happy holidays company
Embed Size (px)
Happy Holidays Company System Administrators Guide for Windows Server 2012R2Happy Holidays Company100 Holiday CircleKnoxville, TN 37999-911-0000
By: Nick CsercsevitsSubmitted To: Jerry SherrodDecember 5, 2014Windows Server CSIT 2710
Table of Contents
Task 1Change Name of Server One to HDC04Task 2Create a Snapshot in VMwareTask 3Create a Clone in VMwareTask 4Defragment Task 5Make LOGS FolderTask 6Save and Clear Sec, Sys, and Setup logsTask 7Show Hidden Files and FoldersTask 8Change the Power SchemeTask 9 Server AuditsTask 10Turn on Pitch Tones with the CAPS LOCK KeyTask 11Add Spanish Keyboard LayoutTask 12Set-up Feature no Memory DumpTask 13Adding Backdoor Admin and Personal AccountsTask 14Change name of Server Two to HFPC04Task 15Make Compressed, Encrypted, Net-work, and Download FoldersTask 16Setup Static IP Addresses to Server One and Server TwoTask 17 Add Roles and Feature to Server OneTask 18Add Roles and Features to Server TwoTask 19Save and Clear Sys, Sec, and Setup Logs AgainTask 20Export List of Users and Groups Pre Domain ControllerTask 21Promote Server One to a Domain Controller
Task 1 - Change the computer name on the first server. This Domain Controller Server will be named HDC04.- Control Panel.- System and Security.- System.- Change setting under computer name.
Task 2 - Make a Snapshot in VMWare.- Go to the VMWare VM tab.- Snapshot ------> Take Snapshot.- This process is quick as it just takes a minute. No wizard will appear.
Task 3 - Make a Clone in VMWare- First shutdown the Server.- Go to the VMWare VM tab.- Click on manage then clone, this will bring up the wizard.
- Here keep the same and click next.
- Here create a full clone instead of the default linked clone.
- Here I just kept the default name and clicked finish.
- When the clone is done just click finish.
Task 4 - Defragment the C: drive then VMWare.- First go to my pc- Right click on your C: drive and go to properties
- Under the tools tab click analyze
- After the system is done analyzing click Optimize and the machine will do several passes to complete the defragment.
- Now we will defrag VMWare. - First shutdown any virtual machines you have running. - Then under the VM tab go to settings. - Under the hardware tab click on the third device click the hard drive.
- Then click on the utilities box and click defragment.
- After its done you will get this and your done.
Task 5 - Make a folder in the C: drive called LOGS to save all logs.- My PC.- Double Click C: drive.- Right click and make a new folder.
Task 6 - Save and clear the Security, System, and Setup logs. Save as .txt file and .evt file.- Go to administrative tools.- Event Viewer.- Windows Logs.
Task 7 - Show hidden files and folders.- Control Panel.- Appearance.- Folder Options --------> Show hidden filed and folders.
Task 8 - Change the Power Scheme.- Control Panel.- Hardware.- Power Options.
Task 9 - Server Audits.- Administrative Tools.- Local Security Policy.- Local Policies ------->Audit Policies.- System time is under system events, Created and modified accounts are under account management, Log-on and Log-off is under Logon events, start and shutdown is also under system events, and when someone changes what you are doing is under policy change.
Task 10 - Turn on pitch tones with the CAPS LOCK key.- Open the search bar and type ease of access center.- Click on keyboard easier to use.
Task 11- Add Spanish (United States) keyboard layout.- Control Panel.- Clock, Language, and Region.- Language.- Click add a language, click Spanish, then click Spanish (United States).
- Once you select Spanish, the word ENG will appear next to your time and date on the bottom of your bar.
- Then if you want to switch to English just click ENG and other options that you install will appear.
Task 12 - Set-up feature where no memory dump is created.- Control Panel.- System.- Advanced system settings.- Startup and Recovery Settings.
Task 13 - Adding backdoor admin accounts and personal user account.- Computer Management.- Local users and groups.- Users.- Make users HOCOBD for a back door administrative account, a personal use account named csercsen and a local administrative account named nick.
- List of all backdoor users.
Task 14 - Load up the Second Server and lets name that machine to HFPC04 (File, Print, and DNS Server) This process will be the same as the first server.- Control Panel/ System and Security/ System.- Then click on change settings can click on the change box.- Change to your new name and restart the machine.
Task 15 - On our second server, our file server, lets make a downloads folder called DNLDS, a share folder for the companys files called HOHOHOCO, a Windows NT compressed folder named HOHOHO-COM, and an NTFS encrypted folder named HOHOHO-SEC, and finally a folder called NET-WORK for all network users, all on the main C: drive.
- This PC.- Double click the C: drive.- Right click and add folders.
- Encrypt the HOHOHO-SEC folder.- Right click the folder.- Go to the properties of the folder.- Stay on the General tab and click advanced.- click the bottom.
- Now we will share the HOHOHOCO to the network.- Right click the folder and go to the properties of the folder.- Click on the share tab and click the share box.
- We now need to make this folder for authenticated users only and with full control. Remove administrators and System and make authenticated users full control.
- Now we need to compress the HOHOHO-COM folder.
- Right click on the folder and stay in the general tab.
- Click on the advanced tab and check off the compress box.
- This will be the outcome of the folders for now.
- Before we move on lets backup the encrypted key using the wizard!- Just click on the up arrow at the bottom right of the desktop where your messages appear.- Click on the backup wizard and begin.- First click back up now.
- I kept everything the same here and clicked next.
- Here just type a password you will remember. - Here I kept the file name the same as the folder I encrypted which is HOHOHO-SEC.
- This is a confirmation page just click finish.- When your finished the wizard will tell you the export was successful, click ok.
Task 16 - Now we will set up our static IP address on the First and Second Server. I wont go over the process on the second server as it is the same as the first. Just follow the exact same steps.- First go to your search bar and type in cmd.- Type ipconfig in the command line and write down your IP address and gateway on paper for reference.- Then click on Control Panel.- Network and Internet/Network and Sharing Center.- Click on Ethernet0.- Properties.- Double Click on IPV4 Properites.- In the general tab click on the use the following Ip address dot and manually type in your same IP address and gateway that you wrote down.
- This is the First Server.
- This is the Second Server.
Task 17 - Now on the First Server we will go to the server manager and add active directory domain services. Do NOT promote to Domain Controller Yet after the install!- Server manager.- Add roles and features.- Install Active Directory Domain services.- First click on add roles and features.
- Then click the Next box.
- Then keep it default and click next.
- Here keep default also and click next.
- Here click add features.
- Then just install AD DS and by default file and storage services will install also.
- Here keep the default and click next.
- Click next.
- Click install
- After the install click close.
Task 18 - Now we will add File, Print, and DNS roles and features on the Second Server. This process will be the same as the first server step by step minus active directory domain services and adding the new features.- Here add roles and features.
- Click Next.
- Keep default setting and click next.
- Click next.
- Add DNS, Print and Document, and file services.
- I went ahead and added group policy management or just click next.
- Click next.
- Click next again.
- Just keep the default print server and click next.
- Confirm the setting and click install.
- When its done close the wizard. Again DONT promote to domain controller just yet.
Task 19 - I will go ahead and save and clear all the logs as we did in step six now doing both servers .- Save the logs as .txt file and .evt.
Task 20 - Now I will export a list of all the users and groups on both servers before promoting server one into a domain controller. We will start on server one.- First we go into administrative tools.- Computer management.- Local users and groups.- Right click on the users folder and click on the action tab and click export list. Save it to your C: drive under LOGS.
- Then do your groups folder the same way.
- Now I will do the same process on server two (file server) and move on to the next step.
Task 21 - Now we will promote our first server to a domain controller.- Go to server manager- Your notification flag at the top of the page should have a yellow triangle with a black exclamation mark that we need to click.
- Click on Promote to domain controller
- After you click promote to domain controller, the wizard will come up to start setup. First add a new forest and the root domain name will be HSC04.LOCAL.
- Keep both functional levels at Windows Server 2012. (NON R2). Enter a password and click next.
- Now just click next.
- Keep your NetBIOS name the same and click next.
- Keep all the path locations the same and click next.
- Next is your confirmation page reviewing your settings. Before clicking next view your script and save it in your C: drive. If your satisfied click next.
- This is what your script will look like.
- After you have read the Prerequisites check click install to finish.
- Your system will restart after the installation is completed.
Task 22 - Now that we have promoted to a domain controller lets make a snapshot and a clone of our servers. Refer to the previous snapshot and clone.- This will be the same process as before (Step 3)
Task 23 - Now I will make my OUs (Organizational Units), groups, and add my users to server one.- I will first make my script to add my OUs.
- When you complete the script , save it as a .bat file to your desktop- Then bring up the command prompt (CMD) and drag your .bat script into the command line.- Hit enter to run the script.
- Now that I have added our OUs, I will make a script to add my groups.- This process will be the same as adding the OUs.- For this I will make groups of all the departments like I make OUs of all the departments.- The only change I will make is: I will make an extra group called SECURITY for managers, EMPLOYEES CAFE(OU) = CAFE WORKERS(GP), RECREATION CENTER(OU) = REC CENTER, PHYSICAL PLANT(OU) = PLANT WORKERS, INTERN(OU) = INTERN(GP).
- Now I have added my Organizational Units and Groups
- Now I need to make another script to add my users.
- Now I have my users add and I will now individually add them into their groups.- First I will bring up active directory users and groups in server manager.- Then I will right click on the specific users and add them into a group.
- Now that I have added the users into the group and the groups into the OUs, I will now add my managers into my SECURITY group.- I do this by double clicking on the SECURITY group and add the users manually.
Task 24 - Now I will export a list of my users and groups like I did in Step 18.
- Now do the same for server 2.Task 25 - I will now add the job titles and the address to all the users.- Double Click on the users name and go to the organization tab and type their titles, departments, and the company name.
- Click on the address tab and add the company address, zip code, city, and country
- Now I will add the full user names on the user accounts
Task 26 - Now I will make a new group policy object to make all the users password expire after 100 days.- First go into group policy management and right click on your domain name- Click on the first option that says create a new GPO on this domain, and link it here.- Type in a name and it will appear below. I named this one DOMAIN PASSWORD EXPIRE.
- Now right click on it and click edit. The group policy management editor will come up.- Click on Computer Configuration / Policies / windows settings / security settings / account policies / then finally password policies.
- In the same password policy click on enforce password history.- In the setting change to 2 password remembered.- Change the password age for 1 day so everyone can make a new password.- Now we will set the account lockout permissions.- If the user mistypes the password after 6 bad attempts, it will remain locked out for 2 minutes.- In the same account policys go to account policy lockout and double click on account lockout duration.
- Now go to account lockout threshold and put 6 invalid logon attempts.
- Here is the final result
- Now right click on the GPO we made and click make sure the enforce is clicked.
- Now I will go in Powershell and force these updates on the accounts- Bring up Powershell and type gpupdate /force to force these policies I made.
Task 27 - Now I will make Ho Humm change his/her password at next login.- First go to active directory users and computers.- Under the users list find Ho Humm and double click on the account.- In the account tab go to account options and set to change password at next login.
Task 28 - Now I will make it so Ho Emfryze cannot change their password.-This is under the same step at step 24.- In account options pick user cannot change password.
Task 29 - Now I will set Ho Lottmores account to be administered in a limited fashion.- First inside of active directory users and computer find Ho Lottmore and click on their account.- We need to add a new group to their account. - Add Ho Lottmore to a group called Access Control Assistance Operators.- The Account Operators group grants limited account creation privileges to a user. Members of this group can create and modify most types of accounts, including those of users, local groups, and global groups, and members can log in locally to domain controllers.
Task 30 - Now I will give Ho Malone limited access to do system backups if needed.- This is similar to step 26 as we are just adding him to a different group.- Double click on Ho Malones account and go to the member of tab.- Add Ho Malone to the group Backup Operators.
Task 31 - Now I will add all the IT staff to the administrators group.- This is the same process as the last two steps as were adding the IT staff (Meg Abite, Gigg Abite, Petty Byte, and Keil Abite) to the administrators group.
Task 32 - Now I will make folders of all the groups in the C: drive and add them to their groups so the users can store their files in them.- I will first go into PowerShell and make the folders.- I will user the mkdir command to make all the individual folders.- In PowerShell switch to your C:/ drive.- Here is an example of adding a folder.
- This is the complete list of folders.
- Now I will add the folders to their respected groups.- Go to this PC and double click on the C: drive.- Now right click on the folders and go to the folder properties under the security tab and share them to their groups.- Here is an example of adding a folder to a group.
- Step by step -First go in your C: drive and pick a folder.
- Next right click and go to properties.- Go to security tab and click on edit
- Now click on add
- Here you can either click on advanced to search for the group or you can just type it the group and hit Check Names then ok
- Or advanced then find now and search for the group.
- Then add the group to full control and hit apply.
- Now go to each folder properties and go into the share tab.
- Click on the specific group and hit share.
- Now the folder is shared to the network.
- Now do this to all the folders.
Task 33 - Now we are going to protect the shared folders we just made along with other folders if anyone accidently deletes something or an kind of accident happens.- First we go to our C: drive and right click on the drive.- Click on the shadow copies tab.- Click enable
- Click yes to enable shadow copies.
- Here shadow copies is enabled.
- Now we are going to schedule specific times to backup starting at 9am, noon, 3pm, and 6pm.-First click on schedule
- Now click on new.
- Now set the time for every three hours starting at 9am and ending at 9pm. Click ok and set the scheduled task for Monday through Friday. (see above)
Task 34 - Making VHDS (virtual hard disks)- We need to make- VHD3 with 500MB, FAT32, G: Label: Data2- VHD2 with 500MB, NTFS, R: Label: Data 3- VHD3 with 500MB, NTFS, Z: Label: Data 4- VHD4 with 700MB, NTFS, H: Label: Homes- We will make these in the VMWare setting. First shutdown your VM that your adding the VHDs to.- This will be on our second server (File Server)- First to into the VM tab in VMWare and settings.- Then click Add at the bottom.
- Select Hard Disk and hit next.
- Keep the default setting and click next.
- Now I will make a new virtual disk.
- We have three virtual disks that are 500MB so make three of them .489 to make them 500MB even. Then for the 700MB drive it needs to be .684 to make it 700MB even. Then name them appropriately.
- Here is an example.
- Here is our finished VHDs now we need to turn our virtual machine back on to attach them.
- Now that my virtual machine is back on lets go into computer management.- The first thing to do is bring the disks online by right clicking the left part of the disk where it says Disk 1, 2, etc and click online.- After that repeat and click initialize disk on all four.
- Below we have them all online and initialized.
- Now right click on the white part of the box where it says your disk size and we are going to make all the disks simple volumes.- Now we will go through the wizard to set up a simple volume.
- Just click next here.
- This is our Data 2 disk so the drive letter is G: then click next.
- Data 2 disk will be FAT32 then click next.
- Confirm your setting and finish the disk.
- This is the end result of your Data 2.
- Now I will repeat the process with the other three disks.
Task 35 - Manage Employee Hours.- Only supervisors, managers, executives, and IT staff can log-on after 6pm Monday through Friday and only the IT staff and executives can log-on on weekends.- First our regular users cant log on after 6pm or on weekends so any user who is not a supervisor, manager, It staff, or executive gets this schedule. - Go into server manager and users and computers.- We cannot administer hours on OUs or groups just the individual users.- Double click on the specific user and go in the account tab.- For this example we will use Ho Emtown who is the nurse for the company.- Ho Emtown cant work on weekends or after 6pm on Monday through Friday. I will do this for all regular staff.
- Ho Gewilde is a manager and cannot work weekends but can work after 6pm on weekdays. So I will do this for all managers.
- Ho Lotashakin is the CEO and can log-on and work anytime.
Task 36 - Connecting our server 2 (file server) to our server 1 (domain controller)- I want to do this before we set up our printers.- First thing we need is our IP address of the domain server (server one) and add it to the IPV4 configuration of our second server. We add the address in the preferred DNS server.
- Then go into the second server in control panel, system, and system settings.- Go to a member of and type in the name of the first server (domain server) which is HSC04.local.- When you add it a prompt will come up asking you to type in the username and password of the first server (Domain Controller) and if you type in the right credentials you will get a welcome message.
- Here is my welcome message from the domain.
- You will be prompted to restart your machine to complete the process.
This is my second server showing the Domain added.
Task 37- Setting up our printers for our file server (server 2)- We will have two printer one called HFPS04-PTR-1 and printer called IT Printer-04- First go into server manager and go into print management.- Go into print servers, HFPS04 (local) and printers.
- There right click and add a printer. Now we will go through the wizard.- Here add the default TCP/IP and click next.
- Here add the printer IP address in the hostname and click next. - Here change the printer name too HFPS04-PTR-1 and click next.
- Here confirm your setting and click next. If you forget to change the name you can right click and rename after you install the printer.
- Here confirm your settings and finish. Print a test page to confirm the completion.
- Here is my first printer.
- Now double click on the printer and go to the advanced tab.- We need to change the priority from the default to 10.
- Now Im going to set up my separator page for my first printer. This is a pain so follow along closely.- First we need to go to the C: drive and go into system32 to find a file called sysprint.sep
- Now bring up the text document in notepad and this is what it will look like. We need to change two things the first one is the (\\\\server\\name) where I will replace server with my server name and name with my actual name. Then the highlighted part PSCRIPT Page Separator will be replaced with HOHOHO Company. Now once you have made these changes DO NOT save it as a .txt file! Make it a .sep file.
- Now we will go into server manager and printer management. Double click on the printer and go to the advanced tab.- At the bottom click on the separator page.
- Now the separator browse page will come up. Find the sysprint.sep file we just modified and add it. Double check that its the one we just made and not the original.
- Now that we have done that, print a test page on the printer and a test page plus the separator page should print out one after the other. (see my separate attachment.)- Now I will add the second printer which is our IT printer.- Go to printer management again and right click to add a new printer. - Here the IT printer will be called IT Printer-04. Then click next.
- Once you go through the wizard, keep the same IP address as the first and confirm your setting and click next.
- Finish the wizard and now our second printer is installed.
- Now we need to change the priority number to 99 on the IT printer.
- Now we need to add the Custodial group to the first printer and deny that group of the printer.- First go to the printer properties and go to the security tab.- Add the custodial group to the printer.
- Now click on the group and deny that group of everything.
- Now we need to make an audit to track every print and printer changes.- First go into the printer properties and under the security tab go to advanced tab.- Then go into the auditing tab.
- Now select a principal.
- Here you will need to type in the username and password.
- Now add authenticated users which is everyone to audit the print jobs and settings.
- Then click manage this printer and apply and ok then exit.
- Now Ho Weaver will be responsible for controlling print jobs other that his own job.- In print management double click on the printer and go to properties.- Go to the security tab and add Ho Weaver to the groups and names list.
- Set Ho Weaver to manage this printer and apply and exit.
Task 38 - Now I will set up our message of the day.- First go to your server one and go to group policy management.- Double click on the GPO we made earlier in the documentation and right click and edit.- This will bring up the group policy management editor.- Go down the tree through policies / windows settings / security settings / local policies / and security options.
- The message title will be HOHOHO CO. Message of the Day. Then apply and exit.
- Then our message text will be Almost Vacation Time then apply and exit.
- Now all the users will see this message when they log in.
Task 39 - Now I will Join my windows 7 client to the domain.- First lets name our windows 7 client and call it HCLI04.- This will be under control panel and system.
- Now we need to make our IP address static on our Windows 7 client server.- Like doing the others we need to enter control panel, networking and sharing, and local area connection. Go to properties and IPV4 settings.
- Set your IP address to the IP address given in ipconfig and your preferred DNS address is your domain controller address.- Now we need to in the computer name and add the domain of our domain controller which is HDC04.local
- It will ask you for your admin credentials from the domain controller then hit ok.
- Now we are added to the domain!
- Now restart your computer
- Heres our message of the day!
Task 40 - Now we need to set up our web page.- First if you havent installed web server (IIS) go ahead and install web server in server manager roles and features on your second server (file, print, and web server)- Lets start by bringing up IIS manager in tools under Server Manager.- Go to your server and click on default web site.
- Right click on default web page and click on explore.- Now right click on iisstart and open it in notepad.
- This Is my result of modifying the notepad then just click save.
- You can check your website by clicking on the Browse *.80 (http)
- This is my results of the website.
INDEXTask 1Change Name of Server One to HDC04 (1)Task 2Create a Snapshot in VMware (2)Task 3Create a Clone in VMware (2-4)Task 4Defragment (5-7)Task 5Make LOGS Folder (7)Task 6Save and Clear Sec, Sys, and Setup logs (8-9)Task 7Show Hidden Files and Folders (9)Task 8Change the Power Scheme (10)Task 9 Server Audits (11)Task 10Turn on Pitch Tones with the CAPS LOCK Key (11-12)Task 11Add Spanish Keyboard Layout (13-14)Task 12Set-up Feature no Memory Dump (14)Task 13Adding Backdoor Admin and Personal Accounts (15)Task 14Change name of Server Two to HFPC04 (16)Task 15Make Compressed, Encrypted, Net-work, and Download Folders (17-24)Backup Encryption key (21-24)Task 16Setup Static IP Addresses to Server One and Server Two (25-26)Task 17 Add Roles and Feature to Server One (27-32)Task 18Add Roles and Features to Server Two (33-38)Task 19Save and Clear Sys, Sec, and Setup Logs Again (39)Task 20Export List of Users and Groups Pre Domain Controller (39-41)Task 21Promote Server One to a Domain Controller (42-46)Task 22Make a Snapshot and Clone of Server One (47)Task 23Add Organizational Units, Groups, and Users to Server One (47-52)Task 24Export List of Users and Groups After Domain Controller (53-54)Task 25Add Job Titles and Addresses to Users (55-56)Task 26Make a GPO for Expiring Passwords, Lockout Durations, Etc. (57-60)Task 27Make Ho Humm Change Password at Next Log-on (61)Task 28Make Ho Emfryze to Where He/She Cannot Change Password (62)Task 29Set Ho Lottmores Account to be Administered in a Limited Fashion (63)Task 30 Give Ho Malone Limited Access to do System Backups (64)Task 31Add the IT Staff to the Administrators Group (65)Task 32Make Folders for all Groups in the C: Drive for the Users (66-72)Task 33Protect Shared Folders by Enabling Shadow Copies (73-76)Task 34Making VHDs on Server Two (77-85)Task 35Manage Employee Hours (86-87)Task 36Adding Server Two to the Domain (88-90)Task 37Setting up Printers on the Network and Make a Separator Page (91-103)Separator Page (95-96)Task 38Making the Message of the Day (104-106)Task 39 Joining the Windows 7 Client to the Domain (106-110)Task 40Set-up the Web Page (111-113)
Computer names and IP addressesServer One (Domain Controller)Computer Name: HDC04Static IP Address: 192.168.119.129Gateway: 192.168.119.2DNS: 127.0.0.1Domain Name: HDC04.LOCALFull Name: HDC04.HSC04.LOCALComputer Description: HFPL04
Server Two (File, Print, and Web Server)Computer Name: HFPS04Static IP Address: 192.168.119.130Gateway: 192.168.119.2DNS: 192.168.119.129Domain Name: HSC04.LOCALFull Name: HFPS04.HSC04.LOCALComputer Description:
Windows 7 Client MachineComputer Name: HCLI04Static IP Address: 192.168.119.132Gateway: 192.168.119.2DNS: 192.168.119.129Domain: HCS04.LOCALFull Name: HCLI04.HSC04.LOCALComputer Description: HCLI04
Page 2 of 119Happy Holidays Company