Windows Server Lab 3
Lab 3 (Difficulty: CHALLENGING)

?? Prereading
It is recommended that you read the following articles before beginning. Additional research may be necessary if you run into problems. In this lab, as with many technical concepts, absorbing knowledge beforehand will give you a strong grasp of the topics and make completing them easier.

· https://activedirectorypro.com/map-network-drives-with-group-policy/

· https://www.lepide.com/blog/what-is-group-policy-gpo-and-what-role-does-it-play-in-data-security/

· https://www.druva.com/blog/a-simple-definition-what-is-data-deduplication/

?? Outline
1. Join a desktop to the domain

2. Create a file share

3. Limit sharing of folders to certain users

4. Create Group Policy and apply it to the desktop

?? Lab Objective
This lab contains two Virtual Machines (VMs), which are to be networked together. Join DESKTOP1 to the AD domain and move DESKTOP1 into the SLC OU. Properly create a file share and limit sharing of certain folders with certain users. Create and define GPOs for file sharing and security settings on DESKTOP1.

?? Setup
Please refer to the instructions and video in Canvas for information on scheduling your lab in Netlab.

?? NOTE: These labs do NOT save your work. You must finish all hands-on lab work during the time of the reservation (thus reserve 4 hours, even if you do not use the entire time) or you will have to repeat steps. If you don’t finish in 4 hours and have to repeat, don’t panic, just realize that once you’ve done it the first time it goes much more quickly the second time.

?? Login Information
Desktop Account

· Username: Desktop-User Password: DESKTOP1 Local (notice the space! It’s a “passphrase”)

Active Directory Accounts

· Domain Admin

· Username: u0123456.corpAdministrator (Domain Admin)

· Password: DC1 Local (notice the space! It’s a “passphrase”)

· Domain User

· Username: u0123456.corpbgates

· Password: Changeme! (the first time you use this account you will be prompted to change your password! Write it down!)

Lab Guide
Join the Desktop Client to the Domain

1. Rename the Windows 10 operating system name (a.k.a. Computer Name) to DESKTOP1-XX (use your initials in place of XX (e.g., JS for John Smith))

2. Join a workstation to the domain

1. Join DESKTOP1-XX to the u0123456.corp domain

2. On DC1 move the DESKTOP1-XX object in Active Directory into the SLC OU (organizational unit)

3. After the computer is joined to the domain, login as the user bgates with the password Changeme!, you will be prompted to create a new password, note it down for further testing later.

Create a Share using Server Manager

1. An additional volume has been provisioned for you with some files and user folders. This is located at B:

2. On DC1 Create a shared network folder located at B:Data

1. Move the 3 folders from the root of the B: drive to the new folder.

2. Share the folder giving the u0123456.corp “Domain “Users” share permissions of “Read/Change” on the folder share

1. Grant the users Bill Gates [bgates] and Marissa Mayer [mmayer] access to their individual folders. Make sure other users are not able to access or view the contents of those folders. (HINT: consider inherited permissions)

1. Additionally, give Bill Gates sole access to the Finance folder.

2. All Domain Users should have permission to view the ISOs folder.

3. On your share you should also enable ‘Access Based Enumeration’

3. Configure Data Deduplication. Choose to deduplicate files that are 0 days old. You do not need to configure a deduplication schedule.

Jump-Start Data Deduplication

1. Check the disk usage of Volume B: before running the below steps, so you can observe the change in disk usage before and after enabling deduplication.

2. In PowerShell run the following two commands to begin a quick deduplication process on the volume mapped to B:. Several duplicate files have been placed there that can be easily deduplicated.

1. Start-DedupJob -Volume B: -Type Optimization

2. Get-DedupJob -Volume B: -Type Optimization The command may fail if you run it after the deduplication completes.

3. Refresh server manager to check that the volume was deduplicated.

Group Policy

1. In Active Directory Users and Computers (from DC1), right-click the SLC OU and create a “Shared Folder” object in the OU that references \DC1Data and call it “SLC Files”

1. Using the Group Policy Management console, create a “SLC” OU Group Policy Object (right-click the OU) called “SLC Policy” so that all user’s desktop accounts in the SLC OU have the Z: drive automatically mapped to \DC1Data at login (use the Active Directory Shared Folder above) Your research and reading should be particularly useful here.

2. Logon to DESKTOP1-XX using the “bgates” account and confirm that the Z: drive is mapped to \DC1Data

3. Create a file called “FirstName LastName Salary.txt” in the “Finance” folder (use your name (e.g., John Smith Salary.txt))

1. Make sure you are unable to see the folder Marissa Files

2. Using the “SLC Policy” configure the following:

1. Set the minimum password length to 8 characters

2. Force the screen to lock after 15 minutes of idle time

3. Disable the first sign-in animation

4. Prompt the user logging on with the follow message “Only John Smith can use this computer!” (use your name (e.g., John Smith))

5. Set the window title to “WARNING”

6. Prevent the last username from appearing in the login window

Testing on DESTKOP1-XX

1. Return to your logged in profile as bgates

2. Run “gpupdate” from the command-line of DESKTOP1-XX to apply the new GPO settings to DESKTOP1-XX. Logout and back in to see the results of the GPO that was applied.

3. Test that the Z: drive automatically mapped

?? Submission Requirements
Provide the following screenshots and answers in a single PDF file properly labeled similarly to “u0123456 Lab 3 – Snapshot.pdf” (substitute your uNID) and submit to Canvas. Please don’t just screen grab the entire desktop, as it is very hard to read the details in an inline PDF on Canvas.

Perform the following on DC1 (20 points)

1. Screenshot: “SLC” OU in Active Directory Users and Computers UI showing the Users, DESKTOP1-XX and “SLC Files” in the OU (5 points)

2. Screenshot: Permissions tab on the “B:Data” folder (“Advanced Security Settings for Data” window) (5 points) AND the permissions tab on the “B:DataFinance” folder (“Advanced Security Settings for Finance” window) (5 points)

3. Screenshot: Effective Permissions Tab on the “B:DataFinance” folder (“Advanced Security Settings for Finance” window) for the User accounts “bgates” and “mmayer”) (2 screen shots) (5 points)

4. Screenshot: Provide a screenshot (cropped) of EACH of the Group Policy Objects that you set (screenshot the Window with the setting applied) (5 points)

5. Screenshot: Provide a screenshot of the deduplication percentage rate on the volume mapped to the B drive.

Perform the following on DESKTOP1-XX (15 points)

1. Screenshot: Command prompt that has run ipconfig /all (5 points)

2. Screenshot: Z:Finance folder opened in Explorer showing the “FirstName LastName Salary.txt” file residing in the folder (you do not need to open the file)(it must show the Z: drive and full path at the top of the window for full credit) (5 points)

3. Screenshot: Logging into DESKTOP-XX showing the “warning” message before you hit submit (5 points)

Additional Questions (10 points)

1. When you restricted access to the “B:DataFinance” folder, you had to “remove” a default setting. What was removed? (2 points)

2. Give two examples of why you’d prefer to use a GPO to automatically map a shared folder to a specific local drive, rather than doing so manually. (2 points)

3. Had you not set the minimum password length to 8 characters for the “SLC Policy”, what minimum password length would have been enforced by “Default” on the domain? (3 points)

4. Assume that your IT Security team required you to enable auditing of object access (successful or failed) on all data in “B:DataFinance”. Where could you enable that auditing and where would you go in the UI to see and review the activity. (3 points)

Deduplication Questions (4 points)

1. Data Deduplication is widely used by cloud providers such as DropBox, Box, Google Drive, and many others. Explain at least two benefits of this technology. (2 points)

2. Explain two possible disadvantages of using data deduplication. (2 points)