Вы находитесь на странице: 1из 583

1

To my loving wife of more than 10 years, who continues to provide me love


and encouragement even when I dont deserve it.

http://zcomby-server2008.blogspot.com/

Acknowledgments
No book is written alone. Instead, there is a wealth of people working behind the scenes
to help make a book the best possible. Im grateful for the hard work put in behind the
scenes by several people. Kamal Harmoni, Kharizan, Hj. Shukri, Fadhlina, Ruslan,
Azzahari, Alanto, and Nor Izwan, all provided a significant amount of work that helped
produce this book. Im grateful to each of them.

About the Author


Zulfadli Mohd Saad has been teaching Microsoft networking concepts since the DOS
days and has been teaching a myriad of other topics since many years before then. Hes
been a Malaysia Skills Competition Coach for trade IT PC/Network Support since 2003
and holds many other certifications, including Certified Ethical Hacker, National
Industrial Specialist (IT02-00 Information & Communication Technology), National
Industrial Specialist Instructor (IT02-00 Information & Communication Technology),
Certificate of Excellent MySkills-ASEAN 2009 (IT PC/Network Support), Diploma of
Excellent MySkills 2008 (IT PC/Network Support) and Bronze Medal MySkills 2010 (IT
PC/Network Support)
Zulfadli has developed several video training courses for People Trust Council (Majlis
Amanah Rakyat) and has written and co-authored several other technical books. He has
a passion for teaching and enjoys sharing knowledge in the classroom as much as he
does through books.
He currently works full-time on a government contract providing a wide array of technical
training to government personnel in support of a network operations support center. He
moonlights as an adjunct instructor at a local college (MARA Vocational Institute)
teaching Network System Administration courses.
Zulfadli lives with his wife and four children in Ipoh, Perak, but on most weekends they
cant be found because they always travel. Hes found that configuring networks is a
piece of cake compared to building a good house and happy family, but he hasnt given
up yet.

Notes For Users


This section explains how the lab network of computers is arranged, the IP
addresses and computer names used, and other details. Users should use this
information to alter the examples in the labs and notes to match their own
network configurations.

Each Computer is configure as


Static IP
Subnet Mask
Gateway
DNS

: 192.168.2. SN
: 255.255.255.0
: 192.168.2.25
: 192.168.2. Server Number

Client
Network Printer
192.168.2.254
`

Name : clientxpSN
Static IP : 192.168.2. SN

Server
Name : serverSN
Static IP : 192.168.2. SN

All computers use static IP addresses and are on the same subnet. All PCs
should have the following configuration:
Server:
Minimum Intel Dual Core 2.6GHz, 2GB RAM, 80GB Disk.
Partition 1: C Drive, formatted as NTFS, 40GB, installed with Windows
Server 2008.
Partition 2: D Drive, formatted as NTFS, 40GB, free space.
Client:
Minimum Pentium D 2.6GHz, 1GB RAM, 80GB Disk.
Partition 1: C Drive, formatted as NTFS, 40GB, installed with Windows XP
Pro SP2.
Partition 2: D Drive, formatted as NTFS, 40GB, free space.

Table Of Contents
Title

Page

Exercise 1

Installing Windows Server 2008

Exercise 2

Initial Configuration

18

Exercise 3

Installing And Configuring DNS

30

Exercise 4

Installing Active Directory

56

Exercise 5

Creating Organization Units And Users

75

Exercise 6

Configuring Client Computer

97

Exercise 7

Viewing Computers In Active Directory

107

Exercise 8

Delegating Management Of Users

125

Exercise 9

Exploring Group Scopes and Types

142

Exercise 10

Creating And Applying Group Policies

156

Exercise 11

Creating And Sharing Resources

175

Exercise 12

Logon Scripts

209

Table Of Contents
Title

Page

Exercise 13

Home Directories

227

Exercise 14

Disk Quotas

248

Exercise 15

Managing Software Applications

262

Exercise 16

Viewing Events

320

Exercise 17

Auditing

328

Exercise 18

Installing And Configuring Printer

368

Exercise 19

Other Administrative Tools

400

Exercise 20

Installing And Configuring DHCP Server

454

Exercise 21

Installing And Configuring Web Server

482

Exercise 22

Installing And Configuring FTP Server

520

Exercise 1

Installing Windows
Server 2008

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

Exercise 1 : Installing Windows Server 2008


In this section, you should be able to :

Describe the different editions of Server 2008


Describe the requirements for a full installation
Get a free evaluation copy of Windows Server 2008 (if you dont already have
one) and how to install it.
Perform Full Installation of Server 2008

Hardware Requirements
Table 1.1 lists the basic system requirements for Windows Server 2008 editions.

Standard

Enterprise

Datacenter

Processor (recommended)

1 GHz (x86)
1.4 GHz (x64)
2 GHz or faster

1 GHz (x86)
1.4 GHz (x64)
2 GHz or faster

1 GHz (x86)
1.4 GHz (x64)
2 GHz or faster

Memory (min)

512 MB

512 MB

512 MB

Memory (recommended)

2 GB or more

2 GB or more

2 GB or more

Memory (max)
Disk space (min)

4 GB (32 bit)
32 GB (64 bit)
10 GB

64 GB (32 bit)
2 TB (64 bit)
10 GB

64 GB (32 bit)
2 TB (64 bit)
10 GB

Disk space (recommended)

40 GB

40 GB

40 GB

Processor (min)

TABLE 1.1 Hardware requirements for Windows Server 2008 editions.


Hardware resources would need to be increased for any systems using Hyper-V
technology and running virtual machines. For example, if youre running three virtual
servers within a Windows Server 2008 Enterprise edition, you would need additional
processing power, more memory, and more disk space.

How to Obtain a Copy of Windows Server 2008?


Its common for Microsoft to provide free evaluation copies of Server operating systems
for use. Currently, you can download Windows Server 2008 30-day and 60-day
evaluation editions free of charges at :
http://www.micosoft.com/windowsserver2008/en/us/trial-software.aspx

Beware, though. These files are quite large. If youre using a slower dial-up link, you
might want to see whether Microsoft is currently offering an evaluation DVD via regular
mail. Theres a nominal cost involved with this option, but its better than trying to
download more than 2GB at 56KB.
The download is an .iso image of the actual DVD. Search with your favorite search
engine for Download Windows Server 2008, and youll find the link.
Once you download the .iso image, you can burn it to a DVD. If you dont have the
software needed to burn it to DVD, you can use one of many freeware utilities (such as
ImgBurn) to burn the .iso image to your DVD.

EXERCISE 1.1
Installing Windows Server 2008
1. Insert the Windows Server 2008 DVD into your DVD drive. Boot your PC using
Windows Server 2008 DVD.
2. Language and Keyboard Options.
This allows you to specify your language and your keyboard layout. By default,
text input language and method is : US Keyboard layout (Figure 0001).

Figure 0001 : Language and Keyboard Options


2.1. Click Next to continue.

3. Windows Server 2008 Setup


You are presented with options to Install, brief information about Server 2008 or
repair (Figure 0002).

Figure 0002 : Windows Server 2008 Setup


3.1 Click Install now to start setup Windows Server 2008 on this computer.
4. Product Key and Activation

Figure 0003 : Product Key and Activation


4.1

Enter your "Product Key" for activation now or you can enter it later (Figure
0003).

10

4.2. Click Next to continue.

Figure 0004 : Product Key Warning


4.3. If you leave the product key box blank, the warning window will appear (Figure
0004); just click No to continue.

5. Windows Server Version


5.1.

Select Windows Server 2008 Enterprise (Full Installation), (as shown in the
Figure 0005).

Figure 0005 : Windows Version


5.2. Tick the box of I have selected the edition of Windows that I purchased.
5.3. Click Next.

11

6. Windows Server 2008 License Agreement


6.1. Read the terms of the license agreement.
If you accept (which, of course, you have to do to continue installation), tick the
box of I accept the license terms (Figure 0006).

Figure 0006 : Windows Server 2008 License Agreement


6.2. Click Next to continue.

12

7. Installation Options.
You are presented with options to Upgrade or Custom (advanced).
Click Custom (advanced), (Figure 0007).

Figure 0007 : Installation Options


8. Partition Options
8.1. Click Drive options (advanced), (Figure 0008).

Figure 0008 : Drive options

13

8.2. Click New, (Figure 0009).

Figure 0009 : New Partition

8.3. Change the size to 40,000 MB, (Figure 0010).

Figure 0010 : Partition Size


8.4. Click Apply.

14

8.5. Select Disk 0 Partition 1 (Figure 0011).

Figure 0011 : Partition

8.6.

Click Next. The partition will be formatted with NTFS as part of the installation. At
this point, take a break. The installation will continue on its own.

Figure 0012 : Installing Windows

15

9. First Time Login


When you first time login, the windows warning will appear ask you to change the
user password before logging on for the first time (Figure 0013).

Figure 0013 : First time login


9.1 Click OK.

10. Change Administrator Password.


4.1

Enter a new password in the two test boxes (Figure 0014). Enter
Pr@ctice in this exercise. It meets complexity requirements and doesnt
require you to remember multiple passwords. Dont use this password on
a production server.

Figure 0014 : Change Administrator password


10.2 Hit Enter button after the passwords are entered.

16

Figure 0015 : Password changed successfully


10.3

Once the password has been changed, the screen indicates success
(Figure 0015). Click OK.

Congratulation! You have finish install the Windows Server 2008.

Summary
In this section you installed Windows Server 2008 on a computer. In the following
exercises you will setting time zone, install Active Directory and other services, creating
a small network for you to administer.

17

Exercise 2

Initial Configuration

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

18

Exercise 2 : Initial Configuration


In this section, you should be able to :
Complete the Initial Configuration Tasks
Setup time zone for your server.
Configure networking on your server
Change your server name

Setting Time Zone


In this section, youll learn how to setup time zone for your server.
EXERCISE 2.1
Setting Time Zone
1. In Initial Configuration Tasks, select Set time zone (Figure 0016).

Figure 0016 : Set time zone


2. Click Change time zone (Figure 0017).

Figure 0017 : Change time zone

19

3. Select time zone appropriate for your location.


e.g. (GMT+08:00) Kuala Lumpur, Singapore (Figure 0018).

Figure 0018 : Time zone


4. Click OK.
5. Click OK again (Figure 0019).

Figure 0019 : Change time zone

20

Configuring Network
In this section, youll learn how to configure networking on your server. Make sure you
have hook up your server to the network before you start.
EXERCISE 2.2
Configuring Network
1. In Initial Configuration Tasks, select Configure networking (Figure 0020).

Figure 0020 : Configure networking

2. Double-click Local Area Connection (Figure 0021).

Figure 0021 : Local Area Connection

21

3. Click Properties button (Figure 0022).

Figure 0022 : Local Area Connection Properties


4. Uncheck Internet Protocol Version 6 (TCP/IPv6), because we only use
TCP/IPv4 only (Figure 0023).

Figure 0023 : TCP/IPv6

22

5. Select Internet Protocol Version 4 (TCP/IPv4), and click Properties button


(Figure 0024).

Figure 0024 : TCP/IPv4


6. Now set your server IP address, and ensure that you are using a static IP
address. For this exercise, Im using number 21 as my server station number
(Figure 0025).
Tips:
Use the following IP address:
IP address
Subnet mask
Default gateway

: 192.168.2.SN
: 255.255.255.0
: 192.168.2.ISIP

(server station number)


(internet server IP address)

Use the following DNS server address:


Preferred DNS server
Alternate DNS server

: 192 . 168 . 2 . DNS (1st DNS server IP address)


: ___ . ___ . ___ . ___ (2nd DNS server IP address)

23

Figure 0025 : Static IP address


7. Click Advanced button after complete setting your IP address (Figure 0025).
8. Select the DNS tab (Figure 0026).

Figure 0026 : Advanced TCP/IP Setting


9. Specify myserver.com as the DNS suffix for this connection (Figure 0026).
10. Tick Use this connections DNS suffix in DNS registration box (Figure 0026).

24

11. Click OK (Figure 0026).


12. Click OK again.
13. Click Close button to close Local Area Connection Properties (Figure 0027).

Figure 0027 : Local Area Connection Properties


14. Click Close button to close Local Area Connection Status.
15. Close Network Connection properties (Figure 0028).

Figure 0028 : Network Connection properties

25

Changing Computer Name


In this section, youll learn how to change your server name.
EXERCISE 2.3
Changing Computer Name
1. In Initial Configuration Tasks, select Provide computer name and domain
(Figure 0029).

Figure 0029 : Provide computer name and domain


2. Click Change... button (Figure 0030).

Figure 0030 : System Properties

26

3. Key-in your server name at Computer name: box. In this exercise I user
server21 as my computer name (Figure 0031). And click OK.

Figure 0031 : Computer Name

4. Windows remind you to restart your computer to apply the changes. Click OK.

Figure 0032 : Computer Name Restart Reminder

27

5. Click Close button on System Properties dialog box (Figure 0033).

Figure 0033 : System Properties

6. Click Restart Now to reboot your computer (Figure 0034).

Figure 0034 : Restart Computer

28

7. After restart, login your server as Administrator (Figure 0035)

Figure 0035 : Login

Summary
In this section you have configure Time Zone, Networking and Computer Name for your
Server 2008. In the following exercises you will install Active Directory and other
services for you to administer.

29

Exercise 3

Installing and
Configuring DNS

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

30

Exercise 3 : Installing and Configuring DNS


Installing Domain Name System (DNS) Services Role
In this section, youll learn how to implement a domain name server for your network.
Domain Name System (DNS) provides a standard method for associating names with
numeric Internet addresses. This makes it possible for users to refer to network
computers by using easy-to-remember names instead of a long series numbers.
Windows DNS services can be integrated with Dynamic Host Configuration Protocol
(DHCP) services on Windows, eliminating the need to add DNS records as computers
are added to the network.
The first step is required to ensure that you are using a static IP address and that the
DNS settings on the computer have been correctly configured. Make sure your have
hook up your PC to the network and you are using a static IP address before you start.
EXERCISE 3.1
Installing Domain Name System (DNS) Services Role
1. Login your server as Administrator.
2. Launch Server Manager. Click Start Administrator Tools Server Manager
(Figure 0036).

Figure 0036 : Launch Server Manager

31

3. In Server Manager, select Roles (Figure 0037).

Figure 0037 : Roles


4. Select Add Roles (Figure 0038).

Figure 0038 : Add Roles


5. On the Before You Begin page, review the requirements, and click Next (Figure
0039).

Figure 0039 : Add Roles Before You Begin

32

6. On the Select Server Role page, select the check box next to DNS Server, and
click Next (Figure 0040).

Figure 0040 : Server Roles DNS Server


7. On the DNS Server page, review the information, and click Next (Figure 0041).

Figure 0041 : DNS Server

33

8. On the Confirm Installation Selections page, click Install (Figure 0042).

Figure 0042 : Confirm Installation Selections

Please wait. This operation will take a few minutes.

Figure 0043 : Installation Progress

34

9. On the Installation Result page, review the information.


Click Close to continue (Figure 0044).

Figure 0044 : Installation Result

35

EXERCISE 3.2
Configuring Domain Name System (DNS)
10. Launch DNS Manager. Click Start Administrator Tools DNS (Figure 0045)

Figure 0045 : Launch DNS Manager

11. Double-click on the computer icon to expand the DNS Server (Figure 0046).

Figure 0046 : DNS Manager

36

EXERCISE 3.2.1
Configuring Forward Lookup Zones
12. Click on Forward Lookup Zones first, and then right-click on it.
13. Select New Zone (Figure 0047)

Figure 0047 : Create New Zone

14. New Zone welcome wizard appear. Click Next to continue (Figure 0048).

Figure 0048 : New Zone Welcome Wizard

37

15. Select Primary zone and click Next button (Figure 0049).

Figure 0049 : Zone Type


16. The New Zone Wizard dialog box requests the name for the zone. Enter the
name that has been assigned to your domain (this example uses myserver.com).
(Figure 0050).

Figure 0050 : Zone Name


17. Once you have entered the correct name for the zone name, click Next button to
continue.

38

18. The dialog box now displays the name that will be used to the new zone file.
Leave the filename as suggested, then click Next (Figure 0051).

Figure 0051 : Zone File


19. Select the option "Allow both nonsecure and secure dynamic updates". Click
Next to continue (Figure 0052).

Figure 0052 : Dynamic Update

39

20. Click Finish to close the wizard and create the new zone (Figure 0053).

Figure 0053 : Successfully Completed the New Zone Wizard

40

EXERCISE 3.2.2
Creating Forward Lookup Zones New Host
21. Double click to expand Forward Lookup Zones.
22. Right click myserver.com and select New Host (Figure 0054).

Figure 0054 : Create New Host

23. Enter IP address for DNS server (myserver.com) and click Add Host (Figure
0055).

Figure 0055 : New Host


24. Click OK button.
25. Click Done button to exit New Host Wizard.

41

26. After finish configuring Forward Lookup Zones, recheck myserver.com must have
minimum three(3) types resource record (SOA), (NS) and (A). (Figure 0056).

Figure 0056 : Forward Lookup Zones

42

EXERCISE 3.3
Configuring Reverse Lookup Zones
27. Click on Reverse Lookup Zones.
28. Right click Reverse Lookup Zones and select New Zone (Figure 0057).

Figure 0057 : Add a New Zone


29. New Zone welcome wizard appear. Click Next to continue (Figure 0058)

Figure 0058 : New Zone Welcome Wizard

43

30. Select Primary zone and click Next button (Figure 0059)

Figure 0059 : Zone Type

31. Select IPv4 Reverse Lookup Zone and click Next to continue (Figure 0060).

Figure 0060 : Reverse Lookup Zone Name

44

32. A reverse zone maps IP addresses to computer names, so it has to know what
range of IP addresses it will be responsible for.
Enter the first 3 octets of the IP address that has been allocated to your network
domain (Figure 0061).

Figure 0061 : Network ID


33. After entering the network ID, click Next button to continue.
34. The wizard will display the name of the reverse zone file that it will create. Leave
the filename as suggested, then click Next (Figure 0062).

Figure 0062 : Zone File

45

35. Select the option "Allow both nonsecure and secure dynamic updates". Click
Next to continue (Figure 0063)

Figure 0063 : Dynamic Updates


36. Click Finish to close the wizard and create the new zone (Figure 0064).

Figure 0064 : Successfully Completed the New Zone Wizard

46

EXERCISE 3.3.1
Creating Reverse Lookup Zones New Pointer (PTR)
37. In the DNS manager window, double-click the computer icon and expand the
Reverse Lookup Zone field.
38. Expand the subnet field.
39. Right-click the subnet field and select New Pointer (Figure 0065).

Figure 0065 : Create New Pointer

40. Enter the IP address of your domain server (Figure 0066).

Figure 0066 : Host IP Address


41. Click Browse button to browse for host name.

47

42. Double click your server icon (Figure 0067).

Figure 0067 : Browse Host Name - Domain

43. Double click Forward Lookup Zones (Figure 0068).

Figure 0068 : Browse Host Name - Forward Lookup Zones

48

44. Double click your domain (Figure 0069).

Figure 0069 : Browse Host Name Domain.com


45. Double click Host (A) record (Figure 0070).

Figure 0070 : Browse Host Name Host (A)

49

46. Click OK to create new pointer (Figure 0071).

Figure 0071 : New Pointer Complete Data

47. After finish configuring Reverse Lookup Zones, recheck the subnet field. The
subnet field must have minimum three(3) types resource record (SOA), (NS)
and (PTR). (Figure 0072).

Figure 0072 : Reverse Lookup Zones

50

EXERCISE 3.4
Testing The DNS Server
In this section you verify that the DNS Server is installed, running, and correctly
configured.
48. In the DNS manager window, right-click the computer icon and select properties
(Figure 0073).

Figure 0073 : DNS Manager Server Properties

49. Click the Monitoring tab (Figure 0074).

Figure 0074 : DNS Server Properties

51

50. Enable both tests and click Test Now button (Figure 0075).

Figure 0075 : DNS Server Properties - Monitoring


Do not proceed till the test results for Simple Query indicate Pass. Your
recursive query result will indicate Fail because we did not configure our DNS to
query to other DNS server.
51. Click OK to continue
52. Close the DNS Manager.

52

EXERCISE 3.5
Testing The DNS Server Using NSLOOKUP To Query DNS
In this exercise you will use a client tool to check the operation of the DNS server. You
will query both a forward and reverse lookup.
53. Launch Run. Click Start Run (Figure 0076).

Figure 0076 : Launch RUN

53

54. Enter nslookup and click OK (Figure 0077).

Figure 0077 : Launch Nslookup Program

55. A command prompt DOS window will appear with the program nslookup running
in it (Figure 0078).
The default server name and IP address of the DNS server will be shown.

Figure 0078 : Running Nslookup

56. To perform a forward lookup (resolve a computer name to an IP address) enter


the name of the computer (e.g. myserver.com) (Figure 0079).

Figure 0079 : Query Forward Lookup

54

57. Press ENTER. Your query result will be same as Figure 0080 below.

Figure 0080 : Query Forward Lookup Result

58. To perform a reverse lookup (resolve an IP address to a computer name), enter


the IP address given in step 56 and press ENTER (Figure 0081).

Figure 0081 : Query Reverse Lookup


59. Close the command prompt windows (Figure 0081).

Summary
The DNS server is a database that manages computer names and their IP addresses.
Zone files are used to store this information. Within a zone, a forward lookup resolves
computer names to IP addresses. A reverse zone resolves IP addresses to computer
names.
A client tool such as NSLOOKUP can be used to test the operation of a DNS server.

55

Exercise 4

Installing Active
Directory

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

56

Exercise 4 : Installing Active Directory


In this exercise you will install active directory services (ADS) and change to native
mode (where the server acts purely with ADS). Once ADS is installed, you will be able to
take advantage of many of the new features of Windows 2008 in managing users,
computers and sites.

Adding Active Directory Domain Services Role


In this section, youll learn how to adding Active Directory Domain Services Role.

EXERCISE 4.1
Adding Active Directory Domain Services Role
1. Login your server as Administrator.
2. Launch Server Manager. Click Start Administrator Tools Server Manager
(Figure 0082).

Figure 0082 : Launch Server Manager

57

3. In Server Manager, select Roles (Figure 0083).

Figure 0083 : Roles


4. Select Add Roles (Figure 0084).

Figure 0084 : Add Roles


5. On the Before You Begin page, review the requirements, and click Next (Figure 0085).

Figure 0085 : Add Roles Before You Begin

58

6. On the Select Server Role page, select the check box next to Active Directory
Domain Services, and click Next (Figure 0086).

Figure 0086 : Server Roles


7. On the Active Directory Domain Services page, review the information, and click
Next (Figure 0087).

Figure 0087 : Active Directory Domain Services

59

8. On the Confirm Installation Selections page, click Install (Figure 0088).

Figure 0088 : Confirm Installation Selections

Please wait. This operation will take a few minutes.

Figure 0089 : Installation Progress

60

9. On the Installation Result page, review the information.


Click Close (Figure 0090).

Figure 0090 : Installation Result


Note : You still must run the Active Directory Domain Services Installation Wizard
(DCPromo) to make the server a fully functional domain controller.

61

Installing Active Directory Domain Services


In this section, youll learn how to installing Active Directory Domain Services.
EXERCISE 4.2
Installing Active Directory Domain Services
10. Logon into a Windows Server 2008 server as Administrator.
11. Click Start Run. At the Run line, enter DCPromo, and click OK (Figure 0091).

Figure 0091 : Run dcpromo


12. On the Welcome screen, click Next (Figure 0092).

Figure 0092 : Welcome Screen

62

13. On the Operating System Compatibility screen, review the information, and click
Next (Figure 0093).

Figure 0093 : Operating System Compatibility Screen

14. On the Choose a Deployment Configuration screen, select Create a New


Domain in a New Forest.
Click Next (Figure 0094).

Figure 0094 : Choose a Deployment Configuration Screen

63

If your computer were part of an existing forest, you could create a replica
domain controller within an existing domain. However, this exercise is assuming
your server will be the first domain controller in the forest.
15. On the Name the Forest Root Domain screen, enter MYServer.com as the fully
qualified domain name.
Click Next (Figure 0095).

Figure 0095 : Name the Forest Root Domain Screen


16. If Domain NetBIOS Name page appears, accept the default of MYSERVER.
17. On the Set Forest Functional Level screen, select the Forest functional level of
Windows Server 2008. This ensures that any new domains created in this forest
will automatically operate at the Windows Server 2008 domain functional level,
which does provide unique features. If you had a network that has a Windows
2000 Remote Access Server, you would select the compatible option (Figure
0096).

Figure 0096 : Set Forest Functional Level Screen

64

18. Click Next to continue.


19. On the Additional Domain Controller Options screen, note that both the DNS
server and the global catalog are selected as options. Active Directory Domain
Services requires DNS, and if not available on the network, DCPromo will give
you the option of installing it. Additionally, the first domain controller within a
domain is a global catalog server.

Figure 0097 : Additional Domain Controller Options Screen


Note : If you have dynamically assigned IP addresses, a warning will appear
indicating you must assign static IP addresses for both IPv4 and IPv6. Either
assign static IP addresses or click Yes; the computer will use a dynamically
assigned IP address and configure static IP addresses later. As a best practice,
domain controllers should use statically assigned IP addresses.

Click Next to continue (Figure 0097).

65

20. If this server is on an isolated network without other DNS servers, a warning
dialog box will appear indicating that a delegation for this DNS server cant be
created and other hosts may not be able to communicate with your domain from
outside the domain. This is normal when installing DNS for the first domain
controller in a forest.
Click Yes to continue (Figure 0098).

Figure 0098 : Warning Dialog Box

21. On the Location for Database, Log Files, and SYSVOL screen, accept the
defaults.
Click Next (Figure 0099).

Figure 0099 : Location for Database, Log Files, and SYSVOL Screen

66

22. On the Directory Services Restore Mode Administrator Password screen, enter
@xercisE in both the Password and Confirm password boxes. This password is
needed if you need to restore Active Directory Domain Services. On a production
domain controller, a more secure password would be required.
Click Next (Figure 0100).

Figure 0100 : Directory Services Restore Mode Administrator Password Screen

23. On the Summary screen, review your selections, and click Next (Figure 0101).
Active Directory Domain Services will be installed.

Figure 0101 : Summary Screen

67

24. After a few minutes, the wizard will complete (Figure 0102).

Figure 0102 : AD Installation Progress

25. If a warning message appeared same as below, just click OK. This message
appeared because we already created the DNS zone before (Figure 0103).

Figure 0103 : Warning Message


26. On the Completion screen, click Finish (Figure 0104).

Figure 0104 : Completion Screen

68

27. On the Active Directory Domain Services dialog box, click Restart Now (Figure
0105).
Once your system reboots, Active Directory Domain Services will be installed.

Figure 0105 : Restart Confirmation Screen

28. After restart, login your server as Administrator (Figure 0106).

Figure 0106 : Login

69

EXERCISE 4.3
Recheck Network Configuration
Now you need to recheck your network configuration because sometime after
installing Active Directory Domain Services, the network configurations change to
localhost setting.
29. Launch Network and Sharing Center. Click Start Right click Network
Properties (Figure 0107).

Figure 0107 : Network Properties

70

30. Under myserver.com (Domain network), click View status (Figure 0108).

Figure 0108 : View Network Status


31. Click Properties button to open Local Area Connection Properties (Figure 0109).

Figure 0109 : Local Area Connection Status

71

32. Select Internet Protocol Version 4 (TCP/IPv4), and click Properties button
(Figure 0110).

Figure 0110 : Local Area Connection Properties

Figure 0111 : Internet Protocol Version 4 (TCP/IPv4) Properties

72

33. Check your network configurations; make sure the configurations correct (Figure
0112).

Figure 0112 : Network Configurations


34. Now click the Advanced button (Figure 0112).
35. Select the DNS tab (Figure 0113).
36. Specify myserver.com as the DNS suffix for this connection (Figure 0113).
37. Tick Use this connections DNS suffix in DNS registration box (Figure 0113).
38. Click OK (Figure 0113).
39. Click OK again.

73

Figure 0113 : Advanced TCP/IP Setting


40. Close all remaining windows.

Summary
Windows Server 2008 brings a lot of new features and benefits that will drive a
lot of migrations to the new operating system. This chapter presented many of these
new additions.
One of the significant benefits of Windows Server 2008 is virtualization. Three
editions (Windows Server 2008 Standard with Hyper-V, Windows Server 2008
Enterprise with Hyper-V, and Windows Server 2008 Datacenter with Hyper-V) support
virtualization.
Each edition can be purchased with or without Hyper-V, which is the technology
that supports virtualization. The Standard edition supports one virtual server, the
Enterprise edition supports as many as four virtual servers, and the Datacenter edition
supports an unlimited number of virtual servers. Virtualization is supported only on 64-bit
operating systems.
In this chapter, you learned about the new features of Windows Server 2008.
These included Server Manager, Server Core, PowerShell, Windows Deployment
Services, and read-only domain controllers.
Exercises led you through the process of installing Windows Server 2008 on a
PC. After reviewing many of the basics of Active Directory Domain Services, you learned
how to promote the server to a domain controller.

74

Exercise 5

Creating
Organization Units
And Users

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

75

Exercise 5 : Creating Organizational Units And Users


In this section, youll use active directory to view the default settings that apply to user
accounts when they are created. These settings can be overridden for a particular user,
a group of users, or all users.
You will create a number of organizational units. An OU acts as a container that holds
objects such as users.

Creating Organization Units


In the following exercise, you will create some organizational units that will act as
containers for some users. These organizational units model the departments within a
small organization.

EXERCISE 5.1
Creating Organization Units

1. Logon server as administrator.


2. Launch Active Directory Users and Computers. Click Start Administrative
Tools Active Directory Users and Computers (Figure 0114)

Figure 0114 : Run Active Directory Users and Computers

76

3. Click on the myserver.com icon to select it (Figure 0115).

Figure 0115 : Expand Domain


4. On the menu bar, click Action, New, Organizational Unit (Figure 0116).

Figure 0116 : Create New Organization Unit

77

5. Enter Stkm as the name for the new organizational unit (Figure 0117).
6. Uncheck Protect container from accidental deletion (Figure 0117).
7. Click OK (Figure 0117).

Figure 0117 : Create Organization Unit


8. Repeat step 3 to 7 to create the organizational units Sted and Sklr (Figure
0118).

Figure 0118 : Organization Unit


Creating organizational units lets you place users directly into units and assign
permissions and rights based on these units. This leads to better administration
and delegation control than if you placed users directly into the user container.
When users move from one department to another, it is a simple matter to move
the user to the corresponding organizational unit. In this way, they inherit all the
new features and rights and of the new organizational unit, ensuring they have
full access to all the resources they are entitled to.

78

EXERCISE 5.2
Creating Users within Organizational Units
For proper control, it is better to create users within an OU rather than the Users
container. In the following exercise you will create a number of users, modify their
properties, and move them from one organizational unit to another.
9. Click the Stkm OU to highlight it (Figure 0119).

Figure 0119 : Stkm OU

Creating new user accounts for Zul


10. Right click Stkm and select New User from the menu (Figure 0120).

Figure 0120 : Stkm OU

79

11. Enter the following details for Zul (Figure 0121).


First Name

Last Name

Full Name

User logon name

Zul

Zcomby

Zul Zcomby

zul.zcomby

Figure 0121 : Create New User

12. Click Next.


13. Enter the password as comby. Check the boxes User cannot change password
and Password never expires, then click Next (Figure 0122).

Figure 0122 : Create Password

80

14. Click Finish to create the new user Zul (Figure 0123).

Figure 0123 : New User Account Confirmation


15. The warning below will appear. This warning appears because your password
does not meet the password policy requirements. Click OK to continue (Figure
0124).

Figure 0124 : Password Policy Warning


16. Click Cancel to close new user account confirmation window (Figure 0125).

Figure 0125 : New User Account Confirmation

81

EXERCISE 5.2.1
Configuring Password Policy
17. To disable password policy requirements; launch Group Policy Management.
Click Start Administrative Tools Group Policy Management (Figure 0126)

Figure 0126 : Launch Group Policy Management

82

18. Double click to expand Forest: myserver.com.


19. Expand Domains.
20. Expand myserver.com.
21. Click Default Domain Policy (Figure 0127).

Figure 0127 : Group Policy Management

22. If any warning box appeared; just click OK (Figure 0128).

Figure 0128 : Group Policy Management Console Warning

83

23. Right click Default Domain Policy and select Edit (Figure 0129).

Figure 0129 : Group Policy Management Default Domain Policy

24. Double click to expand Policies (Figure 0130).


25. Expand Windows Settings.
26. Expand Security Settings (Figure 0130).

Figure 0130 : Group Policy Management Security Settings

84

27. Double click to expand Account Policies (Figure 0131).

Figure 0131 : Group Policy Management Password Policy

28. Click Password Policy (Figure 0132).


29. Double click Password must meet complexity requirements under Password
Policy to open Password must meet complexity requirements Properties.

Figure 0132 : Group Policy Management - Password Must Meet Complexity Requirements

85

30. Select Disabled under Security Policy Setting tab (Figure 0133).

Figure 0133 : Password Must Meet Complexity Requirements Properties


31. Click OK.
32. Double click Minimum password length under Password Policy to open
Minimum password length Properties (Figure 0134).

Figure 0134 : Group Policy Management - Minimum Password Length

86

33. Set No password required to 0 characters (Figure 0135).

Figure 0135 : Minimum Password Length Properties


34. Click OK.
35. Recheck your configuration. Your configuration should be same as figure below
(Figure 0136).

Figure 0136 : Group Policy Management - Password Policy

36. Close all windows and RESTART your server.


After restarting server, login as Administrator and start create user Zul Zcomby
again (follow step 10 to 14). There should be no problem anymore.

87

Creating Users within Organizational Units (EXERCISE 5.2 - Continue)


37. Now create the new user Ocah in the Stkm OU using the following properties
(Figure 0137).
First Name

Ocah

Last Name

Blue

Full Name

Ocah Blue

User logon name ocah.blue


Password

ocah

User cannot change password


Password never expires
Figure 0137 : Ocah Blue Properties

38. Create the following user account in the Sted OU (Figure 0138).
First Name

Ahmad

Last Name

Akmal

Full Name

Ahmad Akmal

User logon name zul.akmal


Password

akmal

User cannot change password


Password never expires
Figure 0138 : Ahmad Akmal Properties

39. Create the following user account in the Sklr OU.


First Name

Ain

Last Name

Syahmi

Full Name

Ain Syahmi

User logon name ain.syahmi


Password

ain

User cannot change password


Password never expires
Figure 0139 : Ain Syahmi Properties

88

First Name

Ali

Last Name

Uddin

Full Name

Aliuddin

User logon name

ali.zul

Password

ali

User cannot change password


Password never expires
Figure 0140 : Aliuddin Properties
First Name

Wan

Last Name

Saad

Full Name

Md Saad

User logon name

wan.saad

Password

masuri

User must change password at next logon


Account is disabled
Figure 0141 : Md Saad Properties

40. Note the down arrow


that appears on the icon for the user Md Saad,
indicating this account has been disabled (Figure 0142).

Figure 0142 : AD Users and Computers User Disabled

89

EXERCISE 5.3
Moving Users within Organizational Units
41. It is easy to delete, rename or move a user from an organization unit. In the
above exercise the user Md Saad was inadvertently placed in the wrong OU.
Right-click the user Md Saad and select move from the list (Figure 0143).

Figure 0143 : Move Users


42. Click Stkm as the destination OU (Figure 0144).

Figure 0144 : Move Users Stkm OU

43. Click OK

90

44. Expand the Stkm OU to confirm that the user Md Saad is now a member of Stkm
OU (Figure 0145).

Figure 0145 : Stkm OU Members

You have now created a number of users within the organizational units created
earlier. At this stage, you cannot see the benefits of doing this. However, the later
exercises will start to illustrate why this has been done, by allocating resources to
organizational units.
Thus, a user will get access to a resource based on their OU membership
properties. If a user moves from one organizational unit to another, they will
inherit all the resources associated with the new OU.

91

EXERCISE 5.4
Updating User Information
In this exercise we will look at default user properties such as logon times and how often
they need to change their passwords.
Active Directory allows organizations to store significantly more information than in
previous versions of Windows. For example, you can store telephone and office
information in the Active Directory with the user information.
45. Double click the user Md Saad in the Stkm OU (Figure 0146).

Figure 0146 : User Properties


46. Enter the following details (Figure 0147).
Office

Integration

Telephone Number

012-5740157

E-Mail

md.saad@myserver.com

Job Title (Organization) Senior Instructor


Department
Company

Computer Technology
IKM
Figure 0147 : User Details

92

Figure 0148 : Md Saad Properties - General

Figure 0149 : Md Saad Properties - Organization


47. Click OK to apply the changes.

93

EXERCISE 5.5
Restrict User Logon Hours
48. Double click the user Md Saad in the Stkm OU (Figure 0150).

Figure 0150 : Md Saad Properties


49. Click Account tab (Figure 0151).

Figure 0151 : Md Saad Properties - Account

94

50. Click the Logon Hours button (Figure 0152).

Figure 0152 : Logon Hours


51. Select all areas and click Logon Denied (Figure 0153).

Figure 0153 : Logon Hours for Md Saad Logon Denied


Restrict the logon hours (under Account Tab) to Monday-Friday, 8am-5pm.
52. Select the areas Monday to Friday and 8am to 5pm (Figure 0154).

Figure 0154 : Logon Hours for Md Saad Select Areas

95

53. Select Logon Permitted (Figure 0155).

Figure 0155 : Logon Hours for Md Saad Set Logon Permitted


54. Click the OK button.
55. Click the OK button again.
In the above exercise you assigned some organizational information to a user.
You also explored some of the properties that can be applied.

96

Exercise 6

Configuring Client
Computer

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

97

Exercise 6 : Configuring a Client Computer


In this section you will configure Windows XP Professional on the other computer that
will be part of your network. This computer will act as a client computer that users of
your network can use to access shared resources such as files, software and printers.
Make sure that the Windows Server 2008 previously installed is running.
Please refer to the following table for client configuration.
Name of This Computer clientxpSN
Name of Organization

IKM

Role of This Computer Client Workstation


Name of Installer

Administrator

Domain Name

same domain name as you did for the Server

TCP/IP Address

192.168.2.SN

TCP/IP Subnet mask

255.255.255.0

TCP/IP Gateway

192.168.2.ServerNumber

Preferred DNS server

192.168.2.ServerNumber

Note : SN = Station Number


Use the same domain name as you did for the Server.

98

EXERCISE 6.1
Network Setting (Windows XP)
1. Run Network Connections application program. Click Start All Programs
Accessories Communications Network Connections (Figure 0156).

Figure 0156 : Run Network Connections


2. Right click Local Area Connection (Figure 0157).

Figure 0157 : Local Area Connection


3. Select Properties (Figure 0157).

99

4. Double click Internet Protocol (TCP/IP) (Figure 0157).

Figure 0158 : Local Area Connection Properties


5.

Now set your client (Windows XP) IP address, and ensure that you are using a
static IP address. For this exercise, Im using number 61 as my Windows XP
client station number (Figure 0159).
Use the following IP address:

IP address
Subnet mask
Default gateway

: 192.168.2.SN
: 255.255.255.0
: 192.168.2.ServerNumber

(client station number)


(server IP address)

Use the following DNS server address:


Preferred DNS server
Alternate DNS server

: 192 . 168 . 2 . ServerNumber


: ___ . ___ . ___ . ___

(1st server IP address)


(2nd server IP address)

100

Figure 0159 : Internet Protocol (TCP/IP) Properties


7. Click the OK button (Figure 0159).

Figure 0160 : Local Area Connection Properties


8. Click OK button (Figure 0160) and close all remaining windows.

101

EXERCISE 6.2
Joining Domain (Windows XP client)
9. Click Start Right-click My Computer (Figure 0161).

Figure 0161 : My Computer

10. Select Properties. (Figure 0162).

Figure 0162 : My Computer - Properties

102

11. Click the Computer Name tab, and then click Change. (Figure 0163).

Figure 0163 : System Properties


12. Click the More button. (Figure 0164).

Figure 0164 : Computer Name Changes - Workgroup

103

13. Specify yourdomain.com as the Primary DNS Suffix for This Computer (Figure
0165).

Figure 0165 : DNS Suffix and NetBIOS Computer Name


14. Click the OK button.
15. Change Computer Name to clientxpSN (Figure 0166).
16. Select "Member of ....... Domain" and enter the name of your Domain (Figure 0166).

Figure 0166 : Computer Name Changes - Domain


17. Click the OK button.

104

18. Now Domain Server will prompt you for Username and Password. Enter any
username and password you have created before. (Figure 0167).

Figure 0167 : Join Domain Verification

19. If you get this welcome message : Windows : "Computer Name Changes" Welcome to the ....... domain"; it means you are successfully joining a domain.
(Figure 0168).

Figure 0168 : Domain Welcome Message

20. Since joining a domain is a major change in the security configuration of your
system, you will be reminded that you have to restart your system. Click OK
(Figure 0169).

Figure 0169 : Restart Reminder

105

21. You will be back in the System Properties, where you are now listed as being
part of a domain (Figure 0170).

Figure 0170 : System Properties Computer Name


22. Click OK to close the remaining dialog boxes (Figure 0170).
23. Click YES to restart the computer. (Figure 0171).

Figure 0171 : Restart Confirmation

.
.

106

Exercise 7

Viewing Computer
In Active Directory

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

107

Exercise 7 : Viewing Computer In Active Directory


In this section you will use Active Directory Users and Computers to view information for
computers and servers.
When a client workstation is installed using Windows XP Professional or Windows 2000
Professional or Windows Vista or Windows 7, it has its own accounts database and
rights. When that client computer joins a domain or Windows Server 2008 network, this
means that the domain wide accounts are available for use at the workstation. When a
user logs on using the client computer, any policies are applied to the client computer.
Client workstations running Windows XP Professional have their own local accounts
database. This means it is possible for an administrator on the workstation to create a
local workstation account, which is not the same as the domain account, and allow
users to logon to the local computer rather than the domain.
Currently, you should have the Windows Server 2008 and a Windows XP Professional
client workstation running.
Log on as administrator to the Windows Server 2008.

EXERCISE 7.1
Viewing Computers and Servers in Active Directory
In this exercise, you will use Active Directory Users and Computers to view the
workstations and servers in the domain.

1. Log on the Windows Server 2008 as administrator.


2. Launch Active Directory Users and Computers. Click Start Administrative
Tools Active Directory Users and Computers (Figure 0172)

108

Figure 0172 : Launch Active Directory Users and Computers


3. Expand the domain icon (Figure 0173).

Figure 0173 : AD myserver.com

109

4. Click on the Computers folder from the list (Figure 0174).

Figure 0174 : AD Computers


You can see CLIENTXP61 listed under Computer folder.

5. Double-click on the CLIENTXP61 to display its properties (Figure 0175).

Figure 0175 : CLIENTXP61 Properties


Now you can see the general information about CLIENTXP61 including it DNS
name and it role.

110

6. Click on the Operating System tab (Figure 0176).

Figure 0176 : CLIENTXP61 Properties - Operating System


Here you can find information about Operating System, version and service pack
using by client.

7. Click OK to close the properties box.


8. Click on the Domain Controllers folder under myserver.com (Figure 0177)

Figure 0177 : AD - Domain Controllers

111

9. Double-click on the domain controllers to display its properties (Figure 0178).

Figure 0178 : SERVER21 Properties

10. Click on the Operating System tab (Figure 0179.)

Figure 0179 : SERVER21 Properties - Operating System


Here you can find information about Operating System, version and service pack
using by server.
11. Click OK to close the properties box and close all remaining dialog box.

In this exercise you viewed properties of workstations and servers in your


network using Active Directory.

112

EXERCISE 7.2
Using the Local Workstation Account
In this exercise you will log on the Windows XP Professional workstation using a local
administrator account.
12. Logon the Windows XP Professional as administrator (Figure 0180).

Figure 0180 : Log on to Windows XP


13. Logoff the client computer. Click Start Shutdown and select Logoff
Administrator (Figure 0181).

Figure 0181 : Log off Windows XP

113

14. Click OK (Figure 0182).

Figure 0182 : Log off Windows XP Administrator

EXERCISE 7.3
Using Domain wide account at the client computer
In this exercise you will log on the client computer using a domain account.
15. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0183).

Figure 0183 : Windows XP Logon

114

16. Log on the Windows XP Professional as zul.zcomby and comby as password


(Figure 0184).

Figure 0184 : Log on to Windows XP


17. Click OK.
18. You will receive a Logon Message. Why? (Figure 0185)
Because zul.zcomby not created on the local client account, it was created in the
server active directory account.
Just now, you were tried to logon to the client using active directory user account.

Figure 0185 : Logon Message


19. Click OK to dismiss the dialog box.

115

20. Now, look at the logon box. There is an extra field displayed, called Logon to:
(Figure 0186).

Figure 0186 : Log on to Windows XP


21. Click the Logon to: box, and select MYSERVER (Figure 0187)

Figure 0187 : Log on to server

116

22. Enter the same user credentials as previously (Figure 0188).

Figure 0188 : Log on to server using client workstation


23. Click OK.
What happened? Could you log on? It should be no problem.
24. Log off the client computer. But leave it running Windows XP Professional (do
not shut the computer down yet).
25. If you are currently logged in to the Windows Server 2008, log off.
26. Attemp to log on to the server as zul.zcomby.
26.1.

Click Switch User button (Figure 0189).

Figure 0189 : Switch User button

26.2.

Click Other User button (Figure 0190).

Figure 0190 : Other User button

117

26.3.

Enter user as zul.zcomby and password as comby (Figure 0191).

Figure 0191 : Logon to server using user account


26.4.

Press ENTER.

27. What happened? Could you log on?


A error message appeared (Figure 0192).

Figure 0192 : Logon Error Message


Why?
Because the user account you are using to login into server do not have
permission to login into server directly.

28. Click OK.


29. Logon to the server as administrator.

118

30. Launch Active Directory Users and Computers. Click Start Administrative
Tools Active Directory Users and Computers (Figure 0193).

Figure 0193 : Launch Active Directory Users and Computers

31. Click on the Stkm Organizational Unit (Figure 0194).

Figure 0194 : Active Directory Users and Computers - Stkm

119

32. Double-click on the user Zul Zcomby to display the properties box (Figure 0195).

Figure 0195 : Zul Zcomby Properties


33. Click the Member Of tab (Figure 0196).

Figure 0196 : Zul Zcomby Properties - Member Of

120

34. Click Add button (Figure 0197).

Figure 0197 : Add Button

35. Click Advanced button (Figure 0198).

Figure 0198 : Select Groups

36. Click Find Now button (Figure 0199).

Figure 0199 : Select Groups - Advanced

121

37. Double-click Server Operators from the list (Figure 0200).

Figure 0200 : Select Groups Find Now


38. Click OK.
39. Click OK (Figure 0201).

Figure 0201 : Select Groups

122

40. Click OK (Figure 0202).

Figure 0202 : Zul Zcomby Properties - Member Of


41. Log off server. Click Start Log Off (Figure 0203).

Figure 0203 : Log Off Server

42. Attemp to log on to the server as zul.zcomby.


42.1.

Press Ctrl + Alt + Del.

42.2.

Click Switch User button (Figure 0204).

Figure 0204 : Switch User button

123

42.3.

Click Other User button (Figure 0205).

Figure 0205 : Other User button

42.4.
Enter user as zul.zcomby and password as comby (Figure
0206).

Figure 0206 : Logon to server using user account


42.5.

Press ENTER.

What happened? Could you log on? It should be no problem.

Summary
Servers do not allow normal users to logon locally. Servers run the network and provide
resources, which users connect to remotely across a network. Servers are not designed
to have users physically sitting at their keyboards trying to log on and run programs.
Users actually logon to a client computer in the network and access resources using a
network connection.
Client computers running Windows XP Professional have their own accounts database.

124

Exercise 8

Delegating
Management Of
Users

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

125

Exercise 8 : Delegating Management Of Users


In this exercise you will create new local groups and look at assigning managers to
users and organizational units.
EXERCISE 8.1
DelegatingControl
In this portion of the exercise you will make zul.zcomby a manager of the Stkm
organizational unit. Once he is a manager, he will be able to modify user accounts within
the Stkm OU.
1. Log on the Windows Server 2008 as administrator.
2. Launch Active Directory Users and Computers. Click Start Administrative
Tools Active Directory Users and Computers (Figure 0207)

Figure 0207 : Launch Active Directory Users and Computers

126

3. Expand the domain icon (Figure 0208).

Figure 0208 : AD myserver.com


4. Right click the Stkm OU and select Delegate Control (Figure 0209).

Figure 0209 : AD Stkm

5. This starts the Delegation of Control Wizard (Figure 0210).

Figure 0210: Delegation of Control Wizard

127

6. Click Next (Figure 0210).


7. Click the Add button (Figure 0211).

Figure 0211: Delegation of Control Wizard Users or Groups


8. Click the Advanced button (Figure 0212).

Figure 0212: Select Users, Computers, or Groups

128

9. Click the Find Now button (Figure 0213).

Figure 0213: Select Users, Computers, or Groups Advanced


10. Select Zul Zcomby account (Figure 0214).

Figure 0214: Select Users, Computers, or Groups Find Now

129

11. Click OK (Figure 0214).


12. Click OK (Figure 0215).

Figure 0215: Select Users, Computers, or Groups User Added

13. Click Next (Figure 0216).

Figure 0216: Delegation of Control Wizard Users Added

130

14. Delegate the following tasks as illustrated (Figure 0217).

Figure 0217: Task to Delegate


15. Click Next (Figure 0217).
16. Click Finish (Figure 0218).

Figure 0218: Delegation of Control Wizard Finish

131

17. Log off server. Click Start Log Off (Figure 0219).

Figure 0219 : Log Off Server

132

EXERCISE 8.2
Managing Users
In this portion of the exercise you will log on to server as zul.zcomby and attempt to
manage users.
18. Attemp to log on to the server as zul.zcomby.
18.1.

Press Ctrl + Alt + Del.

18.2.

Click Switch User button (Figure 0220).

Figure 0220 : Switch User button


18.3.

Click Other User button (Figure 0221).

Figure 0221 : Other User button

18.4.

Enter user as zul.zcomby and password as comby (Figure 0222).

Figure 0222 : Logon to server using user account


18.5.

Press ENTER.

133

19. Launch Active Directory Users and Computers. Click Start Administrative
Tools Active Directory Users and Computers (Figure 0223).

Figure 0223: Launch Active Directory Users and Computers


20. You will be asked to reenter your password for security measure. Just reenter
password for zul.zcomby (Figure 0224).

Figure 0224: User Account Control Permission

134

21. Expand the domain icon (Figure 0225).

Figure 0225: Active Directory Users and Computers - Domain

22. Click on the Stkm OU (Figure 0226).

Figure 0226: Active Directory Users and Computers - Stkm


23. Double-click the user Ocah Blue (Figure 0227).

Figure 0227: Active Directory Users and Computers User

135

24. Click the Account tab (Figure 0228).

Figure 0228: Ocah Blue Properties


25. Click the Logon Hours button (Figure 0229).

Figure 0229: Logon Hours button

136

26. Select all areas and click Logon Denied (Figure 0230).

Figure 0230 : Logon Hours for Ocah Blue Logon Denied


Change Ocahs the logon hours (under Account Tab) to Monday-Friday, 8am5pm.
27. Select the areas Monday to Friday and 8am to 5pm (Figure 0231).

Figure 0231 : Logon Hours for Ocah Blue Select Areas

137

28. Select Logon Permitted (Figure 0232).

Figure 0232 : Logon Hours for Ocah Blue Set Logon Permitted
29. Click OK.
30. Click OK again.
31. Click the Sklr OU (Figure 0233).

Figure 0233: Active Directory Users and Computers Sklr

138

32. Double-click Ain Syahmi user account to display the properties of this user
(Figure 0234).

Figure 0234: Active Directory Users and Computers User


33. Attemp to change the logon hours of this user. Click Account tab (Figure 0235).

Figure 0235: Ain Syahmi Properties

139

34. Click the Logon Hours button (Figure 0236).

Figure 0236: Logon Hours Button

35. A warning message will be displayed (Figure 0237).


Why do you think you are not able to modify this account?

Figure 0237: AD Error Message


Because Zul Zcomby only have permission to modify user under Stkm OU only.
He only have read permissioin for other OUs.

36. Click OK to close the message (Figure 0237).


37. Close all remaining windows except Active Directory Users and Computers.
38. Click the Stkm OU (Figure 0238).

Figure 0238: Active Directory Users and Computers Stkm

140

39. Right-click Ocah Blue account and select Reset Password from the list
(Figure 0239).

Figure 0239: AD Ocah Blue Reset Password


This display a reset password box that will allow the password to be changed.
40. Click Cancel (Figure 0240).

Figure 0240: Reset Password

41. Close all remaining windows.


42. Log off the server.
In the above exercise you delegated control of an Organizational Unit to a user. You
then modified account details of users belonging to that OU as the designated
manager of the OU.
Delegating control of users using the delegation control wizard is simple. When
control of users and groups is delegated, administrators can be relieved of simple
administrative tasks such as resetting passwords and modification of user accounts.

141

Exercise 9

Exploring Group
Scopes and Types

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

142

Exercise 9 : Exploring Group Scopes and Types


EXERCISE 9.1
Exploring Group Scopes and Types
In the following exercise you will create a number of groups. These groups will be used
to demonstrate group scope. From the notes, group scope determines who can be a
member and where that group can be used in the enterprise.
Group
Type

Scope

Local

User accounts, Global groups and Universal groups from any domain in the
forest, as well as local groups from the same domain.

Global

User accounts and global groups from the same domain.

Universal

User accounts, global groups and universal groups from any domain in the
forest.

The recommended strategy for using groups in Windows Server 2008 is to use both
global and domain local groups. Place users into global groups and then place the global
groups into domain local groups and assign permissions to the domain local groups.
Global groups have access to accounts in the local domain. Where the enterprise
consists of more than one domain, local groups allow the use of accounts across all the
domains. Where the enterprise has combined a number of domains into a forest,
Universal groups provide access to any accounts in the forest.
1.

Log on server as Administrator (Figure 0241).

Figure 0241 : Administrator Login

143

2. Launch Active Directory Users and Computers. Click Start Administrative


Tools Active Directory Users and Computers (Figure 0242).

Figure 0242 : Launch Active Directory Users and Computers


3. Right-click the domain icon and select New - Group from the list (Figure 0243).

Figure 0243 : Active Directory Users and Computers New Group

144

4. Create a global group called Technical Support (Figure 0244).


4.1 Key-in Technical Support in the Group name: box
4.2 Verify Group scope set to Global.
4.3 Verify the Group type is set to Security.

Figure 0244 : New Object - Group


5. Click OK (Figure 0244).

6. Add Ali Uddin as a member of Technical Support.


6.1 Double-click Technical Support (Figure 0245).

Figure 0245 : Active Directory Users and Computers Technical Support

145

6.2 Click Members tab (Figure 0246).

Figure 0246 : Technical Support Properties


6.3 Click Add button (Figure 0247).

Figure 0247 : Add button


6.4 Click Advanced button (Figure 0248).

Figure 0248 : Select Users, Contacts, Computers, or Group box

146

6.5 Click Find Now button (Figure 0249).

Figure 0249 : Select Users, Contacts, Computers, or Group - Advanced


6.6 Select Ali Uddin user account (Figure 0250).

Figure 0250 : Select Users, Contacts, Computers, or Group Find Now

147

6.7

Cick OK (Figure 0250).

6.8

Cick OK (Figure 0251).

Figure 0251 : Select Users, Contacts, Computers, or Group


6.9

Cick OK (Figure 0252).

Figure 0252 : Technical Support Properties

148

7. Create a new Domain Local group called Intranet Users (Figure 0253).
7.1. Right-click the domain icon and select New - Group from the list (Figure
0253).

Figure 0253 : Active Directory Users and Computers New Group


7.2. Key-in Intranet Users in the Group name: box (Figure 0254).
7.3. Verify Group scope set to Domain Local (Figure 0254).
7.4. Verify the Group type is set to Security (Figure 0254).

Figure 0254 : New Object - Group


7.5. Click OK (Figure 0254).

149

Double-click Intranet Users (Figure 0255).

Figure 0255: Active Directory Users and Computers


9

Add the Intranet Users group as a Member Of Technical Support.


9.1. Click Member Of tab (Figure 0256).

Figure 0256 : Intranet Users Properties


9.2. Click Add button (Figure 0257).

Figure 0257 : Add Button

150

9.3. Click Advanced button (Figure 0258).

Figure 0258 : Select Groups - Add


9.4. Click Find Now button (Figure 0259).

Figure 0259 : Select Groups - Advanced

151

9.5. Select Technical Support. What happened? (Figure 0260).

Figure 0260 : Select Groups Search Results


Can you find Technical Support? Why do you think this happened?
9.6. Close all windows except Active Directory Users and Computers.

10 Now try adding the Technical Support group as a Member Of Intranet Users.
10.1.

Double-click Technical Support group (Figure 0261).

Figure 0261 : Active Directory Users and Computers - Technical Support

152

10.2.

Click Member Of tab (Figure 0262).

Figure 0262 : Technical Support Properties


10.3.

Click Add button (Figure 0263)

Figure 0263 : Add Button

10.4.

Click Advanced button (Figure 0264)

Figure 0264 : Select Groups - Add

153

10.5.

Click Find Now button (Figure 0265)

Figure 0265 : Select Groups - Advanced

10.6.

Select Intranet Users and click OK button (Figure 0266).

Figure 0266 : Select Groups Search Result


What happened?

154

10.7.

Click OK button (Figure 0267).

Figure 0267 : Select Groups Intranet Users Group Added


Can you add the Technical Support group as a Member Of Intranet
Users?
Why do you think this is so?
11 Click OK button (Figure 0268).

Figure 0268 : Technical Support Properties Member Of Intranet Users


12 Log off Administrator.

Summary
Windows Server 2008 running in native mode supports the use of different group types.
Global groups have access to user accounts and other global groups in the same
domain. Local groups allow you to access accounts outside the current domain, and
universal groups provide access across organizations (forests).

155

Exercise 10

Creating And
Applying Group
Policies

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

156

Exercise 10 : Creating And Applying Group Policies


In this exercise you will create a new group policy and apply it to users within an
organizational unit.

Group Policies
Group policies are settings or configurations that can be applied to users, groups,
organizational units and domains. An administrator can create a group policy that
configures the computer or user settings, such as menu and desktop settings, folder
locations and default password settings.
Windows NT 4 and Windows 98 introduced system policies. Windows 2000, 2003 and
2008 extends these further using group policies.
EXERCISE 10.1
Creating a Group Policy

1.

Log on server as Administrator (Figure 0269).

Figure 0269 : Administrator Login

157

2. Launch Group Policy Management. Click Start Administrative Tools


Group Policy Management (Figure 0270).

Figure 0270 : Launch Group Policy Management

3. Expand the Forest (Figure 0271).

Figure 0271 : Group Policy Management - Forest

158

4. Expand the Domains (Figure 0272).

Figure 0272 : Group Policy Management Domains

5.

Expand your domain.com (Figure 0273).

Figure 0273 : Group Policy Management myserver.com

Now, you will create a new group policy for the Stkm OU. This new policy will apply to all
members of the Stkm OU though in another exercise that follows, you will override this.
6.

Right-click the Stkm OU and select the Create a GPO in this domain, and
Link it here (Figure 0274).

Figure 0274 : Group Policy Management Create new GPO

159

7. Rename the policy as STKM Group Policy (Figure 0275).

Figure 0275 : Create New GPO


8. Click OK to continue (Figure 0275).

9. Right-click the STKM Group Policy and select Edit (Figure 0276).

Figure 0276 : Default Domain Policy - Edit

10. The group policy editor allows you to specify user and computer settings. In the
following steps, you will change some of these settings (Figure 0277).

Figure 0277 : Group Policy Management Editor

160

11. Expand User Configuration (Figure 0278).

Figure 0278 : Group Policy Management Editor User Configuration


12. Expand the Policies folder (Figure 0279).

Figure 0279 : Group Policy Management Editor Policies


13. Expand the Administrative Templates folder (Figure 0280).

Figure 0280 : Group Policy Management Editor Administrative Templates

14. Click the Start Menu and Taskbar folder (Figure 0281).

Figure 0281 : Group Policy Management Editor Start Menu and Taskbar

161

15. A large list of selections is available. Double click the option Add Logoff to the
Start Menu (Figure 0282).

Figure 0282 : Group Policy Management Editor Add Logoff to the Start Menu
16. The Add Logoff to the Start Menu Properties appears. Click the Disabled button
to disable this setting (Figure 0283).

Figure 0283 : Add Logoff to the Start Menu Properties

17. Click OK to apply setting (Figure 0283).

18. The setting now displays as Disabled in the Group Policy Editor (Figure 0284).

Figure 0284 : Add Logoff to the Start Menu Disabled

162

19. Configure the following settings.


Remove Run menu from Start Menu Enabled
Remove Clock from the system notification area Enabled
Desktop\Desktop\Enable Active Desktop Enabled
Desktop Wallpaper Enabled
Wallpaper Name : C:\WINDOWS\Web\Wallpaper\Autumn.jpg
Wallpaper Style : Stretch
(This uses wallpaper from the Windows XP Pro installed on C drive of client PC)

20. Close the group policy editor.


21. Refresh the Group Policy Management. On the Menubar; click Action Refresh
(Figure 0285).

Figure 0285 : Group Policy Management Refresh

22. Close the Group Policy Management windows.

163

Update Group Policy


23. Launch the Run application. Click Start Run (Figure 0286).

Figure 0286 : Launch the Run Application

24. Key-in gpupdate in the Open : box (Figure 0287).

Figure 0287 : Run Windows


25. Click OK to run the gpupdate (Figure 0288).

Figure 0288 : Updating Policy


26. Log off the server.

164

EXERCISE 10.2
Test the Group Policy
The group policy has been applied to members of the Stkm Organizational Unit. There
are two members; Zul Zcomby and Ocah Blue. You will now test this policy to see if it
works.
27. Log on the server as zul.zcomby.
27.1.

Press Ctrl + Alt + Del.

27.2.

Click Switch User button (Figure 0289).

Figure 0289 : Switch User button


27.3.

Click Other User button (Figure 0290).

Figure 0290 : Other User button


27.4.

Enter user as zul.zcomby and password as comby (Figure 0291).

Figure 0291 : Logon to server using user account


27.5.

Press ENTER.

165

28. Do you have the RUN command on the Start Menu?


YES / NO

29. Do you have Clock on the system notification area?


YES / NO

Now verify that the settings are also applied to the client computer. Log on to the
Client computer as ocah.blue.
30. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0292).

Figure 0292 : Windows XP Logon


31. Log on the client computer as ocah.blue and ocah as password (Figure 0293).

Figure 0293 : Log On To Server Using Client Workstation

166

32. Do you have the RUN command on the Start Menu?


YES / NO

33. Do you have Clock on the system notification area?


YES / NO

34. Were the wallpaper displayed on the client computer?


YES / NO

35. All the group policy setting should be applied (Figure 0294).

Figure 0294 : Client Computer Ocah Blue

36. Log off the client computer.


37. Log off the Server.

167

Log on to client computer as zul.akmal


38. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0295).

Figure 0295 : Windows XP Logon


39. Log on the Windows XP Professional as zul.akmal and akmal as password
(Figure 0296).

Figure 0296 : Log On To Server Using Client Workstation

40. Were the group policy setting applied?


YES / NO

41. If not, why do you think this is so?


Because zul.akmal not a member of the Stkm OU. The group policy applied only
to the members of the Stkm OU.
42. Log off the client computer.

168

EXERCISE 10.3

Disabling The Group Policy


In this exercise you will disable the group policy of Stkm OU.
43. Log on server as Administrator (Figure 0297).

Figure 0297 : Administrator Login


44. Launch Group Policy Management. Click Start Administrative Tools
Group Policy Management (Figure 0298).

Figure 0298 : Launch Group Policy Management

169

45. Expand the Forest (Figure 0299).

Figure 0299 : Group Policy Management - Forest


46. Expand the Domains (Figure 0300).

Figure 0300 : Group Policy Management Domains

47. Expand your domain.com (Figure 0301).

Figure 0301 : Group Policy Management myserver.com

170

You are now going to disable the policy of Stkm OU. This is a better option than
removing the policy, as if you decide to re-implement the policy at a later date, it will still
be there.
48. Expand the Stkm OU (Figure 0302).

Figure 0302 : Group Policy Management Stkm

49. Click the Stkm Group Policy (Figure 0303).

Figure 0303 : Group Policy Management STKM Group Policy

50. A warning box appears. The Group Policy Management remind you that you
have selected a link to a GPO and changes you make will impact all other
locations linked with the GPO (Figure 0304).

Figure 0304 : Group Policy Management Console Warning


51. Click OK to continue (Figure 0304).

171

52. Right-click the Stkm Group Policy and select Link Enabled (Figure 0305).

Figure 0305 : STKM Group Policy Details


53. Now you can see under Link Enabled; the status Yes have changed to No
(Figure 0306).

Figure 0306 : STKM Group Policy GPO Status

54. Close the Group Policy Management windows.

172

Update Group Policy


55. Launch the Run application. Click Start Run (Figure 0307).

Figure 0307 : Launch the Run Application

56. Key-in gpupdate in the Open : box (Figure 0308).

Figure 0308 : Run Windows


57. Click OK to run the gpupdate (Figure 0309).

Figure 0309 : Updating Policy


58. Log off the server.

173

Now verify that the group policy is disabled. Log on to the Client computer as
zul.zcomby.
59. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0310).

Figure 0310 : Windows XP Logon

60. Log on the Windows XP as zul.zcomby and comby as password (Figure 0311).

Figure 0311 : Log On To Server Using Client Workstation


61. Were the policies now disabled?
YES / NO
62. Log off the client computer.

Summary
In this exercise you created a group policy and applied it to an organizational unit.
Only a fraction of the available settings were explored. Applying a group policy is a
way of controlling security and configuring groups of users with common settings.
This can help reduce the cost of ownership and the level of administrator support by
restricting what users can do or change on their computers.

174

Exercise 11

Creating And
Sharing Resources

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

175

Exercise 11 : Creating And Sharing Resources


One important aspect of a Windows Domain is the ability to share applications, files,
printers and other resources on the network. Resources created on Windows Server
computers are available to all users in the domain, and it is a simple administration task
to allocate permissions to users.

Preliminary Setup
Add zul.akmal, ocah.blue and ain.syahmi to the Intranet Users group.
1.

Log on server as Administrator (Figure 0312).

Figure 0312 : Administrator Login


2. Launch Active Directory Users and Computers. Click Start Administrative
Tools Active Directory Users and Computers (Figure 0313).

Figure 0313 : Launch Active Directory Users and Computers

176

3. Click myserver.com (your domain.com) and double-click the Intranet Users


group from the list (Figure 0314).

Figure 0314 : Active Directory Users and Computers Intranet Users Group
4. Click the Members tab (Figure 0315).

Figure 0315 : Active Directory Users and Computers Intranet Users Properties

5. Add Ocah Blue as a member of Intranet Users.


5.1 Click Add button (Figure 0316).

Figure 0316 : Add button

177

5.2 Click Advanced button (Figure 0317).

Figure 0317 : Select Users, Contacts, Computers, or Group box

5.3 Click Find Now button (Figure 0318).

Figure 0318 : Select Users, Contacts, Computers, or Group - Advanced

178

5.4 Select Ocah Blue user account (Figure 0319).

Figure 0319 : Select Users, Contacts, Computers, or Group Find Now


5.5

Cick OK (Figure 0319).

5.6

Cick OK (Figure 0320).

Figure 0320 : Select Users, Contacts, Computers, or Group

179

5.7

You can see Ocah Blue is added as a member of Intranet Users group
(Figure 0321).

Figure 0321 : Intranet Users Properties

6. Now repeat steps 5 to add zul.akmal and ain.syahmi as a member of Intranet


Users group.

7. After finish adding the entire user to Intranet Users group, your Intranet Users
properties should be same as figure below (Figure 0322).

Figure 0322 : Active Directory Users and Computers Intranet Users Properties
8. Cick OK to finish added members to Intranet Users group (Figure 0322).

180

EXERCISE 11.1
Creating and Sharing a Resource Using Windows Explorer
In this exercise, you will use Windows Explorer to create a folder and verify the NTFS file
permissions. The folder will then be shared and permissions assigned. You will then
access this shared resource from the client computer.

1.

Log on to the server as Administrator (Figure 0323).

Figure 0323 : Administrator Login


2. Launch Windows Explorer. Click Start Right-click Computer select Explore
(Figure 0324).

Figure 0324 : Launch Windows Explorer

181

3. Access D: drive (Figure 0325).


(Make sure your D drive are NTFS formatted. If not, you have to convert or
format it to NTFS)

Figure 0325 : Windows Explorer D Drive


4. Create a folder named tempSN (SN represents youre Station Number).
In previous exercise I use number 21 as my Station Number. So in this exercise
my folder named will be temp21.
4.1.

Right-click D drive select New Folder (Figure 0326).

Figure 0326 : Windows Explorer Create New Folder

182

4.2.

Rename the folder as temp21 (Figure 0327).

Figure 0327 : Rename Folder


5. Open the temp21 folder properties. Right-click temp21 folder select
Properties (Figure 0328).

Figure 0328 : Open the temp21 folder properties


6. Click the Security tab. A list of security permissions is displayed. Note that the
group Administrators is given Full Control access at the folder level (Figure
0329).

Figure 0329 : temp21 Folder Properties

183

When users access a folder across the network, both the share and NTFS
permission lists define the user permissions.
7. Click the Sharing tab (Figure 0330).

Figure 0330 : temp21 Folder Properties - Sharing


8. Click Advanced Sharing button (Figure 0331).

Figure 0331 : Advanced Sharing button


9. Enable the Share this folder option (Figure 0332).

Figure 0332 : Advanced Sharing

184

10. Specify the share name as Common (Figure 0333).

Figure 0333 : Advanced Sharing Share name


11. Click the Permissions button (Figure 0334).

Figure 0334 : Permissions button

Now you will restrict permissions at the share level. Remember that user permissions
to a network resource are made up of the share permissions and the NTFS
permissions.
12. Remove the Everyone group.
12.1.

Select the Everyone group from the list (Figure 0335).

Figure 0335 : Permissions for Common

185

12.2.

Click the Remove button (Figure 0336).

Figure 0336 : Remove button


13. Click the Add button (Figure 0337).

Figure 0337 : Add button


14. Add the Tech Support group with permissions of Full Control.
14.1.

Click the Advanced button (Figure 0338).

Figure 0338 : Advanced button


14.2.

Click the Find Now button (Figure 0339).

Figure 0339 : Find Now button


14.3.

Select the Technical Support from the list of Search results (Figure 0340).

Figure 0340 : Search Results

14.4.

Click OK button (Figure 0340).

186

14.5.

Click OK button to add Technical Support (Figure 0341).

Figure 0341 : Select Users, Contacts, Computers, or Group


14.6.

Click the Full Control allow box to enable the Full Control permission
(Figure 0342).

Figure 0342 : Permission for Common Full Control


15. Repeat steps 13 to 14 to add the Intranet Users group with Read permissions.
16. The share permissions should look like same as figure below (Figure 0343).

Figure 0343 : Permission for Common

187

17. Once you have set the permissions as describe, click OK button to close the
dialog box (Figure 0343).
18. Click OK to close the advanced sharing dialog box for folder temp21 (Figure 0344).

Figure 0344 : Advanced Sharing

19. Click Close button to close temp21 properties (Figure 0345).

Figure 0345 : temp21 Properties

188

20. In the Explorer window you will note a small double head icon
on the
folder D:\temp21, which indicates the folder is now shared (Figure 0346).

Figure 0346 : Windows Explorer temp21 Folder

21. Log off the server.

22. Log on the client computer as ali.zul and ali as password (Figure 0347).

Figure 0347 : Log On To Server Using Client Workstation

189

23. Launch My Computer. Start My Computer (Figure 0348).

Figure 0348 : Launch My Computer


24. Click the My Network Places (Figure 0349).

Figure 0349 : My Computer

190

25. Click the Entire Network (Figure 0350).

Figure 0350 : Entire Network Link

26. Double-click the Microsoft Windows Network (Figure 0351).

Figure 0351 : Entire Network


27. Double-click the Myserver workgroup (Figure 0352).

Figure 0352 : Microsoft Windows Network

191

28. Double-click the Server21 and view the available resources (Figure 0353).

Figure 0353 : Myserver Workgroup

29. You should see the Common resource listed (Figure 0354).

Figure 0354 : Server21 Resources

30. Double-click the Common resources so that you are connected to it (Figure 0354).

31. A new window will open up and display the contents of the folder (it will be empty
as there are no files in the folder) (Figure 0355).

Figure 0355 : Common Folder on Server21

192

32. Attempt to create a new text file.


32.1.

Right-click in the windows and select New Text Document (Figure 0356).

Figure 0356 : Create New Text Document

32.2.

Could you create the file? YES / NO

32.3.

Log off the client computer.

33. Log on the client computer as ocah.blue (Figure 0357).

Figure 0357 : Log On To Server Using Client Workstation

193

34. Launch My Computer. Start My Computer (Figure 0358).

Figure 0358 : Launch My Computer


35. Click the My Network Places (Figure 0359).

Figure 0359 : My Computer

194

36. Click the Entire Network (Figure 0360).

Figure 0360 : Entire Network Link

37. Double-click the Microsoft Windows Network (Figure 0361).

Figure 0361 : Entire Network


38. Double-click the Myserver workgroup (Figure 0362).

Figure 0362 : Microsoft Windows Network

195

39. Double-click the Server21 and view the available resources (Figure 0363).

Figure 0363 : Myserver Workgroup

40. You should see the Common resource listed (Figure 0364).

Figure 0364 : Server21 Resources

41. Double-click the Common resources so that you are connected to it (Figure 0364).

42. A new window will open up and display the contents of the folder (Figure 0365).

Figure 0365 : Common Folder on Server21

196

43. Attempt to create a new text file.


43.1.

Right-click in the windows and select New Text Document (Figure 0366).

Figure 0366 : Create New Text Document

43.2.

Could you create the file?


YES / NO

If NO, why do you think this happened?


Before we begin this exercise, we have done some preliminary setup.
We add mad.akmal, ocah.blue and ain.syahmi to the Intranet Users group
and we set permissions to the folder temp21 as Read only for Intranet
Users. But for Tech Support group, we set Full Control permissions.

In the earlier exercise, we add ali.zul as member of the Tech Support


group. Thats why user ali.zul can create new text document in the
Common folder on the Server21.

44. Log off the client computer.

197

EXERCISE 11.2
Creating Network Drive Mapping
Instead of using My Network Places, you can map a drive letter to the resource. This is
an alternative way of accessing the resource, but requires that you know the location of
the resource (you can use My Network Places to view the available resources, so you
dont really need to know the location)
45. Log on the client computer as ali.zul and ali as password (Figure 0367).

Figure 0367 : Log On To Server Using Client Workstation

46. Launch Map Network Drive wizard.


Start right-click My Computer Map Network Drive (Figure 0368).

Figure 0368 : Launch Map Network Drive Wizard

198

47. Select Z as drive and enter the location of the network resource in the Folder:
box (Figure 0369).
You must specify the name of the server and the share name.
In this exercise, it is \\Server21\Common.

Figure 0369 : Map Network Drive Wizard


48. Click Finish button to apply.
49. A new window will open up and display the contents of the Common folder
(Figure 0370).

Figure 0370 : Common Folder on Server 21

199

50. Attempt to create a new test file (Figure 0371).


50.1.

Right-click in the windows and select New Text Document (Figure 0371).

Figure 0371 : Create New Text Document

50.2.

Could you create the file?


YES / NO

51. Log off the client computer.

200

EXERCISE 11.3
Publishing a Shared Resource in Active Directory
One of the problems of publishing shares in the way you have just done (which is the
way they done in NT 4 or 98) is that you have to browse the network or know which
server the resource is located on in order to find it. This can be time-consuming and
frustrating for users.
Resources can be published in Active Directory, making them easy to find. In the next
exercise you will publish the resource into Active Directory.

52. Log on to the server as Administrator (Figure 0372).

Figure 0372 : Administrator Login


53. Launch Active Directory Users and Computers. Click Start Administrative
Tools Active Directory Users and Computers (Figure 0373).

Figure 0373 : Launch Active Directory Users and Computers

201

54. Right-click domain (myserver.com) and select New Shared Folder (Figure 0374).

Figure 0374 : Launch Shared Folder Wizard

55. Enter the name as Common Files and the Network path as your server name
and share name in this exercise it is \\Server21\Common (Figure 0375).

Figure 0375 : Shared Folder Wizard


56. Click OK button to finish.

57. The new shared folder appears in the right windows pane of Active Directory
(Figure 0376).

Figure 0376 : Active Directory Users and Computer

58. Close Active Directory Users and Computer windows.

202

EXERCISE 11.4
Locating a Shared Resource in Active Directory
Now that the shared folder is published in Active Directory, it is easy for users to locate
and connect to the resource.
59. Log on to the client computer as ocah.blue (Figure 0377).

Figure 0377 : Log On To Server Using Client Workstation


60. Launch My Computer. Start My Computer (Figure 0378).

Figure 0378 : Launch My Computer

203

61. Click the My Network Places (Figure 0379).

Figure 0379 : My Computer

62. Click the Search Active Directory (Figure 0380).

Figure 0380 : My Network Places

204

63. In the Find drop box, select Shared Folders and in the In drop box, select you
domain - myserver (Figure 0381).

Figure 0381 : Find Shared Folders


64. Click Find Now button (Figure 0382).

Figure 0382 : Find Now button

65. A list of shared folders available is displayed (Figure 0383).

Figure 0383 : Find Shared Folders Find Now

205

66. Right-slick the Common Files shared folder from the list and select Map
Network Drive (Figure 0384).

Figure 0384 : Find Shared Folders - Map Network Drive

67. Select U as drive and enter the location of the network resource in the Folder:
box (Figure 0385).
Note how the location for the server share is filled in automatically.

Figure 0385 : Map Network Drive Wizard


68. Click Finish button to apply.

69. Close all remaining windows.

206

70. Launch My Computer. Start My Computer (Figure 0386).

Figure 0386 : Launch My Computer

71. There are now one additional drive appears at the bottom (Figure 0387).

Figure 0387 : Network Drive

207

72. Log off the client computer.

Summary
Permissions are assigned at the SHARE and at the File system level. By default,
Windows Server 2003 places every use created into the group EVERYONE, and, when
creating a new directory or share, automatically assigns rights to that resource so the
group EVERYONE can access it.

If you want to secure any resources by restricting access, you should ensure that the
appropriate permissions have been set at both the share and file system level.

Publishing shared folders in Active Directory simplifies the task of locating resources.

208

Exercise 12

Logon Scripts

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

209

Exercise 12 : Logon Scripts


In this exercise you will create logon and logoff scripts and apply these to users in an
organizational unit. You will specify a network home directory for users and arrange for
this directory to be mapped when the user logs on. Finally, you will specify disk space
restrictions for specific users.
EXERCISE 12.1
Logon Scripts
A logon script is a sequence of commands that executes when a user logs onto the
network.

1.

Log on server as Administrator (Figure 0388).

Figure 0388 : Administrator Login

210

2. Launch Group Policy Management. Click Start Administrative Tools


Group Policy Management (Figure 0389).

Figure 0389 : Launch Group Policy Management


3. Expand the Forest (Figure 0390).

Figure 0390 : Group Policy Management - Forest

211

4. Expand the Domains (Figure 0391).

Figure 0391 : Group Policy Management Domains

5.

Expand your domain.com (Figure 0392).

Figure 0392 : Group Policy Management myserver.com

6. Right-click the STKM Group Policy and select Edit (Figure 0393).

Figure 0393 : STKM Group Policy - Edit

212

7.

The group policy editor allows you to specify user and computer settings. In the
following steps, you will change some of these settings (Figure 0394).

Figure 0394 : Group Policy Management Editor


8.

Expand User Configuration (Figure 0395).

Figure 0395 : Group Policy Management Editor User Configuration


9.

Expand the Policies folder (Figure 0396).

Figure 0396 : Group Policy Management Editor Policies

213

10. Expand the Windows Setting folder (Figure 0397).

Figure 0397 : Group Policy Management Editor Windows Setting

11. Click the Scripts (Logon/Logoff) (Figure 0398).

Figure 0398 : Group Policy Management Editor Scripts (Logon/Logoff)


12. Double-click Logon (Figure 0399).

Figure 0399 : Group Policy Management Editor Logon

214

13. In the Logon Properties windows, click Show Files button (Figure 0400).

Figure 0400 : Logon Properties

14. Create new text document.


Right-click inside the new windows and select New Text Document (Figure
0401).

Figure 0401 : Create New Text Document

215

15. Double-click the text document. This will load the Notepad editor. Type the
following text into the file (Figure 0402).
echo off
cls
echo This is a log on script for the Stkm OU
echo Welcome %USERNAME% , member of the Stkm OU
pause

Figure 0402 : Notepad editor New Text Document


16. Save the file as Stkm.cmd
16.1.

From Menu bar, click File Save As (Figure 0403).

Figure 0403 : Menu bar - Save As


16.2.

Enter Stkm.cmd in the File name: box (Figure 0404).

Figure 0404 : Save As File Name

216

16.3.

Select All Files from the Save as type: drop menu (Figure 0405).

Figure 0405 : Save As Type All Files


16.4.

Click Save button (Figure 0406).


Figure 0406 : Save Button

17. Close the Notepad editor.

18. Close the Script windows by clicking the X button at the right top corner of the
windows (Figure 0407).

Figure 0407 : Script Windows

217

19. On the Logon Properties window, click Add button (Figure 0408).

Figure 0408 : Logon Properties Add


20. Click Browse button on the Add a Script window (Figure 0409).

Figure 0409 : Add a Script Browse

218

21. Select Stkm.cmd file from the list (Figure 0410).

Figure 0410 : Browse Stkm.cmd


22. Click Open button (Figure 0411).
Figure 0411 : Open Button
23. Now you can see the Stkm.cmd appear in the Script Name: box. Click OK
button to continue (Figure 0412).

Figure 0412 : Add a Script Window

219

24. Stkm.cmd now listed under Logon Properties Script. Click OK button to close
the Logon Properties window (Figure 0413).

Figure 0413 : Logon Properties window

25. Close the Group Policy Management Editor window.

26. On the Group Policy Management window, right-click STKM Group Policy and
uncheck all options except Link Enabled (Figure 0414).

Figure 0414 : Link Enabled

220

27. Open STKM Group Policy.


Right-click the STKM Group Policy and select Edit (Figure 0415).

Figure 0415 : STKM Group Policy - Edit

28. In the Group Policy Management Editor, expand User Configuration (Figure
0416).

Figure 0416 : Group Policy Management Editor User Configuration

29. Expand the Policies folder (Figure 0417).

Figure 0417 : Group Policy Management Editor Policies

221

30. Expand the Administrative Templates folder (Figure 0418).

Figure 0418 : Group Policy Management Editor Administrative Templates

31. Expand the System folder (Figure 0419).

Figure 0419 : Group Policy Management Editor System


32. Click the Scripts folder (Figure 0420).

Figure 0420 : Group Policy Management Editor Scripts

222

33. Double-click the Run logon scripts visible option (Figure 0421).

Figure 0421 : Group Policy Management Editor Run logon scripts visible

34. The Run logon scripts visible Properties appear. Click the Enabled button to
enable this setting (Figure 0422).

Figure 0422 : Run logon scripts visible Properties


35. Click OK to apply setting (Figure 0422).

36. In the same folder, double-click the Run logon scripts synchronously option
(Figure 0423).

Figure 0423 : Group Policy Management Editor Run logon scripts synchronously

223

37. The Run logon scripts synchronously Properties appear. Click the Enabled
button to enable this setting (Figure 0424).

Figure 0424: Run logon scripts visible Properties


38. Click OK to apply setting (Figure 0424).

39. The setting now displays as Enabled in the Group Policy Editor (Figure 0425).

Figure 0425 : Run logon scripts visible Enabled

40. Close the Group Policy Management Editor.

41. On Group Policy Management, click Refresh button


Policy Management window.

and close the Group

224

Update Group Policy


42. Launch the Run application. Click Start Run (Figure 0426).

Figure 0426 : Launch the Run Application

43. Key-in gpupdate in the Open : box (Figure 0427).

Figure 0427 : Run Window


44. Click OK to run the gpupdate (Figure 0428).

Figure 0428 : Updating Policy


45. Log off the server.

225

Test The Logon Script


46. Log on to the client computer as ocah.blue (Figure 0429).

Figure 0429 : Log On To Server Using Client Workstation

47. The logon script should appear same as figure below (Figure 0430).

Figure 0430 : Logon Script

48. Press ENTER or any key to continue.


49. Log off the client computer.

Summary
Scripts allow for both user and computer environments to be configured. The four scripts
available are startup, shutdown, logon and logoff.

226

Exercise 13

HOME
DIRECTORIES

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

227

Exercise 13 : Home Directories


In this exercise, you will create a shared folder on the server that will be used for user
home directories. You will map a home directory for a specific user, so that when they
log on to the network, they will have a drive mapped to their home directory on the
server.
EXERCISE 13.1
Create Sharing Folder
1.

Log on to the server as Administrator (Figure 0431).

Figure 0431: Administrator Login


2. Launch Windows Explorer. Click Start Right-click Computer select Explore
(Figure 0432).

Figure 0432 : Launch Windows Explorer

228

3. Access D: drive (Figure 0433).


(Make sure your D drive are NTFS formatted. If not, you have to convert or
format it to NTFS)

Figure 0433: Windows Explorer D Drive


4. Create a folder named UserSN (SN represents youre Station Number).
In previous exercise I use number 21 as my Station Number. So in this exercise
my folder named will be User21.
4.3.

Right-click D drive select New Folder (Figure 0434).

Figure 0434 : Windows Explorer Create New Folder

229

4.4.

Rename the folder as User21 (Figure 0435).

Figure 0435: Rename Folder

5. Open the User21 folder properties. Right-click User21 folder select


Properties (Figure 0436).

Figure 0436: Open The User21 Folder Properties

230

6. Click the Sharing tab (Figure 0437).

Figure 0437 : User21 Folder Properties - Sharing


7. Click Advanced Sharing button (Figure 0438).

Figure 0438 : Advanced Sharing button


8. Enable the Share this folder option (Figure 0439).

Figure 0439 : Advanced Sharing

231

9. Specify the share name as Users (Figure 0440).

Figure 0440 : Advanced Sharing Share name

Set Sharing Folder Permissions


10. Click Permissions button (Figure 0441).

Figure 0441 : Permissions button


11. Select Everyone and click Remove button to remove Everyone from the Group
or user names: list (Figure 0442).

Figure 0442 : Remove Everyone

232

12. Click Add button (Figure 0443).

Figure 0443 : Add button


13. Click the Advanced button (Figure 0444).

Figure 0444 : Select Users, Computers, or Groups

14. Click the Find Now button (Figure 0445).

Figure 0445 : Select Users, Computers, or Groups Advanced

233

15. Select Ahmad Akmal account from the list (Figure 0446).

Figure 0446 : Select Users, Computers, or Groups Find Now


16. Click OK (Figure 0446).

17. Click OK (Figure 0447)

Figure 0447 : Select Users, Computers, or Groups User Added

234

18. Tick Allow box for Full Control permission. This will give Ahmad Akmal full
control over the folder User21. So he can read and write to the User21 folder on
the myserver.com server (Figure 0448).

Figure 0448: Folder Permissions For Users


19. Now we add Administrator account to give Administrator permission to manage
the shared folder. Click Add button (Figure 0449).

Figure 0449 : Add button


20. Click the Advanced button (Figure 0450).

Figure 0450 : Select Users, Computers, or Groups

235

21. Click the Find Now button (Figure 0451).

Figure 0451 : Select Users, Computers, or Groups Advanced


22. Select Administrator user account from the list (Figure 0452).

Figure 0452 : Select Users, Computers, or Groups Find Now

236

23. Click OK (Figure 0452).

24. Click OK (Figure 0453)

Figure 0453 : Select Users, Computers, or Groups User Added


25. Tick Allow box for Full Control permission. This will give Administrator full
control over the folder User21. So the Administrator can manage the User21
folder on the myserver.com server (Figure 0454).

Figure 0454 : Folder Permissions For Users

26. Click OK (Figure 0454).

237

27. Click OK for Advanced Sharing window (Figure 0455).

Figure 0455 : Advanced Sharing window

28. Click OK again for User21 Properties window (Figure 0456).

Figure 0456 : User21 Properties window


29. Click Close all remaining windows.

238

Set User Home Directories


30. Launch Active Directory Users and Computers. Click Start Administrative
Tools Active Directory Users and Computers (Figure 0457).

Figure 0457 : Launch Active Directory Users and Computers

31. Expand myserver.com (Figure 0458).

Figure 0458 : Active Directory Users and Computers domain

32. Click the Sted Organization Unit (Figure 0459).

Figure 0459 : Active Directory Users and Computers Sted OU

239

33. Right-click Ahmad Akmal and select Properties (Figure 0460).

Figure 0460 : Active Directory Users and Computers Ahmad Akmal

34. Click Profile tab (Figure 0461).

Figure 0461 : Ahmad Akmal Properties - Profile

240

35. Select drive L: connect to \\Server21\Users\zul.akmal under Home folder section


(Figure 0462).
(Specify the name of your server instead of Server21 as in this example).

Figure 0462: Ahmad Akmal Properties Home Folder


36. Click OK (Figure 0462).
37. Click Sted OU and click Refresh button

38. Close Active Directory Users and Computer window.

39. Log off server.

241

Test User Home Directories


40. On the client computer, press CTRL+ALT+DEL to display the logon dialog box
(Figure 0463).

Figure 0463: Windows XP Welcome Window

41. Log on the Windows XP Professional as zul.akmal and akmal as password


(Figure 0464).

Figure 0464 : Log On To Server Using Client Workstation

242

42. Launch My Computer. Start My Computer (Figure 0465).

Figure 0465 : Launch My Computer

43. There are now one additional drive appears at the bottom (Figure 0466).

Figure 0466 : My Computer

243

44. Double-click the Network Drives to access the zul.akmal folder on the server
(Figure 0467).
The folders are empty.

Figure 0467 : Ahmad Akmal Home Directory

50. Create new text document.


Right-click inside the new windows and select New Text Document (Figure
0468).

Figure 0468 : Create New Text Document

244

45. Rename the file as Test (Figure 0469).

Figure 0469: Computer

46. Log off the client computer.

Checking The Users Home Directories


47. Log on to the server as Administrator (Figure 0470).

Figure 0470 : Administrator Login

245

48. Launch Windows Explorer. Click Start Right-click Computer select Explore
(Figure 0471).

Figure 0471 : Launch Windows Explorer

49. Expand D: drive (Figure 0472).

Figure 0472 : Windows Explorer D: Drive

50. Expand User21 folder (Figure 0473).

Figure 0473 : Windows Explorer User21 Folder

246

51. You can see the folder zul.akmal is automatically created. Click zul.akmal folder
(Figure 0474).

Figure 0474 : Windows Explorer zul.akmal Folder


What are the contents of the zul.akmal folder?
Are there any files on it?
You should see the Test.txt file (created earlier from the client computer) listed in
the zul.akmal home directory.

52. Log off the server.

Summary
Home directories allow users to store their files on the network. This is especially suited
to roaming users.

247

Exercise 14

DISK
QUOTAS

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

248

Exercise 14 : Disk Quotas


In this exercise you will apply disk space restrictions to users.

EXERCISE 14.1
Create Disk Quotas
1.

Log on to the server as Administrator (Figure 0475).

Figure 0475 : Administrator Login


2. Launch Windows Explorer. Click Start Right-click Computer select Explore
(Figure 0476).

Figure 0476 : Launch Windows Explorer

249

3. Right-click D: drive and select Properties (Figure 0477).

Figure 0477 : Windows Explorer D Drive Properties


4. Click the Quota tab (Figure 0478).

Figure 0478 : Quota Tab

250

5. Enable the check box Enable quota management (Figure 0479).

Figure 0479 : Enable quota management

6. Enable the check box Deny disk space to users exceeding quota limit (Figure 0479).

7. Select Limit disk space to option and set to 25 MB (Figure 0480).

8. Set the Set warning level to option to 5 MB (Figure 0480).

Figure 0480 : Limit Disk Space

251

Add Quota Entries


9. Click the Quota Entries button (Figure 0481).

Figure 0481 : Quota Entries button

10. A list of quota entries will be displayed (Figure 0482).

Figure 0482 : Quota Entries

11. On the Menu Bar, click Quota New Quota Entry (Figure 0483).

Figure 0483 : Add New Quota Entry

252

12. Key-in zul.akmal and click Check Names button (Figure 0484).

Figure 0484 : Select Users


13. After button Check Names are clicked, Active Directory will locate all matching
or similar object names for zul.akmal. If there are matching or similar object
names found, the complete name with email will be shown (Figure 0485).

Figure 0485 : Select Users Ahmad Akmal


14. Click OK button to confirm (Figure 0485).

253

15. Set the following parameters for zul.akmal quota entry (Figure 0486).
Select the option Limit disk space to and set the value to 10MB.
Set the value for Set warning level to option to 8MB.

Figure 0486 : Add New Quota Entry


16. Click OK (Figure 0486).

17. Now there is a new quota entries added to the Quota Entries list for zul.akmal
(Figure 0487).

Figure 0487 : Quota Entries For D: Drive

18. Close the Quota Entries window.

254

19. Click OK button to close the Local Disk (D:) Properties window (Figure 0489).

Figure 0489 : Local Disk (D:) Properties window


20. The Disk Quota confirmation message appear, just click OK to enable the quota
system now (Figure 0490).

Figure 0490 : Disk Quota Confirmation Message

255

Test The Quota Setting


21. Log on the client computer as zul.akmal and akmal as password (Figure 0491).

Figure 0491 : Log On To Server Using Client Workstation


22. Launch My Computer. Start My Computer (Figure 0492).

Figure 0492 : Launch My Computer

256

23. View Home Directory capacity. Right-click on L: drive and select Properties
(Figure 0493).

Figure 0493 : My Computer

24. The zul.akmal Home Directory properties appear. Look at the directory capacity,
it only 10 MB. Same as the Disk Quota Entry we set earlier (Figure 0494).

Figure 0494 : Ahmad Akmal Home Directory Properties

257

25. Click OK button to close (Figure 0494).


26. Launch Windows Explorer. Start right-click My Computer Explore (Figure 0495).

Figure 0495 : Launch My Computer


27. Access the C:\WINDOWS\Web\Wallpaper sub-folder (Figure 0496).

Figure 0496 : C:\WINDOWS\Web\Wallpaper sub-folder

258

28. Copy Bliss.bmp file.


Right-click Bliss.bmp file and select Copy (Figure 0497).

Figure 0497 : Copy Bliss.bmp file


29. Paste the Bliss.bmp file into zul.akmal home directory on L: drive.
Right-click L: drive and select Paste (Figure 0498).

Figure 0498 : Paste Bliss.bmp file

259

30. Copy and Paste another file into zul.akmal home directory on L: drive until the
disk quota warning appears (Figure 0499).

Figure 0499 : Disk Quota Warning


Why this happen?

31. Click OK button to close the warning message (Figure 0499).

32. Right-click on L: drive and select Properties (Figure 0500).

Figure 0500 : My Computer

260

33. The zul.akmal Home Directory properties appear. Look at the Used space: size,
you have used almost 10 MB. The home directory almost full (Figure 0501).

Figure 0501 : Ahmad Akmal Home Directory Properties


34. Click OK button to close (Figure 0501).

35. Log off the client computer.

36. Log off the server.

Summary
Disk quotas allow administrators to restrict disk space to users so that disk space can be
effectively managed.

261

Exercise 15

MANAGING
SOFTWARE
APPLICATIONS

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

262

Exercise 15 : Managing Software Applications


In this exercise you will deploy software to a Windows 2008 client computer. You will
deploy WinZip, a file compression program that does not have an associated MSI file.
This means you will need to create a ZAP file in order to publish the application.
In the second part of this exercise you will publish this software to members of the Sklr
OU, and then test the deployment of the software.

EXERCISE 15.1
Establish a Software Distribution Point
To support this exercise, you will need a shared folder on the network that contains the
software applications that will be deployed.
1.

Log on to the server as Administrator (Figure 0502).

Figure 0502 : Administrator Login

263

2. Launch Windows Explorer. Click Start Right-click Computer select Explore


(Figure 0503).

Figure 0503 : Launch Windows Explorer

3. Access D: drive (Figure 0504).


(Make sure your D drive are NTFS formatted. If not, you have to convert or
format it to NTFS)

Figure 0504: Windows Explorer D Drive

4. Create a folder named SoftDistSN (SN represents youre Station Number).


In previous exercise I use number 21 as my Station Number. So in this exercise
my folder named will be SoftDist21.

264

4.1.

Right-click D drive select New Folder (Figure 0505).

Figure 0505 : Windows Explorer Create New Folder

4.2.

Rename the folder as SoftDist21 (Figure 0506).

Figure 0506 : Rename Folder

265

EXERCISE 15.2
Sharing The SoftDist21 Folder
5. Open the SoftDist21 folder properties. Right-click SoftDist21 folder select
Properties (Figure 0507).

Figure 0507: Open The SoftDist21 Folder Properties

6. Click the Sharing tab (Figure 0508).

Figure 0508 : SoftDist21 Folder Properties - Sharing


7. Click Advanced Sharing button (Figure 0509).

Figure 0509 : Advanced Sharing button

266

8. Enable the Share this folder option (Figure 0510).

Figure 0510 : Advanced Sharing

9. Specify the share name as ESoftware (Figure 0511).

Figure 0511 : Advanced Sharing Share name

267

EXERCISE 15.3
Set Sharing Folder Permissions
Set read access to the share folder for the Sklr OU users and Administrator.
10. Click Permissions button (Figure 0512).

Figure 0512 : Permissions button

11. Select Everyone and click Remove button to remove Everyone from the Group
or user names: list (Figure 0513).

Figure 0513: Remove Everyone

12. Click Add button (Figure 0514).

Figure 0514 : Add button

268

13. Click the Advanced button (Figure 0515).

Figure 0515 : Select Users, Computers, or Groups


14. Click the Find Now button (Figure 0516).

Figure 0516 : Select Users, Computers, or Groups Advanced

269

15. First, we add first user of Sklr OU. Select Ain Syahmi account from the list
(Figure 0517).

Figure 0517 : Select Users, Computers, or Groups Find Now


16. Click OK button (Figure 0517).

17. Click OK button (Figure 0518).

Figure 0518 : Select Users, Computers, or Groups User Added

270

18. Tick Allow box for Read permission. This will give Ain Syahmi Read permission
over the folder SoftDist21. So she can read from the SoftDist21 folder on the
myserver.com server (Figure 0519).

Figure 0519 : Folder Permissions For Users


19. Click Apply button(Figure 0519).
20. Now we add second user of Sklr OU. Click Add button (Figure 0520).

Figure 0520 : Add button


21. Click the Advanced button (Figure 0521).

Figure 0521 : Select Users, Computers, or Groups

271

22. Click the Find Now button (Figure 0522).

Figure 0522 : Select Users, Computers, or Groups Advanced


23. Select Aliuddin account from the list (Figure 0523).

Figure 0523 : Select Users, Computers, or Groups Find Now


24. Click OK button (Figure 0523).

272

25. Click OK button (Figure 0524).

Figure 0524 : Select Users, Computers, or Groups User Added

26. Tick Allow box for Read permission. This will give Aliuddin Read permission
over the folder SoftDist21. So she can read from the SoftDist21 folder on the
myserver.com server (Figure 0525).

Figure 0525 : Folder Permissions For Users


27. Click Apply button (Figure 0525).

28. Now we add Administrator account to give Administrator permission to manage


the shared folder. Click Add button (Figure 0526).

Figure 0526 : Add button

273

29. Click the Advanced button (Figure 0527).

Figure 0527 : Select Users, Computers, or Groups

30. Click the Find Now button (Figure 0528).

Figure 0528 : Select Users, Computers, or Groups Advanced

274

31. Select Administrator user account from the list (Figure 0529).

Figure 0529 : Select Users, Computers, or Groups Find Now


32. Click OK button (Figure 0529).

33. Click OK button (Figure 0530)

Figure 0530 : Select Users, Computers, or Groups User Added

275

34. Tick Allow box for Full Control permission. This will give Administrator full
control over the folder SoftDist21. So the Administrator can manage the
SoftDist21 folder on the myserver.com server (Figure 0531).

Figure 0531 : Folder Permissions For Users

35. Click OK (Figure 0531).

36. Click OK button to close Advanced Sharing window (Figure 0532).

Figure 0532 : Advanced Sharing window

276

37. Click Close button to close SoftDist21 Properties window (Figure 0533).

Figure 0533 : SoftDist21Properties window

38. Close all remaining windows.

277

EXERCISE 15.4
Copy Software Application files to the Software Distribution Point
The next step is to copy some software applications to the distribution share.
39. Download file WinRar 3.9.3 from site below:
http://zcomby-server2008.blogspot.com under Downloads section (Softwaretutorial Server 2008) and save to the software distribution share point (or
download it from the internet from http://www.rarlab.com) .

40. Download file Sample.rar from site below:


http://zcomby-server2008.blogspot.com under Downloads section (Softwaretutorial Server 2008) and save to the software distribution share point (or create a
rar file that has a readme.txt file in the achive).

EXERCISE 15.5
Create a ZAP file for the application
To deploy the WinRar application, you will need to create a ZAP file, as no MSI file is
available.
41. Create New text document inside D:\SoftDiskx, and rename the text document
as winrar.zap.
41.1

Launch Notepad. Click Start All Programs Accessories Notepad


(Figure 0534).

Figure 0534: Launch Notepad

278

41.2

Click File Save As (Figure 0535).

Figure 0535: Notepad


41.3

Change the file name to winrar.zap and select All Files for Save as
type: box (Figure 0536).

Figure 0536 : Notepad Save As


41.4

Click Browse Folders button (Figure 0536).

279

41.5

Click Computer double click Local Disk (D:) double click


SoftDist21 folder (Figure 0537).

Figure 0537 : Notepad Save As Browse Folders


41.6

Click Save button to confirm save location (Figure 0537).

42. Key-in the following text into the winrar.zap file (Figure 0538).

Figure 0538: winrar.zap


43. After finish insert the text, save and close the winrar.zap file.

280

EXERCISE 15.6
Publish the Software Application to Users of the Production OU

In this step, you will edit the group policy for the Sklr OU and specify a new
software installation for users.
44. Launch Group Policy Management. Click Start Administrative Tools Group
Policy Management (Figure 0539)

Figure 0539 : Launch Group Policy Management


45. Expand Forest: myserver.com (Figure 0540).

Figure 0540 : Group Policy Management - Forest

281

46. Expand the Domains (Figure 0541).

Figure 0541 : Group Policy Management Domains

47. Expand your domain.com (Figure 0542).

Figure 0542 : Group Policy Management myserver.com


48. Right-click the Sklr OU and select the Create a GPO in this domain, and Link it
here (Figure 0543).

Figure 0543 : Group Policy Management Create new GPO

282

49. Rename the policy as SKLR Group Policy (Figure 0544).

Figure 0544 : Create New GPO

50. Click OK button to continue (Figure 0544).

51. Right-click the SKLR Group Policy and select Edit (Figure 0545).

Figure 0545 : Default Domain Policy - Edit

52. Expand User Configuration (Figure 0546).

Figure 0546 : Group Policy Management Editor User Configuration

283

53. Expand the Policies folder (Figure 0547).

Figure 0547 : Group Policy Management Editor Policies


54. Expand the Software Settings folder (Figure 0548).

Figure 0548 : Group Policy Management Editor Software Settings


55. Right-click Software installation and select New Package (Figure 0549).

Figure 0549 : Software installation New - Package

284

56. Browse the network and locate the winrar.zap file.


56.1

Click the Network (Figure 0550).

Figure 0550 : Network

56.2

Double-click your server icon (Figure 0551).

Figure 0551 : Network Server21

285

56.3

Double-click the ESoftware folder (Figure 0552).

Figure 0552 : Network Server21 - ESoftware

56.4

Click file types drop-down box and select ZAW Down-level application
packages (*.zap) (Figure 0553).

Figure 0553 : Network Server21 ESoftware File types

286

56.5

Select the winrar.zap file and click Open button (Figure 0554).

Figure 0554 : Network Server21 ESoftware winrar.zap

57. Select Published (Figure 0555).

Figure 0555 : Deploy Software

58. Click OK button (Figure 0555).

287

59. Now you can see the Win Rar package are listed under Software installation policy
(Figure 0556).

Figure 0556 : SKLR Group Policy


60. Close all remaining windows.
Update Group Policy
61. Launch the Run application. Click Start Run (Figure 0557).

Figure 0557 : Launch the Run Application

62. Key-in gpupdate in the Open : box (Figure 0558).

Figure 0558 : Run Windows

288

63. Click OK to run the gpupdate (Figure 0559).

Figure 0559 : Updating Policy

64. Log off the server.

289

EXERCISE 15.7
Test the software deployment
In this step, you will log on to the client computer and test to see if the software can be
deployed. In order for the software to install however, the user needs sufficient rights on
the local computer.
65. Log on the client computer (Windows XP Professional) as local Administrator
65.1

Press CTRL+ALT+DEL to display the logon dialog box (Figure 0560).

Figure 0560 : Windows XP Logon

65.2

Key-in User name: as Administrator and select Log on to: CLIENT


(this computer) (Figure 0561).

Figure 0561 : Log on to Windows XP


65.3

Click OK button (Figure 0561).

290

66. Launch Control Panel. Start Control Panel (Figure 0562).

Figure 0562 : Launch Control Panel

67. Click Performance and Maintenance (Figure 0563).

Figure 0563 : Control Panel

291

68. Click Administrative Tools (Figure 0564).

Figure 0564 : Performance and Maintenance

69. Double-click Computer Management icon (Figure 0565).

Figure 0565 : Administrative Tools

292

70. Expand System Tools Local Users and Groups Groups (Figure 0566).

Figure 0566 : Computer Management


71. Double-click Power Users (Figure 0566).
72. Click Add button (Figure 0567).

Figure 0567 : Power Users Properties

293

73. Key-in ain.syahmi in the box and click Check Names button (Figure 0568).

Figure 0568 : Select Users, Computers, or Groups


74. Enter username as ain.syahmi and her password [ain] (Figure 0569).

Figure 0569 : Enter Network Password

294

75. Click OK button (Figure 0570).

Figure 0570 : Select Users, Computers, or Groups


76. Click OK button for the Power User Properties (Figure 0571).

Figure 0571 : Power User Properties

77. Close all the remaining windows.

78. Log off the client computer.

295

79. Log on to the server from client computer as ain.syahmi.


79.1

Press CTRL+ALT+DEL to display the logon dialog box (Figure 0572).

Figure 0572 : Windows XP Logon


79.2

Key-in User name: as ain.syahmi and ain as password. (Figure 0573).

Figure 0573 : Log on to Windows XP


79.3

Select Log on to: MYSERVER (Figure 0573).

79.4

Click OK button (Figure 0573).

296

80. Copy the file sample.rar from Server.


80.1

Launch My Computer. Start My Computer (Figure 0574).

Figure 0574 : Launch My Computer

80.2

Click the My Network Places (Figure 0575).

Figure 0575 : My Computer

297

80.3

Click the Entire Network (Figure 0576).

Figure 0576 : Entire Network Link

80.4

Double-click the Microsoft Windows Network (Figure 0577).

Figure 0577 : Entire Network


80.5

Double-click the Myserver workgroup (Figure 0578).

Figure 0578 : Microsoft Windows Network

298

80.6

Double-click the Server21 and view the available resources (Figure


0579).

Figure 0579 : Myserver Workgroup


80.7

You should see the ESoftware resource listed (Figure 0580).

Figure 0580 : Server21 Resources


80.8

Double-click the ESoftware to view the available resources (Figure


0580).

299

80.9

Copy Sample.rar file. Right-click on Sample.rar file select Copy (Figure


0581).

Figure 0581 : ESoftware on Server21


80.10 Paste on the client PC desktop. Right-click on Desktop Select Paste
(Figure 0582).

Figure 0582 : Windows XP Desktop

300

81. Double-click the sample.rar file. What happened?


WinRar installation wizard appeared. Install the WinRar (Figure 0583).

Figure 0583 : WinRar installation wizard

82. After finish install WinRar, close all remaining windows. And then double-click the
sample.rar file.
The Sample.rar now opened with WinRar program. Now you can read or extract
contents of the Sample.rar file (Figure 0584).

Figure 0584 : Sample.rar opened with WinRar


83. Log off the client computer.

301

EXERCISE 15.8
Installing Application with MSI support
In this exercise you will deploy Microsoft FrontPage 2003.
84. Log on to the server as Administrator (Figure 0585).

Figure 0585 : Administrator Login


85. Launch Windows Explorer. Click Start Right-click Computer select Explore
(Figure 0586).

Figure 0586 : Launch Windows Explorer

302

86. Access D: drive (Figure 0587).

Figure 0587 : Windows Explorer D Drive


87. Access D:\SoftDist21 folder (Figure 0588).

Figure 0588 : Windows Explorer D:\SoftDist21 folder

303

88. Create subfolder called FrontPage.


88.1. Right-click SoftDistx select New Folder (Figure 0589)

Figure 0589 : Windows Explorer Create New Folder


88.2. Rename the folder as FrontPage (Figure 0590).

Figure 0590 : Windows Explorer Rename Folder

304

89. Insert the Microsoft Office 2003 AIO CD and copy all files and folders in the
FrontPage folder to the D:\SoftDistx\FrontPage folder
89.1.

Select the CD drive (Figure 0591).

Figure 0591 : Windows Explorer CD Drive

89.2.

Copy the FRONTPAGE folder. Right-click FRONTPAGE folder Copy


(Figure 0592).

Figure 0592 : Windows Explorer Copy FRONTPAGE Folder

305

89.3.

Expand the SoftDist folder. Right-click the FrontPage folder Paste (Figure
0593).

Figure 0593 : Windows Explorer Paste Folder

89.4.

Click the FrontPage folder to confirm all files are copied (Figure 0594).

Figure 0594 : Windows Explorer FrontPage Contents

306

90. Launch Group Policy Management. Click Start Administrative Tools Group
Policy Management (Figure 0595)

Figure 0595 : Launch Group Policy Management


91. Expand Forest: myserver.com (Figure 0596).

Figure 0596 : Group Policy Management - Forest

307

92. Expand the Domains (Figure 0597).

Figure 0597 : Group Policy Management Domains

93. Expand your domain.com (Figure 0598).

Figure 0598 : Group Policy Management myserver.com


94. Right-click the SKLR Group Policy and select Edit (Figure 0599).

Figure 0599 : Default Domain Policy - Edit

308

95. Expand User Configuration (Figure 0600).

Figure 0600 : Group Policy Management Editor User Configuration


96. Expand the Policies folder (Figure 0601).

Figure 0601 : Group Policy Management Editor Policies


97. Expand the Software Settings folder (Figure 0602).

Figure 0602 : Group Policy Management Editor Software Settings

309

98. Right-click Software installation and select New Package (Figure 0603).

Figure 0603 : Software installation New - Package

99. Browse the network and locate the FP11.msi file.


99.1

Click the Network (Figure 0604).

Figure 0604 : Network

310

99.2

Double-click your server icon (Figure 0605).

Figure 0605 : Network Server21


99.3

Double-click the ESoftware folder (Figure 0606).

Figure 0606 : Network Server21 - ESoftware

311

99.4

Double-click the FrontPage folder (Figure 0607).

Figure 0607: Network Server21 ESoftware FrontPage

99.5

Double-click the FRONTPAGE folder (Figure 0608).

Figure 0608 : Network Server21 ESoftware FrontPage FRONTPAGE

99.6

Select the FP11.msi file and click Open button (Figure 0609).

Figure 0609 : Network Server21 ESoftware FP11.msi

312

100.

Select Advanced (Figure 0610).

Figure 0610 : Deploy Software


101.

Click OK button (Figure 0610).

102.

Click the Deployment tab and select Assigned (Figure 0611).

Figure 0611 : Assigned Software

103.

Click OK button (Figure 0611).

313

104. Now you can see the Microsoft Office FrontPage package are listed under
Software installation policy (Figure 0612).

Figure 0612 : SKLR Group Policy


105.

Close all remaining windows.

Update Group Policy


106.

Launch the Run application. Click Start Run (Figure 0613).

Figure 0613 : Launch the Run Application

107.

Key-in gpupdate in the Open : box (Figure 0614).

Figure 0614 : Run Windows

314

108.

Click OK to run the gpupdate (Figure 0615).

Figure 0615 : Updating Policy

109.

Log off the server.

315

EXERCISE 15.9
Test the software deployment
Now you will test the deployment of FrontPage 2003 by logging onto the client computer
as a member of the Sklr OU.
110.

Log on to the server from client computer as ain.syahmi.


110.1 Press CTRL+ALT+DEL to display the logon dialog box (Figure 0616).

Figure 0616 : Windows XP Logon


110.2 Key-in User name: as ain.syahmi and ain as password. (Figure 0617).

Figure 0617: Log on to Windows XP


110.3 Select Log on to: MYSERVER (Figure 0617).
110.4 Click OK button (Figure 0617).

316

111.

Click Start All Programs Microsoft Office Microsoft Office FrontPage


2003. Note how FrontPage appears on the start menu (Figure 0618).

Figure 0618 : Start Menu - Microsoft Office FrontPage 2003

112.

The installation process will begin. When requested, enter the CD key and click
Next button (Figure 0619).

Figure 0619 : Microsoft Office FrontPage 2003 - Setup

317

113.

Click Next button until reach the Summary windows (Figure 0620).

Figure 0620 : Microsoft Office FrontPage 2003 - Install


114.

Click the Install button (Figure 0620).

115.

Wait until the installations process complete (Figure 0621).

Figure 0621 : Setup Completed


116.

Click Finish button to complete the FrontPage 2003 installation (Figure 0621).

117.

After running FrontPage 2003, log off the client computer.

118.

Log on to the client computer as zul.akmal.

318

119.

Is FrontPage 2003 available on the Start menu? YES NO


Your answer must be NO. Why?
Because zul.akmal is a member of Sted OU not the Sklr OU. We only deployed a
software application to a Sklr OU users.

120.

Log off the client computer.

121.

Log off the server.

Summary
In this exercise you deployed a software application to a group of users. The application
was not supported by Windows Installer so required you to create a ZAP file.
The software application and Zap file were placed on a network share. This software
was then associated with a group policy for the Sklr Organizational Unit. The software
deployment was then tested when a user of the Sklr OU logged onto a client computer.
In installing software on the client computer, the installer needed the required
permissions. In this exercise, the users were made members of the Power Users group
to enable the installation of the software. In actual use, members would be set up with
the required permissions, rather than perhaps being made a member of this group on
the local computer.
Managing the software distribution can simply the administration of the network and
ensure that users only get the applications that have been assigned to them.

319

Exercise 16

VIEWING
EVENTS

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

320

Exercise 16 : Viewing Events


In this exercise you will look at events generated on the server. This is important
because when there is a problem, often the cause is logged by the system. The event
logs are a good source to look for problems in configuration or access.

EXERCISE 16.1
Running Event Viewer

1.

Log on to the server as Administrator (Figure 0622).

Figure 0622 : Administrator Login

321

2. Launch Event Viewer. Click Start Administrative Tools Even Viewer (Figure
0623).

Figure 0623 : Launch Event Viewer


3. Expand Windows Logs System. The Event Viewer windows displays the current
event logs. There are a number of logs available (Figure 0624).

Figure 0624 : Even Viewer windows

322

EXERCISE 16.2
Viewing the Different Log Files

To view events, you need to select a specific log file.


4. Under Windows Logs, click the Security log.
Note the large number of events that are listed in the middle windows (Figure 0625).

Figure 0625 : Even Viewer Security Logs

5. All events have a Source and Task Category. Note these two columns in the
window (Figure 0625).
It is handy to sometimes restrict the events being viewed to just those events that
are of interest.

323

EXERCISE 16.3
Filtering Events

In this exercise you will use the filtering function to display only those events of
interest. Often the event log has hundreds of events listed, so you need the
ability to look for only those events that are relevant to what you are trying to
resolve.
6. On the right window, click the Filter Current Log (Figure 0626).

Figure 0626 : Even Viewer Security Logs


7. Select all Event level: (Figure 0627).

Figure 0627 : Filter Current Log window - Event level

324

8. In Event sources: drop-down menu, select Microsoft Windows security auditing


(Figure 0628).

Figure 0628 : Filter Current Log window - Event sources

9. Set the Task category: to Logon (Figure 0629).

Figure 0629 : Filter Current Log window - Task category

325

10. Click OK button (Figure 0630).

Figure 0630 : Filter Current Log window

11. Note that only Microsoft Windows security auditing events with Logon task
category are now listed (Figure 0631).

Figure 0631 : Even Viewer Security events


12. Double-click the first event to see the event properties (Figure 0631).

326

13. The event properties of the first event appeared. The dialog box gives an indication
of the event [including the event ID, which is helpful when exploring your server as to
possible problems] (Figure 0632).

Figure 0632 : Event Properties

14. Click Close button (Figure 0632).


15. Close the event viewer.
16. Log off the server.

Summary
Windows Server 2008 logs activity to event logs. These events can be viewed with
Event Viewer. Typical events are printing, security, auditing, logon and logoff, as well as
other events generated by application software or other services such as DNS.
Events are helpful in determining problems with configuration or security.

327

Exercise 17

AUDITING

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

328

Exercise 17 : Auditing
In this exercise, you shall look at enabling auditing on selected resources, so that their
usage and access can be monitored. You will use event viewer to view the logged
accesses. Often, if you find that you cannot resolve problems in user access, enabling
auditing and viewing the audit logs with event viewer can help you determine the cause
of the problem.

EXERCISE 17.1
1.

Log on to the server as Administrator (Figure 0633).

Figure 0633 : Administrator Login


2. Launch Group Policy Management. Click Start Administrative Tools Group
Policy Management (Figure 0634).

Figure 0634 : Launch Group Policy Management

329

3. Expand Forest: myserver.com (Figure 0635).

Figure 0635 : Group Policy Management - Forest


4. Expand the Domains (Figure 0636).

Figure 0636 : Group Policy Management Domains

5.

Expand your domain.com (Figure 0637).

Figure 0637 : Group Policy Management myserver.com

330

6. Edit the Default Domain Policy. Right-click Default Domain Policy Edit (Figure
0638).

Figure 0638 : Edit the Default Domain Policy.


7. Expand Computer Configuration (Figure 0639).

Figure 0639 : Expand Computer Configuration.

8. Expand Policies (Figure 0640).

Figure 0640 : Expand Policies.

331

9. Expand Windows Settings (Figure 0641).

Figure 0641 : Expand Windows Settings.


10. Expand Security Settings (Figure 0642).

Figure 0642 : Expand Security Settings.


11. Expand Local Policies (Figure 0643).

Figure 0643 : Expand Local Policies.

332

12. Expand Audit Policy (Figure 0644).

Figure 0644 : Expand Audit Policy.


13. Open Audit logon events properties. Right-click Audit logon events Properties
(Figure 0645).

Figure 0645 : Open Audit logon events properties.


14. Enable the Success and Failure attempts (Figure 0646).

Figure 0646 : Define policy settings.

333

15. Click Apply button (Figure 0646).


16. Click OK button to close (Figure 0646).

17. Enable the following events (Figure 0647):


i.
ii.
iii.
iv.
v.
vi.
vii.

Audit account logon events Success


Audit account management Success
Audit directory service access Success
Audit logon events Success, Failure
Audit object access - Success, Failure
Audit policy change Success
Audit system events - Success

Figure 0647 : Group policy management editor.

18. Close the group policy management editor.


19. Close all remaining windows.

334

Update Group Policy


20. Launch the Run application. Click Start Run (Figure 0648).

Figure 0648 : Launch the Run Application


21. Key-in gpupdate in the Open : box (Figure 0649).

Figure 0649 : Run Windows


22. Click OK to run the gpupdate (Figure 0650).

Figure 0650 : Updating Policy


23. Log off the server.

335

EXERCISE 17.2
Set Auditing at the file object level.
1.

Log on to the server as Administrator (Figure 0651).

Figure 0651 : Administrator Login

2. Launch Windows Explorer. Click Start Right-click Computer select Explore


(Figure 0652).

Figure 0652 : Launch Windows Explorer

336

3. Access D: drive (Figure 0653).

Figure 0653 : Windows Explorer D Drive


4. Right-click D: drive and select Properties (Figure 0654).

Figure 0654 : Windows Explorer Properties

337

5. Select Security tab; and then click the Advanced button (Figure 0655).

Figure 0655 : D: drive properties

338

6. Select Auditing tab (Figure 0656).

Figure 0656 : Advanced Security Settings for Local Disk (D:).


7. Click the Edit button (Figure 0656).
8. Click Add button (Figure 0657).

Figure 0657 : Advanced Security Settings for Local Disk (D:) Auditing tab.

339

9. Key-in zul.zcomby in the box, and click Check Names button (Figure 0658).

Figure 0658 : Select User, Computer, or Group.

10. Click OK button (Figure 0659).

Figure 0659 : Select User, Computer, or Group Check Names.

340

11. Enable the following options (Figure 0660):

List folder read data Successful and Failed


Create files / write data - Successful and Failed

Figure 0660 : Auditing Entry for Local Disk (D:).

12. Click OK button (Figure 0660).

341

13. Click OK button (Figure 0661).

Figure 0661 : Advanced Security Settings for Local Disk (D:) Auditing tab.
14. Click OK button (Figure 0662).

Figure 0662 : Advanced Security Settings for Local Disk (D:)

342

15. Click OK button (Figure 0663).

Figure 0663 : D: drive properties

16. Log off the server.

343

EXERCISE 17.3
Access the resource to generate the audit event.
Now it is time to test the auditing. What you did in the previous exercise was setup a
group policy for domain controllers. You enabled auditing on the server using Local
Security Policy. Next, you enabled auditing on the files and sub-folder D:\tempx. In the
next step you will log on and access this resource, thus generating an audit event.
17. Log on to the server computer as zul.zcomby.
17.1.

Press Ctrl + Alt + Del.

17.2.

Click Switch User button (Figure 0664).

Figure 0664 : Switch User button


17.3.

Click Other User button (Figure 0665).

Figure 0665 : Other User button


17.4.

Enter user as zul.zcomby and password as comby (Figure 0666).

Figure 0666 : Logon to server using user account


17.5.

Press ENTER.

344

18. Launch Notepad. Click Start All Programs Accessories Notepad.


19. Write your name (Figure 0667).

Figure 0667 : Notepad

20. Press Ctrl + S to save the files.

21. Click the Browse Folder button (Figure 0668).

Figure 0668 : Save As - Browse Folder


22. Access the Local Disk (D:). Click Computer double-click Local Disk (D:) (Figure 0669).

Figure 0669 : Save As - Access the Local Disk (D:)

345

23. Double-click the D:\tempx folder (Figure 0670).

Figure 0670 : Save As D:\tempx folder


24. Set the files name as Readme and click the Save button (Figure 0671).

Figure 0671 : Save As Readme.txt

25. Close the Notepad editor.


26. Log off the server.

346

EXERCISE 17.4
View the audit events.
In the last exercise, you accessed the resource and this would have generated an audit
event. These events are stored in the security log and are viewed with event viewer.
27. Log on to the server as Administrator (Figure 0672).

Figure 0672 : Administrator Login


28. Launch Event Viewer. Click Start Administrative Tools Even Viewer (Figure
0673).

Figure 0673 : Launch Event Viewer

347

29. Expand Windows Logs Security. The Event Viewer window displays the current
event logs. There are a number of logs available (Figure 0674).

Figure 0674 : Even Viewer windows


30. On the right window, click the Filter Current Log (Figure 0675).

Figure 0675 : Even Viewer Security Logs

348

31. Now configure the Filter Current Log. Please refer to the following table for
configuration (Figure 0676).
Logged:

Any time

Event level:

Information

Event sources:

Microsoft Windows security auditing.

Task category:

File System

Keywords:

Audit Success

User:

<All Users>

Computer(s):

<All Computer>

Figure 0676 : Filter Current Log window

32. Click OK button (Figure 0676).

349

33. Note that only Microsoft Windows security auditing events with File System task
category are now listed (Figure 0677).

Figure 0677 : Even Viewer Security events


34. Double-click the first event to see the event properties (Figure 0677).
35. The event properties of the first event appeared. The dialog box gives an indication
of the event [including the event ID, which is helpful when exploring your server as to
possible problems] (Figure 0678).

Figure 0678 : Event Properties


36. You will notice from Account Name: section, there are user name zul.zcomby are
login into the server (Figure 0678).

350

37. Drag the right-hand side scroll bar until you see the Process Information: section
(Figure 0679).

Figure 0679 : Event Properties

38. From this section, you can see the process or application zul.zcomby run while he
login to the server.
As you can see, zul.zcomby are launch Notepad application software. Maybe he
writing something or maybe he open a text file (Figure 0679).

39. Click Close button (Figure 0679).

40. Now let find the location of the text file zul.zcomby opened. Double-click the second
event to see the event properties (Figure 0680)

Figure 0680 : Even Viewer Security events

351

41. Scroll until you find the Object: section. As you can see the log reports same as the
first event (Figure 0681).

Figure 0681 : Event Properties


42. Click the Close button (Figure 0681).

43. Now try double-click the third event to see the event properties (Figure 0682).

Figure 0682: Even Viewer Security events

352

44. Scroll until you find the Object: section. Can you find the differences between third
event and the first event?
In the third event there is extra information under Object: section. Object Type: and
Object Name: (Figure 0683).
Object Type: state the type of the object.
Object Name: state the object name.

Figure 0683: Even Viewer Security events


From this event log, you can trace and viewed the security log. You can check what
happened to the server behind the screen or while you were gone. This also can
help you to determine the cause of the problem in user access.
45. Click the Close button (Figure 0683).
46. Close the event viewer.

353

EXERCISE 17.5
Disable Auditing
Auditing places a performance penalty overhead on the computer. In this step, you will
disable auditing.
47. Launch Group Policy Management. Click Start Administrative Tools Group
Policy Management (Figure 0684).

Figure 0684 : Launch Group Policy Management

48. Expand Forest: myserver.com (Figure 0685).

Figure 0685 : Group Policy Management - Forest

354

49. Expand the Domains (Figure 0686).

Figure 0686 : Group Policy Management Domains

50. Expand your domain.com (Figure 0687).

Figure 0687 : Group Policy Management myserver.com

51. Edit the Default Domain Policy. Right-click Default Domain Policy Edit (Figure
0688).

Figure 0688 : Edit the Default Domain Policy.

355

52. Expand Computer Configuration (Figure 0689).

Figure 0689 : Expand Computer Configuration.


53. Expand Policies (Figure 0690).

Figure 0690 : Expand Policies.


54. Expand Windows Settings (Figure 0691).

Figure 0691 : Expand Windows Settings.

356

55. Expand Security Settings (Figure 0692).

Figure 0692 : Expand Security Settings.


56. Expand Local Policies (Figure 0693).

Figure 0693 : Expand Local Policies.

57. Expand Audit Policy (Figure 0694).

Figure 0694 : Expand Audit Policy.

357

Change auditing to No Auditing.


58. Open Audit logon events properties. Right-click Audit logon events Properties
(Figure 0695).

Figure 0695 : Open Audit logon events properties.


59. Disable the Success and Failure attempts; uncheck both boxes (Figure 0696).

Figure 0696 : Define policy settings.


60. Click Apply button (Figure 0696).
61. Click OK button to close (Figure 0696).

358

62. Change auditing to No Auditing the following events (Figure 0697):


i.
ii.
iii.
iv.
v.
vi.
vii.
viii.
ix.

Audit account logon events


Audit account management
Audit directory service access
Audit logon events
Audit object access
Audit policy change
Audit privilege use
Audit process tracking
Audit system events

Figure 0697 : Group policy management editor.

63. Close the group policy management editor.


64. Close all remaining windows.

359

Update Group Policy


65. Launch the Run application. Click Start Run (Figure 0698).

Figure 0698 : Launch the Run Application


66. Key-in gpupdate in the Open : box (Figure 0699).

Figure 0699 : Run Windows

67. Click OK to run the gpupdate (Figure 0700).

Figure 0700 : Updating Policy

360

Remove User From Auditing Entry.


68. Launch Windows Explorer. Click Start Right-click Computer select Explore
(Figure 0701).

Figure 0701 : Launch Windows Explorer


69. Access D: drive (Figure 0702).

Figure 0702 : Windows Explorer D Drive

361

70. Right-click D: drive and select Properties (Figure 0703).

Figure 0703 : Windows Explorer Properties


71. Select Security tab; and then click the Advanced button (Figure 0704).

Figure 0704 : D: drive properties

362

72. Select Auditing tab and select Zul Zcomby (Figure 0705).

Figure 0705 : Advanced Security Settings for Local Disk (D:).


73. Click the Edit button (Figure 0705).

74. Select Zul Zcomby and click Remove button (Figure 0706).

Figure 0706 : Advanced Security Settings for Local Disk (D:) Auditing tab.
75. Click OK button (Figure 0706).

363

76. Click OK button (Figure 0707).

Figure 0707 : Advanced Security Settings for Local Disk (D:)


77. Click OK button (Figure 0708).

Figure 0708 : D: drive properties

364

EXERCISE 17.6
Clear the Security Log Events
In this exercise you will clear all the events in the Security log.
78. Launch Event Viewer. Click Start Administrative Tools Even Viewer (Figure
0709).

Figure 0709 : Launch Event Viewer

365

79. Expand Windows Logs Security. The Event Viewer window displays the current
event logs. There are a number of logs available (Figure 0710).

Figure 0710 : Even Viewer windows

80. Right-click Security log and select Clear Log (Figure 0711).

Figure 0711 : Even Viewer window

366

81. Click Clear button so that the events are not saved (Figure 0712).

Figure 0712 : Even Viewer Clear Log

82. Close Even Viewer.


83. Log off the server.

Summary
Both Directories and Files can be audited. When auditing is enabled, events that are
specified are written to an event log, which can be viewed in Event Viewer.
It is possible to apply a filter when viewing events to be more selective. Applying auditing
creates an overhead penalty on the server, and can fill the event logs quickly.

367

Exercise 18

INSTALLING AND
CONFIGURING
PRINTER

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

368

Exercise 18 : Installing and Configuring Printer


In this exercise, you shall look at creating a local printer on the Server and access that
printer remotely from the client computer. This exercise used an HP Color LaserJet
CP1515n printer, attached to the network.

EXERCISE 18.1
1.

Log on to the server as Administrator (Figure 0713).

Figure 0713 : Administrator Login


2. Open the Control Panel. Click Start Control Panel (Figure 0714).

Figure 0714 : Open Control Panel

369

3. Double-click Printer icon (Figure 0715).

Figure 0715 : Control Panel - Printer

4. Click Add a printer button to run the Add Printer wizard (Figure 0716).

Figure 0716 : Printer Add a printer

370

5. Click Add a local printer (Figure 0717).

Figure 0717 : Add Printer wizard - Add a local printer


6. Select Create a new port. And select Standard TCP/IP Port from the Type of
port: drop down menu (Figure 0718).

Figure 0718 : Add Printer wizard Create new port


7. Click Next button (Figure 0718).

371

8. Now select Device type: as TCP/IP Device and enter your printer IP address in the
Hostname or IP address: box. For this exercise, my printer IP address is
192.168.2.254 (Figure 0719).

Figure 0719 : Add Printer wizard Printer IP address

9. Click Next button (Figure 0719).

10. Wait until the detecting of the TCP/IP port process finish. After finish the detection
process, the windows will automatically move to the next page (Figure 0720).

Figure 0720 : Add Printer wizard TCP/IP port detection process

372

11. Click Next button (Figure 0721).

Figure 0721 : Add Printer wizard Port type

12. Now the Add Printer wizard will try to detect the printer driver. The Add Printer wizard
will automatically move to the next page after the detection process done (Figure
0722).

Figure 0722 : Add Printer wizard Printer driver detection

373

13. In the list of Manufacturer, select HP.


And in the list of Printer, select your printer model.
But if your printer is not listed, consult your printer documentation for compatible
printer driver or just select the nearest model or select the Family or common driver.
In this exercise, my printer is not listed under the printer list. So I will select the
Family Driver of my printer; HP Color LaserJet Family Driver PCL5 (Figure 0723).

Figure 0723 : Add Printer wizard Install printer driver


14. Click Next button (Figure 0723).

15. Enter your printer name. Normally same as printer model. So here I enter my printer
model; HP Color LaserJet CP1515n as printer name (Figure 0724).

Figure 0724 : Add Printer wizard Printer name


16. Click Next button (Figure 0724).

374

17. Enter HPCP1515n as the shared printer name and STKM for the Location field
(Figure 0725).

Figure 0725 : Add Printer wizard Printer sharing


18. Click Next button (Figure 0725).

19. Click Finish button to complete the adding printer process (Figure 0726).

Figure 0726 : Add Printer wizard Finish

375

EXERCISE 18.2
Assign a Print Manager For The Printer
In this exercise, you will assign a user to manage the printer. This printer manager will
be able to delete jobs and perform other administrative tasks.
20. Right-click the installed printer and select Sharing (Figure 0727).

Figure 0727 : Printer Sharing

21. You will see that Windows Server 2008 has already shared the printer on the
network, but the printer not listed in the Active Directory. To list the printer in the
Active Directory, tick the List in the directory option (Figure 0728).

Figure 0728 : Printer Properties Sharing tab

376

22. Click the Security tab (Figure 0728).

23. The current security setting for the printer is similar to the Figure 0729.
You will note that everyone (all users) has print access, whilst Administrators have
all rights.
Print Operators also have all rights.

Figure 0729 : Printer Properties Security tab


24. Click the Add button (Figure 0729).

377

25. Click Advanced button (Figure 0730).

Figure 0730 : Add Users, Computers, or Groups wizard


26. Click Find Now button (Figure 0731).

Figure 0731 : Add Users, Computers, or Groups wizard - Advanced

378

27. Select Ocah Blue from the list and click OK button (Figure 0732).

Figure 0732 : Add Users, Computers, or Groups wizard Find Now


28. Click OK button (Figure 0733).

Figure 0733 : Add Users, Computers, or Groups wizard

379

29. Give Ocah Blue full rights to this printer. This effectively makes her a manager for
this printer (Figure 0734).

Figure 0734 : Printer Properties


30. After setting the rights as indicated, click OK button (Figure 0734).

31. Close the Printers window.

380

EXERCISE 18.3
Locating Printers using Active Directory
In this exercise, you will use Active Directory to locate printers.
32. Launch Active Directory Users and Computers. Click Start Administrative Tools
Active Directory Users and Computers (Figure 0735).

Figure 0735 : Launch Active Directory Users and Computers


33. From the Menu bar, click Action Find (Figure 0736).

Figure 0736 : Active Directory Users and Computers


34. Choose Printers in the Find: list, and enter STKM in the Location: field (Figure 0737).

Figure 0737 : Find Printer wizard

381

35. Click the Find Now button (Figure 0737).

36. The search results will display all the printers installed and listed in your Active
Directory. In the previous exercise, you have installed one printer and set the printer
to be listed in the Active Directory. So the search results display only one printer
founded (Figure 0738).

Figure 0738 : Find Printer wizard Search results

37. Close the Find Printers wizard (Figure 0738).

38. Close the Active Directory Users and Computers.

39. Log off the server.

382

EXERCISE 18.4
Accessing The Printer From The Client Computer
In this exercise, you will log on to the client computer and set up access to the shared
printer on the server.
40. Log on to the client computer as ocah.blue (Figure 0739).

Figure 0739 : Log On To Server Using Client Workstation


41. Open Printers and Faxes. Click Start Printers and Faxes (Figure 0740).

Figure 0740 : Open Printers and Faxes

383

42. Click the Add a printer icon to run the Add Printer Wizard (Figure 0741).

Figure 0741: Printers and Faxes

43. Click Next button (Figure 0742).

Figure 0742 : Add Printer Wizard

384

44. Select A network printer, or to another computer and click Next button
(Figure 0743).

Figure 0743 : Add Printer Wizard Type of printer


45. Select Find a printer in the directory and click Next button (Figure 0744).
This option makes finding a printer easier as you do not need to know the name of
the server on which the printer is located.

Figure 0744 : Add Printer Wizard Specify a Printer

385

46. Enter STKM in the Location: field and click Find Now button (Figure 0745).

Figure 0745 : Find Printer wizard


47. Select your printer from the search results list and click OK button (Figure 0746).

Figure 0746 : Find Printer wizard - Search results

386

48. Click Finish button (Figure 0747).

Figure 0747: Add Printer Wizard - Finish

387

EXERCISE 18.5
Printing a File
In this exercise, you will print a page to the printer.
49. Right-click the printer icon and select Properties (Figure 0748).

Figure 0748 : Printers and Faxes

50. Click the Print Test Page button (Figure 0749).

Figure 0749 : Printer Properties

388

51. Click OK button (Figure 0750).

Figure 0750 : Print Test Page

52. Click OK button (Figure 0751).

Figure 0751 : Printer Properties

389

EXERCISE 18.6
Managing The Printer
In this exercise, you will manage the printer by deleting all print jobs, and then pausing
the printer.
53. Make the printer ERROR (open the printer tonner compartment door).
54. Launch Notepad. Click Start All Programs Accessories Notepad (Figure 0752).

Figure 0752 : Launch Notepad

390

55. Key-in your name in the Notepad text editor (Figure 0753).

Figure 0753 : Notepad text editor


56. Print the file. Click File Print (Figure 0754).

Figure 0754 : Notepad File Print


57. Select your printer and click Print button (Figure 0755).

Figure 0755 : Notepad - Print

391

58. Open Printers and Faxes. Click Start Printers and Faxes (Figure 0756).

Figure 0756 : Open Printers and Faxes

59. Right-click the printer icon and select Pause Printing (Figure 0757).

Figure 0757 : Printers and Faxes Pause Printing

392

60. Right-click the printer icon and select Cancel All Documents (Figure 0758).

Figure 0758 : Printers and Faxes Cancel All Documents

61. Click Yes button to confirm (Figure 0759).

Figure 0759 : Cancel Printing Confirmation

62. Log off the client computer.

393

63. Log on to the client computer as zul.akmal with akmal as his password (Figure
0760).

Figure 0760 : Notepad


64. Open Printers and Faxes. Click Start Printers and Faxes (Figure 0761).

Figure 0761 : Open Printers and Faxes

394

65. Click the Add a printer icon to run the Add Printer Wizard (Figure 0762).

Figure 0762 : Printers and Faxes

66. Click Next button (Figure 0763).

Figure 0763 : Add Printer Wizard

395

67. Select A network printer, or to another computer and click Next button
(Figure 0764).

Figure 0764 : Add Printer Wizard Type of printer


68. Select Find a printer in the directory and click Next button (Figure 0765).
This option makes finding a printer easier as you do not need to know the name of
the server on which the printer is located.

Figure 0765 : Add Printer Wizard Specify a Printer

396

69. Enter STKM in the Location: field and click Find Now button (Figure 0766).

Figure 0766 : Find Printer wizard


70. Select your printer from the search results list and click OK button (Figure 0767).

Figure 0767 : Find Printer wizard - Search results

397

71. Click Finish button (Figure 0768).

Figure 0768 : Add Printer Wizard - Finish


72. Right-click the printer icon and select Resume Printing (Figure 0769).

Figure 0769 : Printers and Faxes Resume Printing

398

73. What was the message displayed? (Figure 0770).

Figure 0770 : Printers and Faxes Access denied

74. Why do you think this happened?


Because in the previous exercise, you give Ocah Blue full rights to this printer. This
effectively makes her a manager for this printer. Whilst other users (everyone) only
has print access.

75. Log off the client computer.

Summary
In this exercise you established a network printer and connected to it using a client
computer. A print manager responsible for the printer was established and you
tested the printer and management functions. You also learnt to locate a printer
using the search function of active directory.

399

Exercise 19

OTHER
ADMINISTRATIVE
TOOLS

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

400

Exercise 19 : Other Administrative Tools


In this exercise you will look at other administrative tools.
Backup
Restore
Disk Management Chkdsk and Defrag
Safe Mode
Directory Service Repair Mode

Backup
In this exercise you will use the Backup utility provided with Windows Server 2008 to
perform a selective backup of files.
EXERCISE 19.1
Installing Windows Server Backup.
1.

Log on to the server as Administrator (Figure 0771).

Figure 0771 : Administrator Login

401

2. Launch the Server Manager. Click Start Administrative Tools Server Manager
(Figure 0772).

Figure 0772 : Launch Server Manager.


3. Click Features Add Features (Figure 0773).

Figure 0773 : Server Manager - Add Features

402

4. Select Windows Server Backup Features (Figure 0774).

Figure 0774 : Add Features Wizard - Select Features


5. Click Next button (Figure 0774).

6. Click Install button (Figure 0775).

Figure 0775 : Add Features Wizard - Install

403

7. After finish installation of Windows Server Backup, the Add Features Wizard
show the installation results. Make sure the result is success, if not you have to
reinstall the features.
Click Close button to continue (Figure 0776).

Figure 0776 : Add Features Wizard - Installation Results

8. Close all the remaining windows

404

EXERCISE 19.2
Full Server Backup
9. Launch the Windows Server Backup. Click Start Administrative Tools Windows
Server Backup (Figure 0777).

Figure 0777 : Launch the Windows Server Backup.


10. Click Backup Once (Figure 0778).

Figure 0778 : Windows Server Backup

405

11. Select Different options and click Next button (Figure 0779).

Figure 0779 : Backup Once Wizard

12. Select Full server (recommended) option and click Next button (Figure 0780).

Figure 0780 : Backup Once Wizard Backup configuration

406

13. Select Local drives option and click Next butoon (Figure 0781).

Figure 0781 : Backup Once Wizard Type of storage

14. Select drive D as your backup destination, but make sure the drive is NTFS
formatted (Figure 0782).

Figure 0782 : Backup Once Wizard Backup destination

15. Click Next button (Figure 0782).

407

16. Select VSS full backup option and click Next button (Figure 0783).

Figure 0783 : Backup Once Wizard Advanced option

17. Check you backup configuration, make sure the backup items and the backup
destination are correct. Click Backup button to start backup (Figure 0784).

Figure 0784 : Backup Once Wizard Confirmation

408

18. After all files have been archived, the Backup Wizard displays a completion
summary. Click Close button to close the Backup Wizard (Figure 0785).

Figure 0785 : Backup Once Wizard Backup progress

19. Close the Windows Server Backup window (Figure 0786).

Figure 0786 : Windows Server Backup window

409

EXERCISE 19.3
Restore Files and Folders
In this exercise you will use the Backup utility provided with Windows Server 2008 to
perform a restore of files and folder.
20. Launch the Windows Server Backup. Click Start Administrative Tools Windows
Server Backup (Figure 0787).

Figure 0787 : Launch the Windows Server Backup.


21. Click Recover (Figure 0788).

Figure 0788 : Windows Server Backup

410

22. Select This server option and click Next button (Figure 0789).

Figure 0789 : Recovery Wizard

23. The Recovery Wizard will show the entire available backup. Backups are
available for dates shown in bold. Select the date of a backup to use for
recovery. Select the latest backup available (Figure 0790).

Figure 0790 : Recovery Wizard Select backup date

24. Click Next button (Figure 0790).

411

25. Select Files and folders option to restore files and folders. This option only can
restore selected files and folder (Figure 0791).
If you want to restore the entire volume, select Volumes option.

Figure 0791 : Recovery Wizard Select recovery type


26. Click Next button (Figure 0791).

27. Browse the folders tree to find the files or folders that you want to recover. Click
an item to select it for recovery.
Let try recover Common Files folder. Select Common Files folder and click Next
button (Figure 0792).

Figure 0792 : Recovery Wizard Select items to recover

412

28. Select Original location for the Recovery destination option and select
Overwrite existing files with recovered files for the When this wizard finds
files and folders in the recovery destination option (Figure 0793).

Figure 0793 : Recovery Wizard Specify recovery options


29. Click Next button (Figure 0793).

30. Click Recover button to start your recovery (Figure 0794).

Figure 0794 : Recovery Wizard Confirmation

413

31. After all files have been restored, the Recovery Wizard displays a completion
summary. Click Close button to close the Recovery Wizard (Figure 0795).

Figure 0795 : Recovery Wizard Finish

32. Close the Windows Server Backup window (Figure 0796).

Figure 0796 : Windows Server Backup

414

EXERCISE 19.4
Restore Volume
In this exercise you will perform a restore an entire volume (all data stored on C: drive).

33. Insert the Windows Server 2008 DVD into your DVD drive.
34. Restart your Server. Click Start Restart (Figure 0797).

Figure 0797 : Restart Server.

415

35. Select Hardware: Maintenance (Planned) and click OK button (Figure 0798).

Figure 0798 : Shutdown Event Tracker

36. Boot your PC using Windows Server 2008 DVD.


37. Language and Keyboard Options. Select your language and keyboard; and
click Next button to continue (Figure 0799).

Figure 0799 : Language and Keyboard Options

416

38. Windows Server 2008 Setup


You are presented with options to Install, brief information about Server 2008 or
repair (Figure 0800).
Click Repair your computer to start System Recovery Wizard on this computer.
(Figure 07).

Figure 0800 : Windows Server 2008 Setup

39. Select an operating system to repair and click Next button (Figure 0801).

Figure 0801 : System Recovery Options

417

40. Click Windows Complete PC Restore option to restore entire server from a
backup image (Figure 0802).

Figure 0802 : System Recovery Options Choose a recovery tool


41. Select Use the latest available backup (recommended) option and click the
Next button (Figure 0803).

Figure 0803 : Windows Complete PC Restore wizard

418

42. Click the Next button (Figure 0804).

Figure 0804 : Windows Complete PC Restore wizard restore options


43. Click the Finish button to start restore (Figure 0805).

Figure 0805 : Windows Complete PC Restore wizard Start restore


44. Tick the I confirm that restore the backup option and click the OK
button (Figure 0806).

Figure 0806 : Windows Complete PC Restore wizard Confirm to restore

419

45. At this point, take a break. The restoring process will continue on its own. This
will take several minutes (Figure 0807).

Figure 0807 : Windows Complete PC Restore wizard Restoring process

46. Windows will automatically reboot your system after the restoring process
complete. Press CTRL + ALT + DELETE to log on to your server (Figure 0808).

Figure 0808 : Windows log on

420

47. Log on to the server as Administrator (Figure 0809).

Figure 0809 : Administrator Login

48. Log off the server.

Congratulation! You have finish restore the Windows Server 2008

421

COMPUTER MANAGEMENT
This is an administrative tool that allows you view the physical drives, file systems,
partitions, and logical drives on the computer. This tool can also be used to check the file
systems and defragment.
EXERCISE 19.5
In this exercise you will use Computer Management to check the file system. If files are
currently in use, Windows Server 2008 is unable to check the state of the file system,
and will flag the file system for checking on the next reboot.

1. Log on to the server as Administrator (Figure 0810).

Figure 0810 : Administrator Login

422

2. Launch Computer Management. Click Start Administrative Tools


Computer Management (Figure 0811).

Figure 0811 : Launch Computer Management


3. Expand the Storage folder and select the Disk Management (Figure 0812).

Figure 0812 : Computer Management window

423

4. Right click C: drive and select Properties (Figure 0813).

Figure 0813 : Computer Management Disk Management


5. From the Properties window, click the Tools tab (Figure 0814).
This tab displays options for you to check the file system, defragment the drive or
backup files.

Figure 0814 : Local Disk (C:) Properties

424

6. Click the Check Now button to check the drive for errors (Figure 0814).

7. Tick the option Automatically fix file system errors and click Start button
(Figure 0815).

Figure 0815 : Check Disk Local Disk (C:)

8. If C: drive is not in use, check disk will now scan the drive for errors. If the drive is
in use, you will be presented with the option to schedule the disk check when the
computer is restarted.
Click Schedule disk check to continue (Figure 0816).

Figure 0816 : Schedule disk check option

425

9. Use the same procedure to scan D: drive.


Right click D: drive and select Properties (Figure 0817).

Figure 0817 : Computer Management Disk Management


10. From the Properties window, click the Tools tab. Then click the Check Now
button to check the drive for errors (Figure 0818).

Figure 0818 : Local Disk (D:) Properties

426

11. Tick the option Automatically fix file system errors and click Start button
(Figure 0819).

Figure 0819 : Check Disk Local Disk (D:)

12. If D: drive is not in use, check disk will now scan the drive for errors. If the drive is
in use, you will be presented with the option to schedule the disk check when the
computer is restarted.
Click Schedule disk check to continue (Figure 0820).

Figure 0820 : Schedule disk check option

427

13. Restart your Server. Click Start Restart (Figure 0821).

Figure 0821 : Restart Server

428

14. Select Hardware: Maintenance (Planned) and click OK button (Figure 0822).

Figure 0822 : Shutdown Event Tracker

You will be able to observe the process of checking the file system occurring
once the computer restarts (Figure 0823).

Figure 0823 : File system checking process


Once this process has finish, the computer will restart and load Windows Server
2008.
The file system should be checked on a regular basis for integrity by running
Check disk. Unfortunately, this process often requires restarting the server.
15. Close all remaining windows.
16. Log off the server.

429

DEFRAGMENTING THE FILE SYSTEM


Over a period of time, portions of files can become scattered over the surface of the disk
and this makes accessing files slower. The process of defragmenting a disk involves
moving the portions of each file back together so they are all next to each other.
EXERCISE 19.6
In this exercise you will use Computer Management to defragment the current drive.

1. Log on to the server as Administrator (Figure 0824).

Figure 0824 : Administrator Login

430

2. Launch Computer Management. Click Start Administrative Tools


Computer Management (Figure 0825).

Figure 0825 : Launch Computer Management


3. Expand the Storage folder and select the Disk Management (Figure 0826).

Figure 0826 : Computer Management window

431

4. Right click C: drive and select Properties (Figure 0827).

Figure 0827 : Computer Management Disk Management


5. From the Properties window, click the Tools tab (Figure 0828).
This tab displays options for you to check the file system, defragment the drive or
backup files.

Figure 0828 : Local Disk (C:) Properties

432

6. Click Defragment Now button (Figure 0828).


7. Click Defragment now button (Figure 0829).

Figure 0829 : Disk Defragmenter window

8. Select all disks for defragment and click OK button (Figure 0830).

Figure 0830 : Disk Defragmenter : Defragment Now

433

9. After the drive has been defragmented, click the Close button to close the Disk
Defragmenter window (Figure 0831).

Figure 0831 : Disk Defragmenter window

Defragmenting the file system should occur on a regular basis to ensure files can
be accessed and loaded quickly. Files in use cannot be defragmented, so
administrators should schedule this to occur during periods of inactivity. A heavily
fragmented file system is often the cause of poor performance.

434

SAFE MODE
Safe mode provides a means of recovering from loading device drivers that do not work
properly. For instance, an administrator might install a new graphics card, and rather
than let Windows Server 2008 install the appropriate drivers, may select an alternative
driver. This can result in a system that results in an unreadable screen display. To
recover from such a possibility, Windows Server 2008 provides Safe mode.

EXERCISE 19.7
In this exercise you will restart the computer in Safe Mode. This is a special mode only
available when the computer is restarted and you press F8 before the computer starts
loading Windows Server 2008.

1. Log on to the server as Administrator (Figure 0832).

Figure 0832 : Administrator Login

435

2. Restart your Server. Click Start Restart (Figure 0833).

Figure 0833 : Restart Server

436

3. Select Operating System: Reconfiguration (Planned) and click OK button


(Figure 0834).

Figure 0834 : Shutdown Event Tracker

4. When the computer restarts, repeatedly press the F8 key while it displays the
boot sequence at the bottom of the screen. You need to press F8 key before the
Windows logo appears. If the Windows logo appears, you will need to try again
(Figure 0835).

Figure 0835 : Boot Screen

437

5. Select the Safe Mode option and press Enter (Figure 0836).

Figure 0836 : Advanced Boot Options

6. Log on to the server as Administrator (Figure 0837).

Figure 0837 : Administrator Login

438

7. When your computer in safe mode, youll see the word Safe Mode in the corners
of the display (Figure 0838).

Figure 0838 : Safe Mode

439

8. After the computer has started in safe mode, shut the computer down. Click Start
Shut Down (Figure 0839).

Figure 0839 : Shut Down Server

440

ACTIVE DIRECTORY SERVICE REPAIR MODE


The active directory database is stored in the file ntds.dit in the folder NTDS. As changes
occur to Active Directory over time, the database file becomes fragmented. An
administrator should perform a backup of the Active Directory database file.
In this exercise you will boot the computer using a startup option by pressing F8 at
startup. This will allow you to enter a mode where you can repair the Active Directory
files, or back-up and restore Active Directory.
9. Switch ON your server and repeatedly press the F8 key while it displays the boot
sequence at the bottom of the screen. You need to press F8 key before the
Windows logo appears. If the Windows logo appears, you will need to try again
(Figure 0840).

Figure 0840 : Boot Screen

441

10. Select the Directory Services Restore Mode option and press Enter (Figure 0841).

Figure 0841 : Advanced Boot Options

11. Press CTRL + ALT + DELETE and log on to the server as Administrator with
Active Directory password you set in the earlier exercise - @xercisE (Figure
0842).

Figure 0842 : Administrator Login

442

Backup Active Directory Service


EXERCISE 19.8
In this exercise you will back-up Active Directory.
12. Launch the Run application. Click Start Run (Figure 0843).

Figure 0843 : Launch the Run Application

13. Key-in cmd in the Open : box and click the OK button to launch the Command
Prompt application (Figure 0844).

Figure 0844 : Run Windows


14. Access the C:\Windows\ntds folder
Type the following command in command prompt:
14.1. cd\ and press Enter (Figure 0845).

Figure 0845 : Command Prompt cd\

443

14.2. cd c:\windows\ntds and press Enter (Figure 0846).

Figure 0846 : Command Prompt cd c:\windows\ntds

14.3. dir/w and press Enter (Figure 0847).

Figure 0847 : Command Prompt dir/w

444

15. Backup the Active Directory Service database by copying the ntds.dit file to a
new file named ntdsbackup.dit
Key-in the following command to back-up the ntds.dit file:
copy ntds.dit ntdsbackup.dit
and press Enter (Figure 0848).

Figure 0848 : Command Prompt copy file

16. Reconfirm the backup file is successfully created by typing the following
command:
dir/w and press Enter (Figure 0849).

Figure 0849 : Command Prompt display directory contents

445

Create The Active Directory Service Error


EXERCISE 19.9
In this exercise you will create Active Directory error by deleting the Active Directory
Service database file.
17. Delete the ntds.dit file by execute the following command:
del ntds.dit
and press Enter (Figure 0850).

Figure 0850 : Command Prompt delete file

18. Restart your Server. Click Start Restart (Figure 0851).

Figure 0851 : Restart Server

446

19. Select Operating System: Reconfiguration (Planned) and click OK button


(Figure 0852).

Figure 0852 : Shutdown Event Tracker

Could you log on to the server?


Why this happened?
This problem happened normally because the server cannot find the Active
Directory Service database file or maybe the Active Directory Service database
file is corrupted. In the earlier exercise you have deleted the Active Directory
database file (ntds.dit) to create this problem.
20. Press CTRL + ALT + DELETE to restart your server.

447

21. When the computer restarts, repeatedly press the F8 key while it displays the
boot sequence at the bottom of the screen. You need to press F8 key before the
Windows logo appears. If the Windows logo appears, you will need to try again
(Figure 0853).

Figure 0853 : Boot Screen

22. Select the Directory Services Restore Mode option and press Enter (Figure 0854).

Figure 0854 : Advanced Boot Options

448

Restore Active Directory Service


EXERCISE 19.10
In this exercise you will restore Active Directory.
23. Press CTRL + ALT + DELETE and log on to the server as Administrator with
Active Directory password you set in the earlier exercise - @xercisE (Figure
0855).

Figure 0855 : Administrator Login

24. Launch the Run application. Click Start Run (Figure 0856).

Figure 0856 : Launch the Run Application

449

25. Key-in cmd in the Open : box and click the OK button to launch the Command
Prompt application (Figure 0857).

Figure 0857 : Run Windows

26. Access the C:\Windows\ntds folder


Type the following command in command prompt:
26.1. cd\ and press Enter (Figure 0858).

Figure 0858 : Command Prompt cd\

26.2. cd c:\windows\ntds and press Enter (Figure 0859).

Figure 0859 : Command Prompt cd c:\windows\ntds

450

26.3. dir/w and press Enter (Figure 0860).

Figure 0860 : Command Prompt dir/w

27. Restore the Active Directory Service by copying the ntdsbackup.dit file to
ntds.dit file
Key-in the following command to restore the ntds.dit file:
copy ntdsbackup.dit ntds.dit
and press Enter (Figure 0861).

Figure 0861 : Command Prompt copy file

451

28. Reconfirm the file is successfully restore by typing the following command:
dir/w and press Enter (Figure 0862).

Figure 0862 : Command Prompt display directory contents

29. Restart your Server. Click Start Restart (Figure 0863).

Figure 0863 : Restart Server

452

30. Select Operating System: Reconfiguration (Planned) and click OK button


(Figure 0864).

Figure 0864 : Shutdown Event Tracker

What happen? Could you log on to the server?

31. Log off the server.

Summary
In this exercise you learn how to make a backup copy of the Active Directory
database by copying it to another file. You also learn how to recover and restore
the Active Directory database.

453

Exercise 20

INSTALLING AND
CONFIGURING
DHCP SERVER

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

454

Exercise 20 : Installing And Configuring DHCP Server


"Dynamic Host Configuration Protocol (DHCP) is an IP standard designed to reduce the
complexity of administering IP address configurations." - Microsoft's definition.
A DHCP server would be set up with the appropriate settings for a given network. Such
settings would include a set of fundamental parameters such as the gateway, DNS,
subnet masks, and a range of IP addresses. Using DHCP on a network means
administrators don't need to configure these settings individually for each client on the
network. The DHCP would automatically distribute them to the clients itself.
In this exercise you will set DHCP server and deploy DHCP to a Windows Server 2008
client computer. You will configure DHCP service and limit it to 3 hosts.

EXERCISE 20.1
Installing DHCP Service.
This will serve as a step-by-step guide on how to setup a DHCP server.
1.

Log on to the server as Administrator (Figure 0865).

Figure 0865 : Administrator Login

455

2. Launch the Server Manager. Click Start Administrative Tools Server Manager
(Figure 0866).

Figure 0866 : Launch Server Manager.

3. In Server Manager, select Roles (Figure 0867).

Figure 0867 : Server Manager - Roles

456

4. Select Add Roles (Figure 0868).

Figure 0868 : Add Roles

5. On the Before You Begin page, review the requirements, and click the Next
(Figure 0869).

Figure 0869 : Add Roles Before You Begin

457

6. On the Select Server Roles page, select the check box next to DHCP Server,
and click the Next button (Figure 0870).

Figure 0870 : Server Roles DHCP Server


7. On the DHCP Server page, review the information, and click the Next button
(Figure 0871).

Figure 0871 : DHCP Server page

458

8. On the Network Connection Binding page, select your server IP address and
click the Next button (Figure 0872).

Figure 0872 : Select Network Connection Binding page

9. On the IPv4 DNS Server Settings page, review the information. Make sure all the
information is correct. Click the Next button to continue (Figure 0873).

Figure 0873 : Select IPv4 DNS Server Settings page

459

10. Select WINS is required for applications on this network option, and enter
your server IP address in the Preferred WINS Server IP Address box. Click the
Next button to continue (Figure 0874).

Figure 0874 : Specify IPv4 WINS Server Settings page

11. Create DHCP Scopes. Just click the Next button, we will create the DHCP
scopes later (Figure 0875).

Figure 0875 : Add or Edit DHCP Scopes page

460

12. In this exercise you only use IPv4, so select Disable DHCPv6 stateless mode
for this server option and click the Next button to continue (Figure 0876).

Figure 0876 : Configure DHCPv6 Stateless Mode page

13. Select the Use current credentials option and click the Next button (Figure 0877).
This option specifies the credentials of the current user will be used to authorize
the DHCP server in AD DS.

Figure 0877 : Authorize DHCP Server

461

14. On the Confirm Installation Selections page, click Install button (Figure 0878).

Figure 0878 : Confirm Installation Selections

Please wait. This operation will take a few minutes.

Figure 0879 : Installation Progress

462

15. On the Installation Result page, review the information.


Click Close to continue (Figure 0880).

Figure 0880 : Installation Result

16. Close the Server Manager.

463

EXERCISE 20.2
Creating a Range of Address: DHCP Scopes.
In this exercise you will specify range of IP address
17. Launch the DHCP manager. Click Start Administrative Tools (Figure 0881).

Figure 0881 : Launch the DHCP manager

18. Double-click on the server icon to expand the domain (Figure 0882).

Figure 0882 : DHCP manager

464

19. Click the IPv4 server icon (Figure 0883).

Figure 0883 : DHCP manager - IPv4

20. On the Action menu, click New Scope to start New Scope wizard (Figure 0884).

Figure 0884 : DHCP manager - New Scope

465

21. New Scope Wizard window. Click the Next button to continue (Figure 0885).

Figure 0885 : New Scope Wizard

22. Scope Name.


Enter DHCP 1 3 as the Name of the scope and DHCP range for 3 host as the
Description (Figure 0886).

Figure 0886 : New Scope Wizard Scope Name


23. Click the Next button to continue (Figure 0886).

466

24. Specifying IP Address Range.


Now you will configure DHCP service and limit it to 3 hosts.
Define the scope address range as following (Figure 0887):
Start IP address
End IP address

: 192.168.2. Server Number


: 192.168.2. Server Number + 2

Figure 0887 : New Scope Wizard IP Address Range


25. Configure the Length and Subnet mask as the following (Figure 0887):
Length
: 24
Subnet mask : 255.255.255.0

You can specify the subnet mask by length or as an IP address.


A subnet mask defines how many bits of an IP address to use for the
network/subnet IDs and how many bits to use for the host ID.
In this exercise we use class C default subnet (255.255.255.0), which is equal to
24 bit length. You can learn more about this under IP address Subnetting topic.

26. Click the Next button to continue (Figure 0887).

467

27. IP Address Exclusions.


IP Address Exclusions are addresses or a range of addresses that are not
distributed by the DHCP server.
In your DHCP IP address range, you set a range for 3 hosts. If you notice, the
first IP address is your server IP address.
If you not exclude your server IP address, the DHCP server will distribute all the
IP address in the range including your server IP address. Later you will faces
with the IP conflict problem. To prevent this, you have to exclude your server IP
address.
To exclude a single address, type an address in Start IP address only.
So, enter your server IP address at the Start IP address: box to exclude it IP
from distributed by the DHCP server and click the Add button (Figure 0888).

Figure 0888 : New Scope Wizard IP Address Exclusions

468

28. Click the Next button to continue (Figure 0889).

Figure 0889 : New Scope Wizard IP Address Exclusions


29. Lease Duration.
The lease duration specifies how long a client can use an IP address from scope.
Lease durations should typically be equal to the average time the computer is
connected to the same physical network.
Let set the lease duration to 8 hours this equal to 8 hour working time per day.
Click the Next button to continue (Figure 0890).

Figure 0890 : New Scope Wizard Lease Durations

469

30. DHCP Options.


DHCP can provide default values for a whole host of TCP/IP parameters,
including these basic items:o
o
o
o

Default Gateway
Domain Name
DNS Server
WINS Server

Select Yes, I want to configure these options now and click the Next button to
start configure the DHCP options (Figure 0891).

Figure 0891 : New Scope Wizard Configure DHCP Options

470

31. Router (Default Gateway)


In the previous exercise I use another server as the router (192.168.2.25). You
can use the same router or you can use your server router or another router to
be distributed by this scope.
I will use the same router for this scope in this exercise (192.168.2.25).
To add an IP address for a router used by client, enter the address in the IP
address: box and click the Add button (Figure 0892).

Figure 0892 : New Scope Wizard Router (Default Gateway)


32. Click the Next button to continue (Figure 0893).

Figure 0893 : New Scope Wizard Add Router (Default Gateway)

471

33. Domain Name and DNS Servers.


33.1. Set the Parent domain: same as your domain name. In this exercise, my
domain name is myserver.com (Figure 0894).
33.2. Set the Server name: same as your DNS server name (myserver.com) and
click the Resolve button to resolve the DNS server IP address (Figure
0894).

Figure 0894 : New Scope Wizard Parent domain and Server name
33.3. Click the Add button to add the DNS server IP address to the DNS server
IP address list (Figure 0895).

Figure 0895 : New Scope Wizard DNS server IP address

472

33.4. Click the Next button to continue (Figure 0896).

Figure 0896 : New Scope Wizard Domain Name and DNS Servers

473

34. WINS Servers.


Computers running Windows can use WINS servers to convert NetBIOS
computer names to IP address.
Entering WINS server IP address here enables Windows clients to query WINS
before they use broadcasts to register and resolve NetBIOS names.
34.1. Set the Server name: same as your WINS server name (myserver.com)
and click the Resolve button to resolve the WINS server IP address (Figure
0897).

Figure 0897 : New Scope Wizard WINS server name


34.2. Click the Add button to add the WINS server IP address to the WINS
server IP address list (Figure 0898).

Figure 0898 : New Scope Wizard WINS server IP address

474

34.3. Click the Next button to continue (Figure 0899).

Figure 0899 : New Scope Wizard WINS Servers

35. Activate Scope.


This is the last configuration for the new scope. Clients can obtain address
leases only if a scope is activated.
Select Yes, I want to activate this scope now and click the Next button (Figure
0900).

Figure 0900 : New Scope Wizard Activate Scope

475

36. Completing the New Scope Wizard.


Click the Finish button to close the New Scope Wizard (Figure 0901).

Figure 0901 : New Scope Wizard Finish

Congratulation! You have successfully completed creating the New DHCP Scope
(Figure 0902).

Figure 0902 : DHCP Manager


37. Close the DHCP manager.
38. Log off the server.

476

EXERCISE 20.3
Testing The DHCP Server.
In this exercise you will test your DHCP server functionality.
39. Log on to the client computer using a local administrator account. Enter the User
name: as Administrator and select Log on to : CLIENTXP61 (this computer)
and click the OK button to log on (Figure 0903).

Figure 0903 : Windows XP Log On Screen


40. Launch Network Connections application program. Click Start All Programs
Accessories Communications Network Connections (Figure 0904).

Figure 0904 : Launch Network Connections

477

41. Right click Local Area Connection and select Properties (Figure 0905).

Figure 0905 : Local Area Connection


42. Double click Internet Protocol (TCP/IP) (Figure 0906).

Figure 0906 : Local Area Connection Properties

478

43. Set your client to get IP address automatically from DHCP server by selecting the
Obtain an IP address automatically option and Obtain DNS server address
automatically option (Figure 0907).

Figure 0907 : Internet Protocol (TCP/IP) Properties


44. Click the OK button to save the setting (Figure 0907).

45. Click the OK button (Figure 0908) and close all the remaining windows.

Figure 0908 : Local Area Connection Properties

479

46. Launch the Run application. Click Start Run (Figure 0909).

Figure 0909 : Launch the Run Application


47. Key-in cmd in the Open : box and click the OK button to launch the Command
Prompt application (Figure 0910).

Figure 0910 : Run Window

480

48. List the client computer IP configuration by typing the following command:
ipconfig and press Enter (Figure 0911).

Figure 0911 : Command Prompt ipconfig


This will display the IP address, subnet mask and default gateway for your
ethernet adapter (Figure 0912).

Figure 0912 : Command Prompt IP Configuration


Now your client computer is set to obtain an IP address automatically from DHCP
server. So you can see the IP address has changed accordingly to the IP range
you have set in the DHCP server setting earlier.
49. Log off the client computer.

Summary
In this exercises, you are setting up a DHCP server. The DHCP server provides you with
an easy way of assigning IP addresses to workstations on your network. You were
shown how to install and configure a DHCP Server and how to avoid overlapping
scopes.

481

Exercise 21

INSTALLING AND
CONFIGURING
WEB SERVER

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

482

Exercise 21 : Installing And Configuring WEB Server


In this exercises, you will install and configure your server to run as Web Server. This
exercise also describes the basics of managing a Web site's infrastructure, from setting
a site home directory and default Web Page, to redirecting requests and dynamically
altering Web pages.
Web Server Overview
Web servers are computer that have specific software that allow them to accept
requests from client computers and return responses to those requests. Web servers let
you share information over the internet or through intranet and extranets.
The Web server role in Windows Server 2008 lets you share information with users on
the internet, an intranet, or an extranet. Windows Server 2008 delivers IIS 7.0, which is a
unified Web platform that integrates IIS, ASP.NET and Windows Communication
Foundation. The key features and improvements in IIS 7.0 include the following:
A unified Web platform that delivers a single, consistent Web solution for both
administrators and developers.
Enhanced security and the ability to customize the server to reduce the attack
surface.
Simplified diagnostic and troubleshooting features to aide in resolution of
problems.
Improved configuration and support for server forms.
Delegated administration for hosting and enterprise workloads.
Installing IIS and Web Server
When you install IIS initially, the service is installed in a highly secure mode. Because IIS
only serves static content by default, you must enable features such as ASP, ASP.NET,
Common Gateway Interface (CGI), Internet Server Application Programming Interface
(ISAPI), and Web Distributed Authoring and Versioning (WebDAV), if you need them.
During installation, IIS installs optional components such as common files and IIS
Manager. You can choose not to install the optional components. However, if you do not
install specific components, you can decrease IIS functionality or disable IIS services. If
you are unfamiliar with the optional components and how they affect IIS, install IIS with
the default settings.

483

EXERCISE 21.1
Installing Internet Information Services (IIS).
1.

Log on to the server as Administrator (Figure 0913).

Figure 0913 : Administrator Login


2. Launch the Server Manager. Click Start Administrative Tools Server Manager
(Figure 0914).

Figure 0914 : Launch Server Manager.

484

3. In Server Manager, select Roles (Figure 0915).

Figure 0915 : Server Manager - Roles

4. Select Add Roles (Figure 0916).

Figure 0916 : Add Roles

485

5. On the Before You Begin page, review the requirements, and click the Next
(Figure 0917).

Figure 0917 : Add Roles Before You Begin


6. On the Select Server Roles page, select the check box next to the Web Server
(IIS) (Figure 0918).

Figure 0918 : Server Roles Web Server (IIS)

486

7. If you are asked to add features for Web Server (IIS), just click the Add
Required Features button to add the features. You cannot install Web Server
(IIS) unless the required features are also installed (Figure 0919).

Figure 0919 : Add Roles Add Required Features


8. Click the Next button to continue (Figure 0920).

Figure 0920 : Server Roles Web Server (IIS)

487

9. On the Web Server (IIS) page, review the information, and click the Next button
(Figure 0921).

Figure 0921 : Web Server (IIS) page

10. Role Services.


Just use the default setting and click the Next button to continue (Figure 0922).

Figure 0922 : Add Roles Wizard Select Role Services

488

11. On the Confirm Installation Selections page, click Install button (Figure 0923).

Figure 0923 : Confirm Installation Selections

Please wait. This operation will take a few minutes.

Figure 0924 : Installation Progress

489

12. On the Installation Result page, review the information.


Click Close to continue (Figure 0925).

Figure 0925 : Installation Result

13. Close the Server Manager.

490

Configuring Web Server.


IIS creates a default Web site configuration on your hard disk at the time of installation.
You can use the C:\inetpub\wwwroot directory to publish your Web content, or create
any directory or virtual directory you choose.
Creating a Web site using IIS Manager does not create content, but merely creates a
directory structure and configuration files from which to publish the content.
EXERCISE 21.2
Use the default Web site.
14. Log on to the server as Administrator (Figure 0926).

Figure 0926 : Administrator Login

491

15. Launch the Internet Information Services (IIS) Manager. Click Start
Administrative Tools Internet Information Services (IIS) Manager (Figure
0927).

Figure 0927 : Launch Internet Information Services (IIS) Manager

16. In the Internet Information Services (IIS) Manager, expand your server (Figure
0928).

Figure 0928 : Internet Information Services (IIS) Manager

492

17. Expand the Sites folder (Figure 0929).

Figure 0929 : Internet Information Services (IIS) Manager - Sites


You can see, IIS already create a default Web site on your hard disk. The default
folder for the default Web site is set to the C:\inetpub\wwwroot folder.
18. View the default web page.
Click Default Web Site and click the Browse *:80 (http) link (Figure 0930).

Figure 0930 : IIS Manager - Default Web Site

493

19. The windows will launch the Internet Explorer. You can see the address on the
address bar is http://localhost/ and a picture with the word IIS7 at the middle of
the page. This means your Web Server and your Default Web Site is running
successfully (Figure 0931).

Figure 0931 : Web Server Default Web page

20. Close the Internet Explorer window.

494

21. View contents of the default web folder.


On the IIS Manager, click the Explore link (Figure 0932).

Figure 0932 : IIS Manager - Default Web Folder

22. The Windows Explorer shows the path of the Default Web Folder. There are only
two files listed under C:\inetpub\wwwroot folder (Figure 0933):
iisstart.htm
welcome.png

HTML document
image file

Figure 0933 : Windows Explorer - Default Web Folder


23. Close the Windows Explorer.

495

EXERCISE 21.3
Change the Default Web Folder.
In this exercise you will change the default Web folder from C:\inetpub\wwwroot to
D:\mywebserver.
24. Click Default Web Site and click the Basic Settings link (Figure 0934).

Figure 0934 : IIS Manager - Default Web Site

25. Click the button to browse for folder (Figure 0935).

Figure 0935 : IIS Manager Edit Site

496

26. Select Local Disk (D:) and click the Make New Folder button (Figure 0936).

Figure 0936 : Edit Site - Browse For Folder

27. Rename the folder name to mywebserver and click the OK button (Figure
0937).

Figure 0937 : Edit Site - Browse For Folder - Make New Folder

497

28. Make sure the Physical path: is D:\mywebserver. If correct, click the OK button
to continue (Figure 0938).

Figure 0938 : Edit Site - Physical path:

498

EXERCISE 21.4
Create a Simple Web page.
In this exercise you will create a simple web page to act as your first web page and the
file to the D:\mywebserver folder.
29. Launch Notepad Editor. Click Start All Programs Accessories Notepad
(Figure 0939).

Figure 0939 : Launch Notepad Editor

499

30. Type the following text into the file (Figure 0940):

<html>
<head>
<title>Web Server</title>
</head>
<body>
<p><h1>Welcome To My Web Server</h1></p>
</body>
</html>

Figure 0940 : Notepad Editor

31. Save document as index.htm.


31.1.

Click File Save As (Figure 0941).

Figure 0941 : Notepad Editor - Save As

500

31.2.

Browse to the D:\mywebserver folder (Figure 0942).

Figure 0942 : Notepad Editor - Save As

31.3.

Select Save as type: All Files (Figure 0943).

Figure 0943 : Notepad Editor - Save as type:

501

31.4.

Key-in index.htm in the File name: box (Figure 0944).

Figure 0944 : Notepad Editor - Save As

31.5.

Click the Save button to save (Figure 0944).

31.6.

Close the Notepad Editor (Figure 0945) and log off the server.

Figure 0945 : Notepad Editor index.htm

502

EXERCISE 21.5
Test the Web Server.
In this exercise you will test the functionality of your Web server using client workstation.
32. Log on to the client computer as Administrator (Figure 0946).

Figure 0946 : Windows XP Log On Screen


33. Launch Internet Explorer. Click Start All Programs Internet Explorer (Figure 0947).

Figure 0947 : Launch Internet Explorer

503

34. On the Address box, key-in http://yourdomain.com (e.g. http://myserver.com)


and click the Go button (Figure 0948).

Figure 0948 : Internet Explorer - http://myserver.com

35. Your webpage will appear in the browser (Figure 0948).

504

EXERCISE 21.6
Create a New Web Site.
In this exercise you will create a new Web site for your web server.

36. Log on to the server as Administrator (Figure 0949).

Figure 0949 : Administrator Login

37. Launch Windows Explorer. Click Start Right-click Computer select Explore
(Figure 0950).

Figure 0950 : Launch Windows Explorer

505

38. Access D: drive (Figure 0951).

Figure 0951 : Windows Explorer D Drive


39. Create a new folder named newwebSN (SN represents youre Station Number).
In previous exercise I use number 21 as my Station Number. So in this exercise
my folder named will be newweb21.
39.1.

Right-click D drive select New Folder (Figure 0952).

Figure 0952 : Windows Explorer Create New Folder

506

39.2.

Rename the folder as newweb21 (Figure 0953).

Figure 0953 : Rename Folder

40. Launch Notepad Editor. Click Start All Programs Accessories Notepad
(Figure 0954).

Figure 0954 : Launch Notepad Editor

507

41. Type the following text into the file (Figure 0955):

<html>
<head>
<title>New Web Site</title>
</head>
<body>
<p><h1 align="center">Welcome To My New Web Site</h1>
<h3 align="right">Hosted by My <font color="#FF0000">Web
Server</font></h3></p>
</body>
</html>

Figure 0955 : Notepad Editor

42. Save document as default.htm.


42.1.

Click File Save As (Figure 0956).

Figure 0956 : Notepad Editor - Save As

508

42.2.

Browse to the D:\newweb21 folder (Figure 0957).

Figure 0957 : Notepad Editor - Save As

42.3.

Select Save as type: All Files (Figure 0958).

Figure 0958 : Notepad Editor - Save as type:

509

42.4.

Key-in default.htm in the File name: box (Figure 0959).

Figure 0959 : Notepad Editor - Save As

42.5.

Click the Save button to save (Figure 0959).

42.6.

Close the Notepad Editor (Figure 0960) and all remaining window.

Figure 0960 : Notepad Editor default.htm

510

43. Launch the Internet Information Services (IIS) Manager. Click Start
Administrative Tools Internet Information Services (IIS) Manager (Figure
0961).

Figure 0961 : Launch Internet Information Services (IIS) Manager

44. In the Internet Information Services (IIS) Manager, expand your server (Figure
0962).

Figure 0962 : Internet Information Services (IIS) Manager

511

45. Right-click the Sites folder and select Add Web Site (Figure 0963).

Figure 0963 : IIS Manager Add Web Site

46. In the Site name: box, type the name of your site (e.g. Tutorial Site) (Figure
0964).

Figure 0964 : Add Web Site window - Site name

512

47. In the Physical path: box, type or browse to the directory that contains the site
content (D:\newweb21) (Figure 0965).

Figure 0965 : Add Web Site window - Physical path

48. Select your Web server IP address from IP Address: drop-down menu (Figure
0966).

Figure 0966 : Add Web Site window IP address

513

49. Enter Host name: as www.myserver.com for this site, and click the OK button
(Figure 0967).

Figure 0967 : Add Web Site window

50. On IIS Manager, Select the new web site (Tutorial Site) and click the Start
button to start the new web site service (Figure 0968).

Figure 0968 : page

514

EXERCISE 21.7
Configure DNS Service for Host Name.
In this exercise you will configure host name for your new Web site.
51. Launch DNS Manager. Click Start Administrator Tools DNS (Figure 0969).

Figure 0969 : Launch DNS Manager

52. Double-click the computer icon to expand the DNS Server (Figure 0970).

Figure 0970 : DNS Manager

515

53. Expand the Forward Lookup Zones; right click myserver.com and select New
Host (A or AAAA) (Figure 0971).

Figure 0971 : Create New Host


54. In the Name box, type www (Figure 0972).
55. Enter IP address for your Web server (www.myserver.com) and make sure you
select the Create associated pointer (PTR) record option (Figure 0972).

Figure 0972 : New Host


56. Click Add Host (Figure 0972).

57. Click the OK button (Figure 0973).

Figure 0973 : Host Record Successfully Created Message

516

58. Click Done button to exit New Host Wizard (Figure 0974).

Figure 0974 : New Host Wizard

59. Click the Refresh button

and close the DNS Manager (Figure 0975).

Figure 0975 : DNS Manager

60. Log off the server.

517

EXERCISE 21.8
Test the New Web Site on Web Server
In this exercise you will test the functionality of your New Web Site from client
workstation.
61. Log on to the client computer as Administrator (Figure 0976).

Figure 0976 : Windows XP Log On Screen


62. Launch Internet Explorer. Click Start All Programs Internet Explorer (Figure 0977).

Figure 0977 : Launch Internet Explorer

518

63. On the Address box, key-in http://www.yourdomain.com


(e.g. http://www.myserver.com) and click the Go button (Figure 0978).

Figure 0978 : Internet Explorer - http://www.myserver.com

64. Your new web site page will appear in the browser (Figure 0978).

65. Log off the client computer.

Summary
Whether your site is on an intranet or the Internet, the principles of providing content are
the same. You place your Web files in directories on your server so that users can
establish an HTTP connection and view your files with a Web browser.
But beyond simply storing files on your server, you must manage how your site is
deployed, and more importantly, how your site evolves. Today, an engaging Web site is
seldom a static collection of pages. Most successful Web administrators are kept busy
accommodating ever changing Web content.
Each Web site must have a home directory. The default Web site home directory is
LocalDrive:\inetpub\wwwroot. You can change a Web site home directory using IIS
Manager.

519

Exercise 22

INSTALLING AND
CONFIGURING
FTP SERVER

Zulfadli Bin Mohd Saad


Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
http://zcomby-server2008.blogspot.com/

520

Exercise 22 : Installing And Configuring FTP Server


In this exercises, you will install and configure your server to run as FTP Server. This
exercise also describes installation of the FTP service, and changing default FTP
settings globally and for specific FTP sites.
File Transfer Protocol (FTP) is a protocol used to transfer files over the internet. People
commonly use FTP to make files available for others to download, but you can also use
FTP to upload webpages for building a website or for putting digital photos on a picture
sharing site.
IIS includes the File Transfer Protocol (FTP) service for publishing and managing files.
This version of IIS includes FTP user isolation to help administrators (particularly Internet
hosting providers) efficiently secure and commercialize FTP services for their customers.
The FTP service is not installed by default. To set up an FTP site, you must first install
the FTP service through the Server Manager. Installing the FTP service creates a default
FTP site, which you can then customize to your needs using IIS Manager.

EXERCISE 22.1
Installing FTP Server.
1. Log on to the server as Administrator (Figure 0979).

Figure 0979 : Administrator Login

521

2. Launch the Server Manager. Click Start Administrative Tools Server Manager
(Figure 0980).

Figure 0980 : Launch Server Manager.


3. In Server Manager, select Roles (Figure 0981).

Figure 0981 : Server Manager - Roles

522

4. Scroll down until you reach the Web Server (IIS) section (Figure 0982).
5. Click the Add Role Services at the Role Services: section (Figure 0982).

Figure 0982 : Add Role Services

523

6. On the Select Role Services page, select the check box next to the FTP
Publishing Service (Figure 0983).

Figure 0983 : Role Services FTP Server

7. If you are asked to add role services for FTP Publishing Service, just click the
Add Required Role Services button to add the role services. You cannot install
FTP Publishing Service unless the required role services are also installed
(Figure 0984).

Figure 0984 : Add Role Services Add Required Role Services

524

8. Click the Next button to continue (Figure 0985).

Figure 0985 : Role Services FTP Publishing Service


9. On the Confirm Installation Selections page, click Install button to start
installation process (Figure 0986).

Figure 0986 : Confirm Installation Selections

525

Please wait. This operation will take a few minutes.

Figure 0987 : Installation Progress

10. On the Installation Result page, review the information.


Click Close to continue (Figure 0988).

Figure 0988 : Installation Result

11. Close the Server Manager.

526

Configuring FTP Server


IIS creates a default FTP site configuration on your hard disk at the time of installation.
You can use the C:\inetpub\ftproot directory to store your FTP files, or create any
directory or virtual directory you choose.
Setting up the FTP service for the first time involves first setting global FTP settings,
then settings for the default FTP site, and finally adding the content to the FTP site. IIS
uses an inheritance model, which means that settings on higher levels are automatically
inherited by lower levels. Settings at lower levels can be edited individually to override
inherited settings from the next level up.
If you change a setting at a lower level, then later change a setting at a higher level that
conflicts with the lower-level setting, you will be prompted to choose whether you want to
change the lower-level setting to match the new higher-level setting.
EXERCISE 22.2
Change the Default FTP Site Setting.
12. Log on to the server as Administrator (Figure 0989).

Figure 0989 : Administrator Login

527

13. Launch the Internet Information Services (IIS) 6.0 Manager. Click Start
Administrative Tools Internet Information Services (IIS) 6.0 Manager (Figure
0990).

Figure 0990 : Launch Internet Information Services (IIS) 6.0 Manager

14. In the Internet Information Services (IIS) 6.0 Manager, expand your server
(Figure 0991).

Figure 0991 : Internet Information Services (IIS) Manager

528

15. Expand the FTP Sites folder (Figure 0992).

Figure 0992 : Internet Information Services (IIS) 6.0 Manager FTP Sites
You can see, IIS already create a default FTP site on your hard disk. The default
folder for the default FTP site is set to the C:\inetpub\ftproot folder.

16. Right-click the Default FTP Site and select Properties (Figure 0993).

Figure 0993 : IIS 6.0 Manager - Default FTP Site

529

17. On the FTP Site tab, under FTP site description, type the name of your FTP
site in the Description: box. (e.g. Server 21 FTP Site) and select IP address for
your FTP site (Figure 0994).

Figure 0994 : Default FTP Site Properties


18. Click the OK button. The name of the new site appears in IIS 6.0 Manager
(Figure 0995).

Figure 0995: IIS 6.0 Manager Server 21 FTP Site


19. Click the Refresh button and close the IIS 6.0 Manager.

530

EXERCISE 22.3
Change the FTP Site Home Directories.
Each FTP site on a computer must have its own home directory. The default home
directory for the default FTP site is LocalDrive:\inetpub\ftproot.

There are two ways to change the home directory of an FTP site:

Use IIS Manager


Edit the MetaBase.xml file directly.

But in this exercise we only use IIS Manager.


20. Make sure you are log on to the server as Administrator.
21. Launch the Internet Information Services (IIS) 6.0 Manager. Click Start
Administrative Tools Internet Information Services (IIS) 6.0 Manager (Figure
0996).

Figure 0996 : Launch Internet Information Services (IIS) 6.0 Manager

531

22. In the Internet Information Services (IIS) 6.0 Manager, expand your server
(Figure 0997).

Figure 0997 : Internet Information Services (IIS) Manager


23. Expand the FTP Sites folder (Figure 0998).

Figure 0998 : Internet Information Services (IIS) 6.0 Manager FTP Sites
24. Make sure the FTP Site service is stop. Right-click the Server 21 FTP Site and
select Stop (Figure 0999).

Figure 0999 : IIS 6.0 Manager Server 21 FTP Site

532

25. Right-click the Server 21 FTP Site again, and select Properties (Figure 1000).

Figure 1000 : IIS 6.0 Manager Server 21 FTP Site


26. Click the Home Directory tab (Figure 1001).

Figure 1001 : Server 21 FTP Site Properties Home Directory

533

27. Select the A directory located on this computer option, and enter the location
of your ftp home directory in the Local path: box (e.g. D:\newweb21) or press
the Browse button to find the location of your ftp home directory (Figure
1002).

Figure 1002 : Server 21 FTP Site Properties Home Directory

Note:
If you select a directory on a network share, you might need to enter a user name
and password to access the resource. IUSR_computername is the default
account used if another account is not specified.
If you use an account with administrative credentials on the server, clients can
gain access to server operations. This seriously jeopardizes the security of your
network.
For more information on security see, Security Best Practices in Windows Help.
28. Click the OK button (Figure 1002).

534

29. Right-click the FTP site youve just configured, and select Start (Figure 1003).

Figure 1003 : IIS 6.0 Manager Server 21 FTP Site


30. Click the Yes button to start the FTP Server service (Figure 1004).

Figure 1004 : IIS 6.0 Manager Start Server 21 FTP Site


31. Click the Refresh button and close the IIS 6.0 Manager.

535

EXERCISE 22.4
Create a Text Document in FTP Home Directory.
32. Launch the Windows Explorer and go to the FTP Home Directory (e.g.
D:\newweb21) (Figure 1005).

Figure 1005 : Windows Explorer - D:\newweb21

33. Create a new text document inside FTP Home Directory and rename the text
document as testing.txt.
33.1.

Right-click in the windows and select New Text Document (Figure 1006).

Figure 1006 : Create New Text Document

536

34. Right click testing.txt file and select Edit. This will load the Notepad Editor
(Figure 1007).

Figure 1007 : Edit Text Document

35. Type the following text into the file (Figure 1008):
This only test document to test the FTP server.

Figure 1008 : Notepad Editor

36. Save the file by pressing Ctrl + S key and close the file.
37. Close all the remaining window.
38. Log off the server.

537

EXERCISE 22.5
Test The FTP Site.
39. Log on to the client computer as Administrator (Figure 1009).

Figure 1009 : Windows XP Log On Screen


40. Launch Internet Explorer. Click Start All Programs Internet Explorer (Figure
1010).

Figure 1010 : Launch Internet Explorer

538

41. On the Address box, key-in ftp://www.yourdomain.com


(e.g. ftp://www.myserver.com) and click the Go button (Figure 1011).

Figure 1011 : Internet Explorer - ftp://www.myserver.com


42. Your FTP site will appear in the browser (Figure 1011).
43. Attempt to create a new folder (right click in the window and select New
Folder) (Figure 1012).

Figure 1012 : ftp://www.myserver.com Create New Folder


Could you create the folder?
YES / NO

539

If NO, why do you think this happened?


This happened because you log on to the FTP server as guest (anonymous
user). By default, FTP server only allow read permission to anonymous user. And
we also not configure the FTP server to allow any user to have write permission
on the FTP server.

44. Close all windows.


45. Log off the client computer.

540

EXERCISE 22.6
Configure The FTP Server to Allow User to Upload or Modify File and Directory.
46. Log on to the server as Administrator (Figure 1013).

Figure 1013 : Administrator Login


47. Launch the Internet Information Services (IIS) 6.0 Manager. Click Start
Administrative Tools Internet Information Services (IIS) 6.0 Manager (Figure
1014).

Figure 1014 : Launch Internet Information Services (IIS) 6.0 Manager

541

48. In the Internet Information Services (IIS) 6.0 Manager, expand your server
(Figure 1015).

Figure 1015 : Internet Information Services (IIS) Manager


49. Expand the FTP Sites folder (Figure 1016).

Figure 1016 : Internet Information Services (IIS) 6.0 Manager FTP Sites
50. Right-click the Server 21 FTP Site again, and select Properties (Figure 1017).

Figure 1017 : IIS 6.0 Manager Server 21 FTP Site

542

51. Click the Home Directory tab. Under the FTP site directory, tick the Write
option (Figure 1018).

Figure 1018 : Server 21 FTP Site Properties Home Directory

52. Click the OK button (Figure 1018).

53. Click the Refresh button

and close the IIS 6.0 Manager.

543

EXERCISE 22.7
Test The FTP Site.
54. Log on to the client computer as Administrator (Figure 1019).

Figure 1019 : Windows XP Log On Screen


55. Launch Internet Explorer. Click Start All Programs Internet Explorer (Figure
1020).

Figure 1020 : Launch Internet Explorer

544

56. On the Address box, key-in ftp://www.yourdomain.com


(e.g. ftp://www.myserver.com) and click the Go button (Figure 1021).

Figure 1021 : Internet Explorer - ftp://www.myserver.com


57. Your FTP site will appear in the browser (Figure 1021).
58. Attempt to create a new folder (right click in the window and select New
Folder) (Figure 1022).

Figure 1022 : ftp://www.myserver.com Create New Folder


Could you create the folder?
YES / NO

545

59. Now try copy any file and paste it to this FTP site.
Could you paste any files?
YES / NO

Why do you think this is so?


You should be could paste a files to the FTP site because you have given
permission to everyone to read and write to the FTP site.

60. Close all window.


61. Log off the client computer.

546

Create New FTP Site Using Multiple IP Address.


You can create multiple FTP sites using multiple IP addresses and multiple ports. While
creating multiple sites with multiple IP addresses is a common and recommended
practice, it can be more complicated because, by default, clients call port 21 when using
the FTP protocol.
Therefore, if you create multiple FTP sites using multiple ports, you need to inform users
of the new port number so their FTP clients can locate and connect to the port.
If you create a new site using the same port as an existing site with the same IP
address, the new site will not start. The general rule is that you can have multiple sites
using the same IP and port, but only one site from this group can run at a time. If you try
to start another site from this group, you receive an error message.
Before you start create multiple FTP site using multiple IP address, you need to make
sure your server have set with multiple IP address. If not, you have to set your server to
use multiple IP address.
EXERCISE 22.8
Creating Multi IP Address in Single NIC
1. Log on to the server as Administrator (Figure 1023).

Figure 1023 : Administrator Login

547

2. Launch Network and Sharing Center. Click Start Right click Network
Properties (Figure 1024).

Figure 1024 : Network Properties


3. Under myserver.com (Domain network), click View status (Figure 1025).

Figure 1025 : View Network Status

548

4. Click Properties button to open Local Area Connection Properties (Figure 1026).

Figure 1026 : Local Area Connection Status

5. Select Internet Protocol Version 4 (TCP/IPv4), and click Properties button


(Figure 1027).

Figure 1027 : Local Area Connection Properties

549

6. Now click the Advanced button (Figure 1028).

Figure 1028 : Network Configurations

7. Select the IP Settings tab (Figure 1029).


8. Under IP addresses field, click Add button (Figure 1029).

Figure 1029 : Advanced TCP/IP Setting - IP Settings

550

9. Enter second IP address for your server [e.g. 192.168.2.24] (Figure 1030).

Figure 1030 : TCP/IP Address


10. Enter your subnet mask number (e.g. 255.255.255.0) and click the Add button
(Figure 1030).

11. As you can see, now your server has 2 IP address (Figure 1031).

Figure 1031 : Advanced TCP/IP Setting - IP Settings


12. Click the OK button (Figure 1031).

551

13. Click the OK button (Figure 1032).

Figure 1032 : Network Configurations

14. Click the Close button (Figure 1033).

Figure 1033 : Local Area Connection Properties

552

15. Click the Close button (Figure 1034).

Figure 1034 : Local Area Connection Status

16. Close all remaining windows.

553

EXERCISE 22.8.1
Creating New FTP Site for Specific User Using Multiple IP Address.
FTP Site can be set to be login only by specific user. You can allow specific users to
establish an FTP connection and transfer files with an FTP client or FTP-enabled Web
browser. But beyond simply storing files on your server, you must manage how your site
is deployed, and more importantly, how your site evolves. This section presents the
basics of managing the infrastructure of an FTP site, from securing your site to hosting
multiple sites.
This exercise to help administrators, and particularly Internet hosting providers,
efficiently secure and commercialize the FTP services for their customers.
Let's say we want to set Ain Syahmi as administrator for the Student FTP Site.

17. Log on to the server as Administrator (Figure 1035).

Figure 1035 : Administrator Login

554

18. Launch Windows Explorer. Click Start Right-click Computer select


Explore (Figure 1036).

Figure 1036 : Launch Windows Explorer

19. Access D: drive (Figure 1037).

Figure 1037 : Windows Explorer D Drive

555

20. Create a new folder named StudentSN (SN represents youre Station Number).
In previous exercise I use number 21 as my Station Number. So in this exercise
my folder named will be Student21.
20.1.

Right-click D drive select New Folder (Figure 1038).

Figure 1038 : Windows Explorer Create New Folder

20.2.

Rename the folder as Student21 (Figure 1039).

Figure 1039 : Rename Folder

556

21. View the default permission of your Student21 folder. Right-click D:\Student21
folder, and select Properties (Figure 1040).

Figure 1040 : Windows Explorer D:\Student21


22. Click the Security tab. You should see your default folder security setting
permissions for your new Student21 folder (Figure 1041).

Figure 1041 : Student21 Properties

557

23. Delete all users except Administrator.


23.1. Click the Advanced button (Figure 1042).

Figure 1042 : Student21 Properties


23.2. Click the Edit button (Figure 1043).

Figure 1043 : Advanced Security Setting for Student21

558

23.3. Uncheck the check box Include inheritable .. objects parent (Figure
1044).

Figure 1044 : Advanced Security Setting for Student21 - Permissions

23.4. Windows Security warnings appear, click Remove button to confirm


remove the inheritable permission (Figure 1045).

Figure 1045 : Windows Security warning

559

23.5. Click the OK button (Figure 1046).

Figure 1046 : Advanced Security Setting for Student21 - Permissions

23.6. Click the OK button (Figure 1047).

Figure 1047 : Advanced Security Setting for Student21

560

24. Add Ain Syahmi and set her permissions.


24.1. Click the Edit button (Figure 1048).

Figure 1048 : Student21 Properties


24.2. Click the Add button (Figure 1049).

Figure 1049 : Permissions for Student21

561

24.3. Key-in Ain Syahmi to add Ain Syahmi and click Check Names button.
(Figure 1050).

Figure 1050 : Select Users, Computer, or Groups window


24.4. Click the OK button (Figure 1051).

Figure 1051 : Select Users, Computer, or Groups Ain Syahmi

562

24.5. Give Ain Syahmi Full Control of this FTP site because we want her to act
as administrator for the Student FTP Site. Click the OK button after finish
configure (Figure 1052).

Figure 1052 : Permissions for Student21 Ain Syahmi

24.1. Click the OK button to close the Student21 Properties (Figure 1053).

Figure 1053 : Student21 Properties


25. Close all the remaining windows.

563

EXERCISE 22.8.2
Creating New FTP Site Student FTP Site.
26. Make sure youre log on to the server as Administrator.
27. Launch the Internet Information Services (IIS) 6.0 Manager. Click Start
Administrative Tools Internet Information Services (IIS) 6.0 Manager (Figure
1054).

Figure 1054 : Launch Internet Information Services (IIS) 6.0 Manager

28. In the Internet Information Services (IIS) 6.0 Manager, expand your server
(Figure 1055).

Figure 1055 : Internet Information Services (IIS) Manager

564

29. Right-click the FTP Sites folder, and select New FTP Site (Figure 1056).

Figure 1056 : Internet Information Services (IIS) 6.0 Manager FTP Sites

30. FTP Site Creation Wizard appears. Click the Next button (Figure 1057).

Figure 1057 : FTP Site Creation Wizard

565

31. FTP Site Description dialog boxes appear. Key-in Student FTP Site in the
Description: box and click the Next button (Figure 1058).

Figure 1058 : FTP Site Creation Wizard - FTP Site Description

32. Now the wizard asking for IP Address and Port Setting, key-in your server
second IP address (e.g. 192.168.2.24) and use the TCP port default setting
(Default = 21) . Click the Next button to continue (Figure 1059).

Figure 1059 : FTP Site Creation Wizard - IP Address and Port Setting

566

33. In the FTP User Isolation dialog box, select Do not isolate users, and click
Next button (Figure 1060).

Figure 1060 : FTP Site Creation Wizard - FTP User Isolation


34. Set the FTP Site Home Directory. Under the Path: field, key-in the FTP site
home directory (e.g. D:\Student21) and click he Next button (Figure 1061).

Figure 1061 : FTP Site Creation Wizard - FTP Site Home Directory

567

35. Set the FTP Site Access Permissions to Read and Write to allow user upload
and modify the FTP site contents, and then click the Next button to continue
(Figure 1062).

Figure 1062 : FTP Site Creation Wizard - FTP Site Access Permissions
36. Click the Finish button to close the FTP Site Creation Wizard (Figure 1063).

Figure 1063 : FTP Site Creation Wizard - Finish


37. Log off the server.

568

EXERCISE 22.8.3
Configure DNS Service for Host Name.
In this exercise you will configure host name for your new FTP site (Student FTP Site).
38. Launch DNS Manager. Click Start Administrator Tools DNS (Figure 1064).

Figure 1064 : Launch DNS Manager

39. Double-click the computer icon to expand the DNS Server (Figure 1065).

Figure 1065 : DNS Manager

569

40. Expand the Forward Lookup Zones (Figure 1066).

Figure 1066 : DNS Manager - Forward Lookup Zones

41. Right click myserver.com and select New Host (A or AAAA) (Figure 1067).

Figure 1067 : Create New Host

570

42. In the Name box, type ftpstudent (Figure 1068).


43. Enter IP address for your Student FTP Site (ftpstudent.myserver.com) and make
sure you select the Create associated pointer (PTR) record option (Figure
1068).

Figure 1068 : New Host


44. Click Add Host (Figure 1068).

45. Click the OK button (Figure 1069).

Figure 1069 : Host Record Successfully Created Message

571

46. Click Done button to exit New Host Wizard (Figure 1070).

Figure 1070: New Host Wizard

47. Click the Refresh button

and close the DNS Manager (Figure 1071).

Figure 1071 : DNS Manager

48. Log off the server.

572

EXERCISE 22.8.4
Test FTP Site for Specific User Using Internet Browser.
49. Log on to the client computer as Administrator (Figure 1072).

Figure 1072 : Windows XP Log On Screen


50. Launch Internet Explorer. Click Start All Programs Internet Explorer
(Figure 1073).

Figure 1073 : Launch Internet Explorer

573

51. On the Address bar, key-in ftp://ftpstudent.yourdomain.com


(e.g. ftp://ftpstudent.myserver.com) and click the Go button (Figure 1074).

Figure 1074 : Internet Explorer - ftp://ftpstudent.myserver.com


52. You will be asking for username and password. Key-in ain.syahmi as
username and ain for password. Click the Log On button (Figure 1075).

Figure 1075 : FTP Log On window

574

53. Your FTP site will appear in the browser (Figure 1076).

Figure 1076 : ftp://ftpstudent.myserver.com


54. Use Windows explorer to access the C:\Windows\Web\Wallpaper folder.
55. Click on the file Azul.bmp; drag and drop it into the Student FTP Site window
(Figure 1077).

Figure 1077 : ftp://www.myserver.com Drag and Drop

575

56. Now try copy any files and paste it to this FTP server.
Could you paste any files?
YES / NO
57. Try to delete the Azul.bmp file (Figure 1078).

Figure 1078 : ftp://www.myserver.com Delete File


What happen?
Could you delete the files?
YES / NO
You should can copy and delete files in this FTP site because you have given
permission to Ain Syahmi with Full Control permissions.

58. Log off the client computer.

576

EXERCISE 22.8.5
Test FTP Site for Specific User Using Command Prompt.
59. Launch the Run application. Click Start Run (Figure 1079).

Figure 1079 : Launch the Run Application

60. Key-in cmd in the Open : box and click the OK button to launch the Command
Prompt application (Figure 1080).

Figure 1080 : Run Window

577

61. At command prompt, key-in ftp ftpstudent.yourdomain.com


(e.g. ftp ftpstudent.myserver.com) and press Enter (Figure 1081).

Figure 1081 : Command Prompt ftp log on


62. You'll be asking to enter the username. Key-in ain.syahmi as username and
ain for password (Figure 1082).

Figure 1082 : Command Prompt ftp ain.syahmi log in


63. Key-in ls and press Enter to display contents of the Student FTP site contents
(Figure 1083).

Figure 1083 : Command Prompt ftp content list

578

64. Attempt to upload file from C:\Windows\Web\Wallpaper\Ascent.jpg to the


Student FTP Site. Use the following command to upload the file (Figure 1084):
put C:\Windows\Web\Wallpaper\Ascent.jpg
and press Enter.

Figure 1084 : Command Prompt upload file to FTP server


65. Key-in ls and press Enter to display contents of the Student FTP site contents
(Figure 1085).

Figure 1085 : Command Prompt ftp content list


You can see the file is successfully uploaded to the FTP server.

579

66. Now attempt to change the name of the Ascent.jpg file to AaBbCc.jpg in the
Student FTP Site. Use the following command to rename the file (Figure 1086):
rename Ascent.jpg AaBbCc.jpg
and press Enter.

Figure 1086 : Command Prompt rename file


67. Key-in ls and press Enter to display contents of the Student FTP site contents
(Figure 1087).

Figure 1087 : Command Prompt ftp content list


You can see the Ascent.jpg file is successfully renamed to AaBbCc.jpg.

68. Now attempt to download AaBbCc.jpg file from the Student FTP Site. Use the
following command to download (Figure 1088):
get AaBbCc.jpg
and press Enter.

Figure 1088 : Command Prompt download file from FTP server

580

69. Key-in Bye and press Enter to logout from FTP server (Figure 1089).

Figure 1089 : Command Prompt logout from FTP server

70. Close the Command Prompt.


71. Lunch the Windows Search application. Click Start Search (Figure 1090).

Figure 1090 : Lunch the Windows Search application

581

72. Click All files and folders (Figure 1091).

Figure 1091 : Windows Search application

73. Key-in the filename you want to search (e.g. AaBbCc.jpg) in the All or part of
the file name: box and click the Search button (Figure 1092).

Figure 1092 : Windows Search application

582

74. You should got one file name AaBbCc after finish the search process. If you
want to know the location of the file, place your mouse pointer on the top of the
file and the short summary about the file will appear (Figure 1093).

Figure 1093 : Search Results


Normally, all the download files are store in the user home folder.
75. Close all windows and log off the client computer.

Summary
In this exercise you have learn how to:

Changing FTP Site Home Directories: Describes the concept of a home directory
and methods for changing the home directory of an FTP site.

Naming FTP Sites: Describes assigning a descriptive name to an FTP site.

Stopping and Starting FTP Sites: Describes why you would need to stop and
restart your FTP sites and how to perform these actions.

Changing Default FTP Site Settings: Describes how to change default settings
globally or on an individual site.

Creating Multiple FTP Sites: Describes how to use IP addresses or port numbers
to differentiate multiple FTP sites.

Adding FTP Sites to Your Server: Describes the process of adding a new FTP
site to a server running IIS.

Securing FTP Sites: Describes some of the misconceptions about FTP security
and how to establish a secure FTP site.

Isolating FTP Users: Describes the concept of FTP user isolation and which type
of isolation to use to restrict users to their own directories.

583