Complete Windows Server 2008 Step by Step v2

1
To my loving wife of more than 10 years, who continues to provide me love

and encouragement even when I dont deserve it.
http://zcomby-server2008.blogspot.com/
Acknowledgments
No book is written alone. Instead, there is a wealth of people working behind the scenes
to help make a book the best possible. Im grateful for the hard work put in behind the
scenes by several people. Kamal Harmoni, Kharizan, Hj. Shukri, Fadhlina, Ruslan,
Azzahari, Alanto, and Nor Izwan, all provided a significant amount of work that helped
produce this book. Im grateful to each of them.
About the Author

Zulfadli Mohd Saad has been teaching Microsoft networking concepts since the DOS
days and has been teaching a myriad of other topics since many years before then. Hes
been a Malaysia Skills Competition Coach for trade IT PC/Network Support since 2003
and holds many other certifications, including Certified Ethical Hacker, National
Industrial Specialist (IT02-00 Information & Communication Technology), National
Industrial Specialist Instructor (IT02-00 Information & Communication Technology),
Certificate of Excellent MySkills-ASEAN 2009 (IT PC/Network Support), Diploma of
Excellent MySkills 2008 (IT PC/Network Support) and Bronze Medal MySkills 2010 (IT
PC/Network Support)
Zulfadli has developed several video training courses for People Trust Council (Majlis
Amanah Rakyat) and has written and co-authored several other technical books. He has
a passion for teaching and enjoys sharing knowledge in the classroom as much as he
does through books.
He currently works full-time on a government contract providing a wide array of technical
training to government personnel in support of a network operations support center. He
moonlights as an adjunct instructor at a local college (MARA Vocational Institute)
teaching Network System Administration courses.
Zulfadli lives with his wife and four children in Ipoh, Perak, but on most weekends they
cant be found because they always travel. Hes found that configuring networks is a
piece of cake compared to building a good house and happy family, but he hasnt given
up yet.
Notes For Users

This section explains how the lab network of computers is arranged, the IP
addresses and computer names used, and other details. Users should use this
information to alter the examples in the labs and notes to match their own
network configurations.
Each Computer is configure as

Static IP
Subnet Mask
Gateway
DNS
: 192.168.2. SN
: 255.255.255.0
: 192.168.2.25
: 192.168.2. Server Number
Client
Network Printer
192.168.2.254
`
Name : clientxpSN
Static IP : 192.168.2. SN
Server
Name : serverSN
Static IP : 192.168.2. SN
All computers use static IP addresses and are on the same subnet. All PCs
should have the following configuration:
Server:
Minimum Intel Dual Core 2.6GHz, 2GB RAM, 80GB Disk.
Partition 1: C Drive, formatted as NTFS, 40GB, installed with Windows
Server 2008.
Partition 2: D Drive, formatted as NTFS, 40GB, free space.
Client:
Minimum Pentium D 2.6GHz, 1GB RAM, 80GB Disk.
Partition 1: C Drive, formatted as NTFS, 40GB, installed with Windows XP
Pro SP2.
Partition 2: D Drive, formatted as NTFS, 40GB, free space.
Table Of Contents
Title
Page
Exercise 1
Installing Windows Server 2008
Exercise 2
Initial Configuration
18
Exercise 3
Installing And Configuring DNS
30
Exercise 4
Installing Active Directory
56
Exercise 5
Creating Organization Units And Users
75
Exercise 6
Configuring Client Computer
97
Exercise 7
Viewing Computers In Active Directory
107
Exercise 8
Delegating Management Of Users
125
Exercise 9
Exploring Group Scopes and Types
142
Exercise 10
Creating And Applying Group Policies
156
Exercise 11
Creating And Sharing Resources
175
Exercise 12
Logon Scripts
209
Table Of Contents
Title
Page
Exercise 13
Home Directories
227
Exercise 14
Disk Quotas
248
Exercise 15
Managing Software Applications
262
Exercise 16
Viewing Events
320
Exercise 17
Auditing
328
Exercise 18
Installing And Configuring Printer
368
Exercise 19
Other Administrative Tools
400
Exercise 20
Installing And Configuring DHCP Server
454
Exercise 21
Installing And Configuring Web Server
482
Exercise 22
Installing And Configuring FTP Server
520
Exercise 1
Installing Windows
Server 2008
Zulfadli Bin Mohd Saad

Computer Engineering Technology,
Department of Electronic
MARA Vocational Institute, Lumut, Perak.
Exercise 1 : Installing Windows Server 2008

In this section, you should be able to :
Describe the different editions of Server 2008

Describe the requirements for a full installation
Get a free evaluation copy of Windows Server 2008 (if you dont already have
one) and how to install it.
Perform Full Installation of Server 2008
Hardware Requirements
Table 1.1 lists the basic system requirements for Windows Server 2008 editions.
Standard
Enterprise
Datacenter
Processor (recommended)
1 GHz (x86)
1.4 GHz (x64)
2 GHz or faster
1 GHz (x86)
1.4 GHz (x64)
2 GHz or faster
1 GHz (x86)
1.4 GHz (x64)
2 GHz or faster
Memory (min)
512 MB
512 MB
512 MB
Memory (recommended)
2 GB or more
2 GB or more
2 GB or more
Memory (max)
Disk space (min)
4 GB (32 bit)
32 GB (64 bit)
10 GB
64 GB (32 bit)
2 TB (64 bit)
10 GB
64 GB (32 bit)
2 TB (64 bit)
10 GB
Disk space (recommended)
40 GB
40 GB
40 GB
Processor (min)
TABLE 1.1 Hardware requirements for Windows Server 2008 editions.

Hardware resources would need to be increased for any systems using Hyper-V
technology and running virtual machines. For example, if youre running three virtual
servers within a Windows Server 2008 Enterprise edition, you would need additional
processing power, more memory, and more disk space.
How to Obtain a Copy of Windows Server 2008?

Its common for Microsoft to provide free evaluation copies of Server operating systems
for use. Currently, you can download Windows Server 2008 30-day and 60-day
evaluation editions free of charges at :
http://www.micosoft.com/windowsserver2008/en/us/trial-software.aspx
Beware, though. These files are quite large. If youre using a slower dial-up link, you
might want to see whether Microsoft is currently offering an evaluation DVD via regular
mail. Theres a nominal cost involved with this option, but its better than trying to
download more than 2GB at 56KB.
The download is an .iso image of the actual DVD. Search with your favorite search
engine for Download Windows Server 2008, and youll find the link.
Once you download the .iso image, you can burn it to a DVD. If you dont have the
software needed to burn it to DVD, you can use one of many freeware utilities (such as
ImgBurn) to burn the .iso image to your DVD.
EXERCISE 1.1
Installing Windows Server 2008
1. Insert the Windows Server 2008 DVD into your DVD drive. Boot your PC using
Windows Server 2008 DVD.
2. Language and Keyboard Options.
This allows you to specify your language and your keyboard layout. By default,
text input language and method is : US Keyboard layout (Figure 0001).
Figure 0001 : Language and Keyboard Options

2.1. Click Next to continue.
3. Windows Server 2008 Setup

You are presented with options to Install, brief information about Server 2008 or
repair (Figure 0002).
Figure 0002 : Windows Server 2008 Setup

3.1 Click Install now to start setup Windows Server 2008 on this computer.
4. Product Key and Activation
Figure 0003 : Product Key and Activation

4.1
Enter your "Product Key" for activation now or you can enter it later (Figure
0003).
10
Figure 0004 : Product Key Warning

4.3. If you leave the product key box blank, the warning window will appear (Figure
0004); just click No to continue.
5. Windows Server Version

5.1.
Select Windows Server 2008 Enterprise (Full Installation), (as shown in the
Figure 0005).
Figure 0005 : Windows Version

5.2. Tick the box of I have selected the edition of Windows that I purchased.
5.3. Click Next.
11
6. Windows Server 2008 License Agreement

6.1. Read the terms of the license agreement.
If you accept (which, of course, you have to do to continue installation), tick the
box of I accept the license terms (Figure 0006).
Figure 0006 : Windows Server 2008 License Agreement

12
7. Installation Options.
You are presented with options to Upgrade or Custom (advanced).
Click Custom (advanced), (Figure 0007).
Figure 0007 : Installation Options

8. Partition Options
8.1. Click Drive options (advanced), (Figure 0008).
Figure 0008 : Drive options
13
8.2. Click New, (Figure 0009).
Figure 0009 : New Partition
8.3. Change the size to 40,000 MB, (Figure 0010).
Figure 0010 : Partition Size

8.4. Click Apply.
14
8.5. Select Disk 0 Partition 1 (Figure 0011).
Figure 0011 : Partition
8.6.
Click Next. The partition will be formatted with NTFS as part of the installation. At
this point, take a break. The installation will continue on its own.
Figure 0012 : Installing Windows
15
9. First Time Login

When you first time login, the windows warning will appear ask you to change the
user password before logging on for the first time (Figure 0013).
Figure 0013 : First time login

9.1 Click OK.
10. Change Administrator Password.

4.1
Enter a new password in the two test boxes (Figure 0014). Enter
Pr@ctice in this exercise. It meets complexity requirements and doesnt
require you to remember multiple passwords. Dont use this password on
a production server.
Figure 0014 : Change Administrator password

10.2 Hit Enter button after the passwords are entered.
16
Figure 0015 : Password changed successfully

10.3
Once the password has been changed, the screen indicates success
(Figure 0015). Click OK.
Congratulation! You have finish install the Windows Server 2008.
Summary
In this section you installed Windows Server 2008 on a computer. In the following
exercises you will setting time zone, install Active Directory and other services, creating
a small network for you to administer.
17
Exercise 2
Initial Configuration

18
Exercise 2 : Initial Configuration

In this section, you should be able to :
Complete the Initial Configuration Tasks
Setup time zone for your server.
Configure networking on your server
Change your server name
Setting Time Zone

In this section, youll learn how to setup time zone for your server.
EXERCISE 2.1
Setting Time Zone
1. In Initial Configuration Tasks, select Set time zone (Figure 0016).
Figure 0016 : Set time zone

2. Click Change time zone (Figure 0017).
Figure 0017 : Change time zone
19
3. Select time zone appropriate for your location.

e.g. (GMT+08:00) Kuala Lumpur, Singapore (Figure 0018).
Figure 0018 : Time zone

4. Click OK.
5. Click OK again (Figure 0019).
Figure 0019 : Change time zone
20
Configuring Network
In this section, youll learn how to configure networking on your server. Make sure you
have hook up your server to the network before you start.
EXERCISE 2.2
Configuring Network
1. In Initial Configuration Tasks, select Configure networking (Figure 0020).
Figure 0020 : Configure networking
2. Double-click Local Area Connection (Figure 0021).
Figure 0021 : Local Area Connection
21
3. Click Properties button (Figure 0022).
Figure 0022 : Local Area Connection Properties

4. Uncheck Internet Protocol Version 6 (TCP/IPv6), because we only use
TCP/IPv4 only (Figure 0023).
Figure 0023 : TCP/IPv6
22
5. Select Internet Protocol Version 4 (TCP/IPv4), and click Properties button

(Figure 0024).
Figure 0024 : TCP/IPv4

6. Now set your server IP address, and ensure that you are using a static IP
address. For this exercise, Im using number 21 as my server station number
(Figure 0025).
Tips:
Use the following IP address:
IP address
Subnet mask
Default gateway
: 192.168.2.SN
: 255.255.255.0
: 192.168.2.ISIP
(server station number)

(internet server IP address)
Use the following DNS server address:

Preferred DNS server
Alternate DNS server
: 192 . 168 . 2 . DNS (1st DNS server IP address)

: ___ . ___ . ___ . ___ (2nd DNS server IP address)
23
Figure 0025 : Static IP address

7. Click Advanced button after complete setting your IP address (Figure 0025).
8. Select the DNS tab (Figure 0026).
Figure 0026 : Advanced TCP/IP Setting

9. Specify myserver.com as the DNS suffix for this connection (Figure 0026).
10. Tick Use this connections DNS suffix in DNS registration box (Figure 0026).
24
11. Click OK (Figure 0026).

12. Click OK again.
13. Click Close button to close Local Area Connection Properties (Figure 0027).

14. Click Close button to close Local Area Connection Status.
15. Close Network Connection properties (Figure 0028).
Figure 0028 : Network Connection properties
25
Changing Computer Name

In this section, youll learn how to change your server name.
EXERCISE 2.3
Changing Computer Name
1. In Initial Configuration Tasks, select Provide computer name and domain
(Figure 0029).
Figure 0029 : Provide computer name and domain

2. Click Change... button (Figure 0030).
Figure 0030 : System Properties
26
3. Key-in your server name at Computer name: box. In this exercise I user
server21 as my computer name (Figure 0031). And click OK.
Figure 0031 : Computer Name
4. Windows remind you to restart your computer to apply the changes. Click OK.
Figure 0032 : Computer Name Restart Reminder
27
5. Click Close button on System Properties dialog box (Figure 0033).
6. Click Restart Now to reboot your computer (Figure 0034).
Figure 0034 : Restart Computer
28
7. After restart, login your server as Administrator (Figure 0035)
Figure 0035 : Login
Summary
In this section you have configure Time Zone, Networking and Computer Name for your
Server 2008. In the following exercises you will install Active Directory and other
services for you to administer.
29
Exercise 3
Installing and
Configuring DNS

30
Exercise 3 : Installing and Configuring DNS

Installing Domain Name System (DNS) Services Role
In this section, youll learn how to implement a domain name server for your network.
Domain Name System (DNS) provides a standard method for associating names with
numeric Internet addresses. This makes it possible for users to refer to network
computers by using easy-to-remember names instead of a long series numbers.
Windows DNS services can be integrated with Dynamic Host Configuration Protocol
(DHCP) services on Windows, eliminating the need to add DNS records as computers
are added to the network.
The first step is required to ensure that you are using a static IP address and that the
DNS settings on the computer have been correctly configured. Make sure your have
hook up your PC to the network and you are using a static IP address before you start.
EXERCISE 3.1
Installing Domain Name System (DNS) Services Role
1. Login your server as Administrator.
2. Launch Server Manager. Click Start Administrator Tools Server Manager
(Figure 0036).
Figure 0036 : Launch Server Manager
31
3. In Server Manager, select Roles (Figure 0037).
Figure 0037 : Roles

4. Select Add Roles (Figure 0038).
Figure 0038 : Add Roles

5. On the Before You Begin page, review the requirements, and click Next (Figure
0039).
Figure 0039 : Add Roles Before You Begin
32
6. On the Select Server Role page, select the check box next to DNS Server, and
click Next (Figure 0040).
Figure 0040 : Server Roles DNS Server

7. On the DNS Server page, review the information, and click Next (Figure 0041).
Figure 0041 : DNS Server
33
8. On the Confirm Installation Selections page, click Install (Figure 0042).
Figure 0042 : Confirm Installation Selections
Please wait. This operation will take a few minutes.
Figure 0043 : Installation Progress
34
9. On the Installation Result page, review the information.

Click Close to continue (Figure 0044).
Figure 0044 : Installation Result
35
EXERCISE 3.2
Configuring Domain Name System (DNS)
10. Launch DNS Manager. Click Start Administrator Tools DNS (Figure 0045)
Figure 0045 : Launch DNS Manager
11. Double-click on the computer icon to expand the DNS Server (Figure 0046).
Figure 0046 : DNS Manager
36
EXERCISE 3.2.1
Configuring Forward Lookup Zones
12. Click on Forward Lookup Zones first, and then right-click on it.
13. Select New Zone (Figure 0047)
Figure 0047 : Create New Zone
14. New Zone welcome wizard appear. Click Next to continue (Figure 0048).
Figure 0048 : New Zone Welcome Wizard
37
15. Select Primary zone and click Next button (Figure 0049).
Figure 0049 : Zone Type

16. The New Zone Wizard dialog box requests the name for the zone. Enter the
name that has been assigned to your domain (this example uses myserver.com).
(Figure 0050).
Figure 0050 : Zone Name

17. Once you have entered the correct name for the zone name, click Next button to
continue.
38
18. The dialog box now displays the name that will be used to the new zone file.
Leave the filename as suggested, then click Next (Figure 0051).
Figure 0051 : Zone File

19. Select the option "Allow both nonsecure and secure dynamic updates". Click
Next to continue (Figure 0052).
Figure 0052 : Dynamic Update
39
20. Click Finish to close the wizard and create the new zone (Figure 0053).
Figure 0053 : Successfully Completed the New Zone Wizard
40
EXERCISE 3.2.2
Creating Forward Lookup Zones New Host
21. Double click to expand Forward Lookup Zones.
22. Right click myserver.com and select New Host (Figure 0054).
Figure 0054 : Create New Host
23. Enter IP address for DNS server (myserver.com) and click Add Host (Figure
0055).
Figure 0055 : New Host

24. Click OK button.
25. Click Done button to exit New Host Wizard.
41
26. After finish configuring Forward Lookup Zones, recheck myserver.com must have
minimum three(3) types resource record (SOA), (NS) and (A). (Figure 0056).
Figure 0056 : Forward Lookup Zones
42
EXERCISE 3.3
Configuring Reverse Lookup Zones
27. Click on Reverse Lookup Zones.
28. Right click Reverse Lookup Zones and select New Zone (Figure 0057).
Figure 0057 : Add a New Zone

29. New Zone welcome wizard appear. Click Next to continue (Figure 0058)
Figure 0058 : New Zone Welcome Wizard
43
30. Select Primary zone and click Next button (Figure 0059)
Figure 0059 : Zone Type
31. Select IPv4 Reverse Lookup Zone and click Next to continue (Figure 0060).
Figure 0060 : Reverse Lookup Zone Name
44
32. A reverse zone maps IP addresses to computer names, so it has to know what
range of IP addresses it will be responsible for.
Enter the first 3 octets of the IP address that has been allocated to your network
domain (Figure 0061).
Figure 0061 : Network ID

33. After entering the network ID, click Next button to continue.
34. The wizard will display the name of the reverse zone file that it will create. Leave
the filename as suggested, then click Next (Figure 0062).
Figure 0062 : Zone File
45
35. Select the option "Allow both nonsecure and secure dynamic updates". Click
Next to continue (Figure 0063)
Figure 0063 : Dynamic Updates

36. Click Finish to close the wizard and create the new zone (Figure 0064).
Figure 0064 : Successfully Completed the New Zone Wizard
46
EXERCISE 3.3.1
Creating Reverse Lookup Zones New Pointer (PTR)
37. In the DNS manager window, double-click the computer icon and expand the
Reverse Lookup Zone field.
38. Expand the subnet field.
39. Right-click the subnet field and select New Pointer (Figure 0065).
Figure 0065 : Create New Pointer
40. Enter the IP address of your domain server (Figure 0066).
Figure 0066 : Host IP Address

41. Click Browse button to browse for host name.
47
42. Double click your server icon (Figure 0067).
Figure 0067 : Browse Host Name - Domain
43. Double click Forward Lookup Zones (Figure 0068).
Figure 0068 : Browse Host Name - Forward Lookup Zones
48
44. Double click your domain (Figure 0069).
Figure 0069 : Browse Host Name Domain.com

45. Double click Host (A) record (Figure 0070).
Figure 0070 : Browse Host Name Host (A)
49
46. Click OK to create new pointer (Figure 0071).
Figure 0071 : New Pointer Complete Data
47. After finish configuring Reverse Lookup Zones, recheck the subnet field. The
subnet field must have minimum three(3) types resource record (SOA), (NS)
and (PTR). (Figure 0072).
Figure 0072 : Reverse Lookup Zones
50
EXERCISE 3.4
Testing The DNS Server
In this section you verify that the DNS Server is installed, running, and correctly
configured.
48. In the DNS manager window, right-click the computer icon and select properties
(Figure 0073).
Figure 0073 : DNS Manager Server Properties
49. Click the Monitoring tab (Figure 0074).
Figure 0074 : DNS Server Properties
51
50. Enable both tests and click Test Now button (Figure 0075).
Figure 0075 : DNS Server Properties - Monitoring

Do not proceed till the test results for Simple Query indicate Pass. Your
recursive query result will indicate Fail because we did not configure our DNS to
query to other DNS server.
51. Click OK to continue
52. Close the DNS Manager.
52
EXERCISE 3.5
Testing The DNS Server Using NSLOOKUP To Query DNS
In this exercise you will use a client tool to check the operation of the DNS server. You
will query both a forward and reverse lookup.
53. Launch Run. Click Start Run (Figure 0076).
Figure 0076 : Launch RUN
53
54. Enter nslookup and click OK (Figure 0077).
Figure 0077 : Launch Nslookup Program
55. A command prompt DOS window will appear with the program nslookup running
in it (Figure 0078).
The default server name and IP address of the DNS server will be shown.
Figure 0078 : Running Nslookup
56. To perform a forward lookup (resolve a computer name to an IP address) enter

the name of the computer (e.g. myserver.com) (Figure 0079).
Figure 0079 : Query Forward Lookup
54
57. Press ENTER. Your query result will be same as Figure 0080 below.
Figure 0080 : Query Forward Lookup Result
58. To perform a reverse lookup (resolve an IP address to a computer name), enter

the IP address given in step 56 and press ENTER (Figure 0081).
Figure 0081 : Query Reverse Lookup

59. Close the command prompt windows (Figure 0081).
Summary
The DNS server is a database that manages computer names and their IP addresses.
Zone files are used to store this information. Within a zone, a forward lookup resolves
computer names to IP addresses. A reverse zone resolves IP addresses to computer
names.
A client tool such as NSLOOKUP can be used to test the operation of a DNS server.
55
Exercise 4
Installing Active
Directory

56
Exercise 4 : Installing Active Directory

In this exercise you will install active directory services (ADS) and change to native
mode (where the server acts purely with ADS). Once ADS is installed, you will be able to
take advantage of many of the new features of Windows 2008 in managing users,
computers and sites.
Adding Active Directory Domain Services Role

In this section, youll learn how to adding Active Directory Domain Services Role.
EXERCISE 4.1
Adding Active Directory Domain Services Role
1. Login your server as Administrator.
2. Launch Server Manager. Click Start Administrator Tools Server Manager
(Figure 0082).
Figure 0082 : Launch Server Manager
57
Figure 0083 : Roles


5. On the Before You Begin page, review the requirements, and click Next (Figure 0085).
58
6. On the Select Server Role page, select the check box next to Active Directory
Domain Services, and click Next (Figure 0086).
Figure 0086 : Server Roles

7. On the Active Directory Domain Services page, review the information, and click
Next (Figure 0087).
Figure 0087 : Active Directory Domain Services
59
8. On the Confirm Installation Selections page, click Install (Figure 0088).
60

Click Close (Figure 0090).

Note : You still must run the Active Directory Domain Services Installation Wizard
(DCPromo) to make the server a fully functional domain controller.
61
Installing Active Directory Domain Services

In this section, youll learn how to installing Active Directory Domain Services.
EXERCISE 4.2
Installing Active Directory Domain Services
10. Logon into a Windows Server 2008 server as Administrator.
11. Click Start Run. At the Run line, enter DCPromo, and click OK (Figure 0091).
Figure 0091 : Run dcpromo

12. On the Welcome screen, click Next (Figure 0092).
Figure 0092 : Welcome Screen
62
13. On the Operating System Compatibility screen, review the information, and click
Next (Figure 0093).
Figure 0093 : Operating System Compatibility Screen
14. On the Choose a Deployment Configuration screen, select Create a New

Domain in a New Forest.
Click Next (Figure 0094).
Figure 0094 : Choose a Deployment Configuration Screen
63
If your computer were part of an existing forest, you could create a replica
domain controller within an existing domain. However, this exercise is assuming
your server will be the first domain controller in the forest.
15. On the Name the Forest Root Domain screen, enter MYServer.com as the fully
qualified domain name.
Figure 0095 : Name the Forest Root Domain Screen

16. If Domain NetBIOS Name page appears, accept the default of MYSERVER.
17. On the Set Forest Functional Level screen, select the Forest functional level of
Windows Server 2008. This ensures that any new domains created in this forest
will automatically operate at the Windows Server 2008 domain functional level,
which does provide unique features. If you had a network that has a Windows
2000 Remote Access Server, you would select the compatible option (Figure
0096).
Figure 0096 : Set Forest Functional Level Screen
64
18. Click Next to continue.

19. On the Additional Domain Controller Options screen, note that both the DNS
server and the global catalog are selected as options. Active Directory Domain
Services requires DNS, and if not available on the network, DCPromo will give
you the option of installing it. Additionally, the first domain controller within a
domain is a global catalog server.
Figure 0097 : Additional Domain Controller Options Screen

Note : If you have dynamically assigned IP addresses, a warning will appear
indicating you must assign static IP addresses for both IPv4 and IPv6. Either
assign static IP addresses or click Yes; the computer will use a dynamically
assigned IP address and configure static IP addresses later. As a best practice,
domain controllers should use statically assigned IP addresses.
Click Next to continue (Figure 0097).
65
20. If this server is on an isolated network without other DNS servers, a warning
dialog box will appear indicating that a delegation for this DNS server cant be
created and other hosts may not be able to communicate with your domain from
outside the domain. This is normal when installing DNS for the first domain
controller in a forest.
Click Yes to continue (Figure 0098).
Figure 0098 : Warning Dialog Box
21. On the Location for Database, Log Files, and SYSVOL screen, accept the
defaults.
Figure 0099 : Location for Database, Log Files, and SYSVOL Screen
66
22. On the Directory Services Restore Mode Administrator Password screen, enter
@xercisE in both the Password and Confirm password boxes. This password is
needed if you need to restore Active Directory Domain Services. On a production
domain controller, a more secure password would be required.
Figure 0100 : Directory Services Restore Mode Administrator Password Screen
23. On the Summary screen, review your selections, and click Next (Figure 0101).
Active Directory Domain Services will be installed.
Figure 0101 : Summary Screen
67
24. After a few minutes, the wizard will complete (Figure 0102).
Figure 0102 : AD Installation Progress
25. If a warning message appeared same as below, just click OK. This message
appeared because we already created the DNS zone before (Figure 0103).
Figure 0103 : Warning Message

26. On the Completion screen, click Finish (Figure 0104).
Figure 0104 : Completion Screen
68
27. On the Active Directory Domain Services dialog box, click Restart Now (Figure
0105).
Once your system reboots, Active Directory Domain Services will be installed.
Figure 0105 : Restart Confirmation Screen
28. After restart, login your server as Administrator (Figure 0106).
Figure 0106 : Login
69
EXERCISE 4.3
Recheck Network Configuration
Now you need to recheck your network configuration because sometime after
installing Active Directory Domain Services, the network configurations change to
localhost setting.
29. Launch Network and Sharing Center. Click Start Right click Network
Properties (Figure 0107).
Figure 0107 : Network Properties
70
30. Under myserver.com (Domain network), click View status (Figure 0108).
Figure 0108 : View Network Status

31. Click Properties button to open Local Area Connection Properties (Figure 0109).
Figure 0109 : Local Area Connection Status
71
(Figure 0110).
Figure 0111 : Internet Protocol Version 4 (TCP/IPv4) Properties
72
33. Check your network configurations; make sure the configurations correct (Figure
0112).
Figure 0112 : Network Configurations

34. Now click the Advanced button (Figure 0112).
35. Select the DNS tab (Figure 0113).
36. Specify myserver.com as the DNS suffix for this connection (Figure 0113).
37. Tick Use this connections DNS suffix in DNS registration box (Figure 0113).
39. Click OK again.
73
Figure 0113 : Advanced TCP/IP Setting

40. Close all remaining windows.
Summary
Windows Server 2008 brings a lot of new features and benefits that will drive a
lot of migrations to the new operating system. This chapter presented many of these
new additions.
One of the significant benefits of Windows Server 2008 is virtualization. Three
editions (Windows Server 2008 Standard with Hyper-V, Windows Server 2008
Enterprise with Hyper-V, and Windows Server 2008 Datacenter with Hyper-V) support
virtualization.
Each edition can be purchased with or without Hyper-V, which is the technology
that supports virtualization. The Standard edition supports one virtual server, the
Enterprise edition supports as many as four virtual servers, and the Datacenter edition
supports an unlimited number of virtual servers. Virtualization is supported only on 64-bit
operating systems.
In this chapter, you learned about the new features of Windows Server 2008.
These included Server Manager, Server Core, PowerShell, Windows Deployment
Services, and read-only domain controllers.
Exercises led you through the process of installing Windows Server 2008 on a
PC. After reviewing many of the basics of Active Directory Domain Services, you learned
how to promote the server to a domain controller.
74
Exercise 5
Creating
Organization Units
And Users

75
Exercise 5 : Creating Organizational Units And Users

In this section, youll use active directory to view the default settings that apply to user
accounts when they are created. These settings can be overridden for a particular user,
a group of users, or all users.
You will create a number of organizational units. An OU acts as a container that holds
objects such as users.
Creating Organization Units

In the following exercise, you will create some organizational units that will act as
containers for some users. These organizational units model the departments within a
small organization.
EXERCISE 5.1
Creating Organization Units
1. Logon server as administrator.

2. Launch Active Directory Users and Computers. Click Start Administrative
Tools Active Directory Users and Computers (Figure 0114)
Figure 0114 : Run Active Directory Users and Computers
76
3. Click on the myserver.com icon to select it (Figure 0115).
Figure 0115 : Expand Domain

4. On the menu bar, click Action, New, Organizational Unit (Figure 0116).
Figure 0116 : Create New Organization Unit
77
5. Enter Stkm as the name for the new organizational unit (Figure 0117).
6. Uncheck Protect container from accidental deletion (Figure 0117).
Figure 0117 : Create Organization Unit

8. Repeat step 3 to 7 to create the organizational units Sted and Sklr (Figure
0118).
Figure 0118 : Organization Unit

Creating organizational units lets you place users directly into units and assign
permissions and rights based on these units. This leads to better administration
and delegation control than if you placed users directly into the user container.
When users move from one department to another, it is a simple matter to move
the user to the corresponding organizational unit. In this way, they inherit all the
new features and rights and of the new organizational unit, ensuring they have
full access to all the resources they are entitled to.
78
EXERCISE 5.2
Creating Users within Organizational Units
For proper control, it is better to create users within an OU rather than the Users
container. In the following exercise you will create a number of users, modify their
properties, and move them from one organizational unit to another.
9. Click the Stkm OU to highlight it (Figure 0119).
Figure 0119 : Stkm OU
Creating new user accounts for Zul

10. Right click Stkm and select New User from the menu (Figure 0120).
Figure 0120 : Stkm OU
79
11. Enter the following details for Zul (Figure 0121).

First Name
Last Name
Full Name
User logon name
Zul
Zcomby
Zul Zcomby
zul.zcomby
Figure 0121 : Create New User
12. Click Next.

13. Enter the password as comby. Check the boxes User cannot change password
and Password never expires, then click Next (Figure 0122).
Figure 0122 : Create Password
80
14. Click Finish to create the new user Zul (Figure 0123).
Figure 0123 : New User Account Confirmation

15. The warning below will appear. This warning appears because your password
does not meet the password policy requirements. Click OK to continue (Figure
0124).
Figure 0124 : Password Policy Warning

16. Click Cancel to close new user account confirmation window (Figure 0125).
Figure 0125 : New User Account Confirmation
81
EXERCISE 5.2.1
Configuring Password Policy
17. To disable password policy requirements; launch Group Policy Management.
Click Start Administrative Tools Group Policy Management (Figure 0126)
Figure 0126 : Launch Group Policy Management
82
18. Double click to expand Forest: myserver.com.

19. Expand Domains.
20. Expand myserver.com.
21. Click Default Domain Policy (Figure 0127).
Figure 0127 : Group Policy Management
22. If any warning box appeared; just click OK (Figure 0128).
Figure 0128 : Group Policy Management Console Warning
83
23. Right click Default Domain Policy and select Edit (Figure 0129).
Figure 0129 : Group Policy Management Default Domain Policy
24. Double click to expand Policies (Figure 0130).

25. Expand Windows Settings.
26. Expand Security Settings (Figure 0130).
Figure 0130 : Group Policy Management Security Settings
84
27. Double click to expand Account Policies (Figure 0131).
Figure 0131 : Group Policy Management Password Policy
28. Click Password Policy (Figure 0132).

29. Double click Password must meet complexity requirements under Password
Policy to open Password must meet complexity requirements Properties.
Figure 0132 : Group Policy Management - Password Must Meet Complexity Requirements
85
30. Select Disabled under Security Policy Setting tab (Figure 0133).
Figure 0133 : Password Must Meet Complexity Requirements Properties

31. Click OK.
32. Double click Minimum password length under Password Policy to open
Minimum password length Properties (Figure 0134).
Figure 0134 : Group Policy Management - Minimum Password Length
86
33. Set No password required to 0 characters (Figure 0135).
Figure 0135 : Minimum Password Length Properties

34. Click OK.
35. Recheck your configuration. Your configuration should be same as figure below
(Figure 0136).
Figure 0136 : Group Policy Management - Password Policy
36. Close all windows and RESTART your server.

After restarting server, login as Administrator and start create user Zul Zcomby
again (follow step 10 to 14). There should be no problem anymore.
87
Creating Users within Organizational Units (EXERCISE 5.2 - Continue)

37. Now create the new user Ocah in the Stkm OU using the following properties
(Figure 0137).
First Name
Ocah
Last Name
Blue
Full Name
Ocah Blue
User logon name ocah.blue

Password
ocah
User cannot change password

Password never expires
Figure 0137 : Ocah Blue Properties
38. Create the following user account in the Sted OU (Figure 0138).
First Name
Ahmad
Last Name
Akmal
Full Name
Ahmad Akmal
User logon name zul.akmal

Password
akmal

Figure 0138 : Ahmad Akmal Properties
39. Create the following user account in the Sklr OU.

First Name
Ain
Last Name
Syahmi
Full Name
Ain Syahmi
User logon name ain.syahmi

Password
ain

Figure 0139 : Ain Syahmi Properties
88
First Name
Ali
Last Name
Uddin
Full Name
Aliuddin
User logon name
ali.zul
Password
ali

Figure 0140 : Aliuddin Properties
First Name
Wan
Last Name
Saad
Full Name
Md Saad
User logon name
wan.saad
Password
masuri
User must change password at next logon

Account is disabled
Figure 0141 : Md Saad Properties
40. Note the down arrow

that appears on the icon for the user Md Saad,
indicating this account has been disabled (Figure 0142).
Figure 0142 : AD Users and Computers User Disabled
89
EXERCISE 5.3
Moving Users within Organizational Units
41. It is easy to delete, rename or move a user from an organization unit. In the
above exercise the user Md Saad was inadvertently placed in the wrong OU.
Right-click the user Md Saad and select move from the list (Figure 0143).
Figure 0143 : Move Users

42. Click Stkm as the destination OU (Figure 0144).
Figure 0144 : Move Users Stkm OU
43. Click OK
90
44. Expand the Stkm OU to confirm that the user Md Saad is now a member of Stkm
OU (Figure 0145).
Figure 0145 : Stkm OU Members
You have now created a number of users within the organizational units created
earlier. At this stage, you cannot see the benefits of doing this. However, the later
exercises will start to illustrate why this has been done, by allocating resources to
organizational units.
Thus, a user will get access to a resource based on their OU membership
properties. If a user moves from one organizational unit to another, they will
inherit all the resources associated with the new OU.
91
EXERCISE 5.4
Updating User Information
In this exercise we will look at default user properties such as logon times and how often
they need to change their passwords.
Active Directory allows organizations to store significantly more information than in
previous versions of Windows. For example, you can store telephone and office
information in the Active Directory with the user information.
45. Double click the user Md Saad in the Stkm OU (Figure 0146).
Figure 0146 : User Properties

46. Enter the following details (Figure 0147).
Office
Integration
Telephone Number
012-5740157
E-Mail
md.saad@myserver.com
Job Title (Organization) Senior Instructor

Department
Company
Computer Technology
IKM
Figure 0147 : User Details
92
Figure 0148 : Md Saad Properties - General
Figure 0149 : Md Saad Properties - Organization

47. Click OK to apply the changes.
93
EXERCISE 5.5
Restrict User Logon Hours
48. Double click the user Md Saad in the Stkm OU (Figure 0150).
Figure 0150 : Md Saad Properties

49. Click Account tab (Figure 0151).
Figure 0151 : Md Saad Properties - Account
94
50. Click the Logon Hours button (Figure 0152).
Figure 0152 : Logon Hours

51. Select all areas and click Logon Denied (Figure 0153).
Figure 0153 : Logon Hours for Md Saad Logon Denied

Restrict the logon hours (under Account Tab) to Monday-Friday, 8am-5pm.
52. Select the areas Monday to Friday and 8am to 5pm (Figure 0154).
Figure 0154 : Logon Hours for Md Saad Select Areas
95
53. Select Logon Permitted (Figure 0155).
Figure 0155 : Logon Hours for Md Saad Set Logon Permitted

54. Click the OK button.
55. Click the OK button again.
In the above exercise you assigned some organizational information to a user.
You also explored some of the properties that can be applied.
96
Exercise 6
Configuring Client
Computer

97
Exercise 6 : Configuring a Client Computer

In this section you will configure Windows XP Professional on the other computer that
will be part of your network. This computer will act as a client computer that users of
your network can use to access shared resources such as files, software and printers.
Make sure that the Windows Server 2008 previously installed is running.
Please refer to the following table for client configuration.
Name of This Computer clientxpSN
Name of Organization
IKM
Role of This Computer Client Workstation

Name of Installer
Administrator
Domain Name
same domain name as you did for the Server
TCP/IP Address
192.168.2.SN
TCP/IP Subnet mask
255.255.255.0
TCP/IP Gateway
192.168.2.ServerNumber
192.168.2.ServerNumber
Note : SN = Station Number

Use the same domain name as you did for the Server.
98
EXERCISE 6.1
Network Setting (Windows XP)
1. Run Network Connections application program. Click Start All Programs
Accessories Communications Network Connections (Figure 0156).
Figure 0156 : Run Network Connections

2. Right click Local Area Connection (Figure 0157).

3. Select Properties (Figure 0157).
99
4. Double click Internet Protocol (TCP/IP) (Figure 0157).

5.
Now set your client (Windows XP) IP address, and ensure that you are using a
static IP address. For this exercise, Im using number 61 as my Windows XP
client station number (Figure 0159).
Use the following IP address:
IP address
Subnet mask
Default gateway
: 192.168.2.SN
: 255.255.255.0
: 192.168.2.ServerNumber
(client station number)

(server IP address)
Use the following DNS server address:

Alternate DNS server
: 192 . 168 . 2 . ServerNumber

: ___ . ___ . ___ . ___
(1st server IP address)

(2nd server IP address)
100
Figure 0159 : Internet Protocol (TCP/IP) Properties

7. Click the OK button (Figure 0159).

8. Click OK button (Figure 0160) and close all remaining windows.
101
EXERCISE 6.2
Joining Domain (Windows XP client)
9. Click Start Right-click My Computer (Figure 0161).
Figure 0161 : My Computer
10. Select Properties. (Figure 0162).
Figure 0162 : My Computer - Properties
102
11. Click the Computer Name tab, and then click Change. (Figure 0163).

12. Click the More button. (Figure 0164).
Figure 0164 : Computer Name Changes - Workgroup
103
13. Specify yourdomain.com as the Primary DNS Suffix for This Computer (Figure
0165).
Figure 0165 : DNS Suffix and NetBIOS Computer Name

15. Change Computer Name to clientxpSN (Figure 0166).
16. Select "Member of ....... Domain" and enter the name of your Domain (Figure 0166).
Figure 0166 : Computer Name Changes - Domain

104
18. Now Domain Server will prompt you for Username and Password. Enter any
username and password you have created before. (Figure 0167).
Figure 0167 : Join Domain Verification
19. If you get this welcome message : Windows : "Computer Name Changes" Welcome to the ....... domain"; it means you are successfully joining a domain.
(Figure 0168).
Figure 0168 : Domain Welcome Message
20. Since joining a domain is a major change in the security configuration of your
system, you will be reminded that you have to restart your system. Click OK
(Figure 0169).
Figure 0169 : Restart Reminder
105
21. You will be back in the System Properties, where you are now listed as being
part of a domain (Figure 0170).
Figure 0170 : System Properties Computer Name

22. Click OK to close the remaining dialog boxes (Figure 0170).
23. Click YES to restart the computer. (Figure 0171).
Figure 0171 : Restart Confirmation
.
.
106
Exercise 7
Viewing Computer
In Active Directory

107
Exercise 7 : Viewing Computer In Active Directory

In this section you will use Active Directory Users and Computers to view information for
computers and servers.
When a client workstation is installed using Windows XP Professional or Windows 2000
Professional or Windows Vista or Windows 7, it has its own accounts database and
rights. When that client computer joins a domain or Windows Server 2008 network, this
means that the domain wide accounts are available for use at the workstation. When a
user logs on using the client computer, any policies are applied to the client computer.
Client workstations running Windows XP Professional have their own local accounts
database. This means it is possible for an administrator on the workstation to create a
local workstation account, which is not the same as the domain account, and allow
users to logon to the local computer rather than the domain.
Currently, you should have the Windows Server 2008 and a Windows XP Professional
client workstation running.
Log on as administrator to the Windows Server 2008.
EXERCISE 7.1
Viewing Computers and Servers in Active Directory
In this exercise, you will use Active Directory Users and Computers to view the
workstations and servers in the domain.
1. Log on the Windows Server 2008 as administrator.

108
Figure 0172 : Launch Active Directory Users and Computers

3. Expand the domain icon (Figure 0173).
Figure 0173 : AD myserver.com
109
4. Click on the Computers folder from the list (Figure 0174).
Figure 0174 : AD Computers

You can see CLIENTXP61 listed under Computer folder.
5. Double-click on the CLIENTXP61 to display its properties (Figure 0175).
Figure 0175 : CLIENTXP61 Properties

Now you can see the general information about CLIENTXP61 including it DNS
name and it role.
110
6. Click on the Operating System tab (Figure 0176).
Figure 0176 : CLIENTXP61 Properties - Operating System

Here you can find information about Operating System, version and service pack
using by client.
7. Click OK to close the properties box.

8. Click on the Domain Controllers folder under myserver.com (Figure 0177)
Figure 0177 : AD - Domain Controllers
111
9. Double-click on the domain controllers to display its properties (Figure 0178).
Figure 0178 : SERVER21 Properties
10. Click on the Operating System tab (Figure 0179.)
Figure 0179 : SERVER21 Properties - Operating System

Here you can find information about Operating System, version and service pack
using by server.
11. Click OK to close the properties box and close all remaining dialog box.
In this exercise you viewed properties of workstations and servers in your

network using Active Directory.
112
EXERCISE 7.2
Using the Local Workstation Account
In this exercise you will log on the Windows XP Professional workstation using a local
administrator account.
12. Logon the Windows XP Professional as administrator (Figure 0180).
Figure 0180 : Log on to Windows XP

13. Logoff the client computer. Click Start Shutdown and select Logoff
Administrator (Figure 0181).
Figure 0181 : Log off Windows XP
113
Figure 0182 : Log off Windows XP Administrator
EXERCISE 7.3
Using Domain wide account at the client computer
In this exercise you will log on the client computer using a domain account.
15. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0183).
Figure 0183 : Windows XP Logon
114
16. Log on the Windows XP Professional as zul.zcomby and comby as password

(Figure 0184).

17. Click OK.
18. You will receive a Logon Message. Why? (Figure 0185)
Because zul.zcomby not created on the local client account, it was created in the
server active directory account.
Just now, you were tried to logon to the client using active directory user account.
Figure 0185 : Logon Message

19. Click OK to dismiss the dialog box.
115
20. Now, look at the logon box. There is an extra field displayed, called Logon to:
(Figure 0186).

21. Click the Logon to: box, and select MYSERVER (Figure 0187)
Figure 0187 : Log on to server
116
22. Enter the same user credentials as previously (Figure 0188).
Figure 0188 : Log on to server using client workstation

23. Click OK.
What happened? Could you log on? It should be no problem.
24. Log off the client computer. But leave it running Windows XP Professional (do
not shut the computer down yet).
25. If you are currently logged in to the Windows Server 2008, log off.
26. Attemp to log on to the server as zul.zcomby.
26.1.
Click Switch User button (Figure 0189).
Figure 0189 : Switch User button
26.2.
Click Other User button (Figure 0190).
Figure 0190 : Other User button
117
26.3.
Enter user as zul.zcomby and password as comby (Figure 0191).
Figure 0191 : Logon to server using user account

26.4.
Press ENTER.
27. What happened? Could you log on?

A error message appeared (Figure 0192).
Figure 0192 : Logon Error Message

Why?
Because the user account you are using to login into server do not have
permission to login into server directly.
28. Click OK.

29. Logon to the server as administrator.
118
Tools Active Directory Users and Computers (Figure 0193).
31. Click on the Stkm Organizational Unit (Figure 0194).
Figure 0194 : Active Directory Users and Computers - Stkm
119
32. Double-click on the user Zul Zcomby to display the properties box (Figure 0195).
Figure 0195 : Zul Zcomby Properties

33. Click the Member Of tab (Figure 0196).
Figure 0196 : Zul Zcomby Properties - Member Of
120
34. Click Add button (Figure 0197).
Figure 0197 : Add Button
35. Click Advanced button (Figure 0198).
Figure 0198 : Select Groups
36. Click Find Now button (Figure 0199).
Figure 0199 : Select Groups - Advanced
121
37. Double-click Server Operators from the list (Figure 0200).
Figure 0200 : Select Groups Find Now

38. Click OK.
Figure 0201 : Select Groups
122
Figure 0202 : Zul Zcomby Properties - Member Of

41. Log off server. Click Start Log Off (Figure 0203).
Figure 0203 : Log Off Server

42.1.
Press Ctrl + Alt + Del.
42.2.
123
42.3.
42.4.
Enter user as zul.zcomby and password as comby (Figure
0206).

42.5.
Press ENTER.
What happened? Could you log on? It should be no problem.
Summary
Servers do not allow normal users to logon locally. Servers run the network and provide
resources, which users connect to remotely across a network. Servers are not designed
to have users physically sitting at their keyboards trying to log on and run programs.
Users actually logon to a client computer in the network and access resources using a
network connection.
Client computers running Windows XP Professional have their own accounts database.
124
Exercise 8
Delegating
Management Of
Users

125
Exercise 8 : Delegating Management Of Users

In this exercise you will create new local groups and look at assigning managers to
users and organizational units.
EXERCISE 8.1
DelegatingControl
In this portion of the exercise you will make zul.zcomby a manager of the Stkm
organizational unit. Once he is a manager, he will be able to modify user accounts within
the Stkm OU.
1. Log on the Windows Server 2008 as administrator.
126
Figure 0208 : AD myserver.com

4. Right click the Stkm OU and select Delegate Control (Figure 0209).
Figure 0209 : AD Stkm
5. This starts the Delegation of Control Wizard (Figure 0210).
Figure 0210: Delegation of Control Wizard
127
6. Click Next (Figure 0210).

7. Click the Add button (Figure 0211).
Figure 0211: Delegation of Control Wizard Users or Groups

8. Click the Advanced button (Figure 0212).
Figure 0212: Select Users, Computers, or Groups
128
9. Click the Find Now button (Figure 0213).
Figure 0213: Select Users, Computers, or Groups Advanced

10. Select Zul Zcomby account (Figure 0214).
Figure 0214: Select Users, Computers, or Groups Find Now
129

Figure 0215: Select Users, Computers, or Groups User Added
Figure 0216: Delegation of Control Wizard Users Added
130
14. Delegate the following tasks as illustrated (Figure 0217).
Figure 0217: Task to Delegate

16. Click Finish (Figure 0218).
Figure 0218: Delegation of Control Wizard Finish
131
17. Log off server. Click Start Log Off (Figure 0219).
Figure 0219 : Log Off Server
132
EXERCISE 8.2
Managing Users
In this portion of the exercise you will log on to server as zul.zcomby and attempt to
manage users.
18.1.
18.2.

18.3.
18.4.

18.5.
Press ENTER.
133
Figure 0223: Launch Active Directory Users and Computers

20. You will be asked to reenter your password for security measure. Just reenter
password for zul.zcomby (Figure 0224).
Figure 0224: User Account Control Permission
134
Figure 0225: Active Directory Users and Computers - Domain
22. Click on the Stkm OU (Figure 0226).
Figure 0226: Active Directory Users and Computers - Stkm

23. Double-click the user Ocah Blue (Figure 0227).
Figure 0227: Active Directory Users and Computers User
135
24. Click the Account tab (Figure 0228).
Figure 0228: Ocah Blue Properties

Figure 0229: Logon Hours button
136
26. Select all areas and click Logon Denied (Figure 0230).
Figure 0230 : Logon Hours for Ocah Blue Logon Denied

Change Ocahs the logon hours (under Account Tab) to Monday-Friday, 8am5pm.
27. Select the areas Monday to Friday and 8am to 5pm (Figure 0231).
Figure 0231 : Logon Hours for Ocah Blue Select Areas
137
28. Select Logon Permitted (Figure 0232).
Figure 0232 : Logon Hours for Ocah Blue Set Logon Permitted
29. Click OK.
30. Click OK again.
31. Click the Sklr OU (Figure 0233).
Figure 0233: Active Directory Users and Computers Sklr
138
32. Double-click Ain Syahmi user account to display the properties of this user
(Figure 0234).
Figure 0234: Active Directory Users and Computers User

33. Attemp to change the logon hours of this user. Click Account tab (Figure 0235).
Figure 0235: Ain Syahmi Properties
139
Figure 0236: Logon Hours Button
35. A warning message will be displayed (Figure 0237).

Why do you think you are not able to modify this account?
Figure 0237: AD Error Message

Because Zul Zcomby only have permission to modify user under Stkm OU only.
He only have read permissioin for other OUs.
36. Click OK to close the message (Figure 0237).

37. Close all remaining windows except Active Directory Users and Computers.
38. Click the Stkm OU (Figure 0238).
Figure 0238: Active Directory Users and Computers Stkm
140
39. Right-click Ocah Blue account and select Reset Password from the list
(Figure 0239).
Figure 0239: AD Ocah Blue Reset Password

This display a reset password box that will allow the password to be changed.
40. Click Cancel (Figure 0240).
Figure 0240: Reset Password

42. Log off the server.
In the above exercise you delegated control of an Organizational Unit to a user. You
then modified account details of users belonging to that OU as the designated
manager of the OU.
Delegating control of users using the delegation control wizard is simple. When
control of users and groups is delegated, administrators can be relieved of simple
administrative tasks such as resetting passwords and modification of user accounts.
141
Exercise 9
Exploring Group
Scopes and Types

142
Exercise 9 : Exploring Group Scopes and Types

EXERCISE 9.1
Exploring Group Scopes and Types
In the following exercise you will create a number of groups. These groups will be used
to demonstrate group scope. From the notes, group scope determines who can be a
member and where that group can be used in the enterprise.
Group
Type
Scope
Local
User accounts, Global groups and Universal groups from any domain in the
forest, as well as local groups from the same domain.
Global
User accounts and global groups from the same domain.
Universal
User accounts, global groups and universal groups from any domain in the
forest.
The recommended strategy for using groups in Windows Server 2008 is to use both
global and domain local groups. Place users into global groups and then place the global
groups into domain local groups and assign permissions to the domain local groups.
Global groups have access to accounts in the local domain. Where the enterprise
consists of more than one domain, local groups allow the use of accounts across all the
domains. Where the enterprise has combined a number of domains into a forest,
Universal groups provide access to any accounts in the forest.
1.
Log on server as Administrator (Figure 0241).
Figure 0241 : Administrator Login
143


3. Right-click the domain icon and select New - Group from the list (Figure 0243).
Figure 0243 : Active Directory Users and Computers New Group
144
4. Create a global group called Technical Support (Figure 0244).

4.1 Key-in Technical Support in the Group name: box
4.2 Verify Group scope set to Global.
4.3 Verify the Group type is set to Security.
Figure 0244 : New Object - Group

6. Add Ali Uddin as a member of Technical Support.

6.1 Double-click Technical Support (Figure 0245).
Figure 0245 : Active Directory Users and Computers Technical Support
145
6.2 Click Members tab (Figure 0246).
Figure 0246 : Technical Support Properties

6.3 Click Add button (Figure 0247).
Figure 0247 : Add button

6.4 Click Advanced button (Figure 0248).
Figure 0248 : Select Users, Contacts, Computers, or Group box
146
6.5 Click Find Now button (Figure 0249).
Figure 0249 : Select Users, Contacts, Computers, or Group - Advanced

6.6 Select Ali Uddin user account (Figure 0250).
Figure 0250 : Select Users, Contacts, Computers, or Group Find Now
147
6.7
Cick OK (Figure 0250).
6.8
Figure 0251 : Select Users, Contacts, Computers, or Group

6.9
148
7. Create a new Domain Local group called Intranet Users (Figure 0253).
7.1. Right-click the domain icon and select New - Group from the list (Figure
0253).
Figure 0253 : Active Directory Users and Computers New Group

7.2. Key-in Intranet Users in the Group name: box (Figure 0254).
7.3. Verify Group scope set to Domain Local (Figure 0254).
7.4. Verify the Group type is set to Security (Figure 0254).
Figure 0254 : New Object - Group

7.5. Click OK (Figure 0254).
149
Double-click Intranet Users (Figure 0255).
Figure 0255: Active Directory Users and Computers

9
Add the Intranet Users group as a Member Of Technical Support.

9.1. Click Member Of tab (Figure 0256).
Figure 0256 : Intranet Users Properties

9.2. Click Add button (Figure 0257).
150
9.3. Click Advanced button (Figure 0258).
Figure 0258 : Select Groups - Add

9.4. Click Find Now button (Figure 0259).
151
9.5. Select Technical Support. What happened? (Figure 0260).
Figure 0260 : Select Groups Search Results

Can you find Technical Support? Why do you think this happened?
9.6. Close all windows except Active Directory Users and Computers.
10 Now try adding the Technical Support group as a Member Of Intranet Users.
10.1.
Double-click Technical Support group (Figure 0261).
Figure 0261 : Active Directory Users and Computers - Technical Support
152
10.2.
Click Member Of tab (Figure 0262).

10.3.
Click Add button (Figure 0263)
10.4.
Click Advanced button (Figure 0264)
Figure 0264 : Select Groups - Add
153
10.5.
Click Find Now button (Figure 0265)
10.6.
Select Intranet Users and click OK button (Figure 0266).
Figure 0266 : Select Groups Search Result

What happened?
154
10.7.
Click OK button (Figure 0267).
Figure 0267 : Select Groups Intranet Users Group Added

Can you add the Technical Support group as a Member Of Intranet
Users?
Why do you think this is so?
11 Click OK button (Figure 0268).
Figure 0268 : Technical Support Properties Member Of Intranet Users

12 Log off Administrator.
Summary
Windows Server 2008 running in native mode supports the use of different group types.
Global groups have access to user accounts and other global groups in the same
domain. Local groups allow you to access accounts outside the current domain, and
universal groups provide access across organizations (forests).
155
Exercise 10
Creating And
Applying Group
Policies

156
Exercise 10 : Creating And Applying Group Policies

In this exercise you will create a new group policy and apply it to users within an
organizational unit.
Group Policies
Group policies are settings or configurations that can be applied to users, groups,
organizational units and domains. An administrator can create a group policy that
configures the computer or user settings, such as menu and desktop settings, folder
locations and default password settings.
Windows NT 4 and Windows 98 introduced system policies. Windows 2000, 2003 and
2008 extends these further using group policies.
EXERCISE 10.1
Creating a Group Policy
1.
157
2. Launch Group Policy Management. Click Start Administrative Tools

Group Policy Management (Figure 0270).
3. Expand the Forest (Figure 0271).
Figure 0271 : Group Policy Management - Forest
158
4. Expand the Domains (Figure 0272).
Figure 0272 : Group Policy Management Domains
5.
Expand your domain.com (Figure 0273).
Figure 0273 : Group Policy Management myserver.com
Now, you will create a new group policy for the Stkm OU. This new policy will apply to all
members of the Stkm OU though in another exercise that follows, you will override this.
6.
Right-click the Stkm OU and select the Create a GPO in this domain, and
Link it here (Figure 0274).
Figure 0274 : Group Policy Management Create new GPO
159
7. Rename the policy as STKM Group Policy (Figure 0275).
Figure 0275 : Create New GPO

8. Click OK to continue (Figure 0275).
9. Right-click the STKM Group Policy and select Edit (Figure 0276).
Figure 0276 : Default Domain Policy - Edit
10. The group policy editor allows you to specify user and computer settings. In the
following steps, you will change some of these settings (Figure 0277).
Figure 0277 : Group Policy Management Editor
160
11. Expand User Configuration (Figure 0278).
Figure 0278 : Group Policy Management Editor User Configuration

12. Expand the Policies folder (Figure 0279).
Figure 0279 : Group Policy Management Editor Policies

13. Expand the Administrative Templates folder (Figure 0280).
Figure 0280 : Group Policy Management Editor Administrative Templates
14. Click the Start Menu and Taskbar folder (Figure 0281).
Figure 0281 : Group Policy Management Editor Start Menu and Taskbar
161
15. A large list of selections is available. Double click the option Add Logoff to the
Start Menu (Figure 0282).
Figure 0282 : Group Policy Management Editor Add Logoff to the Start Menu
16. The Add Logoff to the Start Menu Properties appears. Click the Disabled button
to disable this setting (Figure 0283).
Figure 0283 : Add Logoff to the Start Menu Properties
17. Click OK to apply setting (Figure 0283).
18. The setting now displays as Disabled in the Group Policy Editor (Figure 0284).
Figure 0284 : Add Logoff to the Start Menu Disabled
162
19. Configure the following settings.

Remove Run menu from Start Menu Enabled
Remove Clock from the system notification area Enabled
Desktop\Desktop\Enable Active Desktop Enabled
Desktop Wallpaper Enabled
Wallpaper Name : C:\WINDOWS\Web\Wallpaper\Autumn.jpg
Wallpaper Style : Stretch
(This uses wallpaper from the Windows XP Pro installed on C drive of client PC)
20. Close the group policy editor.

21. Refresh the Group Policy Management. On the Menubar; click Action Refresh
(Figure 0285).
Figure 0285 : Group Policy Management Refresh
22. Close the Group Policy Management windows.
163
Update Group Policy

23. Launch the Run application. Click Start Run (Figure 0286).
Figure 0286 : Launch the Run Application
24. Key-in gpupdate in the Open : box (Figure 0287).
Figure 0287 : Run Windows

25. Click OK to run the gpupdate (Figure 0288).
Figure 0288 : Updating Policy

164
EXERCISE 10.2
Test the Group Policy
The group policy has been applied to members of the Stkm Organizational Unit. There
are two members; Zul Zcomby and Ocah Blue. You will now test this policy to see if it
works.
27. Log on the server as zul.zcomby.
27.1.
27.2.

27.3.

27.4.

27.5.
Press ENTER.
165
28. Do you have the RUN command on the Start Menu?

YES / NO
29. Do you have Clock on the system notification area?

YES / NO
Now verify that the settings are also applied to the client computer. Log on to the
Client computer as ocah.blue.

31. Log on the client computer as ocah.blue and ocah as password (Figure 0293).
Figure 0293 : Log On To Server Using Client Workstation
166
32. Do you have the RUN command on the Start Menu?

YES / NO
33. Do you have Clock on the system notification area?

YES / NO
34. Were the wallpaper displayed on the client computer?

YES / NO
35. All the group policy setting should be applied (Figure 0294).
Figure 0294 : Client Computer Ocah Blue
36. Log off the client computer.

37. Log off the Server.
167
Log on to client computer as zul.akmal


39. Log on the Windows XP Professional as zul.akmal and akmal as password
(Figure 0296).
40. Were the group policy setting applied?

YES / NO
41. If not, why do you think this is so?

Because zul.akmal not a member of the Stkm OU. The group policy applied only
to the members of the Stkm OU.
168
EXERCISE 10.3
Disabling The Group Policy

In this exercise you will disable the group policy of Stkm OU.
43. Log on server as Administrator (Figure 0297).

169

47. Expand your domain.com (Figure 0301).
170
You are now going to disable the policy of Stkm OU. This is a better option than
removing the policy, as if you decide to re-implement the policy at a later date, it will still
be there.
48. Expand the Stkm OU (Figure 0302).
Figure 0302 : Group Policy Management Stkm
49. Click the Stkm Group Policy (Figure 0303).
Figure 0303 : Group Policy Management STKM Group Policy
50. A warning box appears. The Group Policy Management remind you that you
have selected a link to a GPO and changes you make will impact all other
locations linked with the GPO (Figure 0304).
Figure 0304 : Group Policy Management Console Warning

51. Click OK to continue (Figure 0304).
171
52. Right-click the Stkm Group Policy and select Link Enabled (Figure 0305).
Figure 0305 : STKM Group Policy Details

53. Now you can see under Link Enabled; the status Yes have changed to No
(Figure 0306).
Figure 0306 : STKM Group Policy GPO Status
54. Close the Group Policy Management windows.
172
Update Group Policy



173
Now verify that the group policy is disabled. Log on to the Client computer as
zul.zcomby.
60. Log on the Windows XP as zul.zcomby and comby as password (Figure 0311).

61. Were the policies now disabled?
YES / NO
Summary
In this exercise you created a group policy and applied it to an organizational unit.
Only a fraction of the available settings were explored. Applying a group policy is a
way of controlling security and configuring groups of users with common settings.
This can help reduce the cost of ownership and the level of administrator support by
restricting what users can do or change on their computers.
174
Exercise 11
Creating And
Sharing Resources

175
Exercise 11 : Creating And Sharing Resources

One important aspect of a Windows Domain is the ability to share applications, files,
printers and other resources on the network. Resources created on Windows Server
computers are available to all users in the domain, and it is a simple administration task
to allocate permissions to users.
Preliminary Setup
Add zul.akmal, ocah.blue and ain.syahmi to the Intranet Users group.
1.

176
3. Click myserver.com (your domain.com) and double-click the Intranet Users

group from the list (Figure 0314).
Figure 0314 : Active Directory Users and Computers Intranet Users Group
4. Click the Members tab (Figure 0315).
Figure 0315 : Active Directory Users and Computers Intranet Users Properties
5. Add Ocah Blue as a member of Intranet Users.

5.1 Click Add button (Figure 0316).
177
5.2 Click Advanced button (Figure 0317).
Figure 0317 : Select Users, Contacts, Computers, or Group box
5.3 Click Find Now button (Figure 0318).
Figure 0318 : Select Users, Contacts, Computers, or Group - Advanced
178
5.4 Select Ocah Blue user account (Figure 0319).
Figure 0319 : Select Users, Contacts, Computers, or Group Find Now

5.5
5.6
179
5.7
You can see Ocah Blue is added as a member of Intranet Users group
(Figure 0321).
Figure 0321 : Intranet Users Properties
6. Now repeat steps 5 to add zul.akmal and ain.syahmi as a member of Intranet

Users group.
7. After finish adding the entire user to Intranet Users group, your Intranet Users
properties should be same as figure below (Figure 0322).
Figure 0322 : Active Directory Users and Computers Intranet Users Properties
8. Cick OK to finish added members to Intranet Users group (Figure 0322).
180
EXERCISE 11.1
Creating and Sharing a Resource Using Windows Explorer
In this exercise, you will use Windows Explorer to create a folder and verify the NTFS file
permissions. The folder will then be shared and permissions assigned. You will then
access this shared resource from the client computer.
1.
Log on to the server as Administrator (Figure 0323).

2. Launch Windows Explorer. Click Start Right-click Computer select Explore
(Figure 0324).
Figure 0324 : Launch Windows Explorer
181
3. Access D: drive (Figure 0325).

(Make sure your D drive are NTFS formatted. If not, you have to convert or
format it to NTFS)
Figure 0325 : Windows Explorer D Drive

4. Create a folder named tempSN (SN represents youre Station Number).
In previous exercise I use number 21 as my Station Number. So in this exercise
my folder named will be temp21.
4.1.
Right-click D drive select New Folder (Figure 0326).
Figure 0326 : Windows Explorer Create New Folder
182
4.2.
Rename the folder as temp21 (Figure 0327).
Figure 0327 : Rename Folder

5. Open the temp21 folder properties. Right-click temp21 folder select
Figure 0328 : Open the temp21 folder properties

6. Click the Security tab. A list of security permissions is displayed. Note that the
group Administrators is given Full Control access at the folder level (Figure
0329).
Figure 0329 : temp21 Folder Properties
183
When users access a folder across the network, both the share and NTFS
permission lists define the user permissions.
7. Click the Sharing tab (Figure 0330).
Figure 0330 : temp21 Folder Properties - Sharing

8. Click Advanced Sharing button (Figure 0331).
Figure 0331 : Advanced Sharing button

9. Enable the Share this folder option (Figure 0332).
Figure 0332 : Advanced Sharing
184
10. Specify the share name as Common (Figure 0333).
Figure 0333 : Advanced Sharing Share name

11. Click the Permissions button (Figure 0334).
Figure 0334 : Permissions button
Now you will restrict permissions at the share level. Remember that user permissions
to a network resource are made up of the share permissions and the NTFS
permissions.
12. Remove the Everyone group.
12.1.
Select the Everyone group from the list (Figure 0335).
Figure 0335 : Permissions for Common
185
12.2.
Click the Remove button (Figure 0336).
Figure 0336 : Remove button


14. Add the Tech Support group with permissions of Full Control.
14.1.
Click the Advanced button (Figure 0338).
Figure 0338 : Advanced button

14.2.
Click the Find Now button (Figure 0339).
Figure 0339 : Find Now button

14.3.
Select the Technical Support from the list of Search results (Figure 0340).
Figure 0340 : Search Results
14.4.
186
14.5.
Click OK button to add Technical Support (Figure 0341).

14.6.
Click the Full Control allow box to enable the Full Control permission
(Figure 0342).
Figure 0342 : Permission for Common Full Control

15. Repeat steps 13 to 14 to add the Intranet Users group with Read permissions.
16. The share permissions should look like same as figure below (Figure 0343).
Figure 0343 : Permission for Common
187
17. Once you have set the permissions as describe, click OK button to close the
dialog box (Figure 0343).
18. Click OK to close the advanced sharing dialog box for folder temp21 (Figure 0344).
19. Click Close button to close temp21 properties (Figure 0345).
Figure 0345 : temp21 Properties
188
20. In the Explorer window you will note a small double head icon
on the
folder D:\temp21, which indicates the folder is now shared (Figure 0346).
Figure 0346 : Windows Explorer temp21 Folder
22. Log on the client computer as ali.zul and ali as password (Figure 0347).
189
23. Launch My Computer. Start My Computer (Figure 0348).
Figure 0348 : Launch My Computer

24. Click the My Network Places (Figure 0349).
190
25. Click the Entire Network (Figure 0350).
Figure 0350 : Entire Network Link
26. Double-click the Microsoft Windows Network (Figure 0351).
Figure 0351 : Entire Network

27. Double-click the Myserver workgroup (Figure 0352).
Figure 0352 : Microsoft Windows Network
191
28. Double-click the Server21 and view the available resources (Figure 0353).
Figure 0353 : Myserver Workgroup
29. You should see the Common resource listed (Figure 0354).
Figure 0354 : Server21 Resources
30. Double-click the Common resources so that you are connected to it (Figure 0354).
31. A new window will open up and display the contents of the folder (it will be empty
as there are no files in the folder) (Figure 0355).
Figure 0355 : Common Folder on Server21
192
32. Attempt to create a new text file.

32.1.
Right-click in the windows and select New Text Document (Figure 0356).
Figure 0356 : Create New Text Document
32.2.
Could you create the file? YES / NO
32.3.
Log off the client computer.
33. Log on the client computer as ocah.blue (Figure 0357).
193

194
36. Click the Entire Network (Figure 0360).
37. Double-click the Microsoft Windows Network (Figure 0361).

38. Double-click the Myserver workgroup (Figure 0362).
195
39. Double-click the Server21 and view the available resources (Figure 0363).
40. You should see the Common resource listed (Figure 0364).
41. Double-click the Common resources so that you are connected to it (Figure 0364).
42. A new window will open up and display the contents of the folder (Figure 0365).
Figure 0365 : Common Folder on Server21
196
43. Attempt to create a new text file.

43.1.
43.2.
Could you create the file?

YES / NO
If NO, why do you think this happened?

Before we begin this exercise, we have done some preliminary setup.
We add mad.akmal, ocah.blue and ain.syahmi to the Intranet Users group
and we set permissions to the folder temp21 as Read only for Intranet
Users. But for Tech Support group, we set Full Control permissions.
In the earlier exercise, we add ali.zul as member of the Tech Support

group. Thats why user ali.zul can create new text document in the
Common folder on the Server21.
197
EXERCISE 11.2
Creating Network Drive Mapping
Instead of using My Network Places, you can map a drive letter to the resource. This is
an alternative way of accessing the resource, but requires that you know the location of
the resource (you can use My Network Places to view the available resources, so you
dont really need to know the location)
45. Log on the client computer as ali.zul and ali as password (Figure 0367).
46. Launch Map Network Drive wizard.

Start right-click My Computer Map Network Drive (Figure 0368).
Figure 0368 : Launch Map Network Drive Wizard
198
47. Select Z as drive and enter the location of the network resource in the Folder:
box (Figure 0369).
You must specify the name of the server and the share name.
In this exercise, it is \\Server21\Common.
Figure 0369 : Map Network Drive Wizard

48. Click Finish button to apply.
49. A new window will open up and display the contents of the Common folder
(Figure 0370).
Figure 0370 : Common Folder on Server 21
199
50. Attempt to create a new test file (Figure 0371).

50.1.
50.2.
Could you create the file?

YES / NO
200
EXERCISE 11.3
Publishing a Shared Resource in Active Directory
One of the problems of publishing shares in the way you have just done (which is the
way they done in NT 4 or 98) is that you have to browse the network or know which
server the resource is located on in order to find it. This can be time-consuming and
frustrating for users.
Resources can be published in Active Directory, making them easy to find. In the next
exercise you will publish the resource into Active Directory.
52. Log on to the server as Administrator (Figure 0372).

201
54. Right-click domain (myserver.com) and select New Shared Folder (Figure 0374).
Figure 0374 : Launch Shared Folder Wizard
55. Enter the name as Common Files and the Network path as your server name
and share name in this exercise it is \\Server21\Common (Figure 0375).
Figure 0375 : Shared Folder Wizard

56. Click OK button to finish.
57. The new shared folder appears in the right windows pane of Active Directory
(Figure 0376).
Figure 0376 : Active Directory Users and Computer
58. Close Active Directory Users and Computer windows.
202
EXERCISE 11.4
Locating a Shared Resource in Active Directory
Now that the shared folder is published in Active Directory, it is easy for users to locate
and connect to the resource.
59. Log on to the client computer as ocah.blue (Figure 0377).

203
62. Click the Search Active Directory (Figure 0380).
Figure 0380 : My Network Places
204
63. In the Find drop box, select Shared Folders and in the In drop box, select you
domain - myserver (Figure 0381).
Figure 0381 : Find Shared Folders

Figure 0382 : Find Now button
65. A list of shared folders available is displayed (Figure 0383).
Figure 0383 : Find Shared Folders Find Now
205
66. Right-slick the Common Files shared folder from the list and select Map
Network Drive (Figure 0384).
Figure 0384 : Find Shared Folders - Map Network Drive
67. Select U as drive and enter the location of the network resource in the Folder:
box (Figure 0385).
Note how the location for the server share is filled in automatically.
Figure 0385 : Map Network Drive Wizard

68. Click Finish button to apply.
206
71. There are now one additional drive appears at the bottom (Figure 0387).
Figure 0387 : Network Drive
207
Summary
Permissions are assigned at the SHARE and at the File system level. By default,
Windows Server 2003 places every use created into the group EVERYONE, and, when
creating a new directory or share, automatically assigns rights to that resource so the
group EVERYONE can access it.
If you want to secure any resources by restricting access, you should ensure that the
appropriate permissions have been set at both the share and file system level.
Publishing shared folders in Active Directory simplifies the task of locating resources.
208
Exercise 12
Logon Scripts

209
Exercise 12 : Logon Scripts

In this exercise you will create logon and logoff scripts and apply these to users in an
organizational unit. You will specify a network home directory for users and arrange for
this directory to be mapped when the user logs on. Finally, you will specify disk space
restrictions for specific users.
EXERCISE 12.1
Logon Scripts
A logon script is a sequence of commands that executes when a user logs onto the
network.
1.
210


211
5.
6. Right-click the STKM Group Policy and select Edit (Figure 0393).
Figure 0393 : STKM Group Policy - Edit
212
7.
The group policy editor allows you to specify user and computer settings. In the
following steps, you will change some of these settings (Figure 0394).
Figure 0394 : Group Policy Management Editor

8.
Expand User Configuration (Figure 0395).

9.
Expand the Policies folder (Figure 0396).
213
10. Expand the Windows Setting folder (Figure 0397).
Figure 0397 : Group Policy Management Editor Windows Setting
11. Click the Scripts (Logon/Logoff) (Figure 0398).
Figure 0398 : Group Policy Management Editor Scripts (Logon/Logoff)

12. Double-click Logon (Figure 0399).
Figure 0399 : Group Policy Management Editor Logon
214
13. In the Logon Properties windows, click Show Files button (Figure 0400).
Figure 0400 : Logon Properties
14. Create new text document.

Right-click inside the new windows and select New Text Document (Figure
0401).
215
15. Double-click the text document. This will load the Notepad editor. Type the
following text into the file (Figure 0402).
echo off
cls
echo This is a log on script for the Stkm OU
echo Welcome %USERNAME% , member of the Stkm OU
pause
Figure 0402 : Notepad editor New Text Document

16. Save the file as Stkm.cmd
16.1.
From Menu bar, click File Save As (Figure 0403).
Figure 0403 : Menu bar - Save As

16.2.
Enter Stkm.cmd in the File name: box (Figure 0404).
Figure 0404 : Save As File Name
216
16.3.
Select All Files from the Save as type: drop menu (Figure 0405).
Figure 0405 : Save As Type All Files

16.4.
Click Save button (Figure 0406).

Figure 0406 : Save Button
17. Close the Notepad editor.
18. Close the Script windows by clicking the X button at the right top corner of the
windows (Figure 0407).
Figure 0407 : Script Windows
217
19. On the Logon Properties window, click Add button (Figure 0408).
Figure 0408 : Logon Properties Add

20. Click Browse button on the Add a Script window (Figure 0409).
Figure 0409 : Add a Script Browse
218
21. Select Stkm.cmd file from the list (Figure 0410).
Figure 0410 : Browse Stkm.cmd

22. Click Open button (Figure 0411).
Figure 0411 : Open Button
23. Now you can see the Stkm.cmd appear in the Script Name: box. Click OK
button to continue (Figure 0412).
Figure 0412 : Add a Script Window
219
24. Stkm.cmd now listed under Logon Properties Script. Click OK button to close
the Logon Properties window (Figure 0413).
Figure 0413 : Logon Properties window
25. Close the Group Policy Management Editor window.
26. On the Group Policy Management window, right-click STKM Group Policy and
uncheck all options except Link Enabled (Figure 0414).
Figure 0414 : Link Enabled
220
27. Open STKM Group Policy.

Right-click the STKM Group Policy and select Edit (Figure 0415).
Figure 0415 : STKM Group Policy - Edit
28. In the Group Policy Management Editor, expand User Configuration (Figure
0416).
221
30. Expand the Administrative Templates folder (Figure 0418).
Figure 0418 : Group Policy Management Editor Administrative Templates
31. Expand the System folder (Figure 0419).
Figure 0419 : Group Policy Management Editor System

32. Click the Scripts folder (Figure 0420).
Figure 0420 : Group Policy Management Editor Scripts
222
33. Double-click the Run logon scripts visible option (Figure 0421).
Figure 0421 : Group Policy Management Editor Run logon scripts visible
34. The Run logon scripts visible Properties appear. Click the Enabled button to
enable this setting (Figure 0422).
Figure 0422 : Run logon scripts visible Properties

36. In the same folder, double-click the Run logon scripts synchronously option
(Figure 0423).
Figure 0423 : Group Policy Management Editor Run logon scripts synchronously
223
37. The Run logon scripts synchronously Properties appear. Click the Enabled
button to enable this setting (Figure 0424).
Figure 0424: Run logon scripts visible Properties

39. The setting now displays as Enabled in the Group Policy Editor (Figure 0425).
Figure 0425 : Run logon scripts visible Enabled
40. Close the Group Policy Management Editor.
41. On Group Policy Management, click Refresh button

Policy Management window.
and close the Group
224
Update Group Policy

Figure 0427 : Run Window


225
Test The Logon Script

47. The logon script should appear same as figure below (Figure 0430).
Figure 0430 : Logon Script
48. Press ENTER or any key to continue.

Summary
Scripts allow for both user and computer environments to be configured. The four scripts
available are startup, shutdown, logon and logoff.
226
Exercise 13
HOME
DIRECTORIES

227
Exercise 13 : Home Directories

In this exercise, you will create a shared folder on the server that will be used for user
home directories. You will map a home directory for a specific user, so that when they
log on to the network, they will have a drive mapped to their home directory on the
server.
EXERCISE 13.1
Create Sharing Folder
1.
Figure 0431: Administrator Login

(Figure 0432).
228

format it to NTFS)
Figure 0433: Windows Explorer D Drive

4. Create a folder named UserSN (SN represents youre Station Number).
my folder named will be User21.
4.3.
229
4.4.
Rename the folder as User21 (Figure 0435).
Figure 0435: Rename Folder
5. Open the User21 folder properties. Right-click User21 folder select

Figure 0436: Open The User21 Folder Properties
230
Figure 0437 : User21 Folder Properties - Sharing


231
9. Specify the share name as Users (Figure 0440).
Set Sharing Folder Permissions

10. Click Permissions button (Figure 0441).

11. Select Everyone and click Remove button to remove Everyone from the Group
or user names: list (Figure 0442).
Figure 0442 : Remove Everyone
232

Figure 0444 : Select Users, Computers, or Groups
Figure 0445 : Select Users, Computers, or Groups Advanced
233
15. Select Ahmad Akmal account from the list (Figure 0446).
Figure 0446 : Select Users, Computers, or Groups Find Now

17. Click OK (Figure 0447)
Figure 0447 : Select Users, Computers, or Groups User Added
234
18. Tick Allow box for Full Control permission. This will give Ahmad Akmal full
control over the folder User21. So he can read and write to the User21 folder on
the myserver.com server (Figure 0448).
Figure 0448: Folder Permissions For Users

19. Now we add Administrator account to give Administrator permission to manage
the shared folder. Click Add button (Figure 0449).

235

22. Select Administrator user account from the list (Figure 0452).
236
24. Click OK (Figure 0453)

25. Tick Allow box for Full Control permission. This will give Administrator full
control over the folder User21. So the Administrator can manage the User21
folder on the myserver.com server (Figure 0454).
Figure 0454 : Folder Permissions For Users
237
27. Click OK for Advanced Sharing window (Figure 0455).
Figure 0455 : Advanced Sharing window
28. Click OK again for User21 Properties window (Figure 0456).
Figure 0456 : User21 Properties window

29. Click Close all remaining windows.
238
Set User Home Directories

31. Expand myserver.com (Figure 0458).
Figure 0458 : Active Directory Users and Computers domain
32. Click the Sted Organization Unit (Figure 0459).
Figure 0459 : Active Directory Users and Computers Sted OU
239
33. Right-click Ahmad Akmal and select Properties (Figure 0460).
Figure 0460 : Active Directory Users and Computers Ahmad Akmal
34. Click Profile tab (Figure 0461).
Figure 0461 : Ahmad Akmal Properties - Profile
240
35. Select drive L: connect to \\Server21\Users\zul.akmal under Home folder section

(Figure 0462).
(Specify the name of your server instead of Server21 as in this example).
Figure 0462: Ahmad Akmal Properties Home Folder

37. Click Sted OU and click Refresh button
38. Close Active Directory Users and Computer window.
39. Log off server.
241
Test User Home Directories

40. On the client computer, press CTRL+ALT+DEL to display the logon dialog box
(Figure 0463).
Figure 0463: Windows XP Welcome Window
41. Log on the Windows XP Professional as zul.akmal and akmal as password

(Figure 0464).
242
43. There are now one additional drive appears at the bottom (Figure 0466).
243
44. Double-click the Network Drives to access the zul.akmal folder on the server
(Figure 0467).
The folders are empty.
Figure 0467 : Ahmad Akmal Home Directory
50. Create new text document.

Right-click inside the new windows and select New Text Document (Figure
0468).
244
45. Rename the file as Test (Figure 0469).
Figure 0469: Computer
Checking The Users Home Directories

245
(Figure 0471).
49. Expand D: drive (Figure 0472).
Figure 0472 : Windows Explorer D: Drive
50. Expand User21 folder (Figure 0473).
Figure 0473 : Windows Explorer User21 Folder
246
51. You can see the folder zul.akmal is automatically created. Click zul.akmal folder
(Figure 0474).
Figure 0474 : Windows Explorer zul.akmal Folder

What are the contents of the zul.akmal folder?
Are there any files on it?
You should see the Test.txt file (created earlier from the client computer) listed in
the zul.akmal home directory.
Summary
Home directories allow users to store their files on the network. This is especially suited
to roaming users.
247
Exercise 14
DISK
QUOTAS

248
Exercise 14 : Disk Quotas

In this exercise you will apply disk space restrictions to users.
EXERCISE 14.1
Create Disk Quotas
1.

(Figure 0476).
249
3. Right-click D: drive and select Properties (Figure 0477).
Figure 0477 : Windows Explorer D Drive Properties

4. Click the Quota tab (Figure 0478).
Figure 0478 : Quota Tab
250
5. Enable the check box Enable quota management (Figure 0479).
Figure 0479 : Enable quota management
6. Enable the check box Deny disk space to users exceeding quota limit (Figure 0479).
7. Select Limit disk space to option and set to 25 MB (Figure 0480).
8. Set the Set warning level to option to 5 MB (Figure 0480).
Figure 0480 : Limit Disk Space
251
Add Quota Entries

9. Click the Quota Entries button (Figure 0481).
Figure 0481 : Quota Entries button
10. A list of quota entries will be displayed (Figure 0482).
Figure 0482 : Quota Entries
11. On the Menu Bar, click Quota New Quota Entry (Figure 0483).
Figure 0483 : Add New Quota Entry
252
12. Key-in zul.akmal and click Check Names button (Figure 0484).
Figure 0484 : Select Users

13. After button Check Names are clicked, Active Directory will locate all matching
or similar object names for zul.akmal. If there are matching or similar object
names found, the complete name with email will be shown (Figure 0485).
Figure 0485 : Select Users Ahmad Akmal

14. Click OK button to confirm (Figure 0485).
253
15. Set the following parameters for zul.akmal quota entry (Figure 0486).
Select the option Limit disk space to and set the value to 10MB.
Set the value for Set warning level to option to 8MB.
Figure 0486 : Add New Quota Entry

17. Now there is a new quota entries added to the Quota Entries list for zul.akmal
(Figure 0487).
Figure 0487 : Quota Entries For D: Drive
18. Close the Quota Entries window.
254
19. Click OK button to close the Local Disk (D:) Properties window (Figure 0489).
Figure 0489 : Local Disk (D:) Properties window

20. The Disk Quota confirmation message appear, just click OK to enable the quota
system now (Figure 0490).
Figure 0490 : Disk Quota Confirmation Message
255
Test The Quota Setting

21. Log on the client computer as zul.akmal and akmal as password (Figure 0491).

256
23. View Home Directory capacity. Right-click on L: drive and select Properties
(Figure 0493).
24. The zul.akmal Home Directory properties appear. Look at the directory capacity,
it only 10 MB. Same as the Disk Quota Entry we set earlier (Figure 0494).
Figure 0494 : Ahmad Akmal Home Directory Properties
257
25. Click OK button to close (Figure 0494).

26. Launch Windows Explorer. Start right-click My Computer Explore (Figure 0495).

27. Access the C:\WINDOWS\Web\Wallpaper sub-folder (Figure 0496).
Figure 0496 : C:\WINDOWS\Web\Wallpaper sub-folder
258
28. Copy Bliss.bmp file.

Right-click Bliss.bmp file and select Copy (Figure 0497).
Figure 0497 : Copy Bliss.bmp file

29. Paste the Bliss.bmp file into zul.akmal home directory on L: drive.
Right-click L: drive and select Paste (Figure 0498).
Figure 0498 : Paste Bliss.bmp file
259
30. Copy and Paste another file into zul.akmal home directory on L: drive until the
disk quota warning appears (Figure 0499).
Figure 0499 : Disk Quota Warning

Why this happen?
31. Click OK button to close the warning message (Figure 0499).
32. Right-click on L: drive and select Properties (Figure 0500).
260
33. The zul.akmal Home Directory properties appear. Look at the Used space: size,
you have used almost 10 MB. The home directory almost full (Figure 0501).
Figure 0501 : Ahmad Akmal Home Directory Properties

Summary
Disk quotas allow administrators to restrict disk space to users so that disk space can be
effectively managed.
261
Exercise 15
MANAGING
SOFTWARE
APPLICATIONS

262
Exercise 15 : Managing Software Applications

In this exercise you will deploy software to a Windows 2008 client computer. You will
deploy WinZip, a file compression program that does not have an associated MSI file.
This means you will need to create a ZAP file in order to publish the application.
In the second part of this exercise you will publish this software to members of the Sklr
OU, and then test the deployment of the software.
EXERCISE 15.1
Establish a Software Distribution Point
To support this exercise, you will need a shared folder on the network that contains the
software applications that will be deployed.
1.
263

(Figure 0503).

format it to NTFS)
Figure 0504: Windows Explorer D Drive
4. Create a folder named SoftDistSN (SN represents youre Station Number).

my folder named will be SoftDist21.
264
4.1.
4.2.
Rename the folder as SoftDist21 (Figure 0506).
265
EXERCISE 15.2
Sharing The SoftDist21 Folder
5. Open the SoftDist21 folder properties. Right-click SoftDist21 folder select
Figure 0507: Open The SoftDist21 Folder Properties
Figure 0508 : SoftDist21 Folder Properties - Sharing

266
9. Specify the share name as ESoftware (Figure 0511).
267
EXERCISE 15.3
Set Sharing Folder Permissions
Set read access to the share folder for the Sklr OU users and Administrator.
10. Click Permissions button (Figure 0512).
11. Select Everyone and click Remove button to remove Everyone from the Group
or user names: list (Figure 0513).
Figure 0513: Remove Everyone
268

269
15. First, we add first user of Sklr OU. Select Ain Syahmi account from the list
(Figure 0517).

16. Click OK button (Figure 0517).
270
18. Tick Allow box for Read permission. This will give Ain Syahmi Read permission
over the folder SoftDist21. So she can read from the SoftDist21 folder on the
myserver.com server (Figure 0519).

19. Click Apply button(Figure 0519).
20. Now we add second user of Sklr OU. Click Add button (Figure 0520).

271

23. Select Aliuddin account from the list (Figure 0523).

272
26. Tick Allow box for Read permission. This will give Aliuddin Read permission
over the folder SoftDist21. So she can read from the SoftDist21 folder on the
myserver.com server (Figure 0525).

27. Click Apply button (Figure 0525).
28. Now we add Administrator account to give Administrator permission to manage

the shared folder. Click Add button (Figure 0526).
273
274
31. Select Administrator user account from the list (Figure 0529).

33. Click OK button (Figure 0530)
275
34. Tick Allow box for Full Control permission. This will give Administrator full
control over the folder SoftDist21. So the Administrator can manage the
SoftDist21 folder on the myserver.com server (Figure 0531).
36. Click OK button to close Advanced Sharing window (Figure 0532).
Figure 0532 : Advanced Sharing window
276
37. Click Close button to close SoftDist21 Properties window (Figure 0533).
Figure 0533 : SoftDist21Properties window
277
EXERCISE 15.4
Copy Software Application files to the Software Distribution Point
The next step is to copy some software applications to the distribution share.
39. Download file WinRar 3.9.3 from site below:
http://zcomby-server2008.blogspot.com under Downloads section (Softwaretutorial Server 2008) and save to the software distribution share point (or
download it from the internet from http://www.rarlab.com) .
40. Download file Sample.rar from site below:

http://zcomby-server2008.blogspot.com under Downloads section (Softwaretutorial Server 2008) and save to the software distribution share point (or create a
rar file that has a readme.txt file in the achive).
EXERCISE 15.5
Create a ZAP file for the application
To deploy the WinRar application, you will need to create a ZAP file, as no MSI file is
available.
41. Create New text document inside D:\SoftDiskx, and rename the text document
as winrar.zap.
41.1
Launch Notepad. Click Start All Programs Accessories Notepad

(Figure 0534).
Figure 0534: Launch Notepad
278
41.2
Click File Save As (Figure 0535).
Figure 0535: Notepad

41.3
Change the file name to winrar.zap and select All Files for Save as
type: box (Figure 0536).
Figure 0536 : Notepad Save As

41.4
Click Browse Folders button (Figure 0536).
279
41.5
Click Computer double click Local Disk (D:) double click

SoftDist21 folder (Figure 0537).
Figure 0537 : Notepad Save As Browse Folders

41.6
Click Save button to confirm save location (Figure 0537).
42. Key-in the following text into the winrar.zap file (Figure 0538).
Figure 0538: winrar.zap

43. After finish insert the text, save and close the winrar.zap file.
280
EXERCISE 15.6
Publish the Software Application to Users of the Production OU
In this step, you will edit the group policy for the Sklr OU and specify a new
software installation for users.
44. Launch Group Policy Management. Click Start Administrative Tools Group
Policy Management (Figure 0539)

45. Expand Forest: myserver.com (Figure 0540).
281

48. Right-click the Sklr OU and select the Create a GPO in this domain, and Link it
here (Figure 0543).
Figure 0543 : Group Policy Management Create new GPO
282
49. Rename the policy as SKLR Group Policy (Figure 0544).
Figure 0544 : Create New GPO
50. Click OK button to continue (Figure 0544).
51. Right-click the SKLR Group Policy and select Edit (Figure 0545).
283

54. Expand the Software Settings folder (Figure 0548).
Figure 0548 : Group Policy Management Editor Software Settings

55. Right-click Software installation and select New Package (Figure 0549).
Figure 0549 : Software installation New - Package
284
56. Browse the network and locate the winrar.zap file.

56.1
Click the Network (Figure 0550).
Figure 0550 : Network
56.2
Double-click your server icon (Figure 0551).
Figure 0551 : Network Server21
285
56.3
Double-click the ESoftware folder (Figure 0552).
Figure 0552 : Network Server21 - ESoftware
56.4
Click file types drop-down box and select ZAW Down-level application
packages (*.zap) (Figure 0553).
Figure 0553 : Network Server21 ESoftware File types
286
56.5
Select the winrar.zap file and click Open button (Figure 0554).
Figure 0554 : Network Server21 ESoftware winrar.zap
57. Select Published (Figure 0555).
Figure 0555 : Deploy Software
287
59. Now you can see the Win Rar package are listed under Software installation policy
(Figure 0556).
Figure 0556 : SKLR Group Policy

Update Group Policy
288
289
EXERCISE 15.7
Test the software deployment
In this step, you will log on to the client computer and test to see if the software can be
deployed. In order for the software to install however, the user needs sufficient rights on
the local computer.
65. Log on the client computer (Windows XP Professional) as local Administrator
65.1
Press CTRL+ALT+DEL to display the logon dialog box (Figure 0560).
65.2
Key-in User name: as Administrator and select Log on to: CLIENT

(this computer) (Figure 0561).

65.3
290
66. Launch Control Panel. Start Control Panel (Figure 0562).
Figure 0562 : Launch Control Panel
67. Click Performance and Maintenance (Figure 0563).
Figure 0563 : Control Panel
291
68. Click Administrative Tools (Figure 0564).
Figure 0564 : Performance and Maintenance
69. Double-click Computer Management icon (Figure 0565).
Figure 0565 : Administrative Tools
292
70. Expand System Tools Local Users and Groups Groups (Figure 0566).
Figure 0566 : Computer Management

71. Double-click Power Users (Figure 0566).
Figure 0567 : Power Users Properties
293
73. Key-in ain.syahmi in the box and click Check Names button (Figure 0568).

74. Enter username as ain.syahmi and her password [ain] (Figure 0569).
Figure 0569 : Enter Network Password
294

76. Click OK button for the Power User Properties (Figure 0571).
Figure 0571 : Power User Properties
77. Close all the remaining windows.
295
79. Log on to the server from client computer as ain.syahmi.

79.1
Press CTRL+ALT+DEL to display the logon dialog box (Figure 0572).

79.2
Key-in User name: as ain.syahmi and ain as password. (Figure 0573).

79.3
Select Log on to: MYSERVER (Figure 0573).
79.4
296
80. Copy the file sample.rar from Server.

80.1
Launch My Computer. Start My Computer (Figure 0574).
80.2
Click the My Network Places (Figure 0575).
297
80.3
Click the Entire Network (Figure 0576).
80.4
Double-click the Microsoft Windows Network (Figure 0577).

80.5
Double-click the Myserver workgroup (Figure 0578).
298
80.6
Double-click the Server21 and view the available resources (Figure

0579).

80.7
You should see the ESoftware resource listed (Figure 0580).

80.8
Double-click the ESoftware to view the available resources (Figure

0580).
299
80.9
Copy Sample.rar file. Right-click on Sample.rar file select Copy (Figure

0581).
Figure 0581 : ESoftware on Server21

80.10 Paste on the client PC desktop. Right-click on Desktop Select Paste
(Figure 0582).
Figure 0582 : Windows XP Desktop
300
81. Double-click the sample.rar file. What happened?

WinRar installation wizard appeared. Install the WinRar (Figure 0583).
Figure 0583 : WinRar installation wizard
82. After finish install WinRar, close all remaining windows. And then double-click the
sample.rar file.
The Sample.rar now opened with WinRar program. Now you can read or extract
contents of the Sample.rar file (Figure 0584).
Figure 0584 : Sample.rar opened with WinRar

301
EXERCISE 15.8
Installing Application with MSI support
In this exercise you will deploy Microsoft FrontPage 2003.

(Figure 0586).
302

87. Access D:\SoftDist21 folder (Figure 0588).
Figure 0588 : Windows Explorer D:\SoftDist21 folder
303
88. Create subfolder called FrontPage.

88.1. Right-click SoftDistx select New Folder (Figure 0589)

88.2. Rename the folder as FrontPage (Figure 0590).
Figure 0590 : Windows Explorer Rename Folder
304
89. Insert the Microsoft Office 2003 AIO CD and copy all files and folders in the
FrontPage folder to the D:\SoftDistx\FrontPage folder
89.1.
Select the CD drive (Figure 0591).
Figure 0591 : Windows Explorer CD Drive
89.2.
Copy the FRONTPAGE folder. Right-click FRONTPAGE folder Copy

(Figure 0592).
Figure 0592 : Windows Explorer Copy FRONTPAGE Folder
305
89.3.
Expand the SoftDist folder. Right-click the FrontPage folder Paste (Figure
0593).
Figure 0593 : Windows Explorer Paste Folder
89.4.
Click the FrontPage folder to confirm all files are copied (Figure 0594).
Figure 0594 : Windows Explorer FrontPage Contents
306
Policy Management (Figure 0595)

307

94. Right-click the SKLR Group Policy and select Edit (Figure 0599).
308


97. Expand the Software Settings folder (Figure 0602).
Figure 0602 : Group Policy Management Editor Software Settings
309
98. Right-click Software installation and select New Package (Figure 0603).
Figure 0603 : Software installation New - Package
99. Browse the network and locate the FP11.msi file.

99.1
Click the Network (Figure 0604).
Figure 0604 : Network
310
99.2
Double-click your server icon (Figure 0605).
Figure 0605 : Network Server21

99.3
Double-click the ESoftware folder (Figure 0606).
Figure 0606 : Network Server21 - ESoftware
311
99.4
Double-click the FrontPage folder (Figure 0607).
Figure 0607: Network Server21 ESoftware FrontPage
99.5
Double-click the FRONTPAGE folder (Figure 0608).
Figure 0608 : Network Server21 ESoftware FrontPage FRONTPAGE
99.6
Select the FP11.msi file and click Open button (Figure 0609).
Figure 0609 : Network Server21 ESoftware FP11.msi
312
100.
Select Advanced (Figure 0610).
Figure 0610 : Deploy Software

101.
102.
Click the Deployment tab and select Assigned (Figure 0611).
Figure 0611 : Assigned Software
103.
313
104. Now you can see the Microsoft Office FrontPage package are listed under
Software installation policy (Figure 0612).
Figure 0612 : SKLR Group Policy

105.
Close all remaining windows.
Update Group Policy

106.
Launch the Run application. Click Start Run (Figure 0613).
107.
Key-in gpupdate in the Open : box (Figure 0614).
314
108.
Click OK to run the gpupdate (Figure 0615).
109.
Log off the server.
315
EXERCISE 15.9
Test the software deployment
Now you will test the deployment of FrontPage 2003 by logging onto the client computer
as a member of the Sklr OU.
110.
Log on to the server from client computer as ain.syahmi.

110.1 Press CTRL+ALT+DEL to display the logon dialog box (Figure 0616).

110.2 Key-in User name: as ain.syahmi and ain as password. (Figure 0617).
Figure 0617: Log on to Windows XP

110.3 Select Log on to: MYSERVER (Figure 0617).
110.4 Click OK button (Figure 0617).
316
111.
Click Start All Programs Microsoft Office Microsoft Office FrontPage

2003. Note how FrontPage appears on the start menu (Figure 0618).
Figure 0618 : Start Menu - Microsoft Office FrontPage 2003
112.
The installation process will begin. When requested, enter the CD key and click
Next button (Figure 0619).
Figure 0619 : Microsoft Office FrontPage 2003 - Setup
317
113.
Click Next button until reach the Summary windows (Figure 0620).
Figure 0620 : Microsoft Office FrontPage 2003 - Install

114.
Click the Install button (Figure 0620).
115.
Wait until the installations process complete (Figure 0621).
Figure 0621 : Setup Completed

116.
Click Finish button to complete the FrontPage 2003 installation (Figure 0621).
117.
After running FrontPage 2003, log off the client computer.
118.
Log on to the client computer as zul.akmal.
318
119.
Is FrontPage 2003 available on the Start menu? YES NO

Your answer must be NO. Why?
Because zul.akmal is a member of Sted OU not the Sklr OU. We only deployed a
software application to a Sklr OU users.
120.
Log off the client computer.
121.
Log off the server.
Summary
In this exercise you deployed a software application to a group of users. The application
was not supported by Windows Installer so required you to create a ZAP file.
The software application and Zap file were placed on a network share. This software
was then associated with a group policy for the Sklr Organizational Unit. The software
deployment was then tested when a user of the Sklr OU logged onto a client computer.
In installing software on the client computer, the installer needed the required
permissions. In this exercise, the users were made members of the Power Users group
to enable the installation of the software. In actual use, members would be set up with
the required permissions, rather than perhaps being made a member of this group on
the local computer.
Managing the software distribution can simply the administration of the network and
ensure that users only get the applications that have been assigned to them.
319
Exercise 16
VIEWING
EVENTS

320
Exercise 16 : Viewing Events

In this exercise you will look at events generated on the server. This is important
because when there is a problem, often the cause is logged by the system. The event
logs are a good source to look for problems in configuration or access.
EXERCISE 16.1
Running Event Viewer
1.
321
2. Launch Event Viewer. Click Start Administrative Tools Even Viewer (Figure
0623).
Figure 0623 : Launch Event Viewer

3. Expand Windows Logs System. The Event Viewer windows displays the current
event logs. There are a number of logs available (Figure 0624).
Figure 0624 : Even Viewer windows
322
EXERCISE 16.2
Viewing the Different Log Files
To view events, you need to select a specific log file.

4. Under Windows Logs, click the Security log.
Note the large number of events that are listed in the middle windows (Figure 0625).
Figure 0625 : Even Viewer Security Logs
5. All events have a Source and Task Category. Note these two columns in the
window (Figure 0625).
It is handy to sometimes restrict the events being viewed to just those events that
are of interest.
323
EXERCISE 16.3
Filtering Events
In this exercise you will use the filtering function to display only those events of
interest. Often the event log has hundreds of events listed, so you need the
ability to look for only those events that are relevant to what you are trying to
resolve.
6. On the right window, click the Filter Current Log (Figure 0626).

7. Select all Event level: (Figure 0627).
Figure 0627 : Filter Current Log window - Event level
324
8. In Event sources: drop-down menu, select Microsoft Windows security auditing

(Figure 0628).
Figure 0628 : Filter Current Log window - Event sources
9. Set the Task category: to Logon (Figure 0629).
Figure 0629 : Filter Current Log window - Task category
325
Figure 0630 : Filter Current Log window
11. Note that only Microsoft Windows security auditing events with Logon task
category are now listed (Figure 0631).
Figure 0631 : Even Viewer Security events

12. Double-click the first event to see the event properties (Figure 0631).
326
13. The event properties of the first event appeared. The dialog box gives an indication
of the event [including the event ID, which is helpful when exploring your server as to
possible problems] (Figure 0632).
Figure 0632 : Event Properties
14. Click Close button (Figure 0632).

15. Close the event viewer.
Summary
Windows Server 2008 logs activity to event logs. These events can be viewed with
Event Viewer. Typical events are printing, security, auditing, logon and logoff, as well as
other events generated by application software or other services such as DNS.
Events are helpful in determining problems with configuration or security.
327
Exercise 17
AUDITING

328
Exercise 17 : Auditing
In this exercise, you shall look at enabling auditing on selected resources, so that their
usage and access can be monitored. You will use event viewer to view the logged
accesses. Often, if you find that you cannot resolve problems in user access, enabling
auditing and viewing the audit logs with event viewer can help you determine the cause
of the problem.
EXERCISE 17.1
1.

Policy Management (Figure 0634).
329

5.
330
6. Edit the Default Domain Policy. Right-click Default Domain Policy Edit (Figure
0638).
Figure 0638 : Edit the Default Domain Policy.

7. Expand Computer Configuration (Figure 0639).
Figure 0639 : Expand Computer Configuration.
8. Expand Policies (Figure 0640).
Figure 0640 : Expand Policies.
331
9. Expand Windows Settings (Figure 0641).
Figure 0641 : Expand Windows Settings.

Figure 0642 : Expand Security Settings.

11. Expand Local Policies (Figure 0643).
Figure 0643 : Expand Local Policies.
332
12. Expand Audit Policy (Figure 0644).
Figure 0644 : Expand Audit Policy.

13. Open Audit logon events properties. Right-click Audit logon events Properties
(Figure 0645).
Figure 0645 : Open Audit logon events properties.

14. Enable the Success and Failure attempts (Figure 0646).
Figure 0646 : Define policy settings.
333

17. Enable the following events (Figure 0647):

i.
ii.
iii.
iv.
v.
vi.
vii.
Audit account logon events Success

Audit account management Success
Audit directory service access Success
Audit logon events Success, Failure
Audit object access - Success, Failure
Audit policy change Success
Audit system events - Success
Figure 0647 : Group policy management editor.
18. Close the group policy management editor.

334
Update Group Policy




335
EXERCISE 17.2
Set Auditing at the file object level.
1.

(Figure 0652).
336

Figure 0654 : Windows Explorer Properties
337
5. Select Security tab; and then click the Advanced button (Figure 0655).
Figure 0655 : D: drive properties
338
6. Select Auditing tab (Figure 0656).
Figure 0656 : Advanced Security Settings for Local Disk (D:).

7. Click the Edit button (Figure 0656).
Figure 0657 : Advanced Security Settings for Local Disk (D:) Auditing tab.
339
9. Key-in zul.zcomby in the box, and click Check Names button (Figure 0658).
Figure 0658 : Select User, Computer, or Group.
Figure 0659 : Select User, Computer, or Group Check Names.
340
11. Enable the following options (Figure 0660):
List folder read data Successful and Failed

Create files / write data - Successful and Failed
Figure 0660 : Auditing Entry for Local Disk (D:).
341
Figure 0662 : Advanced Security Settings for Local Disk (D:)
342
343
EXERCISE 17.3
Access the resource to generate the audit event.
Now it is time to test the auditing. What you did in the previous exercise was setup a
group policy for domain controllers. You enabled auditing on the server using Local
Security Policy. Next, you enabled auditing on the files and sub-folder D:\tempx. In the
next step you will log on and access this resource, thus generating an audit event.
17. Log on to the server computer as zul.zcomby.
17.1.
17.2.

17.3.

17.4.

17.5.
Press ENTER.
344
18. Launch Notepad. Click Start All Programs Accessories Notepad.

19. Write your name (Figure 0667).
Figure 0667 : Notepad
20. Press Ctrl + S to save the files.
21. Click the Browse Folder button (Figure 0668).
Figure 0668 : Save As - Browse Folder

22. Access the Local Disk (D:). Click Computer double-click Local Disk (D:) (Figure 0669).
Figure 0669 : Save As - Access the Local Disk (D:)
345
23. Double-click the D:\tempx folder (Figure 0670).
Figure 0670 : Save As D:\tempx folder

24. Set the files name as Readme and click the Save button (Figure 0671).
Figure 0671 : Save As Readme.txt
25. Close the Notepad editor.

346
EXERCISE 17.4
View the audit events.
In the last exercise, you accessed the resource and this would have generated an audit
event. These events are stored in the security log and are viewed with event viewer.

0673).
347
29. Expand Windows Logs Security. The Event Viewer window displays the current

30. On the right window, click the Filter Current Log (Figure 0675).
348
31. Now configure the Filter Current Log. Please refer to the following table for
configuration (Figure 0676).
Logged:
Any time
Event level:
Information
Event sources:
Microsoft Windows security auditing.
Task category:
File System
Keywords:
Audit Success
User:
<All Users>
Computer(s):
<All Computer>
Figure 0676 : Filter Current Log window
349
33. Note that only Microsoft Windows security auditing events with File System task
category are now listed (Figure 0677).

34. Double-click the first event to see the event properties (Figure 0677).
35. The event properties of the first event appeared. The dialog box gives an indication
of the event [including the event ID, which is helpful when exploring your server as to
possible problems] (Figure 0678).

36. You will notice from Account Name: section, there are user name zul.zcomby are
login into the server (Figure 0678).
350
37. Drag the right-hand side scroll bar until you see the Process Information: section
(Figure 0679).
38. From this section, you can see the process or application zul.zcomby run while he
login to the server.
As you can see, zul.zcomby are launch Notepad application software. Maybe he
writing something or maybe he open a text file (Figure 0679).
39. Click Close button (Figure 0679).
40. Now let find the location of the text file zul.zcomby opened. Double-click the second
event to see the event properties (Figure 0680)
351
41. Scroll until you find the Object: section. As you can see the log reports same as the
first event (Figure 0681).

42. Click the Close button (Figure 0681).
43. Now try double-click the third event to see the event properties (Figure 0682).
Figure 0682: Even Viewer Security events
352
44. Scroll until you find the Object: section. Can you find the differences between third
event and the first event?
In the third event there is extra information under Object: section. Object Type: and
Object Name: (Figure 0683).
Object Type: state the type of the object.
Object Name: state the object name.
Figure 0683: Even Viewer Security events

From this event log, you can trace and viewed the security log. You can check what
happened to the server behind the screen or while you were gone. This also can
help you to determine the cause of the problem in user access.
46. Close the event viewer.
353
EXERCISE 17.5
Disable Auditing
Auditing places a performance penalty overhead on the computer. In this step, you will
disable auditing.
Policy Management (Figure 0684).
354
51. Edit the Default Domain Policy. Right-click Default Domain Policy Edit (Figure
0688).
Figure 0688 : Edit the Default Domain Policy.
355
52. Expand Computer Configuration (Figure 0689).
Figure 0689 : Expand Computer Configuration.

53. Expand Policies (Figure 0690).
Figure 0690 : Expand Policies.

54. Expand Windows Settings (Figure 0691).
Figure 0691 : Expand Windows Settings.
356
Figure 0692 : Expand Security Settings.

56. Expand Local Policies (Figure 0693).
Figure 0693 : Expand Local Policies.
57. Expand Audit Policy (Figure 0694).
Figure 0694 : Expand Audit Policy.
357
Change auditing to No Auditing.

58. Open Audit logon events properties. Right-click Audit logon events Properties
(Figure 0695).
Figure 0695 : Open Audit logon events properties.

59. Disable the Success and Failure attempts; uncheck both boxes (Figure 0696).
Figure 0696 : Define policy settings.

358
62. Change auditing to No Auditing the following events (Figure 0697):

i.
ii.
iii.
iv.
v.
vi.
vii.
viii.
ix.
Audit account logon events

Audit account management
Audit directory service access
Audit logon events
Audit object access
Audit policy change
Audit privilege use
Audit process tracking
Audit system events
Figure 0697 : Group policy management editor.
63. Close the group policy management editor.

359
Update Group Policy


360
Remove User From Auditing Entry.

(Figure 0701).

361
Figure 0703 : Windows Explorer Properties

71. Select Security tab; and then click the Advanced button (Figure 0704).
362
72. Select Auditing tab and select Zul Zcomby (Figure 0705).
Figure 0705 : Advanced Security Settings for Local Disk (D:).

73. Click the Edit button (Figure 0705).
74. Select Zul Zcomby and click Remove button (Figure 0706).
363
Figure 0707 : Advanced Security Settings for Local Disk (D:)

364
EXERCISE 17.6
Clear the Security Log Events
In this exercise you will clear all the events in the Security log.
0709).
365
79. Expand Windows Logs Security. The Event Viewer window displays the current
80. Right-click Security log and select Clear Log (Figure 0711).
Figure 0711 : Even Viewer window
366
81. Click Clear button so that the events are not saved (Figure 0712).
Figure 0712 : Even Viewer Clear Log
82. Close Even Viewer.

Summary
Both Directories and Files can be audited. When auditing is enabled, events that are
specified are written to an event log, which can be viewed in Event Viewer.
It is possible to apply a filter when viewing events to be more selective. Applying auditing
creates an overhead penalty on the server, and can fill the event logs quickly.
367
Exercise 18
INSTALLING AND
CONFIGURING
PRINTER

368
Exercise 18 : Installing and Configuring Printer

In this exercise, you shall look at creating a local printer on the Server and access that
printer remotely from the client computer. This exercise used an HP Color LaserJet
CP1515n printer, attached to the network.
EXERCISE 18.1
1.

2. Open the Control Panel. Click Start Control Panel (Figure 0714).
Figure 0714 : Open Control Panel
369
3. Double-click Printer icon (Figure 0715).
Figure 0715 : Control Panel - Printer
4. Click Add a printer button to run the Add Printer wizard (Figure 0716).
Figure 0716 : Printer Add a printer
370
5. Click Add a local printer (Figure 0717).
Figure 0717 : Add Printer wizard - Add a local printer

6. Select Create a new port. And select Standard TCP/IP Port from the Type of
port: drop down menu (Figure 0718).
Figure 0718 : Add Printer wizard Create new port

7. Click Next button (Figure 0718).
371
8. Now select Device type: as TCP/IP Device and enter your printer IP address in the
Hostname or IP address: box. For this exercise, my printer IP address is
192.168.2.254 (Figure 0719).
Figure 0719 : Add Printer wizard Printer IP address
10. Wait until the detecting of the TCP/IP port process finish. After finish the detection
process, the windows will automatically move to the next page (Figure 0720).
Figure 0720 : Add Printer wizard TCP/IP port detection process
372
Figure 0721 : Add Printer wizard Port type
12. Now the Add Printer wizard will try to detect the printer driver. The Add Printer wizard
will automatically move to the next page after the detection process done (Figure
0722).
Figure 0722 : Add Printer wizard Printer driver detection
373
13. In the list of Manufacturer, select HP.

And in the list of Printer, select your printer model.
But if your printer is not listed, consult your printer documentation for compatible
printer driver or just select the nearest model or select the Family or common driver.
In this exercise, my printer is not listed under the printer list. So I will select the
Family Driver of my printer; HP Color LaserJet Family Driver PCL5 (Figure 0723).
Figure 0723 : Add Printer wizard Install printer driver

15. Enter your printer name. Normally same as printer model. So here I enter my printer
model; HP Color LaserJet CP1515n as printer name (Figure 0724).
Figure 0724 : Add Printer wizard Printer name

374
17. Enter HPCP1515n as the shared printer name and STKM for the Location field
(Figure 0725).
Figure 0725 : Add Printer wizard Printer sharing

19. Click Finish button to complete the adding printer process (Figure 0726).
Figure 0726 : Add Printer wizard Finish
375
EXERCISE 18.2
Assign a Print Manager For The Printer
In this exercise, you will assign a user to manage the printer. This printer manager will
be able to delete jobs and perform other administrative tasks.
20. Right-click the installed printer and select Sharing (Figure 0727).
Figure 0727 : Printer Sharing
21. You will see that Windows Server 2008 has already shared the printer on the
network, but the printer not listed in the Active Directory. To list the printer in the
Active Directory, tick the List in the directory option (Figure 0728).
Figure 0728 : Printer Properties Sharing tab
376
22. Click the Security tab (Figure 0728).
23. The current security setting for the printer is similar to the Figure 0729.
You will note that everyone (all users) has print access, whilst Administrators have
all rights.
Print Operators also have all rights.
Figure 0729 : Printer Properties Security tab

377
25. Click Advanced button (Figure 0730).
Figure 0730 : Add Users, Computers, or Groups wizard

Figure 0731 : Add Users, Computers, or Groups wizard - Advanced
378
27. Select Ocah Blue from the list and click OK button (Figure 0732).
Figure 0732 : Add Users, Computers, or Groups wizard Find Now

Figure 0733 : Add Users, Computers, or Groups wizard
379
29. Give Ocah Blue full rights to this printer. This effectively makes her a manager for
this printer (Figure 0734).
Figure 0734 : Printer Properties

30. After setting the rights as indicated, click OK button (Figure 0734).
31. Close the Printers window.
380
EXERCISE 18.3
Locating Printers using Active Directory
In this exercise, you will use Active Directory to locate printers.
32. Launch Active Directory Users and Computers. Click Start Administrative Tools
Active Directory Users and Computers (Figure 0735).

33. From the Menu bar, click Action Find (Figure 0736).
Figure 0736 : Active Directory Users and Computers

34. Choose Printers in the Find: list, and enter STKM in the Location: field (Figure 0737).
Figure 0737 : Find Printer wizard
381
36. The search results will display all the printers installed and listed in your Active
Directory. In the previous exercise, you have installed one printer and set the printer
to be listed in the Active Directory. So the search results display only one printer
founded (Figure 0738).
Figure 0738 : Find Printer wizard Search results
37. Close the Find Printers wizard (Figure 0738).
38. Close the Active Directory Users and Computers.
382
EXERCISE 18.4
Accessing The Printer From The Client Computer
In this exercise, you will log on to the client computer and set up access to the shared
printer on the server.

41. Open Printers and Faxes. Click Start Printers and Faxes (Figure 0740).
Figure 0740 : Open Printers and Faxes
383
42. Click the Add a printer icon to run the Add Printer Wizard (Figure 0741).
Figure 0741: Printers and Faxes
Figure 0742 : Add Printer Wizard
384
44. Select A network printer, or to another computer and click Next button
(Figure 0743).
Figure 0743 : Add Printer Wizard Type of printer

45. Select Find a printer in the directory and click Next button (Figure 0744).
This option makes finding a printer easier as you do not need to know the name of
the server on which the printer is located.
Figure 0744 : Add Printer Wizard Specify a Printer
385
46. Enter STKM in the Location: field and click Find Now button (Figure 0745).

47. Select your printer from the search results list and click OK button (Figure 0746).
Figure 0746 : Find Printer wizard - Search results
386
48. Click Finish button (Figure 0747).
Figure 0747: Add Printer Wizard - Finish
387
EXERCISE 18.5
Printing a File
In this exercise, you will print a page to the printer.
49. Right-click the printer icon and select Properties (Figure 0748).
Figure 0748 : Printers and Faxes
50. Click the Print Test Page button (Figure 0749).
388
Figure 0750 : Print Test Page
389
EXERCISE 18.6
Managing The Printer
In this exercise, you will manage the printer by deleting all print jobs, and then pausing
the printer.
53. Make the printer ERROR (open the printer tonner compartment door).
54. Launch Notepad. Click Start All Programs Accessories Notepad (Figure 0752).
Figure 0752 : Launch Notepad
390
55. Key-in your name in the Notepad text editor (Figure 0753).
Figure 0753 : Notepad text editor

56. Print the file. Click File Print (Figure 0754).
Figure 0754 : Notepad File Print

57. Select your printer and click Print button (Figure 0755).
Figure 0755 : Notepad - Print
391
59. Right-click the printer icon and select Pause Printing (Figure 0757).
Figure 0757 : Printers and Faxes Pause Printing
392
60. Right-click the printer icon and select Cancel All Documents (Figure 0758).
Figure 0758 : Printers and Faxes Cancel All Documents
61. Click Yes button to confirm (Figure 0759).
Figure 0759 : Cancel Printing Confirmation
393
63. Log on to the client computer as zul.akmal with akmal as his password (Figure
0760).
Figure 0760 : Notepad

394
65. Click the Add a printer icon to run the Add Printer Wizard (Figure 0762).
Figure 0762 : Printers and Faxes
Figure 0763 : Add Printer Wizard
395
67. Select A network printer, or to another computer and click Next button
(Figure 0764).
Figure 0764 : Add Printer Wizard Type of printer

68. Select Find a printer in the directory and click Next button (Figure 0765).
This option makes finding a printer easier as you do not need to know the name of
the server on which the printer is located.
Figure 0765 : Add Printer Wizard Specify a Printer
396
69. Enter STKM in the Location: field and click Find Now button (Figure 0766).

70. Select your printer from the search results list and click OK button (Figure 0767).
Figure 0767 : Find Printer wizard - Search results
397
71. Click Finish button (Figure 0768).
Figure 0768 : Add Printer Wizard - Finish

72. Right-click the printer icon and select Resume Printing (Figure 0769).
Figure 0769 : Printers and Faxes Resume Printing
398
73. What was the message displayed? (Figure 0770).
Figure 0770 : Printers and Faxes Access denied
74. Why do you think this happened?

Because in the previous exercise, you give Ocah Blue full rights to this printer. This
effectively makes her a manager for this printer. Whilst other users (everyone) only
has print access.
Summary
In this exercise you established a network printer and connected to it using a client
computer. A print manager responsible for the printer was established and you
tested the printer and management functions. You also learnt to locate a printer
using the search function of active directory.
399
Exercise 19
OTHER
ADMINISTRATIVE
TOOLS

400
Exercise 19 : Other Administrative Tools

In this exercise you will look at other administrative tools.
Backup
Restore
Disk Management Chkdsk and Defrag
Safe Mode
Directory Service Repair Mode
Backup
In this exercise you will use the Backup utility provided with Windows Server 2008 to
perform a selective backup of files.
EXERCISE 19.1
Installing Windows Server Backup.
1.
401
2. Launch the Server Manager. Click Start Administrative Tools Server Manager
(Figure 0772).
Figure 0772 : Launch Server Manager.

3. Click Features Add Features (Figure 0773).
Figure 0773 : Server Manager - Add Features
402
4. Select Windows Server Backup Features (Figure 0774).
Figure 0774 : Add Features Wizard - Select Features

6. Click Install button (Figure 0775).
Figure 0775 : Add Features Wizard - Install
403
7. After finish installation of Windows Server Backup, the Add Features Wizard
show the installation results. Make sure the result is success, if not you have to
reinstall the features.
Click Close button to continue (Figure 0776).
Figure 0776 : Add Features Wizard - Installation Results
8. Close all the remaining windows
404
EXERCISE 19.2
Full Server Backup
9. Launch the Windows Server Backup. Click Start Administrative Tools Windows
Server Backup (Figure 0777).
Figure 0777 : Launch the Windows Server Backup.

10. Click Backup Once (Figure 0778).
Figure 0778 : Windows Server Backup
405
11. Select Different options and click Next button (Figure 0779).
Figure 0779 : Backup Once Wizard
12. Select Full server (recommended) option and click Next button (Figure 0780).
Figure 0780 : Backup Once Wizard Backup configuration
406
13. Select Local drives option and click Next butoon (Figure 0781).
Figure 0781 : Backup Once Wizard Type of storage
14. Select drive D as your backup destination, but make sure the drive is NTFS
formatted (Figure 0782).
Figure 0782 : Backup Once Wizard Backup destination
407
16. Select VSS full backup option and click Next button (Figure 0783).
Figure 0783 : Backup Once Wizard Advanced option
17. Check you backup configuration, make sure the backup items and the backup
destination are correct. Click Backup button to start backup (Figure 0784).
Figure 0784 : Backup Once Wizard Confirmation
408
18. After all files have been archived, the Backup Wizard displays a completion
summary. Click Close button to close the Backup Wizard (Figure 0785).
Figure 0785 : Backup Once Wizard Backup progress
19. Close the Windows Server Backup window (Figure 0786).
Figure 0786 : Windows Server Backup window
409
EXERCISE 19.3
Restore Files and Folders
In this exercise you will use the Backup utility provided with Windows Server 2008 to
perform a restore of files and folder.
20. Launch the Windows Server Backup. Click Start Administrative Tools Windows
Server Backup (Figure 0787).
Figure 0787 : Launch the Windows Server Backup.

21. Click Recover (Figure 0788).
410
22. Select This server option and click Next button (Figure 0789).
Figure 0789 : Recovery Wizard
23. The Recovery Wizard will show the entire available backup. Backups are
available for dates shown in bold. Select the date of a backup to use for
recovery. Select the latest backup available (Figure 0790).
Figure 0790 : Recovery Wizard Select backup date
411
25. Select Files and folders option to restore files and folders. This option only can
restore selected files and folder (Figure 0791).
If you want to restore the entire volume, select Volumes option.
Figure 0791 : Recovery Wizard Select recovery type

27. Browse the folders tree to find the files or folders that you want to recover. Click
an item to select it for recovery.
Let try recover Common Files folder. Select Common Files folder and click Next
button (Figure 0792).
Figure 0792 : Recovery Wizard Select items to recover
412
28. Select Original location for the Recovery destination option and select
Overwrite existing files with recovered files for the When this wizard finds
files and folders in the recovery destination option (Figure 0793).
Figure 0793 : Recovery Wizard Specify recovery options

30. Click Recover button to start your recovery (Figure 0794).
Figure 0794 : Recovery Wizard Confirmation
413
31. After all files have been restored, the Recovery Wizard displays a completion
summary. Click Close button to close the Recovery Wizard (Figure 0795).
Figure 0795 : Recovery Wizard Finish
32. Close the Windows Server Backup window (Figure 0796).
414
EXERCISE 19.4
Restore Volume
In this exercise you will perform a restore an entire volume (all data stored on C: drive).
33. Insert the Windows Server 2008 DVD into your DVD drive.
34. Restart your Server. Click Start Restart (Figure 0797).
Figure 0797 : Restart Server.
415
35. Select Hardware: Maintenance (Planned) and click OK button (Figure 0798).
Figure 0798 : Shutdown Event Tracker
36. Boot your PC using Windows Server 2008 DVD.

37. Language and Keyboard Options. Select your language and keyboard; and
click Next button to continue (Figure 0799).
Figure 0799 : Language and Keyboard Options
416
38. Windows Server 2008 Setup

You are presented with options to Install, brief information about Server 2008 or
repair (Figure 0800).
Click Repair your computer to start System Recovery Wizard on this computer.
(Figure 07).
Figure 0800 : Windows Server 2008 Setup
39. Select an operating system to repair and click Next button (Figure 0801).
Figure 0801 : System Recovery Options
417
40. Click Windows Complete PC Restore option to restore entire server from a
backup image (Figure 0802).
Figure 0802 : System Recovery Options Choose a recovery tool

41. Select Use the latest available backup (recommended) option and click the
Figure 0803 : Windows Complete PC Restore wizard
418
42. Click the Next button (Figure 0804).
Figure 0804 : Windows Complete PC Restore wizard restore options

43. Click the Finish button to start restore (Figure 0805).
Figure 0805 : Windows Complete PC Restore wizard Start restore

44. Tick the I confirm that restore the backup option and click the OK
button (Figure 0806).
Figure 0806 : Windows Complete PC Restore wizard Confirm to restore
419
45. At this point, take a break. The restoring process will continue on its own. This
will take several minutes (Figure 0807).
Figure 0807 : Windows Complete PC Restore wizard Restoring process
46. Windows will automatically reboot your system after the restoring process
complete. Press CTRL + ALT + DELETE to log on to your server (Figure 0808).
Figure 0808 : Windows log on
420
Congratulation! You have finish restore the Windows Server 2008
421
COMPUTER MANAGEMENT
This is an administrative tool that allows you view the physical drives, file systems,
partitions, and logical drives on the computer. This tool can also be used to check the file
systems and defragment.
EXERCISE 19.5
In this exercise you will use Computer Management to check the file system. If files are
currently in use, Windows Server 2008 is unable to check the state of the file system,
and will flag the file system for checking on the next reboot.
422
2. Launch Computer Management. Click Start Administrative Tools

Computer Management (Figure 0811).
Figure 0811 : Launch Computer Management

3. Expand the Storage folder and select the Disk Management (Figure 0812).
Figure 0812 : Computer Management window
423
4. Right click C: drive and select Properties (Figure 0813).
Figure 0813 : Computer Management Disk Management

5. From the Properties window, click the Tools tab (Figure 0814).
This tab displays options for you to check the file system, defragment the drive or
backup files.
Figure 0814 : Local Disk (C:) Properties
424
6. Click the Check Now button to check the drive for errors (Figure 0814).
7. Tick the option Automatically fix file system errors and click Start button
(Figure 0815).
Figure 0815 : Check Disk Local Disk (C:)
8. If C: drive is not in use, check disk will now scan the drive for errors. If the drive is
in use, you will be presented with the option to schedule the disk check when the
computer is restarted.
Click Schedule disk check to continue (Figure 0816).
Figure 0816 : Schedule disk check option
425
9. Use the same procedure to scan D: drive.

Right click D: drive and select Properties (Figure 0817).

10. From the Properties window, click the Tools tab. Then click the Check Now
button to check the drive for errors (Figure 0818).
Figure 0818 : Local Disk (D:) Properties
426
11. Tick the option Automatically fix file system errors and click Start button
(Figure 0819).
Figure 0819 : Check Disk Local Disk (D:)
12. If D: drive is not in use, check disk will now scan the drive for errors. If the drive is
in use, you will be presented with the option to schedule the disk check when the
computer is restarted.
Click Schedule disk check to continue (Figure 0820).
Figure 0820 : Schedule disk check option
427
Figure 0821 : Restart Server
428
14. Select Hardware: Maintenance (Planned) and click OK button (Figure 0822).
You will be able to observe the process of checking the file system occurring
once the computer restarts (Figure 0823).
Figure 0823 : File system checking process

Once this process has finish, the computer will restart and load Windows Server
2008.
The file system should be checked on a regular basis for integrity by running
Check disk. Unfortunately, this process often requires restarting the server.
429
DEFRAGMENTING THE FILE SYSTEM

Over a period of time, portions of files can become scattered over the surface of the disk
and this makes accessing files slower. The process of defragmenting a disk involves
moving the portions of each file back together so they are all next to each other.
EXERCISE 19.6
In this exercise you will use Computer Management to defragment the current drive.
430
2. Launch Computer Management. Click Start Administrative Tools

Computer Management (Figure 0825).
Figure 0825 : Launch Computer Management

3. Expand the Storage folder and select the Disk Management (Figure 0826).
Figure 0826 : Computer Management window
431
4. Right click C: drive and select Properties (Figure 0827).

5. From the Properties window, click the Tools tab (Figure 0828).
This tab displays options for you to check the file system, defragment the drive or
backup files.
Figure 0828 : Local Disk (C:) Properties
432
6. Click Defragment Now button (Figure 0828).

7. Click Defragment now button (Figure 0829).
Figure 0829 : Disk Defragmenter window
8. Select all disks for defragment and click OK button (Figure 0830).
Figure 0830 : Disk Defragmenter : Defragment Now
433
9. After the drive has been defragmented, click the Close button to close the Disk
Defragmenter window (Figure 0831).
Figure 0831 : Disk Defragmenter window
Defragmenting the file system should occur on a regular basis to ensure files can
be accessed and loaded quickly. Files in use cannot be defragmented, so
administrators should schedule this to occur during periods of inactivity. A heavily
fragmented file system is often the cause of poor performance.
434
SAFE MODE
Safe mode provides a means of recovering from loading device drivers that do not work
properly. For instance, an administrator might install a new graphics card, and rather
than let Windows Server 2008 install the appropriate drivers, may select an alternative
driver. This can result in a system that results in an unreadable screen display. To
recover from such a possibility, Windows Server 2008 provides Safe mode.
EXERCISE 19.7
In this exercise you will restart the computer in Safe Mode. This is a special mode only
available when the computer is restarted and you press F8 before the computer starts
loading Windows Server 2008.
435
436
3. Select Operating System: Reconfiguration (Planned) and click OK button

(Figure 0834).
4. When the computer restarts, repeatedly press the F8 key while it displays the
boot sequence at the bottom of the screen. You need to press F8 key before the
Windows logo appears. If the Windows logo appears, you will need to try again
(Figure 0835).
Figure 0835 : Boot Screen
437
5. Select the Safe Mode option and press Enter (Figure 0836).
Figure 0836 : Advanced Boot Options
438
7. When your computer in safe mode, youll see the word Safe Mode in the corners
of the display (Figure 0838).
Figure 0838 : Safe Mode
439
8. After the computer has started in safe mode, shut the computer down. Click Start
Shut Down (Figure 0839).
Figure 0839 : Shut Down Server
440
ACTIVE DIRECTORY SERVICE REPAIR MODE

The active directory database is stored in the file ntds.dit in the folder NTDS. As changes
occur to Active Directory over time, the database file becomes fragmented. An
administrator should perform a backup of the Active Directory database file.
In this exercise you will boot the computer using a startup option by pressing F8 at
startup. This will allow you to enter a mode where you can repair the Active Directory
files, or back-up and restore Active Directory.
9. Switch ON your server and repeatedly press the F8 key while it displays the boot
sequence at the bottom of the screen. You need to press F8 key before the
(Figure 0840).
441
10. Select the Directory Services Restore Mode option and press Enter (Figure 0841).
11. Press CTRL + ALT + DELETE and log on to the server as Administrator with
Active Directory password you set in the earlier exercise - @xercisE (Figure
0842).
442
Backup Active Directory Service

EXERCISE 19.8
In this exercise you will back-up Active Directory.
13. Key-in cmd in the Open : box and click the OK button to launch the Command
Prompt application (Figure 0844).

14. Access the C:\Windows\ntds folder
Type the following command in command prompt:
14.1. cd\ and press Enter (Figure 0845).
Figure 0845 : Command Prompt cd\
443
14.2. cd c:\windows\ntds and press Enter (Figure 0846).
Figure 0846 : Command Prompt cd c:\windows\ntds
14.3. dir/w and press Enter (Figure 0847).
Figure 0847 : Command Prompt dir/w
444
15. Backup the Active Directory Service database by copying the ntds.dit file to a
new file named ntdsbackup.dit
Key-in the following command to back-up the ntds.dit file:
copy ntds.dit ntdsbackup.dit
and press Enter (Figure 0848).
Figure 0848 : Command Prompt copy file
16. Reconfirm the backup file is successfully created by typing the following
command:
dir/w and press Enter (Figure 0849).
Figure 0849 : Command Prompt display directory contents
445
Create The Active Directory Service Error

EXERCISE 19.9
In this exercise you will create Active Directory error by deleting the Active Directory
Service database file.
17. Delete the ntds.dit file by execute the following command:
del ntds.dit
Figure 0850 : Command Prompt delete file
446

(Figure 0852).
Could you log on to the server?

Why this happened?
This problem happened normally because the server cannot find the Active
Directory Service database file or maybe the Active Directory Service database
file is corrupted. In the earlier exercise you have deleted the Active Directory
database file (ntds.dit) to create this problem.
20. Press CTRL + ALT + DELETE to restart your server.
447
21. When the computer restarts, repeatedly press the F8 key while it displays the
boot sequence at the bottom of the screen. You need to press F8 key before the
(Figure 0853).
22. Select the Directory Services Restore Mode option and press Enter (Figure 0854).
448
Restore Active Directory Service

EXERCISE 19.10
In this exercise you will restore Active Directory.
23. Press CTRL + ALT + DELETE and log on to the server as Administrator with
Active Directory password you set in the earlier exercise - @xercisE (Figure
0855).
449
26. Access the C:\Windows\ntds folder

Type the following command in command prompt:
26.1. cd\ and press Enter (Figure 0858).
Figure 0858 : Command Prompt cd\
26.2. cd c:\windows\ntds and press Enter (Figure 0859).
Figure 0859 : Command Prompt cd c:\windows\ntds
450
26.3. dir/w and press Enter (Figure 0860).
Figure 0860 : Command Prompt dir/w
27. Restore the Active Directory Service by copying the ntdsbackup.dit file to
ntds.dit file
Key-in the following command to restore the ntds.dit file:
copy ntdsbackup.dit ntds.dit
Figure 0861 : Command Prompt copy file
451
28. Reconfirm the file is successfully restore by typing the following command:
dir/w and press Enter (Figure 0862).
Figure 0862 : Command Prompt display directory contents
452

(Figure 0864).
What happen? Could you log on to the server?
Summary
In this exercise you learn how to make a backup copy of the Active Directory
database by copying it to another file. You also learn how to recover and restore
the Active Directory database.
453
Exercise 20
INSTALLING AND
CONFIGURING
DHCP SERVER

454
Exercise 20 : Installing And Configuring DHCP Server

"Dynamic Host Configuration Protocol (DHCP) is an IP standard designed to reduce the
complexity of administering IP address configurations." - Microsoft's definition.
A DHCP server would be set up with the appropriate settings for a given network. Such
settings would include a set of fundamental parameters such as the gateway, DNS,
subnet masks, and a range of IP addresses. Using DHCP on a network means
administrators don't need to configure these settings individually for each client on the
network. The DHCP would automatically distribute them to the clients itself.
In this exercise you will set DHCP server and deploy DHCP to a Windows Server 2008
client computer. You will configure DHCP service and limit it to 3 hosts.
EXERCISE 20.1
Installing DHCP Service.
This will serve as a step-by-step guide on how to setup a DHCP server.
1.
455
(Figure 0866).
Figure 0867 : Server Manager - Roles
456
5. On the Before You Begin page, review the requirements, and click the Next
(Figure 0869).
457
6. On the Select Server Roles page, select the check box next to DHCP Server,
and click the Next button (Figure 0870).
Figure 0870 : Server Roles DHCP Server

7. On the DHCP Server page, review the information, and click the Next button
(Figure 0871).
Figure 0871 : DHCP Server page
458
8. On the Network Connection Binding page, select your server IP address and
click the Next button (Figure 0872).
Figure 0872 : Select Network Connection Binding page
9. On the IPv4 DNS Server Settings page, review the information. Make sure all the
information is correct. Click the Next button to continue (Figure 0873).
Figure 0873 : Select IPv4 DNS Server Settings page
459
10. Select WINS is required for applications on this network option, and enter
your server IP address in the Preferred WINS Server IP Address box. Click the
Next button to continue (Figure 0874).
Figure 0874 : Specify IPv4 WINS Server Settings page
11. Create DHCP Scopes. Just click the Next button, we will create the DHCP
scopes later (Figure 0875).
Figure 0875 : Add or Edit DHCP Scopes page
460
12. In this exercise you only use IPv4, so select Disable DHCPv6 stateless mode
for this server option and click the Next button to continue (Figure 0876).
Figure 0876 : Configure DHCPv6 Stateless Mode page
13. Select the Use current credentials option and click the Next button (Figure 0877).
This option specifies the credentials of the current user will be used to authorize
the DHCP server in AD DS.
Figure 0877 : Authorize DHCP Server
461
14. On the Confirm Installation Selections page, click Install button (Figure 0878).
462

16. Close the Server Manager.
463
EXERCISE 20.2
Creating a Range of Address: DHCP Scopes.
In this exercise you will specify range of IP address
17. Launch the DHCP manager. Click Start Administrative Tools (Figure 0881).
Figure 0881 : Launch the DHCP manager
18. Double-click on the server icon to expand the domain (Figure 0882).
Figure 0882 : DHCP manager
464
19. Click the IPv4 server icon (Figure 0883).
Figure 0883 : DHCP manager - IPv4
20. On the Action menu, click New Scope to start New Scope wizard (Figure 0884).
Figure 0884 : DHCP manager - New Scope
465
21. New Scope Wizard window. Click the Next button to continue (Figure 0885).
Figure 0885 : New Scope Wizard
22. Scope Name.

Enter DHCP 1 3 as the Name of the scope and DHCP range for 3 host as the
Description (Figure 0886).
Figure 0886 : New Scope Wizard Scope Name

23. Click the Next button to continue (Figure 0886).
466
24. Specifying IP Address Range.

Now you will configure DHCP service and limit it to 3 hosts.
Define the scope address range as following (Figure 0887):
Start IP address
End IP address
: 192.168.2. Server Number

: 192.168.2. Server Number + 2
Figure 0887 : New Scope Wizard IP Address Range

25. Configure the Length and Subnet mask as the following (Figure 0887):
Length
: 24
Subnet mask : 255.255.255.0
You can specify the subnet mask by length or as an IP address.

A subnet mask defines how many bits of an IP address to use for the
network/subnet IDs and how many bits to use for the host ID.
In this exercise we use class C default subnet (255.255.255.0), which is equal to
24 bit length. You can learn more about this under IP address Subnetting topic.
467
27. IP Address Exclusions.

IP Address Exclusions are addresses or a range of addresses that are not
distributed by the DHCP server.
In your DHCP IP address range, you set a range for 3 hosts. If you notice, the
first IP address is your server IP address.
If you not exclude your server IP address, the DHCP server will distribute all the
IP address in the range including your server IP address. Later you will faces
with the IP conflict problem. To prevent this, you have to exclude your server IP
address.
To exclude a single address, type an address in Start IP address only.
So, enter your server IP address at the Start IP address: box to exclude it IP
from distributed by the DHCP server and click the Add button (Figure 0888).
Figure 0888 : New Scope Wizard IP Address Exclusions
468
Figure 0889 : New Scope Wizard IP Address Exclusions

29. Lease Duration.
The lease duration specifies how long a client can use an IP address from scope.
Lease durations should typically be equal to the average time the computer is
connected to the same physical network.
Let set the lease duration to 8 hours this equal to 8 hour working time per day.
Click the Next button to continue (Figure 0890).
Figure 0890 : New Scope Wizard Lease Durations
469
30. DHCP Options.

DHCP can provide default values for a whole host of TCP/IP parameters,
including these basic items:o
o
o
o
Default Gateway
Domain Name
DNS Server
WINS Server
Select Yes, I want to configure these options now and click the Next button to
start configure the DHCP options (Figure 0891).
Figure 0891 : New Scope Wizard Configure DHCP Options
470
31. Router (Default Gateway)

In the previous exercise I use another server as the router (192.168.2.25). You
can use the same router or you can use your server router or another router to
be distributed by this scope.
I will use the same router for this scope in this exercise (192.168.2.25).
To add an IP address for a router used by client, enter the address in the IP
address: box and click the Add button (Figure 0892).
Figure 0892 : New Scope Wizard Router (Default Gateway)

Figure 0893 : New Scope Wizard Add Router (Default Gateway)
471
33. Domain Name and DNS Servers.

33.1. Set the Parent domain: same as your domain name. In this exercise, my
domain name is myserver.com (Figure 0894).
33.2. Set the Server name: same as your DNS server name (myserver.com) and
click the Resolve button to resolve the DNS server IP address (Figure
0894).
Figure 0894 : New Scope Wizard Parent domain and Server name
33.3. Click the Add button to add the DNS server IP address to the DNS server
IP address list (Figure 0895).
Figure 0895 : New Scope Wizard DNS server IP address
472
33.4. Click the Next button to continue (Figure 0896).
Figure 0896 : New Scope Wizard Domain Name and DNS Servers
473
34. WINS Servers.

Computers running Windows can use WINS servers to convert NetBIOS
computer names to IP address.
Entering WINS server IP address here enables Windows clients to query WINS
before they use broadcasts to register and resolve NetBIOS names.
34.1. Set the Server name: same as your WINS server name (myserver.com)
and click the Resolve button to resolve the WINS server IP address (Figure
0897).
Figure 0897 : New Scope Wizard WINS server name

34.2. Click the Add button to add the WINS server IP address to the WINS
server IP address list (Figure 0898).
Figure 0898 : New Scope Wizard WINS server IP address
474
34.3. Click the Next button to continue (Figure 0899).
Figure 0899 : New Scope Wizard WINS Servers
35. Activate Scope.

This is the last configuration for the new scope. Clients can obtain address
leases only if a scope is activated.
Select Yes, I want to activate this scope now and click the Next button (Figure
0900).
Figure 0900 : New Scope Wizard Activate Scope
475
36. Completing the New Scope Wizard.

Click the Finish button to close the New Scope Wizard (Figure 0901).
Figure 0901 : New Scope Wizard Finish
Congratulation! You have successfully completed creating the New DHCP Scope
(Figure 0902).
Figure 0902 : DHCP Manager

37. Close the DHCP manager.
476
EXERCISE 20.3
Testing The DHCP Server.
In this exercise you will test your DHCP server functionality.
39. Log on to the client computer using a local administrator account. Enter the User
name: as Administrator and select Log on to : CLIENTXP61 (this computer)
and click the OK button to log on (Figure 0903).
Figure 0903 : Windows XP Log On Screen

40. Launch Network Connections application program. Click Start All Programs
Accessories Communications Network Connections (Figure 0904).
Figure 0904 : Launch Network Connections
477
41. Right click Local Area Connection and select Properties (Figure 0905).

42. Double click Internet Protocol (TCP/IP) (Figure 0906).
478
43. Set your client to get IP address automatically from DHCP server by selecting the
Obtain an IP address automatically option and Obtain DNS server address
automatically option (Figure 0907).
Figure 0907 : Internet Protocol (TCP/IP) Properties

44. Click the OK button to save the setting (Figure 0907).
45. Click the OK button (Figure 0908) and close all the remaining windows.
479

480
48. List the client computer IP configuration by typing the following command:
ipconfig and press Enter (Figure 0911).
Figure 0911 : Command Prompt ipconfig

This will display the IP address, subnet mask and default gateway for your
ethernet adapter (Figure 0912).
Figure 0912 : Command Prompt IP Configuration

Now your client computer is set to obtain an IP address automatically from DHCP
server. So you can see the IP address has changed accordingly to the IP range
you have set in the DHCP server setting earlier.
Summary
In this exercises, you are setting up a DHCP server. The DHCP server provides you with
an easy way of assigning IP addresses to workstations on your network. You were
shown how to install and configure a DHCP Server and how to avoid overlapping
scopes.
481
Exercise 21
INSTALLING AND
CONFIGURING
WEB SERVER

482
Exercise 21 : Installing And Configuring WEB Server

In this exercises, you will install and configure your server to run as Web Server. This
exercise also describes the basics of managing a Web site's infrastructure, from setting
a site home directory and default Web Page, to redirecting requests and dynamically
altering Web pages.
Web Server Overview
Web servers are computer that have specific software that allow them to accept
requests from client computers and return responses to those requests. Web servers let
you share information over the internet or through intranet and extranets.
The Web server role in Windows Server 2008 lets you share information with users on
the internet, an intranet, or an extranet. Windows Server 2008 delivers IIS 7.0, which is a
unified Web platform that integrates IIS, ASP.NET and Windows Communication
Foundation. The key features and improvements in IIS 7.0 include the following:
A unified Web platform that delivers a single, consistent Web solution for both
administrators and developers.
Enhanced security and the ability to customize the server to reduce the attack
surface.
Simplified diagnostic and troubleshooting features to aide in resolution of
problems.
Improved configuration and support for server forms.
Delegated administration for hosting and enterprise workloads.
Installing IIS and Web Server
When you install IIS initially, the service is installed in a highly secure mode. Because IIS
only serves static content by default, you must enable features such as ASP, ASP.NET,
Common Gateway Interface (CGI), Internet Server Application Programming Interface
(ISAPI), and Web Distributed Authoring and Versioning (WebDAV), if you need them.
During installation, IIS installs optional components such as common files and IIS
Manager. You can choose not to install the optional components. However, if you do not
install specific components, you can decrease IIS functionality or disable IIS services. If
you are unfamiliar with the optional components and how they affect IIS, install IIS with
the default settings.
483
EXERCISE 21.1
Installing Internet Information Services (IIS).
1.

(Figure 0914).
484
485
5. On the Before You Begin page, review the requirements, and click the Next
(Figure 0917).

6. On the Select Server Roles page, select the check box next to the Web Server
(IIS) (Figure 0918).
Figure 0918 : Server Roles Web Server (IIS)
486
7. If you are asked to add features for Web Server (IIS), just click the Add
Required Features button to add the features. You cannot install Web Server
(IIS) unless the required features are also installed (Figure 0919).
Figure 0919 : Add Roles Add Required Features

Figure 0920 : Server Roles Web Server (IIS)
487
9. On the Web Server (IIS) page, review the information, and click the Next button
(Figure 0921).
Figure 0921 : Web Server (IIS) page
10. Role Services.

Just use the default setting and click the Next button to continue (Figure 0922).
Figure 0922 : Add Roles Wizard Select Role Services
488
11. On the Confirm Installation Selections page, click Install button (Figure 0923).
489

490
Configuring Web Server.

IIS creates a default Web site configuration on your hard disk at the time of installation.
You can use the C:\inetpub\wwwroot directory to publish your Web content, or create
any directory or virtual directory you choose.
Creating a Web site using IIS Manager does not create content, but merely creates a
directory structure and configuration files from which to publish the content.
EXERCISE 21.2
Use the default Web site.
491
15. Launch the Internet Information Services (IIS) Manager. Click Start
Administrative Tools Internet Information Services (IIS) Manager (Figure
0927).
Figure 0927 : Launch Internet Information Services (IIS) Manager
16. In the Internet Information Services (IIS) Manager, expand your server (Figure
0928).
Figure 0928 : Internet Information Services (IIS) Manager
492
17. Expand the Sites folder (Figure 0929).
Figure 0929 : Internet Information Services (IIS) Manager - Sites

You can see, IIS already create a default Web site on your hard disk. The default
folder for the default Web site is set to the C:\inetpub\wwwroot folder.
18. View the default web page.
Click Default Web Site and click the Browse *:80 (http) link (Figure 0930).
Figure 0930 : IIS Manager - Default Web Site
493
19. The windows will launch the Internet Explorer. You can see the address on the
address bar is http://localhost/ and a picture with the word IIS7 at the middle of
the page. This means your Web Server and your Default Web Site is running
successfully (Figure 0931).
Figure 0931 : Web Server Default Web page
20. Close the Internet Explorer window.
494
21. View contents of the default web folder.

On the IIS Manager, click the Explore link (Figure 0932).
Figure 0932 : IIS Manager - Default Web Folder
22. The Windows Explorer shows the path of the Default Web Folder. There are only
two files listed under C:\inetpub\wwwroot folder (Figure 0933):
iisstart.htm
welcome.png
HTML document
image file
Figure 0933 : Windows Explorer - Default Web Folder

23. Close the Windows Explorer.
495
EXERCISE 21.3
Change the Default Web Folder.
In this exercise you will change the default Web folder from C:\inetpub\wwwroot to
D:\mywebserver.
24. Click Default Web Site and click the Basic Settings link (Figure 0934).
Figure 0934 : IIS Manager - Default Web Site
25. Click the button to browse for folder (Figure 0935).
Figure 0935 : IIS Manager Edit Site
496
26. Select Local Disk (D:) and click the Make New Folder button (Figure 0936).
Figure 0936 : Edit Site - Browse For Folder
27. Rename the folder name to mywebserver and click the OK button (Figure
0937).
Figure 0937 : Edit Site - Browse For Folder - Make New Folder
497
28. Make sure the Physical path: is D:\mywebserver. If correct, click the OK button
to continue (Figure 0938).
Figure 0938 : Edit Site - Physical path:
498
EXERCISE 21.4
Create a Simple Web page.
In this exercise you will create a simple web page to act as your first web page and the
file to the D:\mywebserver folder.
29. Launch Notepad Editor. Click Start All Programs Accessories Notepad
(Figure 0939).
Figure 0939 : Launch Notepad Editor
499
30. Type the following text into the file (Figure 0940):
<html>
<head>
<title>Web Server</title>
</head>
<body>
<p><h1>Welcome To My Web Server</h1></p>
</body>
</html>
Figure 0940 : Notepad Editor
31. Save document as index.htm.

31.1.
Figure 0941 : Notepad Editor - Save As
500
31.2.
Browse to the D:\mywebserver folder (Figure 0942).
31.3.
Select Save as type: All Files (Figure 0943).
Figure 0943 : Notepad Editor - Save as type:
501
31.4.
Key-in index.htm in the File name: box (Figure 0944).
31.5.
Click the Save button to save (Figure 0944).
31.6.
Close the Notepad Editor (Figure 0945) and log off the server.
Figure 0945 : Notepad Editor index.htm
502
EXERCISE 21.5
Test the Web Server.
In this exercise you will test the functionality of your Web server using client workstation.
32. Log on to the client computer as Administrator (Figure 0946).

33. Launch Internet Explorer. Click Start All Programs Internet Explorer (Figure 0947).
Figure 0947 : Launch Internet Explorer
503
34. On the Address box, key-in http://yourdomain.com (e.g. http://myserver.com)

and click the Go button (Figure 0948).
Figure 0948 : Internet Explorer - http://myserver.com
35. Your webpage will appear in the browser (Figure 0948).
504
EXERCISE 21.6
Create a New Web Site.
In this exercise you will create a new Web site for your web server.
(Figure 0950).
505

39. Create a new folder named newwebSN (SN represents youre Station Number).
my folder named will be newweb21.
39.1.
506
39.2.
Rename the folder as newweb21 (Figure 0953).
40. Launch Notepad Editor. Click Start All Programs Accessories Notepad
(Figure 0954).
Figure 0954 : Launch Notepad Editor
507
<html>
<head>
<title>New Web Site</title>
</head>
<body>
<p><h1 align="center">Welcome To My New Web Site</h1>
<h3 align="right">Hosted by My <font color="#FF0000">Web
Server</font></h3></p>
</body>
</html>
42. Save document as default.htm.

42.1.
508
42.2.
Browse to the D:\newweb21 folder (Figure 0957).
42.3.
Select Save as type: All Files (Figure 0958).
Figure 0958 : Notepad Editor - Save as type:
509
42.4.
Key-in default.htm in the File name: box (Figure 0959).
42.5.
Click the Save button to save (Figure 0959).
42.6.
Close the Notepad Editor (Figure 0960) and all remaining window.
Figure 0960 : Notepad Editor default.htm
510
43. Launch the Internet Information Services (IIS) Manager. Click Start
Administrative Tools Internet Information Services (IIS) Manager (Figure
0961).
Figure 0961 : Launch Internet Information Services (IIS) Manager
44. In the Internet Information Services (IIS) Manager, expand your server (Figure
0962).
511
45. Right-click the Sites folder and select Add Web Site (Figure 0963).
Figure 0963 : IIS Manager Add Web Site
46. In the Site name: box, type the name of your site (e.g. Tutorial Site) (Figure
0964).
Figure 0964 : Add Web Site window - Site name
512
47. In the Physical path: box, type or browse to the directory that contains the site
content (D:\newweb21) (Figure 0965).
Figure 0965 : Add Web Site window - Physical path
48. Select your Web server IP address from IP Address: drop-down menu (Figure
0966).
Figure 0966 : Add Web Site window IP address
513
49. Enter Host name: as www.myserver.com for this site, and click the OK button
(Figure 0967).
Figure 0967 : Add Web Site window
50. On IIS Manager, Select the new web site (Tutorial Site) and click the Start
button to start the new web site service (Figure 0968).
Figure 0968 : page
514
EXERCISE 21.7
Configure DNS Service for Host Name.
In this exercise you will configure host name for your new Web site.
51. Launch DNS Manager. Click Start Administrator Tools DNS (Figure 0969).
52. Double-click the computer icon to expand the DNS Server (Figure 0970).
515
53. Expand the Forward Lookup Zones; right click myserver.com and select New
Host (A or AAAA) (Figure 0971).

54. In the Name box, type www (Figure 0972).
55. Enter IP address for your Web server (www.myserver.com) and make sure you
select the Create associated pointer (PTR) record option (Figure 0972).

56. Click Add Host (Figure 0972).
Figure 0973 : Host Record Successfully Created Message
516
58. Click Done button to exit New Host Wizard (Figure 0974).
Figure 0974 : New Host Wizard
59. Click the Refresh button
and close the DNS Manager (Figure 0975).
517
EXERCISE 21.8
Test the New Web Site on Web Server
In this exercise you will test the functionality of your New Web Site from client
workstation.

62. Launch Internet Explorer. Click Start All Programs Internet Explorer (Figure 0977).
518
63. On the Address box, key-in http://www.yourdomain.com

(e.g. http://www.myserver.com) and click the Go button (Figure 0978).
Figure 0978 : Internet Explorer - http://www.myserver.com
64. Your new web site page will appear in the browser (Figure 0978).
Summary
Whether your site is on an intranet or the Internet, the principles of providing content are
the same. You place your Web files in directories on your server so that users can
establish an HTTP connection and view your files with a Web browser.
But beyond simply storing files on your server, you must manage how your site is
deployed, and more importantly, how your site evolves. Today, an engaging Web site is
seldom a static collection of pages. Most successful Web administrators are kept busy
accommodating ever changing Web content.
Each Web site must have a home directory. The default Web site home directory is
LocalDrive:\inetpub\wwwroot. You can change a Web site home directory using IIS
Manager.
519
Exercise 22
INSTALLING AND
CONFIGURING
FTP SERVER

520
Exercise 22 : Installing And Configuring FTP Server

In this exercises, you will install and configure your server to run as FTP Server. This
exercise also describes installation of the FTP service, and changing default FTP
settings globally and for specific FTP sites.
File Transfer Protocol (FTP) is a protocol used to transfer files over the internet. People
commonly use FTP to make files available for others to download, but you can also use
FTP to upload webpages for building a website or for putting digital photos on a picture
sharing site.
IIS includes the File Transfer Protocol (FTP) service for publishing and managing files.
This version of IIS includes FTP user isolation to help administrators (particularly Internet
hosting providers) efficiently secure and commercialize FTP services for their customers.
The FTP service is not installed by default. To set up an FTP site, you must first install
the FTP service through the Server Manager. Installing the FTP service creates a default
FTP site, which you can then customize to your needs using IIS Manager.
EXERCISE 22.1
Installing FTP Server.
521
(Figure 0980).

522
4. Scroll down until you reach the Web Server (IIS) section (Figure 0982).
5. Click the Add Role Services at the Role Services: section (Figure 0982).
Figure 0982 : Add Role Services
523
6. On the Select Role Services page, select the check box next to the FTP
Publishing Service (Figure 0983).
Figure 0983 : Role Services FTP Server
7. If you are asked to add role services for FTP Publishing Service, just click the
Add Required Role Services button to add the role services. You cannot install
FTP Publishing Service unless the required role services are also installed
(Figure 0984).
Figure 0984 : Add Role Services Add Required Role Services
524
Figure 0985 : Role Services FTP Publishing Service

9. On the Confirm Installation Selections page, click Install button to start
installation process (Figure 0986).
525

526
Configuring FTP Server

IIS creates a default FTP site configuration on your hard disk at the time of installation.
You can use the C:\inetpub\ftproot directory to store your FTP files, or create any
directory or virtual directory you choose.
Setting up the FTP service for the first time involves first setting global FTP settings,
then settings for the default FTP site, and finally adding the content to the FTP site. IIS
uses an inheritance model, which means that settings on higher levels are automatically
inherited by lower levels. Settings at lower levels can be edited individually to override
inherited settings from the next level up.
If you change a setting at a lower level, then later change a setting at a higher level that
conflicts with the lower-level setting, you will be prompted to choose whether you want to
change the lower-level setting to match the new higher-level setting.
EXERCISE 22.2
Change the Default FTP Site Setting.
527
13. Launch the Internet Information Services (IIS) 6.0 Manager. Click Start
Administrative Tools Internet Information Services (IIS) 6.0 Manager (Figure
0990).
Figure 0990 : Launch Internet Information Services (IIS) 6.0 Manager
14. In the Internet Information Services (IIS) 6.0 Manager, expand your server
(Figure 0991).
528
15. Expand the FTP Sites folder (Figure 0992).
Figure 0992 : Internet Information Services (IIS) 6.0 Manager FTP Sites
You can see, IIS already create a default FTP site on your hard disk. The default
folder for the default FTP site is set to the C:\inetpub\ftproot folder.
16. Right-click the Default FTP Site and select Properties (Figure 0993).
Figure 0993 : IIS 6.0 Manager - Default FTP Site
529
17. On the FTP Site tab, under FTP site description, type the name of your FTP
site in the Description: box. (e.g. Server 21 FTP Site) and select IP address for
your FTP site (Figure 0994).
Figure 0994 : Default FTP Site Properties

18. Click the OK button. The name of the new site appears in IIS 6.0 Manager
(Figure 0995).
Figure 0995: IIS 6.0 Manager Server 21 FTP Site

19. Click the Refresh button and close the IIS 6.0 Manager.
530
EXERCISE 22.3
Change the FTP Site Home Directories.
Each FTP site on a computer must have its own home directory. The default home
directory for the default FTP site is LocalDrive:\inetpub\ftproot.
There are two ways to change the home directory of an FTP site:
Use IIS Manager

Edit the MetaBase.xml file directly.
But in this exercise we only use IIS Manager.

20. Make sure you are log on to the server as Administrator.
0996).
531
(Figure 0997).

24. Make sure the FTP Site service is stop. Right-click the Server 21 FTP Site and
select Stop (Figure 0999).
Figure 0999 : IIS 6.0 Manager Server 21 FTP Site
532
25. Right-click the Server 21 FTP Site again, and select Properties (Figure 1000).

26. Click the Home Directory tab (Figure 1001).
Figure 1001 : Server 21 FTP Site Properties Home Directory
533
27. Select the A directory located on this computer option, and enter the location
of your ftp home directory in the Local path: box (e.g. D:\newweb21) or press
the Browse button to find the location of your ftp home directory (Figure
1002).
Note:
If you select a directory on a network share, you might need to enter a user name
and password to access the resource. IUSR_computername is the default
account used if another account is not specified.
If you use an account with administrative credentials on the server, clients can
gain access to server operations. This seriously jeopardizes the security of your
network.
For more information on security see, Security Best Practices in Windows Help.
534
29. Right-click the FTP site youve just configured, and select Start (Figure 1003).

30. Click the Yes button to start the FTP Server service (Figure 1004).
Figure 1004 : IIS 6.0 Manager Start Server 21 FTP Site

31. Click the Refresh button and close the IIS 6.0 Manager.
535
EXERCISE 22.4
Create a Text Document in FTP Home Directory.
32. Launch the Windows Explorer and go to the FTP Home Directory (e.g.
D:\newweb21) (Figure 1005).
Figure 1005 : Windows Explorer - D:\newweb21
33. Create a new text document inside FTP Home Directory and rename the text
document as testing.txt.
33.1.
536
34. Right click testing.txt file and select Edit. This will load the Notepad Editor
(Figure 1007).
Figure 1007 : Edit Text Document
This only test document to test the FTP server.
36. Save the file by pressing Ctrl + S key and close the file.
37. Close all the remaining window.
537
EXERCISE 22.5
Test The FTP Site.

40. Launch Internet Explorer. Click Start All Programs Internet Explorer (Figure
1010).
538
41. On the Address box, key-in ftp://www.yourdomain.com

(e.g. ftp://www.myserver.com) and click the Go button (Figure 1011).
Figure 1011 : Internet Explorer - ftp://www.myserver.com

42. Your FTP site will appear in the browser (Figure 1011).
43. Attempt to create a new folder (right click in the window and select New
Folder) (Figure 1012).
Figure 1012 : ftp://www.myserver.com Create New Folder

Could you create the folder?
YES / NO
539
If NO, why do you think this happened?

This happened because you log on to the FTP server as guest (anonymous
user). By default, FTP server only allow read permission to anonymous user. And
we also not configure the FTP server to allow any user to have write permission
on the FTP server.
44. Close all windows.

540
EXERCISE 22.6
Configure The FTP Server to Allow User to Upload or Modify File and Directory.

1014).
541
(Figure 1015).

50. Right-click the Server 21 FTP Site again, and select Properties (Figure 1017).
542
51. Click the Home Directory tab. Under the FTP site directory, tick the Write
option (Figure 1018).
and close the IIS 6.0 Manager.
543
EXERCISE 22.7
Test The FTP Site.

55. Launch Internet Explorer. Click Start All Programs Internet Explorer (Figure
1020).
544
56. On the Address box, key-in ftp://www.yourdomain.com

(e.g. ftp://www.myserver.com) and click the Go button (Figure 1021).
Figure 1021 : Internet Explorer - ftp://www.myserver.com

58. Attempt to create a new folder (right click in the window and select New
Folder) (Figure 1022).
Figure 1022 : ftp://www.myserver.com Create New Folder

Could you create the folder?
YES / NO
545
59. Now try copy any file and paste it to this FTP site.
Could you paste any files?
YES / NO
Why do you think this is so?

You should be could paste a files to the FTP site because you have given
permission to everyone to read and write to the FTP site.
60. Close all window.

546
Create New FTP Site Using Multiple IP Address.

You can create multiple FTP sites using multiple IP addresses and multiple ports. While
creating multiple sites with multiple IP addresses is a common and recommended
practice, it can be more complicated because, by default, clients call port 21 when using
the FTP protocol.
Therefore, if you create multiple FTP sites using multiple ports, you need to inform users
of the new port number so their FTP clients can locate and connect to the port.
If you create a new site using the same port as an existing site with the same IP
address, the new site will not start. The general rule is that you can have multiple sites
using the same IP and port, but only one site from this group can run at a time. If you try
to start another site from this group, you receive an error message.
Before you start create multiple FTP site using multiple IP address, you need to make
sure your server have set with multiple IP address. If not, you have to set your server to
use multiple IP address.
EXERCISE 22.8
Creating Multi IP Address in Single NIC
547
2. Launch Network and Sharing Center. Click Start Right click Network
Figure 1024 : Network Properties

3. Under myserver.com (Domain network), click View status (Figure 1025).
Figure 1025 : View Network Status
548
4. Click Properties button to open Local Area Connection Properties (Figure 1026).

(Figure 1027).
549
6. Now click the Advanced button (Figure 1028).
7. Select the IP Settings tab (Figure 1029).

8. Under IP addresses field, click Add button (Figure 1029).
Figure 1029 : Advanced TCP/IP Setting - IP Settings
550
9. Enter second IP address for your server [e.g. 192.168.2.24] (Figure 1030).
Figure 1030 : TCP/IP Address

10. Enter your subnet mask number (e.g. 255.255.255.0) and click the Add button
(Figure 1030).
11. As you can see, now your server has 2 IP address (Figure 1031).
Figure 1031 : Advanced TCP/IP Setting - IP Settings

551
552
553
EXERCISE 22.8.1
Creating New FTP Site for Specific User Using Multiple IP Address.
FTP Site can be set to be login only by specific user. You can allow specific users to
establish an FTP connection and transfer files with an FTP client or FTP-enabled Web
browser. But beyond simply storing files on your server, you must manage how your site
is deployed, and more importantly, how your site evolves. This section presents the
basics of managing the infrastructure of an FTP site, from securing your site to hosting
multiple sites.
This exercise to help administrators, and particularly Internet hosting providers,
efficiently secure and commercialize the FTP services for their customers.
Let's say we want to set Ain Syahmi as administrator for the Student FTP Site.
554
18. Launch Windows Explorer. Click Start Right-click Computer select

Explore (Figure 1036).
555
20. Create a new folder named StudentSN (SN represents youre Station Number).
my folder named will be Student21.
20.1.
20.2.
Rename the folder as Student21 (Figure 1039).
556
21. View the default permission of your Student21 folder. Right-click D:\Student21
folder, and select Properties (Figure 1040).
Figure 1040 : Windows Explorer D:\Student21

22. Click the Security tab. You should see your default folder security setting
permissions for your new Student21 folder (Figure 1041).
Figure 1041 : Student21 Properties
557
23. Delete all users except Administrator.

23.1. Click the Advanced button (Figure 1042).

23.2. Click the Edit button (Figure 1043).
Figure 1043 : Advanced Security Setting for Student21
558
23.3. Uncheck the check box Include inheritable .. objects parent (Figure
1044).
Figure 1044 : Advanced Security Setting for Student21 - Permissions
23.4. Windows Security warnings appear, click Remove button to confirm

remove the inheritable permission (Figure 1045).
Figure 1045 : Windows Security warning
559
23.5. Click the OK button (Figure 1046).
Figure 1046 : Advanced Security Setting for Student21 - Permissions
Figure 1047 : Advanced Security Setting for Student21
560
24. Add Ain Syahmi and set her permissions.

24.1. Click the Edit button (Figure 1048).

24.2. Click the Add button (Figure 1049).
Figure 1049 : Permissions for Student21
561
24.3. Key-in Ain Syahmi to add Ain Syahmi and click Check Names button.
(Figure 1050).
Figure 1050 : Select Users, Computer, or Groups window

Figure 1051 : Select Users, Computer, or Groups Ain Syahmi
562
24.5. Give Ain Syahmi Full Control of this FTP site because we want her to act
as administrator for the Student FTP Site. Click the OK button after finish
configure (Figure 1052).
Figure 1052 : Permissions for Student21 Ain Syahmi
24.1. Click the OK button to close the Student21 Properties (Figure 1053).

25. Close all the remaining windows.
563
EXERCISE 22.8.2
Creating New FTP Site Student FTP Site.
26. Make sure youre log on to the server as Administrator.
1054).
(Figure 1055).
564
29. Right-click the FTP Sites folder, and select New FTP Site (Figure 1056).
30. FTP Site Creation Wizard appears. Click the Next button (Figure 1057).
Figure 1057 : FTP Site Creation Wizard
565
31. FTP Site Description dialog boxes appear. Key-in Student FTP Site in the
Description: box and click the Next button (Figure 1058).
Figure 1058 : FTP Site Creation Wizard - FTP Site Description
32. Now the wizard asking for IP Address and Port Setting, key-in your server
second IP address (e.g. 192.168.2.24) and use the TCP port default setting
(Default = 21) . Click the Next button to continue (Figure 1059).
Figure 1059 : FTP Site Creation Wizard - IP Address and Port Setting
566
33. In the FTP User Isolation dialog box, select Do not isolate users, and click
Figure 1060 : FTP Site Creation Wizard - FTP User Isolation

34. Set the FTP Site Home Directory. Under the Path: field, key-in the FTP site
home directory (e.g. D:\Student21) and click he Next button (Figure 1061).
Figure 1061 : FTP Site Creation Wizard - FTP Site Home Directory
567
35. Set the FTP Site Access Permissions to Read and Write to allow user upload
and modify the FTP site contents, and then click the Next button to continue
(Figure 1062).
Figure 1062 : FTP Site Creation Wizard - FTP Site Access Permissions
36. Click the Finish button to close the FTP Site Creation Wizard (Figure 1063).
Figure 1063 : FTP Site Creation Wizard - Finish

568
EXERCISE 22.8.3
Configure DNS Service for Host Name.
In this exercise you will configure host name for your new FTP site (Student FTP Site).
38. Launch DNS Manager. Click Start Administrator Tools DNS (Figure 1064).
39. Double-click the computer icon to expand the DNS Server (Figure 1065).
569
40. Expand the Forward Lookup Zones (Figure 1066).
Figure 1066 : DNS Manager - Forward Lookup Zones
41. Right click myserver.com and select New Host (A or AAAA) (Figure 1067).
570
42. In the Name box, type ftpstudent (Figure 1068).

43. Enter IP address for your Student FTP Site (ftpstudent.myserver.com) and make
sure you select the Create associated pointer (PTR) record option (Figure
1068).

44. Click Add Host (Figure 1068).
Figure 1069 : Host Record Successfully Created Message
571
46. Click Done button to exit New Host Wizard (Figure 1070).
Figure 1070: New Host Wizard
and close the DNS Manager (Figure 1071).
572
EXERCISE 22.8.4
Test FTP Site for Specific User Using Internet Browser.

50. Launch Internet Explorer. Click Start All Programs Internet Explorer
(Figure 1073).
573
51. On the Address bar, key-in ftp://ftpstudent.yourdomain.com

(e.g. ftp://ftpstudent.myserver.com) and click the Go button (Figure 1074).
Figure 1074 : Internet Explorer - ftp://ftpstudent.myserver.com

52. You will be asking for username and password. Key-in ain.syahmi as
username and ain for password. Click the Log On button (Figure 1075).
Figure 1075 : FTP Log On window
574
Figure 1076 : ftp://ftpstudent.myserver.com

54. Use Windows explorer to access the C:\Windows\Web\Wallpaper folder.
55. Click on the file Azul.bmp; drag and drop it into the Student FTP Site window
(Figure 1077).
Figure 1077 : ftp://www.myserver.com Drag and Drop
575
56. Now try copy any files and paste it to this FTP server.
Could you paste any files?
YES / NO
57. Try to delete the Azul.bmp file (Figure 1078).
Figure 1078 : ftp://www.myserver.com Delete File

What happen?
Could you delete the files?
YES / NO
You should can copy and delete files in this FTP site because you have given
permission to Ain Syahmi with Full Control permissions.
576
EXERCISE 22.8.5
Test FTP Site for Specific User Using Command Prompt.
577
61. At command prompt, key-in ftp ftpstudent.yourdomain.com

(e.g. ftp ftpstudent.myserver.com) and press Enter (Figure 1081).
Figure 1081 : Command Prompt ftp log on

62. You'll be asking to enter the username. Key-in ain.syahmi as username and
ain for password (Figure 1082).
Figure 1082 : Command Prompt ftp ain.syahmi log in

63. Key-in ls and press Enter to display contents of the Student FTP site contents
(Figure 1083).
Figure 1083 : Command Prompt ftp content list
578
64. Attempt to upload file from C:\Windows\Web\Wallpaper\Ascent.jpg to the

Student FTP Site. Use the following command to upload the file (Figure 1084):
put C:\Windows\Web\Wallpaper\Ascent.jpg
and press Enter.
Figure 1084 : Command Prompt upload file to FTP server

(Figure 1085).

You can see the file is successfully uploaded to the FTP server.
579
66. Now attempt to change the name of the Ascent.jpg file to AaBbCc.jpg in the
Student FTP Site. Use the following command to rename the file (Figure 1086):
rename Ascent.jpg AaBbCc.jpg
and press Enter.
Figure 1086 : Command Prompt rename file

(Figure 1087).

You can see the Ascent.jpg file is successfully renamed to AaBbCc.jpg.
68. Now attempt to download AaBbCc.jpg file from the Student FTP Site. Use the
following command to download (Figure 1088):
get AaBbCc.jpg
and press Enter.
Figure 1088 : Command Prompt download file from FTP server
580
69. Key-in Bye and press Enter to logout from FTP server (Figure 1089).
Figure 1089 : Command Prompt logout from FTP server
70. Close the Command Prompt.

71. Lunch the Windows Search application. Click Start Search (Figure 1090).
Figure 1090 : Lunch the Windows Search application
581
72. Click All files and folders (Figure 1091).
Figure 1091 : Windows Search application
73. Key-in the filename you want to search (e.g. AaBbCc.jpg) in the All or part of
the file name: box and click the Search button (Figure 1092).
Figure 1092 : Windows Search application
582
74. You should got one file name AaBbCc after finish the search process. If you
want to know the location of the file, place your mouse pointer on the top of the
file and the short summary about the file will appear (Figure 1093).
Figure 1093 : Search Results

Normally, all the download files are store in the user home folder.
75. Close all windows and log off the client computer.
Summary
In this exercise you have learn how to:
Changing FTP Site Home Directories: Describes the concept of a home directory
and methods for changing the home directory of an FTP site.
Naming FTP Sites: Describes assigning a descriptive name to an FTP site.
Stopping and Starting FTP Sites: Describes why you would need to stop and
restart your FTP sites and how to perform these actions.
Changing Default FTP Site Settings: Describes how to change default settings
globally or on an individual site.
Creating Multiple FTP Sites: Describes how to use IP addresses or port numbers
to differentiate multiple FTP sites.
Adding FTP Sites to Your Server: Describes the process of adding a new FTP
site to a server running IIS.
Securing FTP Sites: Describes some of the misconceptions about FTP security
and how to establish a secure FTP site.
Isolating FTP Users: Describes the concept of FTP user isolation and which type
of isolation to use to restrict users to their own directories.
583

Complete Windows Server 2008 Step by Step v2

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Complete Windows Server 2008 Step by Step v2

Hochgeladen von

Copyright:

Verfügbare Formate

1

To my loving wife of more than 10 years, who continues to provide me love

About the Author

Notes For Users

Each Computer is configure as

Installing Windows Server 2008

Installing And Configuring DNS

Installing Active Directory

Creating Organization Units And Users

Configuring Client Computer

Viewing Computers In Active Directory

Delegating Management Of Users

Exploring Group Scopes and Types

Creating And Applying Group Policies

Creating And Sharing Resources

Managing Software Applications

Installing And Configuring Printer

Other Administrative Tools

Installing And Configuring DHCP Server

Installing And Configuring Web Server

Installing And Configuring FTP Server

Zulfadli Bin Mohd Saad

Exercise 1 : Installing Windows Server 2008

Describe the different editions of Server 2008

Disk space (recommended)

TABLE 1.1 Hardware requirements for Windows Server 2008 editions.

How to Obtain a Copy of Windows Server 2008?

Figure 0001 : Language and Keyboard Options

3. Windows Server 2008 Setup

Figure 0002 : Windows Server 2008 Setup

Figure 0003 : Product Key and Activation

4.2. Click Next to continue.

Figure 0004 : Product Key Warning

5. Windows Server Version

Figure 0005 : Windows Version

6. Windows Server 2008 License Agreement

Figure 0006 : Windows Server 2008 License Agreement

Figure 0007 : Installation Options

Figure 0008 : Drive options

8.2. Click New, (Figure 0009).

Figure 0009 : New Partition

8.3. Change the size to 40,000 MB, (Figure 0010).

Figure 0010 : Partition Size

8.5. Select Disk 0 Partition 1 (Figure 0011).

Figure 0011 : Partition

Figure 0012 : Installing Windows

9. First Time Login

Figure 0013 : First time login

10. Change Administrator Password.

Figure 0014 : Change Administrator password

Figure 0015 : Password changed successfully

Congratulation! You have finish install the Windows Server 2008.

Zulfadli Bin Mohd Saad

Exercise 2 : Initial Configuration

Setting Time Zone

Figure 0016 : Set time zone

Figure 0017 : Change time zone

3. Select time zone appropriate for your location.

Figure 0018 : Time zone

Figure 0019 : Change time zone

Figure 0020 : Configure networking

2. Double-click Local Area Connection (Figure 0021).

Figure 0021 : Local Area Connection