Virtual Switch.
d. Use Switch 2 in the Name field.
e. Select OK.
12.4.7 Prepare a Production Virtual

Machine
You need to add an additional domain controller server to your network. You have decided to set up
the new server as a Hyper-V virtual machine on the server named CorpServer.
 Create a virtual hard disk named CorpDC.vhd in the D:\HYPERV\Virtual Hard Disks folder.
o Select the format that allows for maximum backwards compatibility.
o Configure the disk for best performance.
o Configure a disk size of 500 GB.
 Create a virtual machine, using CorpDC as the name.
o Save the virtual machine in the D:\HYPERV folder.
o Use Generation 1.
o Use 2048 MB of startup memory for the virtual machine.
o Use dynamic memory.
o Configure the network adapter to remain disconnected for now.
o Use the existing CorpDC virtual hard disk file that you created.
o Do not install an operating system (the operating system will be installed from an
image later).
 Create an internal virtual switch, using Test Network as the name.
 Configure the virtual machine settings.
o Other network hosts should not be able to use this network.
o Add a legacy network adapter to the virtual machine.
o Configure the adapter to use the network you created.
o Configure the virtual machine to boot from the network.
 Configure dynamic memory settings:
o Minimum RAM: 512 MB
o Maximum RAM: 4096 MB
o Memory buffer: 30%
Lab Report
Time Spent: 06:50
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Create the CorpDC.vhd virtual hard diskHide Details
Make the disk a fixed size disk
Create the virtual machineHide Details
Create the CorpDC virtual machine
Use 2048 MB of memory
Use dynamic memory
Configure the virtual machine to use the CorpDC.vhd virtual hard disk
Create the virtual switch named Test NetworkHide Details
Create the virtual network
Use Internal as the network type
Configure the virtual machine network settingsHide Details
Create a legacy network adapter
Configure the legacy adapter to use the WDS Network
Configure the BIOS to boot using the legacy network adapter first
Configure the dynamic memory settingsHide Details
Set minimum memory to 512 MB
Set maximum memory to 4096 MB
Set the memory buffer to 30%
EXPLANATION
1. Create a virtual hard drive.

c. Select Next.
d. Select VHD, and then select Next.
e. Make sure Fixed size is selected, and then select Next.
f. In the Name field, use CorpDC.vhd, and then select Next.
g. In the Size field, use 500.
h. Select Next and review the virtual disk specifications.
i. Select Finish.
2. Create a virtual machine.
a. Right-click CORPSERVER and select New > Virtual Machine.
b. Select Next.
c. In the Name field, use CorpDC and select Next.
d. Make sure Generation 1 is selected, and then select Next.
e. In the Startup memory field, use 2048.
f. Select Use Dynamic Memory for this virtual machine and then
select Next.
g. For Connection, make sure Not Connected is selected, and then select Next.
h. Select Use an existing virtual hard disk.
i. For the Location field, select Browse.
j. Double-click CorpDC.vhd (the new virtual disk you just created).
k. Select Next and review the virtual machine specifications.
l. Select Finish.
3. Create a virtual switch.
a. Right-click CORPSERVER server and select Virtual Switch Manager.
b. From the right pane, select Internal as the switch type.
c. Select Create Virtual Switch.
d. In the Name field, enter Test Network and select OK.
4. Configure virtual machine settings.
a. Under Virtual Machines in Hyper-V Manager, right-click CorpDC and
select Settings.
b. From the right pane, select Legacy Network Adapter, and then select Add.
c. Using the Virtual Switch drop-down list, select Test Network.
d. From the left pane, select BIOS to configure booting from the legacy network
adapter.
e. From the right pane, select Legacy Network adapter.
f. Select Move Up twice to move the adapter to the top of the list.
g. From the left pane, select Memory to configure dynamic memory settings.
h. In the Minimum RAM field, use 512.
i. In the Maximum RAM field, use 4096.
j. Set the Memory buffer to 30%.
k. Select OK.
12.7.5 Create and Mount a VHD

Until now, the network has consisted only of workstations accessing the internet through a
consumer-grade switch. You have convinced management that adding a server would ease your
administrative burden. As a result, you are testing various configurations of the Windows Server
2022 operating system. You want to create a volume that is easy to move to another server if
needed. To do that, you have decided to create a virtual hard disk on which to create the volume.
 Create a new VHD hard disk:

o Location and filename: C:\MyVHD
o Size: 100 GB
o Type: Dynamically expanding
 Create a volume on the new VHD hard disk:
o Volume size: 100 GB
o Drive letter: V
o File system: NTFS
o Quick format: Yes
o Volume label: VHD_Vol
Lab Report
Time Spent: 04:08
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Create the VHD fileHide Details
Location and filename: C:\MyVHD.vhd
Size: 100 GB
Dynamic
Create the VHD_Vol volumeHide Details
Use all of the space on the VHD (100 GB)
Drive letter: V
Volume label: VHD_Vol
EXPLANATION
1. Create a VHD hard disk.

a. Right-click Start and then select Disk Management.
c. From the Disk Management menu, select Action > Create VHD.
d. In the Location field, enter C:\MyVHD.
e. In the Virtual hard disk size field, enter 100 GB.
f. Under Virtual hard disk format, make sure VHD is selected
g. Under Virtual hard disk type, select Dynamically expanding.
h. Select OK.
2. Initialize the new VHD hard disk.
a. From Disk Management, right-click Disk 4 and select Initialize Disk.
b. Verify that the GPT partition style is selected, and then select OK.
3. Create a simple volume on the new VHD hard disk.
a. From Disk Management, for Disk 4, right-click in the unallocated space and
select New Simple Volume.
b. Select Next.
c. Select Next to use the entire disk space.
d. Assign V as drive letter, and then select Next.
e. Make sure NTFS is selected as the File system.
f. In the Volume label field, use VHD_Vol and then select Next.
g. Select Finish.
12.10.8 Configure Connections to VMs

You are the network administrator for your company. You have decided to begin the configuration of
Azure to help manage your network. You need to connect to your virtual server (CorpCloud1) in
Azure.
 Download an RDP file that will allow you to connect to CorpCloud1 via RDP.
 Run the downloaded RDP file to connect to CorpCloud1 via RDP.
Lab Report
Time Spent: 01:05
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Download an RDP file that will allow you to connect to CorpCloud1
Connect to CorpCloud1 via RDP
EXPLANATION
1. Download an RDP file that will allow you to connect to CorpCloud1.

b. Under Resources > Recent, select CorpCloud1.
c. From the top menu bar, select Connect > RDP.
d. Verify that the Public IP address and Port Number 3389 are selected.
e. Select Download RDP File.
2. Run the downloaded RDP file to connect to CorpCloud1 via RDP.
a. From the bottom left, select the CorpCloud1.rdp file.
b. You are now logged in to your CorpCloud1 server in Azure.
13.1.4 Add the Routing and Remote

Access Role
You work as the IT administrator for a small corporate network. You need to create a separate
subnet to use for testing. The test subnet needs access to the rest of the network through a router,
but it should not have any local access to production machines.
You have installed Windows Server on the server named CorpRTR, which you plan to use to isolate
the test segment from the rest of the network. You'll use traditional routing or NAT.
In this lab, your task is to add the necessary role and role services to meet the stated requirements.
Do not add unnecessary role services.
Lab Report
Time Spent: 02:39
Score: 2/2 (100%)
TASK SUMMARY
Required Actions
Add the Remote Access role service
Add the Routing role service
EXPLANATION
1. Select the Remote Access role to be installed.
a. From Server Manager, select Add roles and features.
b. Select Next to begin the Add Roles and Features wizard.
c. Select Next to use Role-based or feature-based installation type.
d. Select Next to use CorpRTR.CorpNet.local as the destination server.
e. Select Remote Access.
f. Select Add Features to add the features that are required for Remote
Access.
g. Select Next.
h. From the Select Features window, select Next.
2. Select the role services for Remote Access and for Web Server (IIS).
a. From the Remote Access window, select Next.
b. Select Routing, and then select Next.
c. From the Web Server Role (IIS) window, select Next.
d. From the Role Services windows, select Next to use the default IIS options.
e. Select Install.
f. Select Close.
13.3.12 Configure a RADIUS Solution

Due to the success of your remote access solution, you now have several remote access servers on
your network. To centralize administration of network policies, you need to configure the CorpNPS
server as a RADIUS server.
 Add the necessary server role and role service(s) to allow CorpNPS to be a RADIUS server.
This server will not respond to remote access client requests. Do not add any unnecessary
role services.
 Identify the following servers in NPS as RADIUS clients:
Server/Friendly
IP address
name
CorpVPN1 192.168.0.20
BranchVPN1 192.168.20.20
o Shared secret: J51nj3T%

o Vendor: RADIUS Standard
 Configure a network policy to allow members of the Sales team to connect using the
following settings:
o Use Sales as the network access policy name.
o Set the type of network access server to Remote Access Server.
o Set an Add membership in the Sales user group condition.
o Grant access if the condition is met, regardless of the setting in the Active Directory
user account.
o For authentication, accept only a smart card or other certificate. Be sure to disallow
all other authentication methods.
 Configure routing and remote access on BranchVPN1 and CorpVPN1 to use RADIUS
authentication and accounting using the following settings:
o Authentication provider: RADIUS Authentication
o RADIUS Server name: CorpNPS
o Shared secret: J51nj3T%
o Accounting provider: RADIUS Accounting
o Accept default settings.
Lab Report
Time Spent: 16:58
Score: 5/5 (100%)
TASK SUMMARY
Required Actions
Add the Network Policy Server role service to CorpNPS
Configure RADIUS Clients on NPS ServerHide Details
Configure CorpVPN1
Friendly name: CorpVPN1
Configure Address (IP or DNS): 192.168.0.20 or CorpVPN1
Shared secret: J51nj3T%
Vendor: RADIUS Standard
Configure BranchVPN1
Friendly name: BranchVPN1
Configure Address (IP or DNS): 192.168.20.20 or BranchVPN1
Vendor: RADIUS Standard
Configure the Sales Network PolicyHide Details
Policy name: Sales
Connection type: Remote Access Server (VPN-Dial up)
Grant access
Ignore Dial-up properties in the AD user account
Authentication method: Microsoft Smart Card or other certificate
Configure BranchVPN1 as a RADIUS clientHide Details
Configure RADIUS for Authentication
Authentication provider: RADIUS Authentication
RADIUS Server name: CorpNPS
Configure RADIUS for Accounting
Accounting provider: RADIUS
Configure CorpVPN1 as a RADIUS ClientHide Details
Configure RADIUS for Authentication
Authentication provider: RADIUS Authentication
Configure RADIUS for Accounting
Accounting provider: RADIUS
EXPLANATION
To complete this lab, use the following information:
Server/Friendly
IP address
name
CorpVPN1 192.168.0.20
BranchVPN1 192.168.20.20
 Configure routing and remote access on BranchVPN1 and CorpVPN1
1. Add the Network Policy and Access Services Role.

a. From Server Manager, select Manage > Add Roles and Features.
b. Select Next to begin the Add Roles and Features Wizard.
c. Select Next to use the Role-based or feature-based installation type.
d. Select Next to use Select a server from a server
pool and CorpNPS.CorpNet.local as the destination server.
e. Select the Network Policy and Access Services role.
f. Select Add Features to include management tools and then select Next.
g. Select Next.
h. Select Next.
i. Select Next to use the Network Policy Server role service.
j. Select Install.
k. After the installation completes, select Close.
2. Configure clients on the RADIUS server.
a. From Server Manager, select Tools > Network Policy Server.
b. Maximize the windows for better viewing.
c. From the left pane, expand RADIUS Clients and Servers.
d. Right-click RADIUS Clients and then select New.
e. Enter the Friendly name.
f. Enter the Address (IP or DNS).
g. At the bottom, in the Shared secret field, enter J51nj3T% as the shared secret.
h. In the Confirm shared secret field, re-enter the shared secret.
i. Select the Advanced tab.
j. In the Vendor name field, make sure Radius Standard is selected.
k. Select OK.
l. Repeat 2d–2k for additional Radius clients.
3. Create a network policy and add a group.
a. From the left pane, expand Policies.
b. Right-click Network Policies and select New.
c. Enter Sales in the Policy name field.
d. Using the Type of network access server drop-down list, select Remote Access
Server (VPN-Dialup) and then select Next.
e. Select Add to add group membership as a condition.
f. Under Groups, select User Groups and then select Add.
g. Select Add Groups.
h. Enter Sales under Enter the object names to select.
i. Select OK.
j. Select OK.
k. Select Next.
l. Select Next to use the default of Access granted.
m. Select Add.
n. Select OK to use the default of Microsoft: Smart card or other certificate.
o. Under Less secure authentication methods, unmark all the authentication
methods and then select Next.
p. Select Next, to use the default settings for the Configure Constraints dialog.
q. Select Next, to use the default settings for the Configure Settings dialog.
r. Select Finish.
4. Configure a RADIUS client.
a. From the top left, select Sites.
b. Select the server to be configured as a RADIUS Client.
c. From Server Manager, select Tools > Routing and Remote Access.
d. Right-click the server and select Properties.
f. Use the Authentication provider drop-down list to select RADIUS
Authentication.
g. Select Configure.
h. Select Add.
i. Enter CorpNPS in the Server name field.
j. Next to Shared secret, select Change.
k. In the New secret field, enter J51nj3T% as the secret.
This password must be identical to the one that was entered on the NPS
server.
l. In the Confirm new secret field, re-enter the shared secret; then select OK.
m. Select OK to add the RADIUS server.
n. Select OK to close the RADIUS Authentication dialog.
o. Use the Accounting provider drop-down list to select RADIUS Accounting.
p. Select Configure.
q. Select Add.
r. Enter CorpNPS in the Server name field.
s. Next to Shared secret, select Change.
t. In the New secret field, enter J51nj3T% as the secret. This password must be
identical to the one that was entered on the NPS server.
u. In the Confirm new secret field, re-enter the shared secret; then select OK to
add the RADIUS server.
v. Select OK to close the Add RADIUS Server dialog.
w. Select OK to close the RADIUS Accounting dialog.
x. Select OK to close server properties.
y. Repeat step 4 to add the additional RADIUS Client.
13.5.12 Configure a VPN Server

You work as the IT administrator for a small corporate network. You want to let users connect to the
branch office LAN through the internet. You need to configure the BranchVPN2 server as a Virtual
Private Network (VPN) remote access server.
Company security policy allows only ports 80 and 443 through the company firewall. The server has
already been configured with certificates to support SSTP. You will not configure network access
policies at this time.
Use Exhibits to see the relevant portion of the network.
 Configure the BranchVPN2 server to accept VPN remote access connections.

o Set the internet connection for the VPN server to Public.
o Configure the VPN server to assign addresses to clients in the range
of 192.168.200.200 to 192.168.200.250.
o Use Routing and Remote Access for authentication.
 Configure the VPN server to accept only 15 VPN connections that use the SSTP port.
 Disable remote access for all other port types (IKEv2, PPTP, and L2TP).
Lab Report
Time Spent: 04:18
Score: 4/4 (100%)
TASK SUMMARY
Required Actions
Configure the BranchVPN2 server to accept VPN remote access connections
Select Public as the internet connection for the VPN server
Configure 192.168.200.200 to 192.168.200.250 as the client IP address range
Configure VPN portsHide Details
Enable access through SSTP ports
Configure a maximum of 15 ports for SSTP
Disable L2TP ports
Disable PPTP ports
Disable IKEv2 ports
EXPLANATION
 Disable remote access for port types IKEv2, PPTP, and L2TP.
1. Configure the VPN server.

a. From Server Manager, select Tools > Routing and Remote Access.
b. From the left pane, right-click BranchVPN2 and select Configure and Enable
Routing and Remote Access.
c. From the Wizard, select Next.
d. Select Next to use Remote access (dial-up or VPN).
e. Select VPN, and then select Next.
f. Under Network interfaces, select Public, and then select Next.
g. Select From a specified range of addresses, and then select Next.
h. Select New to enter the range of addresses.
i. Configure the new IPv4 address range as follows:
 Start IP address field: 192.168.200.200
 End IP address field: 192.168.200.250
 Number of addresses: 51
j. Select OK.
k. Select Next.
l. Select Next to use No, use Routing and Remote Access to authenticate
connection requests is selected.
m. Select Finish to complete the Routing and Remote Access Server Setup
wizard.
n. Select OK to acknowledge the DHCP Relay Agent message.
Appropriate VPN ports will be automatically created and enabled to accept
remote access connections.
2. Configure the VPN ports.
a. From the Routing and Remote Access dialog, expand BranchVPN2.
b. Right-click Ports and select Properties.
c. Select WAN Miniport (SSTP).
d. Select Configure.
e. In the Maximum ports field, use 15 and select OK.
f. Select Yes to confirm the reduction of the number of ports on this device.
g. Select a port type.
h. Select Configure.
i. Clear all options to disable remote access for all other port types.
j. Select OK.
k. Repeat step 2g–2j to disable access for the remaining port types.
l. Select OK.

Cloud Server Administration Labs 2

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cloud Server Administration Labs 2

Uploaded by

Copyright:

Available Formats

8.7.

4 Configure Restricted Groups

In this lab, your task is to:

1. Access the CorpDC virtual server.

 Configure AppLocker to enforce executable rules.

1. Access the CorpDC virtual server.

8.9.4 Configure Power Options in a GPO

 Set the policy Action to Update.

Setting On Battery Plugged in

1. Access the CorpDC2 virtual server.

8.9.5 Deploy Desktop Shortcuts in a

1. Access the CorpDC virtual server.

9.2.4 Configure PowerShell Remoting

 From Sales 1, acting as if you were Jacob:

 From ITAdmin, as the network technician:

1. On Sales1, find the default router and enable PowerShell remoting.

9.3.5 Manage Windows Servers by Using

1. Add the server with the Azure Arc wizard.

9.4.8 Manage IaaS Virtual Machines

 Virtual machine type: Azure virtual machine

1. Configure the virtual machine's basic settings.

 Azure Arc server:

1. Access the NYC-SVR1 Azure server.

10.1.8 Configure Volumes

In this lab, your task is to:

1. Extend the System (C:) volume.

10.2.5 Configure and Manage Storage

In this lab, your task is to complete the following:

 Using Server Manager, create a new storage space pool.

1. Create a new storage space pool.

10.6.6 Configure NTFS Permissions

Folder Domain Local Group Permissions

D:\Departments\Research Research Resources Full Control

D:\Departments\Sales Sales Resources Full Control

D:\Departments\Support Support Resources Full Control

D:\Departments\Accounting Accounting Resources Full Control

D:\Departments\Research Research Resources Full Control

D:\Departments\Sales Sales Resources Full Control

D:\Departments\Support Support Resources Full Control

1. Connect to the CorpFiles16 virtual server.

10.6.7 Remove Inherited Permissions

In this lab, your task is to:

1. Connect to the CorpFiles16 virtual server.

10.6.8 Enable Quota Restrictions

In this lab, your task is to:

 Enable quota management on the D: drive using the following specifications:

1. Connect to the CorpFiles virtual server.

10.6.9 Create a Quota Entry

In this lab, your task is to:

 Create a new quota entry for the Guest account.

1. Connect to the CorpFiles virtual server.

10.6.10 Modify Quota Limits

1. Connect to the CorpFiles virtual server.

10.7.4 Configure NTFS and Share

1. Share the H:\Components folder using the default share name.

In this lab, your task is to:

 Add an additional share, named Home Folders, to the D:\Users folder.

1. Connect to the CorpFiles virtual server.

11.1.7 Remove a Shared Folder

In this lab, your task is to:

 Remove the share named Builds from the H:\Projects folder.

1. Connect to the CorpFiles16 virtual server.

h. Select OK to close the Advanced Sharing dialog.

11.1.8 Enable Share Caching