Create the WLBIX profileUse WPA2-Personal authenticationUse AES encryptionUse 1a2b3c4d5e for the network keyConnect automatically when in rangeAllow connection when the SSID is not broadcastingExplanation

To complete this lab, use the Network and Sharing Center to create a wireless network profile manually with the following settings:

Network name (SSID) = WLBIX Security type = WPA2-Personal

Encryption type = AES Security Key/Passphrase = 1a2b3c4d5e Start this connection automatically = Enabled Connect even if the network is not broadcasting = Enabled

Following are the steps an expert might take to complete this lab:

Configure Network Sharing and Discovery

1. Click Start/Control Panel. 2. Under Network and Internet, select View network status and tasks. 3. In the Tasks column, click the Manage wireless networks. 4. Click Add to create a wireless network profile. 5. To create a profile manually, select Manually create a network profile. 6. Enter values for the following settings as necessary:

o Network name o Security type o Encryption type o Security Key/Passphrase

7. Additionally, you can enable the following options: o Start this connection automatically o Connect even if the network is not broadcasting

8. Click Next to add the wireless network profile. 9. Click Close to create the wireless network profile.

Set the maximum lifetime for service ticket to 180 minutesSet the maximum lifetime for user ticket to 3 hoursSet the maximum lifetime for user ticket renewal to 3 daysSet the maximum tolerance for computer clock synchronization to 1 minuteExplanation

Account policies are set in a GPO linked to the domain. In this scenario, edit the Default Domain Policy and configure the following Kerberos policy settings:

Security setting Value

Maximum lifetime for service ticket 180 minutes

Maximum lifetime for user ticket 3 hours

Maximum lifetime for user ticket renewal 3 days

Maximum tolerance for computer clock synchronization 1 minute

Following are steps that an expert might take to perform the tasks in this lab.

Edit Account Policies

1. Click Start/Administrative Tools/Group Policy Management. Click Continue when prompted.

2. Browse to the domain. Right-click the Default Domain Policy and select Edit.... Click Continue when prompted.

3. In the Group Policy Management Editor, browse to Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies.

4. Click the Kerberos Policy node. 5. On the right, right-click the policy you want to edit and select Properties. 6. If the policy is currently undefined, select Define this policy setting. 7. Edit the value for the policy, then click OK.

Add http://acct.westsim.private to the Trusted Sites zoneDo not require HTTPS for Trusted SitesAdd http://badads.com to the Restricted Sites zoneAdd http://myads.com to the Restricted Sites zoneDisable Active scripting for the Internet zoneCustomize the Local Intranet zone settings     Show DetailsExplanation

To make the required changes, edit the settings on the Security tab of Internet Options.

To add sites to a zone, select the zone and click the Sites button. To modify settings for a zone, select the zone and click the Custom Level... button.

Following are the steps an expert might take to complete this lab:

Edit Internet Explorer Zones

1. Click Start/Control Panel. 2. Click Network and Internet. 3. Click Internet Options. 4. Click the Security tab. 5. To add sites to a zone,

1. Select the zone and click the Sites button. 2. Type the URL for the site using the format http:// followed by the domain name.

Note: When adding an http:// site to the Trusted sites zone, you must uncheck Require server verification (https:) for all sites in this zone.

3. Click the Add button. 4. Click Close.

6. To modify security settings for a zone, 1. Select the zone and click the Custom Level... button. 2. Select the required settings. 3. Click OK. 4. Click Yes.

7. Click OK.

Mirror the C: driveCreate a RAID-5 volume     Show Details     Create the Data volume     Create the volume as a RAID-5 volume     Create a 40 GB volume     Assign drive letter R to the new drive     Format the volume with NTFSExplanation

Use Disk Management in Server Manager to make the necessary changes to the existing volume configuration.

To add fault tolerance to an existing volume, mirror the volume. You cannot create a RAID-5 volume from an existing volume.

Create a RAID-5 volume to provide both fault tolerance and improved performance.

Following are steps that an expert might take to perform the tasks in this lab.

Mirror an Existing Volume

1. Click Start/Server Manager. Click Continue when prompted. 2. Expand the Storage node and select Disk Management. 3. Click OK to initialize additional disks.4. Right-click the volume and select Add Mirror.... 5. Select the disk that will be used for the mirrored copy. Click Add Mirror. 6. If the disks contain basic disks, you will be prompted to convert the disks to dynamic

disks. Click Yes to continue.

Create a RAID-5 Volume

1. Click Start/Server Manager. Click Continue when prompted. 2. Expand the Storage node and select Disk Management. 3. Right-click a disk with free space and select New RAID-5 Volume.... 4. Click Next. 5. Select the disks that will be part of the new volume and click Add. 6. If necessary, modify the amount of space to use for the new volume, then click Next. 7. Select the drive letter for the new volume and click Next. 8. Select the formatting and volume label options, then click Next. 9. Click Finish to create the volume.

10. If the disks contain basic disks, you will be prompted to convert the disks to dynamic disks. Click Yes to continue.

Create the Dial Company connectionUse 555-4321 for the phone numberAllow other users to use the connectionConfigure logon credentials     Show Details     Use RemoteUser for the user account name     Use ab18$ut for the password     Do not automatically use the Windows credentials for logonAllow only MS-CHAPv2     Show Details     Allow MS-CHAPv2     Do not allow CHAP     Do not allow PAPRequire encryption for the connectionExplanation

To create the dial-up connection, go to the Network and Sharing Center and click the Set up a connection or network link. When the wizard starts, select Connect to a workplace. After creating the connection, edit the connection properties to modify the authentication and encryption parameters for the connection. In this scenario, use one of the following methods to configure the security settings:

Choose Typical (recommended settings) and select Require secured password. This allows only MS-CHAPv2 for the connection. Then select the Require data encryption (disconnect if none) option.

Choose Advanced (custom settings) and click the Settings... button. For encryption, choose Require encryption (disconnect if server declines). For authentication protocols, deselect all protocols except for Microsoft CHAP Version 2 (MS-CHAP v2).

Following are the steps an expert might take to complete this lab:

Create a Dial-up Remote Access Connection

1. Click Start, then right-click Network and select Properties.

2. In the Network and Sharing Center, click the Set up a connection or network link on the left.

3. Select Connect to a workplace and click Next. 4. Click Dial directly. 5. Configure the connection settings as required. Click Continue when prompted. Click

Next. 6. Configure the authentication credentials and click Next. 7. Click Close.

Edit Dial-up Connection Authentication Settings

1. Click Start, then right-click Network and select Properties. 2. In the Network and Sharing Center, click the Manage network connections link on the

left. 3. Right-click the connection you want to edit and select Properties. Click Continue when

prompted. 4. Click the Security tab. 5. Edit the security settings as required. Click OK.

Configure routing and remote access     Show Details     Enable remote access     Connect remote clients to the 10.0.0.0 network     Use DHCP for remote client addressing     Do not use a RADIUS serverEnable LAN routing     Show Details     Enable LAN routing     Enable LAN routing only (do not enable demand dial routing)Enable the modem for remote access onlyCreate a network access policy     Show Details     Create the Remote Clients policy     Configure the policy for remote access     For a condition, allow access M-F between 4 am and 10 pm     Allow remote access     Allow only MS-CHAP v2 for authentication     Require strong or strongest encryptionMove the policy to the top of the listExplanation

To complete this lab:

1. Use the Routing and Remote Access console to configure the server. 2. To enable remote access on the server, right-click the remote access server and select

Configure and Enable Routing and Remote Access. Choose Remote access (dial-up or VPN) as the server type.

3. To enable LAN routing on the server, right-click the server and choose Properties. 4. To enable remote access for the modem, right-click the Ports node and choose

Properties. 5. To configure the network policy, right-click the Remote Access Logging & Policies

node and select Launch NPS.

The following are steps that an expert might take to perform the tasks in this lab.

Configure a Remote Access Server

1. Click Start/Administrative Tools/Routing and Remote Access. Click Continue when prompted.

2. In Routing and Remote Access, right-click the server and choose Configure and Enable Routing and Remote Access from the drop-down menu.

3. Click Next to start the setup wizard. 4. Select the Remote access (dial-up or VPN) option and click Next. 5. Check the Dial-up option and click Next. 6. Select the network to which remote clients will connect. Click Next. 7. Verify that Automatically is selected for DHCP configuration for the remote access

server. Click Next. 8. Verify that RADIUS is not used. Click Next. 9. Click Finish. 10. Click OK.

Enable LAN Routing

1. In the Routing and Remote Access console, right-click the server and select Properties. 2. Check IPv4 Router. 3. Select Local area network (LAN) routing only. 4. Click OK. 5. Click Yes.

Configure a Modem for Remote Access

1. In the Routing and Remote Access console, expand the server node. 2. Right-click the Ports container and choose Properties from the drop-down menu. 3. Select the modem and click the Configure... button. 4. Select the Remote access connections (inbound only) option to enable the connection

for remote access. 5. Click OK.

6. Click OK.

Create a Network Policy

1. To open the Network Policy Server console, in the Routing and Remote Access console, select the Remote Access Logging & Policies node. Right-click the node and select Launch NPS. Click Continue when prompted.

2. Expand the Policies node, then right-click Network Policies and select New. 3. Add the policy name and select the type of network access server. Click Next. 4. To add day and time as a condition:

1. Click the Add... button. 2. Select Day and Time Restrictions, then click Add.... 3. Drag the cursor to select a range of times for multiple days. Click the Permitted

option. Verify that the blocks for the times you want to allow access are blue. 4. Click OK.

5. Click the Next button. 6. Select the access permission setting. Click Next. 7. Select the desired authentication settings. Click Next. 8. Click Next to continue without configuring constraints. 9. Select the Encryption option, then configure the required or allowed encryption settings.

Click Next to continue. 10. Click Finish.

Change the Order of a Network Policy

1. In the Network Policy Server console, expand the Policies node and select Network Policies.

2. Right-click the policy and select Move Up or Move Down. Repeat as necessary.