Ghost Industries

Windows Project

AUGUST 15, 2016Jason Myers

Windows Server

Glossary

Network Davison

Network Map

Employees

Chapter 1

Installing Active Directory …………………………………………………………………………………… Pg. 5

Chapter 2

Configure Active Directory …………………………………………………………………………………. Pg. 6

Chapter 3

Added and Configuring Groups …………………………..………………………………………………. Pg. 7

Chapter 4

Configuring the Active Directory Locations and users ……………...…………………………. Pg. 10

Ottumwa ……………………………………………………………………………………………….. Pg. 13

Des Moines ……………………………………………………………………………………………. Pg. 16

Iowa City ……………………………………………………………………………………………….. Pg. 20

Keosauqua …………………………………………………………………………………………….. Pg. 22

Chapter 5

Group Policies …………………………………………………………………………………………………….. Pg. 23

Adding a Group to a Policy ………………………………………………………………………………….. Pg. 23

Adding a Shared Folder ………………………………………………………………………………………. Pg. 24

Creating an Access Point …………………………………………………………………………………….. Pg. 26

Pushing Group Police Network Wide ………………………………………………………………….. Pg. 28

Chapter 6

Adding Printers ………………………………………….……………………………………………………….. Pg. 32

1

Chapter 7

Setting the “my documents” to the server …………………………………………………………. Pg. 38

Chapter 8

Configuring the Backup Server …………………………………………………………………………... Pg. 39

2

Domain name- Ghost.com NetBIOS name- GHOST

Passwd- HJAMyers08

Database folder- C:\Windows\NTDS

Log files folder- C:\Windows\NTDS

SYSVOL folder- C:\Windows\SYSVOL

HR share path \\WIN-2DS5DRHAHJ9\Humand Resouces

3

4

Chapter 1

Installing Active Directory (ADUC)

On your Windows Server 12 click on Manage in the upper right hand corner. Select “Add Roles and Features Wizard. A window will open up looking like the one below:

Select Next and go to the Installation Type, click next on that window as well. You are now in the Server Selection. Select the server you wish to use and hit next.

In the Server Roles page check the Active Directory Domain Services. Now hit Next to open the Features window. Click Next and continue onto the Confirmation window, select next and click Install.

When finished close the window and click on the Flag icon on the top of the Server Manager Consol.

You need to click on the finish DNS set up. Work through this and finish the set up.

5

Chapter 2

Building the Domain

Here we are forming the Domain (Ghost.local) then in the following chapters I will set up the Locations and the departments.

Once you have ADUC installed we need to create a Domain, we do this by creating a new forest. In the Server Manager click the AD DA link in the left pane. The AD DA home page will open, with a warning message stating that configuration is required for AD DS. Click on the more link. The all servers task window will appear.

Click the Promote this Server to a domain controller link. The ADDSC wizard will open. Select the add a new forest option, and in the Root domain name text box you type in the name of the domain name you want, in my case it was Ghost.local. Now click next. The Domain Controller Options window will appear.

In the password window add the password that you wish to use. Once finished with that click next and the Additional Options window appears, the NetBIOS domain name will appear. Click the next tab, the Paths page appears, click next again. You now should see the review options window, click next. The Prerequisites check window will appear, if the notice ( all prerequisite checks have passed successfully) appears then click install.

The Installation page appears as the wizard creates the new forest and promotes the server to a domain controller.

We know have a Domain.

6

Chapter 3

Adding and Configuring GroupsTo create a group you first need an Organizational Unit, here we will use the Iowa City OU as an example.

First you will open the ADUC and right click on the Iowa City node, now click on the New tab. Now click Group.

The new object window opens.

7

Type in the name of the group you wish to create, here I will create the Marketing Group. Click Ok and you will see your new group in the Iowa City node window.

Time to add the group to the domain group. Right click the group name that we just created, then click on add to group. Enter the name of the group you want to add it too. You will get a window that looks like the one below. As you can see I have already entered the group name I want to add to. Hit the Check Name tab and once it’s found the name it will be underlined, now click OK.

Now when I right click on the IC group, hit properties, and then click on the Members tab on the top of the window that just opened, I can see that Marketing is now in the IC group.

Now I will create a user then show how to add the user to a group.

Now I have my user created I will add him/her to the Marketing group. Right click on the Marketing group and select properties. Next click on members, then click on the add tab on the bottom of the window.

8

Again like you did when adding the Marketing group to the IC group you enter the name of the employee like you see below.

Click ok and now you can see that Stan is in the Marketing Group.

That is how you make and add groups and users to other groups.

9

Chapter 4

Configuring the Active Directory Locations and UsersIn this picture you can see the MidWest Division is set up under the Ghost Domain.

How to do this, you right click on the Ghost Domain, find the New tab then click on the Organizational Unit. This will open a window called New Object, type in the name you want and click ok.

Now to create the locations. You right click on the Midwest Division and go through the same process that we went through on the building the Midwest Div. As you can see in the picture above this is now done.

Next we build each locations dept. and to do this we go through the same process as that we just used.

In the following pictures below you can see that I have created the Ottumwa location and the depts.

10

In this slide below you can see the human resources and the employees.

To create the employees we must first right click on the human resources node and select new. In the new column select new user, you then get a window that opens like the one below.

11

In this window you will insert the users name and all other information you will need to identify this user. You will need to go through this process to add all your employees to the system.

On this server I have 4 employees to every department other than the Executives, that department has 6.

Each of the following slides will show each department and its employees. First I will go through the Ottumwa Depts.

12

Ottumwa Location

Here you can see the different depts. in the Ottumwa node that I created.

Here we have the employees of the Customer Service dept.

13

Here you can see the Human Resources dept. in the Ottumwa location with all the employees. Human resources will have access to all the employees on the domain.

Here we have the IT dept. This department is the only one in the network and therefore will have access to the entire network.

14

The Executives will have remote access to the domain, I will explain this later in more deatail.

Here we have the Insurance dept. and the employees.

15

Des Moines Location

Next we have the Des Moines location and its Organizational Units.

Below we have the DM Manufacturing node.

Now the DM Manufacturing group needed two break room computers for timesheets. What I did was make two computers. In ADUC right click the computer node in the left hand column. Select the New tab then the Computer tab. Put the computer name and hi OK, this adds a computer to the directory.

16

The window above is the add a computer window. Next right click on the new computer you just created and click on Add to a group. In the add to group window you will type in the group you want it to be added to as you can see in the window below.

17

The next window shows the PC in the group.

Next we have the Receiving Dept. and its employees.

18

Below you can see the Shipping Dept. in the DM node.

19

Iowa City Location

Now we move onto the Iowa City location. Here we have Customer Service, Marketing, and Research.

In the first picture you can see the Customer Service node and Customer Service Group was created. The users were also added just like in the previous locations.

20

Next is the Marketing Dept. for Iowa City. In this slide you can see the group and users as well.

In this final slide you can see the Research Dept. was formed and the groups and users added.

That is it for the Iowa City Location.

21

Keosauqua

Keosauqua only has one dept. and that is Customer Service. It has 4 employees and a printer. The printer we will get into later but for now we will just focus Keosauqua. In the slide below you can see Keosauqua and the Customer Support group.

In the next slide you can see the users located inside the Customer Service group.

That is it for the Keosauqua location

22

Chapter 5

Group policiesHere we will start to apply group policies to the different locations and groups.

In the Server Manager Window click on the Tools tab in the upper right hand corner, now click on Group Policies. The group policy management window will open, here is where we delegate all the policies.

Click the Delegation tab on the top of the HResources node.

Click on the add button at the bottom of the window. Like before type in the group you want to add, in this case its Human Resources. Click the find group and then hit add. You will see the group added to the window.

23

Adding a Shared Folder

Now click over to the Linked Group policy Objects tab, then right click the HResources node in the left hand column. Click the Create a GPO in this domain, and Link I here…

The New GPO window will open, type in the name of the group you want to create the GPO for and hit ok.

Once that is added right click the name under the Linked Group Policy Objects pane, the GPM Editor will open up into a new window. Now double click on the user configuration node then double click on the preferences node and then again double click on the Windows settings node. Now click on the Network Shares node and you will have a new window open up.

Now for HR we need to create a shared folder.

First go to the Servers file folder and select This PC in the left hand column, then select the Local Disk. Right click in the dead space under the folders and click the New tab, then click folder. I named the folder HR and click ok.

Now back to the GPM Editor right click in the folders window and select the New and then Folder. In the

Action bar select the create option. In the Path bar hit click on the little box that looks like this .

Go through the folder selection until you find the HR folder we created just a few minutes ago and click the select button. We have now created the HR share folder.

Below you will see the share folder we created in the slide.

24

The shared folder is only accessible by HR.

25

Creating an Access Point

Here we will create an access point for Human Resources. While still in the GPM Editor under HR, go into the edit mode again. Click on the Computer Configuration node, then Polices. Now click Windows Settings, and then Security Settings. Click on the Network Access Protection node, then Security Setings, and now Wireless Network Policy. Right click in the node and select New Wireless Network then right click that and select properties. Select New Profile and fill in the information like I did below.

26

Select add and then Ok. The window will close and in the next window select apply and OK, now the HR private access is finished.

Now in the GPM window right click the HResources and click Enforced.

The HResources Group Police is complete and being enforced.

27

Pushing Group Police Network Wide

Here I will set the network policies. The policies that I have set are,

1. No Users are allowed to remove data from the company.2. Push out the company wallpaper to all computers.3. Lock all computers out of command prompt, control panel, and games. Cannot load

software with the exception on Marketing.4. Executives cannot access offline files.5. Push out the latest Adobe Reader to Marketing.

First we will push out 1, 2, 4, and 5. In Server Manager, click on the Tools tab in the upper right corner, select the Group Polices. In the left hand pane find Midwest and right click it, select Create GPO. I named mine Network Policies.

Right click the new GPO and select edit, click the Administrators Templates, then system, and Personalization.

Go through the settings and go to the Removable Storage Access and click on All Removable Storage Classes: Deny all access. Click Enable and Apply, now number 1 is set.

Click the all settings tab and scroll through the options. Find the Force a specific background and accent color. Select the background you want, in this case I used C:\\Users\Administrator\Pictures\ghost image then I use red for the accent color. This takes care of 2.

At the Network Policies select User Configuration, Policies, Administrator Templates, Control Panel, and then open the Prohibit access to Control Panel and PC settings. Select Enable then Apply. Now back up to Administrative Templates and select System. Scroll down to Prevent access to the command prompt, select it and enable it then click apply.

28

Again back up to Administrative Templates and Start Menu and Taskbar. Scroll down to Remove Games link from Start Menu, enable it and click apply.

Now we have completed number 3.

Now create a new GPO under Ottumwa, Executives. Now go to the GPO and edit it, click User config, Polices, Admin Templates, Network, and then Offline Files. Find the Prohibit user configuration of Offline Files and enable then apply. We have now completed number 4.

29

We have to make a GPO for the Marketing Department and set the policy for it.

Now open the GPO an edit it, click on the User config, policies, software settings, then software installation. You will have a blank screen, right click in the middle of the screen and select the New, then Package. Load the Adobe Reader package.

Click apply and then OK.

30

Now we have the Adobe Reader ready to be pushed out to the Marketing Dept. Number 5 is now finished.

31

Chapter 6

Adding Printers

The remaining chapters will only have the snaps I took while doing the project.

32

33

34

35

36

37

Chapter 7

Setting ‘my documents” to the server for storage

38

Chapter 8

Configuring the Backup Server

Install the Windows Server Backup

On the Server Manager click on the Tools tab in the upper right hand corner, then scroll to the bottom and select the Windows Server Backup

You should have another Windows Server to load the backup too.

Have a shared folder on the network that you can link too. Once this is set up you can perform a full backup of the server.

39