Professional Documents
Culture Documents
Assessment 1 System Admin - Fall 2019
Assessment 1 System Admin - Fall 2019
Topic 4: Introduction to Group policy and configuring the user and computer environment
using Group Policy.
Lab1:
In 2012, HiTech a security equipment manufacturer company introduce new surveillance camera in
the market based in Auckland. As the business grows the management decided to upgrade the peer-to-
peer networks to domain based network.
1
As an IT technical support your role is to implement and configure domain based network system
with the following specification provided in Table 1:
Task 1: Install and configure the Server 1 as Domain Controller with DNS service.
2.2. Create Users and add them to specified groups as shown in table 3:
(Remove the password complexity and set the minimum password length to 4)
2
David Cameron davidc Asdf7 Manager
Jan Homan Janh Asdf8 Finance
Richard Liu richardl Asdf9 Teamleader
James Robert jamesr Asdf0 Sales
2.4. Create a new Group “Market Analyst” under Sales Group and add Peter Wilson and
James Robert under Market Analyst Group.
2.5. Delegating Authority: Assign Delegating Administrative Authority to Market Analyst
Group
2.6. Enable the AD Recycle Bin
Task 3: Create two share folders in C drive as i) C:\Hi-Tech\Sales and ii) C:\Hi-Tech\Training. Now
perform the following:
3.1. Sales folder can only be access by Sales department with full control.
3.2. Training folder is access by Teamleader department in Read only mode and Manager
Group should have full control.
Task 4: Introduction to Group policy and configuring the user and computer environment
using Group Policy.
Organizational
Users GPO GPO Settings
Unit
Unable to Change Desktop
Deny users to read and/or write data from CDs,
DVD, removable drives etc
Disable PST file creation
Disable forced system restarts
OU-Finance Disable Guest Account
Jan
GPOA Run these programs at user logon policy setting
Homan
Allow users to access only some of the
applications found on your computer
Block users' access to the Control Panel and to
the Settings app
Specify the wallpaper used on the Desktop and
block users from changing it.
3
Unable to access Registry tools
Unable to set password screen saver
Julia GPOA Prevent Windows from storing LAN manager hash
Roberts Control access to Command Prompt
Disable anonymous SID enumeration
5.1. Configure a Domain wide password policy for the users are required to use 14 characters.
5.2. Implement two factor authentications in group policy
5.3. Configure a Domain wide account lockout policy for user’s three invalid logon attempts
(3 attempts).
5.4. Configure audit policies for the confidential files.
5.5. Create and configure Backup Security Group Filters
5.6. Generate Log File
5.7. Configure a Central Store
5.8. Configure security filtering
5.9. Configure WMI filtering
6.1 Assign policies to groups instead of individual users for easier management.
6.2 Assign a unique preference value to each fine-grained password policy you create within
a domain.
6.3 Create a fallback policy for the domain so that users who don’t belong to any groups that
specifically have fine-grained password policies assigned to them will still have
password and account lockout restrictions apply when they try to log on to the network.
This fallback policy can be either of the following:
6.3.1 The password and account lockout policies defined in the Default Domain Policy
GPO
6.3.2 A fine-grained password policy that has a higher precedence value than any other
policy
4
settings from a GPO, or migrate a GPO to a different domain. By backing up GPOs,
you can quickly restore your Group Policy infrastructure in the event of a disaster.
Lab2:
As demand grows, recently company open one new branch in Wellington. Now as system admin your
task is to join two different sites or subnets as shown in figure 1.
192.168.25.254 192.168.30.254
Software Router
Switch 1 Switch 2
Client 1 Client 2
192.168.25.2 192.168.30.2
1.1 Router server has two LAN cards one facing at Auckland DC1 – 192.168.25.254 and
another one at Wellington DC2 – 192.168.30.254.
1.2 Install Routing and Remote access Role at Router server.
1.3 Configure Remote access Role
Task 2: Configure the Wellington DC2 (e.g. Domain Controller 2).
LAB 3:
Configuring Name Resolution and Additional Services.
5
In order to support the software updates of security equipment, Hi-Tech (hitech.com) sign a
partnership with Outsource (outsource.com) company. As a network admin it is required to
established Trust between the two domains i.e. hitech.com and outsource.com. Both parties agreed on
the following principles:
A) Access the designated resources (e.g. file share) with restricted privilege.
B) Both parties are allowed to access the resources in either way.
hitech.com outsource.com
192.168.25.1 192.168.30.1
192.168.25.254 192.168.30.254
Software Router
Switch 1 Switch 2
Client 1 Client 2
192.168.25.2 192.168.30.2
Task 1: Explain the concept of Trust in Windows Server 2012 and identify the Trust requirements
for the problem mentioned above.
i) Setting up Forwarders
ii) Configure Reverse Lookup Zone
iii) Create Trust
Lab 4:
Performing software installation with Group Policy.
6
Hi-Tech management decided that users in the domain should be able to install a custom application
that has an associated .msi package. Perform the following tasks by using any software tools in the
software package that manager want to distribute:
To filter the settings displayed, you need to select or deselect the following filter options:
Keyword Filters
Requirements Filters
Lab 5:
Configuring Active Directory Certificate Services.
For further business expansion, Hi-Tech recently hire a business risk analyst for six months. As a
network admin you are requested to create a user profile which will terminate after six months.
Task 2: Install and configure the Online Responder and link with ADDS for security.