Complete these Microsoft Windows Server 2016 installation, configuration, and
management tasks. You may use your notes. You may NOT consult anyone other than your
instructor.
Microsoft Windows Server 2016 has been imaged to your computer. Complete the installation
by configuring the country screen, license agreement, Administrator password, and network discovery (choose No).
Use P@ssw0rd as the Administrator password.
Set up the network configuration as follows:
Intel(R) I217-LM NIC enabled. Rename this your Public interface and don't allow Network Discovery. IP: 198.248.200.2xx, Mask: 255.255.255.0, GW: 198.248.200.1, DNS: 198.248.200.1
White RealTec NIC enabled. Rename this your Private interface. IP: 10.1.100.1xx, Mask: 255.255.255.0, no default gateway or DNS. This is a subnet.
Disable Internet Explorer Enhanced Security Configuration (IE ESC) for both Administrators and Users.
Ping www.hesston.edu to test DNS and gateway configuration.
Test Internet access using Internet Explorer. If it doesn't work, fix it!
Set the default Internet Explorer page to the Current Courses page of
http://www.cs.hesston.edu.
Configure Automatic Updates to "Defer feature updates".
Normally, you would have automatic updates on, but to keep from having to reboot all the time, leave them off.
Select the High Performance power plan and configure the display to never turn off.
Set the Screensaver to display the logon screen after five minutes.
Change the CD/DVD drive letter to R.
Change the server name to SERVERx, where x is your computer number. You will have to reboot after doing this. BE SURE TO DO THIS BEFORE INSTALLING ACTIVE DIRECTORY!
Install Active Directory. Create a new domain in a new forest named hesstonx.edu,
where x is your computer number. Select the Windows Server 2008 forest functional level.
Allow Windows to install and configure DNS for your new domain and accept all file system defaults
and the default NetBIOS name. The restore mode password should be P@ssw0rd.
Create a custom management console to include Computer Management (for the local computer),
Active Directory Users and Computers, and Group Policy Management. Save the console as Custom
Management and create a shortcut on the desktop. Add additional management snap-ins as needed.
User and Group Guidelines
Create an Organizational Unit called HC in your hesstonx.edu domain.
Create the following computer users in the HC OU:
set the password to P@ssw0rd
uncheck"User must change password at next logon"
Group
UserName
Name
Description
Administrators
SashaL
Sasha Linskey
Administrator
Students
FirstL
First Last (your name)
Student
Create the Students global group with the description the same as the group name.
Add the users to their corresponding groups as shown in the table above.
File System Guidelines - create the following directories
C:\Download
C:\CIT
C:\CIT\Data
C:\CIT\Data\Public
C:\CIT\Data\Students
C:\CIT\Users
C:\CIT\Users\SashaL
C:\CIT\Users\FirstL
C:\CIT\Compress
C:\CIT\Encrypt
C:\CIT\WeBDocs
Plan your file system security following the guidelines below. Use NTFS permissions to control access.
Set your folder options to "NOT Hide extensions for known file types",
"Show hidden files and folders", and "Show encrypted or compressed NTFS files in color".
The Administrators group should have Full Control in the entire directory structure and be the
only entry in the CIT folder Access Control List.
All Users should be able to see the the DATA folder and it's contents, read and execute files, but not change anything.
All Users should see all files and be able to create files and folders in the PUBLIC
folder, and have Full Control to the files that they create themselves.
Members of the Students group should have Full Control to the STUDENTS folder. No other group
except Administrators should have access to this folder.
All Users and IIS_IUSRS should be able to see the the WEBDOCS folder and it's contents, but not change anything.
All Users should have Full Control to their home directory.
Share the PUBLIC folder as PublicDocs . Give Everyone Full Control since you are using NTFS
permissions to control access.
Share the USERS folder as Users . Give Everyone Full Control since you are using NTFS
permissions to control access.
Compress the COMPRESS folder and allow compression to inherit to all subfolders and files.
Encrypt the ENCRYPT folder and allow encryption to inherit to all subfolders and files.
Management and Services Guidelines
Install the Print Services role at this time if it's not already installed. Install other roles,
role services, or features later as needed.
Start printer installation using the files in the C:\Download\BizHub4000P folder.
Set up printing to the classroom Konica Minolta BizHub 4000P printer on IP port
198.248.200.253 and installing only PCL 6. Set a Location of K130 and
share the printer as BizHub4000. Create a test page in Notepad with your name on it
and print the Notepad test page to test your printing setup. Keep the printout
to hand in later.
Remove the Everyone group from the printer Access Control List. Give Students the Print access.
Leave the remaining Access Control Entries unchanged.
Configure a DNS reverse lookup zone for your hesstonx.edu domain Public interface. Accept all
the defaults.
Create a Host Address A Resource Record and associated pointer (PTR) record for a host named www
in your hesstonx.edu zone. Use your Public IP address. Note that you would usually do this with an alias
CNAME record instead, but we are doing it this way for practice.
Test your A record with ping www.hesstonx.edu. Test your PTR record using nslookup.
Install the DHCP Role for your server. Configure your DHCP server to serve only the 10 network. WINS is
not required.
Create an IPv4 DHCP Scope for your Private network. Use name Private Network. Use IP address
range 10.1.100.200 - 10.1.100.230 with subnet mask 255.255.255.0. Also deliver 10.1.100.1
as both default gateway (router) and DNS server. Since you have only a few stations in your network,
set the default lease time to 16 days. Be sure to DO NOT activate the scope or authorize the server.
You will not be able to test this configuration with only one computer.
Set up a reservation to deliver IP address 10.1.100.230 to a computer with hardware address 00:00:0B:AD:F0:0D.
Create index.htm in your C:\CIT\WebDocs folder and put your name in the file.
Configure a web server with index.htm as the only default document. Configure a virtual directory
named cit. The virtual directory should map to C:\CIT\WEBDOCS. Test your web server by
trying http://www.hesstonx.edu/ and http://www.hesstonx.edu/cit/ in your web browser. If the name doesn't
work because you didn't get DNS set up correctly, you can still test your web server using localhost or your
Public IP address.
Configure password security in your Default Domain Policy with an account policy to require a user to
change a password every 90 days, wait 1 day before changing passwords again, and remember the
preceding six passwords. Set a minimum password length of eight characters.
Configure an account lockout policy which locks out a user for ten minutes after four failed
logon attempts within five minutes.
Configure an audit policy to keep track of all users who log on or fail to log onto your computer.
Enable disk quota management on your volume C: with the following defaults for new users:
DO NOT deny disk space to users exceeding quota limit
limit disk space to 500 MB and set warning level to 350MB
select both logging options
Make sure the quota is set on FirstL and set all other accounts to "no limit".
Use Default Domain Policy to set up a login script named logon.bat using Group Policy Management
to map the following drives :
map P: to Public
map H: to each user's Home Directory
you do not need to map the Students folder.
Place a link to logon.bat on your desktop for testing purposes.
Set up your personal user account to be able to log on to your server. Test this out by logging on as yourself.
Hand In
Hand in your printer test page. This exam will be graded on your workstation.
