Essay Help Services

ICTNWK505 | Assessment 6 Lab File shares and Group Policies | IT

Home Recent Questions ICTNWK505 | Assessment 6 Lab File shares and Group Policies | IT

1. Prerequisites

In this lab you will continue to use the VMs from assessment 5:

2. Setup Folders and Configure NTFS and Share Permissions

You need to setup network file access and permissions for a sale and an accounting team and are presented with the following requirements:

• All user will have read access to sales information except for certain sales data that will be securely stored

• Only members of the sales team are able to modify files in the sales area (folders)

• Only members of the accounting team will have access to files in the accounting area (folders)

The table below provides the specification for the required NTFS permissions on W99-SERVER2-DC that you need to configure. You will deploy this security structure as instructed further down.  

Deployment instructions for NTFS folder permissions:

• Sign in as w99-admin on W99-SERVER2-DC

• Create the required folders 

• Carefully assign the specified NTFS permissions to each folder via the ‘Security’ tab of the folder properties. 

  o If asked to do so, disable the permissions inheritance. Note that inheritance is disabled via the ‘Advanced’ option on the ‘Security’ of the folder properties. When prompted, select ‘Convert inherited permissions into explicit permissions on this object’. Once inheritance is disabled, you will be able to edit all permissions in the folder.  

  o Compare the existing permissions of the folder with the above specification. You must modify the permissions of each folder so that they exactly match the given specification. 

• Open a PowerShell prompt with ‘Run as administrator’ and issue the three commands shown below (replace W99 with your own values). Make sure each of the commands is executed as a single line. If required, expand the screen to make all results visible in the window. 

(Get-ACL C:W99-CompanyW99-Accounting).access | Select IdentityReference,FileSystemRights,AccessControlType,IsInherited | Sort IdentityReference

(Get-ACL C:W99-CompanyW99-Sales).access | Select IdentityReference,FileSystemRights,AccessControlType,IsInherited | Sort IdentityReference

(Get-ACL C:W99-CompanyW99-SalesW99-Secure).access | Select IdentityReference,FileSystemRights,AccessControlType,IsInherited | Sort IdentityReference

Deployment instructions for share permissions:

• Using ‘Windows Explorer’ modify the properties of the folders listed in the table below and configure ‘Sharing’ via the ‘Advanced Sharing…’ (use default options for all other settings). 

• Open a PowerShell prompt with ‘Run as administrator’ and issue the command shown below (replace W99 with your own values). Make sure the command is executed as a single line. If required, expand the screen to make all results visible in the window. 

Get-SmbShare | Where-Object {$_.name -Like "W99*"} | Get-SmbShareAccess | Sort Name


3. Folder permissions

You are to verify network access to the folders you have previously created and configured. You will use the client VMs, the user accounts and groups from your previous assessment for this purpose. In line with the configuration at the end of assessment 5, W99-CLIENT1 and W99-CLIENT2 must be joined to AD and obtain their IP address via DHCP from W99-SERVER2-DC. User and group setup must match the AD environment at the end of assessment 5. 

On W99-CLIENT1:

• Sign in as w99-user1 

• Map drive X: to the share W99-SERVER2-DCW99-Sales

• Map drive Y: to the share W99-SERVER2-DCW99-Accounting

• Open Notepad, type a few characters and attempt to save the file as w99-user1-file.txt on drive X:

• Take a screenshot of the message you receive. Do not proceed unless you see a message. If you do not see a message your configuration is not right. Check your configuration and make sure you have correctly followed all instructions.  

• Save file w99-user1-file.txt on Y:. 

• Disconnect drive X: and Y: and sign out 

Switch to W99-CLIENT2:

• Sign in as w99-user2 

• Map drive X: to the share W99-SERVER2-DCW99-Sales

• Attempt to map drive Y: to the share W99-SERVER2-DCW99-Accounting

• Take a screenshot of the message you receive. Do not proceed unless you see a message. If you do not see a message your configuration is not right. Check your configuration and make sure you have correctly followed all instructions.  

• Open Notepad, type a few characters and save the file as w99-user2-file.txt on drive X:

• Disconnect drive X: and sign out 

• Sign in as w99-user3 on W99-CLIENT2

• Map drive X: to the share W99-SERVER2-DCW99-Sales

• Open Notepad, type a few characters and save the file as w99-user3-file.txt on drive X:

• Open ‘Windows Explorer’, navigate to drive X: 

• Confirm that you can see the folder W99-Secure, w99-user2-file.txt and w99-user3-file.txt.

• Double-click on folder W99-Secure to open it. 

• Take a screenshot of the message you receive. Do not proceed unless you see a message. If you do not see a message your configuration is not right. Check your configuration and make sure you have correctly followed all instructions.  

• Disconnect drive X: and sign out 

Switch to W99-SERVER2-DC:

• Sign in as w99-admin

• Open a PowerShell prompt with ‘Run as Administrator’ and issue the command:

Get-ChildItem -Recurse "C:W99-Company" -Include *.txt


4. Control Desktop Background with Group Policy

When using Group Policies (GP), best practice is not to modify the default GP Objects (GPO). Instead, new GPOs are usually added to achieve the desired action. 

This exercise explores GPO processing order and GPO enforcement. The background images used in this lab can be found on your host in folder C:Server-ResourcesWallpaper

On W99-SERVER2-DC

• Sign in as w99-admin and create the folder C:Wallpaper

• Share this folder using he default share permissions (read only for Everyone)

• The default NTFS permissions should include the ‘Users’ group with read only access

• Add the host folder C:Server-ResourcesWallpaper as a shared folder to W99-Win2016-Full-2-DE-Eval VM and copy the JPG files from this folder to C:Wallpaper on the guest

• Open ‘Group Policy Management’ (GPM) and in the left pane expand the domain w99.local. You will see your AD OU structure as well as some additional containers.  Set the focus on the ‘Group Policy Objects’ container. There are two system created GPOs in this container (‘Default Domain Controllers Policy’ and ‘Default Domain Policy’). Best practice is not to modify the system created default GPOs. Instead you should create new GPOs as required. 

• Right-click ‘Group Policy Objects’ and create three new GPOs:

  o W99-Accounting-GPO

  o W99-Company-GPO

  o W99-Sales-GPO

• In GPM in the left pane select and expand the W99-Company OU container. 

• When a container is selected, you are able to link a policy to it (via the ‘Action’ menu or by right-clicking the container). Link the GPOs you have just created to their corresponding OUs:

When a GPO is linked to an OU the settings and rules contained in the GPO may be applied to the objects residing in the OU (only settings that comply with all rules are applied). 

• For each GPO you have just created define a different Desktop background as outlined below.

  o In the ‘Group Policy Objects’ container right-click on the GPO and select ‘Edit’ to open the ‘Group Policy Management Editor’ (GPME)

  o In GPME go to ‘User Configuration / Policies / Administrative Templates / Desktop / Desktop’

  o Double-click on ‘Desktop Wallpaper’ and enable the policy

  o In the ‘Wallpaper Name:’ field insert the corresponding wallpaper name using the UNC path.

Switch to W99-CLIENT1:

• Sign in as w99-admin, open a PowerShell prompt with ‘Run as administrator’ and issue the command:

gpupdate /force

Alternatively, you may also restart W99-CLIENT1

• Log of and sign in again as w99-user1

• Open ‘Windows Explorer’ and in the left pane set the focus on the H: drive 

• Move the ‘Windows Explorer’ to the top of the Desktop and shrink the window vertically so that the H: drive remains visible and at the same time the Desktop background is also visible/readable 

Switch to W99-CLIENT2:

• Sign in as w99-admin, open a PowerShell prompt with ‘Run as administrator’ and issue the command:

gpupdate /force

Alternatively, you may also restart W99-CLIENT1

• Log of and sign in again as w99-user2

• Open ‘Windows Explorer’ and in the left pane set the focus on the H: drive 

• Move the ‘Windows Explorer’ to the top of the Desktop and shrink the window vertically so that the H: drive remains visible and at the same time the Desktop background is also visible/readable 

Switch to W99-SERVER2-DC:

• In the left pane of the GPM select the W99-Company OU container

• In the right pane right-click on ‘W99-Company-GPO’ and select ‘Enforced’

Switch to W99-CLIENT1:

• Open a PowerShell prompt with ‘Run as administrator’ and issue the command:

gpupdate /force

Alternatively, you may also restart W99-CLIENT1

• Log of and sign in again as w99-user1

• The Desktop background for W99-User1 should have changed to the ‘Company Desktop’. If not, you have not configured the system as required. Resolve the issue before proceeding any further. 


5. Using Group Policy to Deploy Printers

In this exercise, you will set up two fictitious printers and deployed them via GP to computers residing in different OUs. 

On W99-SERVER2-DC:

• Click on the ‘Computers’ container. 

• Right-click W99-CLIENT1 and move the computer to the W99-Accounting OU

• Right-click W99-CLIENT2 and move the computer to the W99-Sales OU

• Add the ‘Print and Document Services’ role. Keep the defaults presented in the wizard. Upon successful completion ‘Print Management’ will become available in the ‘Administrative Tools’

• Open ‘Print Management’, select ‘Print Servers’, right-click on ‘Printers’ and select ‘Add Printer’.

• Using the ‘Network Printer Installation Wizard’ add two printers using the settings below:

• Right-click printer W99-FX-C3300 and select ‘Deploy with Group Policy…’

• In the ‘GPO name:’ section click on ‘Browse…’ and select the ‘W99-Accounting-GPO’ policy

• In the ‘Deploy this printer to the following:’ section select the checkbox ‘the computer that this GPO applies to (per machine)’

• Click on ‘Add’ to add the chosen settings to the list and click on OK 

• Right-click printer W99-HP-4200L and select ‘Deploy with Group Policy…’

• In the ‘GPO name:’ section click on ‘Browse…’ and select the ‘W99-Sales-GPO’ policy

• In the ‘Deploy this printer to the following:’ section select the checkbox ‘’the computer that this GPO applies to (per machine)’

• Click on ‘Add’ to add the chosen settings to the list and click on OK 

Switch to W99-CLIENT1:

• Reboot the VM, sign in as W99-User1, open a PowerShell prompt with ‘Run as administrator’ and issue the command:

gpupdate /force

• After the successful completion of the previous command, type the following command set:

hostname ; whoami ; Get-Printer

Switch to W99-CLIENT2:

• Reboot the VM, sign in as W99-User1, open a PowerShell prompt with ‘Run as administrator’ and issue the command:

gpupdate /force

• After the successful completion of the previous command, type the following command set:

hostname ; whoami ; Get-Printer


6. Test Plan Outline

Testing is the practice of making a qualified judgement whether a system meets the requirements including, functional, performance, reliability, security, usability, etc. 

You are to prepare a test plan outline that you can use to confirm your network server is operational. Operational means that the server:

• Meets the given specification (use the specification and requirements provided for W99-SERVER2-DC up to section 5 of this assessment). 

• Is running

• Is able to successfully provide designated services (e.g. DNS, DHCP, AD, shared folders, etc.)

• Can be managed over the network

The test plan is to cover the four categories listed in the table below. Each test step/element is to identify what will be tested and how compliance will be verified. For each of the five categories you are to provide two steps/elements. Use the following example as a template for your answer for each step/element:


7. Clean-up

Keeping the environment tidy and organised is important for any workplace. 

You are to conduct a clean-up of the ‘prototype’ Windows 2016 Server VMs used in assessments 2 and 4. Such a clean-up is often conducted prior to the handover of an environment to the client. 

• Note: If you have not yet successfully complete assessments 2 and 4 speak to your teacher before proceeding any further. 

• In the following step make sure you select the correct VMs for removal as this process is irreversible. 

• Using ‘Oracle VM VirtualBox Manager’ remove the no longer used two VMs listed below:

When removing the VMs use the option ‘Delete all files’

• Open a PowerShell prompt with ‘Run as administrator and change to folder "C:Program FilesOracleVirtualBox"

• To obtain a list of VirtualBox VMs currently installed on the host you can use the vboxmanage.exe command. 

• To confirm that the two VMs have been successfully removed Issue the command sequence:  

whoami ; get-date ; .vboxmanage list vms


Similar Posts

Order Now

Latest Reviews

Facebook

Payments And Security