IT 160 Ch.

4 Activities Worksheet
Make sure you are doing the activities on the correct machines and in the correct order or the
activities may not work. Any missing or incorrect screenshots will result in either a point reduction or
no credit at all for the activity.

When taking screenshots for each activity, make sure the VM number in the top left-hand
corner is in the screenshot or NO credit will be given for the screenshot.

Ch. 4 Activities Worksheet will be worth 1200 pts!

The following is a checklist of the activities you will need to complete for Ch. 4:

☐Activity 4-1: Resetting Your Virtual Environment

The above activity is not graded but MUST be done for the activities to work proper.

☐Activity 4-2: Configuring a New Disk

☐Activity 4-3: Working with Volumes in Disk Management

☐Activity 4-4: Working with Virtual Disks in Disk Management

☐Activity 4-5: Working with Virtual Disks in PowerShell

☐Activity 4-6: Sharing a Folder with Simple File Sharing

☐Activity 4-7: Sharing a Folder with Advanced Sharing

☐Activity 4-8: Creating a Share with File and Storage Services

☐Activity 4-9: Creating a Hidden Share and Monitoring Share Access

☐Activity 4-10: Mapping a Drive

☐Activity 4-11: Examining Default Settings for Volume Permissions

☐Activity 4-12: Experimenting with File and Folder Permissions

☐Activity 4-13: Restricting Access to Subfolders of Shares

Activity 4-1: Resetting Your Virtual Environment
Objective: Reset your VMs by applying the InitialConfig snapshot.

Required VMs: ServerSA1-#, ServerHV-# (# being your VM number)

Description: Apply the snapshot to ServerSA1 and ServerHV.

1. Be sure the servers, ServerSA1-# and ServerHV-# are shut down.

2. In the VMware dashboard, click on the ServerSA1-# server but do not start it.
3. Click Revert to current snapshot.

4. Click Yes to confirm.

5. Repeat steps 1 – 4 on ServerHV-# server
6. Continue to the next activity.

Activity 4-2: Configuring a New Disk

Objective: Configure a new disk for use in a server.

Required VM: ServerSA1-# (# being your VM number)

Description: You have just installed a new disk in your server, and you need to prepare it for use.
First you bring the disk online and initialize it, and then you create a simple volume and format it. You
should already have a disk installed in ServerSA1 for use in this activity.

Note: The size of your disks may not match the size of the disks in the screenshots located in your
textbook.

1. Start ServerSA1-# (# being your VM number), and sign in as Administrator.

2. In Server Manager, click File and Storage Services, and then click Disks to open the Disks
window as shown in Figure 4-4, p.121 in the textbook.
3. Find the 20.0 GB disk; its status will be Offline. Right-click the disk and click Bring Online. In
the Bring Disk Online message box, click Yes. Repeat this step for the 15.0 GB and 10.00 GB
disks.
4. Right-click the 20.0 GB disk again and click Initialize. In the Initialize Disk box, leave all three
disks checked. Notice that the Initialize Disk message indicates that the disks will be
configured as GPT disks. Click OK in the Initialize Disk message box. If you do not get a
window to initialize all three disks, you will have to do them one at a time.
5. Once all three disks are initialized, take a screenshot and paste it below. Make sure the VM
number in the top left-hand corner is in the screenshot for full credit for this step.
Screenshot:

6. To create a new volume, right-click the 20.0 GB DISK, and click New Volume to start the New
Volume Wizard. Read the information in the Before You Begin window, and then click Next.
 (Note: File and Storage Services initializes a disk only as a basic disk. If you want a dynamic
disk, use Disk Management.)
7. In the Server and Disk window, make sure ServerSA1-# and the 20.0 GB disk are selected
(see Figure 4-5, p.122 in the textbook), and then click Next.
8. In the Size window, type 10 in the Volume size text box, and then click Next.
9. In the Drive Letter or Folder window, click H in the Drive letter list box. Notice that you can also
mount the volume in an empty folder or not assign a drive letter or folder at all. Click Next.
10. In the File System Settings window, click the File system list arrow to see the options for
formatting the volume. File and Storage Services lists only NTFS and ReFS as options. In Disk
Management, you also have FAT32 as an option (or exFAT for volumes larger than 32 GB).
11. Type NTFSvol in the Volume label text box, and then click Next.
12. In the Confirmation window, verify your choices, and then click Create. The Results window
shows you the progress. Click Close when the process is finished.
13. In Server Manager, click Volumes in the left pane to see the new volume. After clicking
Volumes, take a screenshot and paste it below. Make sure the VM number in the top left-hand
corner is in the screenshot for full credit for this step.
 Screenshot:

14. Stay signed in and continue to the next activity.

Activity 4-3: Working with Volumes in Disk Management

Objective: Work with basic and dynamic volumes.

Required VM: ServerSA1-# (# being your VM number)

Description: In this activity, you examine the options for working with basic and dynamic disks and
ReFS and NTFS volumes.

Note: The size of your disks may not match the size of the disks in the screenshots located in your
textbook.
1. Start ServerSA1-# (# being your VM number), and sign in as Administrator, if necessary.
2. Right-click Start and click Disk Management. Notice that Disk 0 has three volumes: the
Recovery Partition, the System partition, and the Boot partition (C:). These volumes contain
the Windows OS, so make sure you don’t make any changes to Disk 0.
Note: You may not have a Recovery Partition on your VM.
3. Right-click NTFSvol and notice the options for working with this volume. Click Extend
Volume. In the Extend Volume Wizard welcome window, click Next.
4. In the Select Disks window, you can add disks to extend to if any are available. If you do so,
you’re prompted to convert the disk to dynamic because basic disks don’t support extending to
other disks (disk spanning). In the Select the amount of space in MB text box, type 5000,
which makes the volume about 15 GB total. Click Next. After clicking Next, take a screenshot
and paste it below. Make sure the VM number in the top left-hand corner is in the screenshot
for full credit for this step.
 Screenshot:

5. In the Completing the Extend Volume Wizard window, click Finish. The disk is extended to
about 15 GB.
6. In Disk Management, right-click NTFSvol, and click Shrink Volume to open the Shrink H:
dialog box. In the Enter the amount of space to shrink in MB text box, type 5000 and click
Shrink. The volume is back to 10 GB. Once you click Shrink and the volume is done
shrinking, take a screenshot and paste it below. Make sure the VM number in the top left-hand
corner is in the screenshot for full credit for this step.
Screenshot:
7. Next, you create an ReFS-formatted volume. Right-click the unallocated space next to
NTFSvol, and click New Simple Volume to start the New Simple Volume Wizard. Click Next.
8. In the Specify Volume Size window, click Next to accept the default size, which is the
remaining space on the disk. In the Assign Drive Letter or Path window, click the selection
arrow next to Assign the following drive letter and click I. Click Next.
7. In the Format Partition window, click the selection arrow next to File system and click ReFS. In
the Volume label box, type ReFSvol. Click Next, and then click Finish. Once the new volume
is done formatting, take a screenshot and paste it below. Make sure the VM number in the top
left-hand corner is in the screenshot for full credit for this step.
 Screenshot:

9. Right-click NTFSvol and click Properties. Review the tabs available to configure the volume.
In particular, notice on the General tab the option to compress the drive to save disk space.
Also notice the Quota tab where you can set file quotas to restrict the amount of space a user’s
file can occupy on the volume. Click Cancel when you have finished exploring the properties
of NTFSvol.
10. Right-click ReFS vol and click Properties. Notice that there is no option to compress the drive
on the General tab and there are no quota tab and no Shadow Copies tab because ReFS
doesn’t support these features. Click Cancel.
11. Now, you will create a mirror volume. Right-click NTFSvol and click Add Mirror. There is only
one option for creating the mirror because the 10.0 GB disk is a little too small. In the Add
Mirror window (see Figure 4-6, p.123 in the textbook), click Disk 2 and click Add Mirror.
8. You see a Disk Management message explaining that the basic disks will be converted to
dynamic disks since dynamic disks are required to support a mirror. Click Yes. After a short
while, you see the mirror in which the volume is now shown on Disk 1 and Disk 2, and the
mirror is colored red to indicate it is a mirror (see Figure 4-7, p.124 in the textbook). You see
that in the top pane of Disk Management, the Layout column changes to Mirror. After this step
is completed, take a screenshot showing the mirrored volume and paste it below. Make sure
the VM number in the top left-hand corner is in the screenshot for full credit for this step.
Screenshot:
12. Next, you’ll create a RAID-5 volume, but you need three disks for a RAID-5 volume, so first
you delete the volumes you just created. Right-click NTFSvol, click Delete Volume, and click
Yes to confirm. Next, right-click ReFSvol, click Delete Volume, and click Yes to confirm.
13. Right-click Disk 1 Unallocated space (this should be the 20.0 GB disk, but it may show just
under 20.0 GB), click New RAID-5 Volume, and click Next.
14. In the Select Disks window, click Disk 2, click Add, click Disk 3, and then click Add (see
Figure 4-8, p.124 in the textbook). Notice that the total size of the RAID-5 will be about 20 GB
even though you are using 10 GB of space from each disk. This is because a RAID-5 uses the
equivalent of the space from one disk for the parity information needed to recreate missing
data if a disk fails. Click Next.
15. In the Assign Drive Letter or Path window, click the drive letter selection box, and click H. Click
Next.
16. In the Format Volume window, type RAID5vol in the Volume label box and click Next. Click
Finish, and then click Yes when prompted to convert basic disks to dynamic (when you
deleted the volumes, the disks were converted back to basic disks).
9. After a short while, you see the new RAID-5 volume as in Figure 4-9, p.125 in the textbook. It
will take a while for the volume to sync between the three disks and format. Once the
formatting is completed and the RAID 5 volume is created, take a screenshot and paste it
below. Make sure the VM number in the top left-hand corner is in the screenshot for full credit
for this step.
 Screenshot:

17. You’ll be using these disks for other activities, so delete the RAID-5 volume as you did the
other volumes. Close Disk Management.

Activity 4-4: Working with Virtual Disks in Disk Management

Objective: Create and mount a virtual disk.

Required VM: ServerSA1-# (# being your VM number)

Description: Create and mount a virtual disk and view it in Disk Management and File Explorer.

1. Start ServerSA1, and sign in as Administrator, if necessary.

2. Open Disk Management by right-clicking Start and clicking Disk Management. Click Action,
Create VHD from the menu.
3. In the Create and Attach Virtual Hard Disk dialog box (see Figure 4-13, p.129 in the textbook),
you can select the virtual hard disk format and whether the disk is a fixed size or dynamically
expanding. Click Browse.
4. In the left pane, click This PC and then double-click Local Disk (C:) in the right pane. Type
Virtual1 in the File name text box. In the Save as type selection box, you can choose the
format (.vhd or .vhdx). Accept the default and click Save.
5. In the Virtual hard disk size text box, type 5000 to create a 5 GB virtual disk.
6. The virtual hard disk format is VHD by default. Because you’re creating a small volume, you
can accept this default setting. Click the Dynamically expanding option button so that the
disk’s file size is very small at first and then expands up to the 5 GB you specified as you add
data to it. Click OK.
7. When you create a VHD file in Disk Management, it’s mounted automatically. The disk should
be listed as Disk 4, and its status is Not Initialized. Right-click Disk 4, and notice the Detach
VHD option in the menu. Detaching the disk is the same as unmounting it. Click Initialize
Disk.
8. In the Initialize Disk dialog box, click OK. Your new virtual disk is initialized and ready to have
a volume created on it. Notice that the disk icon turns green, indicating it is a virtual disk.
9. Right-click the unallocated space of Disk 4, and click New Simple Volume. Follow the New
Simple Volume Wizard, using the following settings:
 Volume size: Use the default size.
 Drive letter: Assign drive letter V:
 Format: Use the defaults, but make the volume label VirtualVol.
10. When the volume has finished formatting, take a screenshot and paste it below. Make sure the
VM number in the top left-hand corner is in the screenshot for full credit for this step.
 Screenshot:

11. Right-click the volume and click Explore.

12. File Explorer treats the virtual disk and volumes in it like any other disk and volume. In File
Explorer, click Local Disk (C:). You should see a file named Virtual1 with a disk icon next to it
indicating a virtual disk. Notice the size of the virtual disk file; it is probably around 60 MB. The
size of the file will expand up to the maximum of 5 GB as you add data to it.
13. Now, you will copy a file to V:. Right-click Start and click Command Prompt, type V: and
press Enter. You are now on the V: volume. Type copy c:\windows\explorer.exe and press
Enter. After running the command, take a screenshot of the results and paste it below. Make
sure the VM number in the top left-hand corner is in the screenshot for full credit for this step.
 Screenshot:

14. Close the command prompt.

15. In File Explorer, click Local Disk (C:). Notice that the size of file Virtual1 has increased
because you have added data to it.
16. Right-click Virtual1 (V:) in the left pane of File Explorer and click Eject; this action unmounts
the disk. The disk is no longer shown in File Explorer or Disk Management.
17. Open File Explorer again and click Local Disk (C:). Right-click Virtual1 and click Mount, or
just double-click the file. The volume is mounted again. Dismount the virtual disk again. In File
Explorer, delete the Virtual1 file.
18. Close all open windows and shut down ServerSA1-#.
Activity 4-5: Working with Virtual Disks in PowerShell
Objective: Create and mount a virtual disk using PowerShell cmdlets.

Required VM: ServerHV-# (# being your VM number)

Description: Create and mount a virtual disk using PowerShell cmdlets. A computer running Hyper-V
or at least one capable of running Hyper-V is required since the Hyper-V Module for Windows
PowerShell must be installed, and the cmdlets will work only on a computer that can run Hyper-V.

1. On ServerHyperV-#, right-click Start, click Run, type PowerShell, and click OK. (Alternatively,
you can click the search icon next to Start, start to type PowerShell, and click Windows
PowerShell in the search results.) Move to the root of the C: drive by typing cd \ and pressing
Enter.
2. To create a new VHDX file type, New-VHD Virtual1.vhdx -SizeBytes 5GB and press Enter.
You will see output similar to that in Figure 4-14, p.130 in the textbook. The default disk type is
dynamic, and because you specify the .vhdx extension in the file name, a VHDX file is created.
Notice the PhysicalSectorSize setting of 4096. After running the command, take a screenshot
of the results and paste it below. Make sure the VM number in the top left-hand corner is in the
screenshot for full credit for this step.
Screenshot:

3. To create a new VHD file, type New-VHD Virtual2.vhd -SizeBytes 5GB and press Enter. Pay
close attention when running the command because it has a different file extension than the
command you ran in Step 2. A VHD format virtual disk is created with PhysicalSectorSize of
512. Recall that VHD files do not support the more efficient 4096 byte sectors. After running
the command, take a screenshot of the results and paste it below. Make sure the VM number
in the top left-hand corner is in the screenshot for full credit for this step.
Screenshot:

4. To mount the virtual disk, type Mount-VHD Virtual1.vhdx. If there were volumes already
created, drive letters would be automatically assigned unless you include the -NoDriveLetter
option. At this point, working with the virtual disk is the same as working with a physical disk.
5. In order to work with the disk, you need the disk number assigned to it. Type Get-Disk and
press Enter. Look for the 5 GB disk; it should be assigned number 1.
 6. To bring the disk online and initialize it. Type Set-Disk -Number 1 -IsOffline $false and press
Enter. If you get an error message when running this command that is because the disk is
already online. This can be verified during Step 5.
7. Type Initialize-Disk -Number 1 and press Enter.
8. Type Get-Disk and press Enter to see the results. Notice that the disk had a Partition Style of
Raw before it was initialized and now has a Partition Style of GPT. After running the command,
take a screenshot of the results and paste it below. Make sure the VM number in the top left-
hand corner is in the screenshot for full credit for this step.
Screenshot:

9. To create a new volume, type New-Partition -DiskNumber 1 -Size 4.9GB -DriveLetter V and
press Enter. Because the physical disk is only 5 GB, the largest partition you can create is just
a little smaller because the disk needs room for holding disk structures like the partition table
and sector information.
10. Format the volume. Type Format-Volume V -FileSystem NTFS -NewFileSystemLabel
VirtualVol and press Enter. After running the command, take a screenshot of the results and
paste it below. Make sure the VM number in the top left-hand corner is in the screenshot for
full credit for this step.
Screenshot:

11. To see the disk in Disk Management, right-click Start and click Disk Management. You
should see that Disk 1 is the virtual disk you just created and formatted. Close Disk
Management.
12. In PowerShell, dismount the disk by typing Dismount-VHD Virtual1.vhdx and pressing Enter.
13. Delete both virtual disks by typing del virtual* and pressing Enter.
14. Close all open windows and shut down ServerHV-#.

Note: Although you may find a number of uses for virtual disks in Windows, the most common use of
virtual disks is with Storage Spaces and with virtual machines running in Hyper-V, topics discussed in
Chapters 5 and 6, respectively. Now, we turn our attention to other storage topics including file
sharing and securing access to files with permissions.

Activity 4-6: Sharing a Folder with Simple File Sharing

Objective: Create a test folder and then share it with simple file sharing.

Required VM: ServerSA1-# (# being your VM number)

Description: You understand that there are several ways to create shared folders. You decide to try
simple file sharing to see how it sets permissions automatically. Before you create shares, you create
a new volume that will be used for working with shared folders and permissions.

1. Sign in to ServerSA1-# as Administrator, if necessary.

2. Open Disk Management and create a 5 GB volume named TestVol on the 20.0 GB disk
formatted as NTFS. Assign the drive letter H:. Use defaults for all other parameters.
 Tip: If you need help, review Activity 4-2 for instructions on creating a new volume.
3. Open File Explorer, and create a folder named TestShare1 on TestVol (Remember, you will
need to click This PC to see the TestVol). After creating the TestShare1 folder, take a
screenshot showing the new folder and paste it below. Make sure the VM number in the top
left-hand corner is in the screenshot for full credit for this step.
Screenshot:

4. OpenTestShare1’s Properties dialog box, and click the Security tab. Make a note of the
permissions assigned on this folder, and then close the Properties dialog box.
5. Right-click TestShare1, point to Share with, and click Specific people to open the File
Sharing dialog box. Notice that the Administrator user and Administrators group already have
access.
6. Click the list arrow next to the Add button, and click TestUser in the list. (You will need to
create a user account named TestUser. You can do this by clicking the Create a new user
option>Manage another account>Add a user account.) Click the Add button. By default, the
user has Read permission. Click the list arrow next to Read and click Read/Write.
7. Click Share. You see a message indicating the folder is shared. You can email links to the
shared folder or copy the links to the Clipboard. You can also click the Show me all the
network shares on this computer link to open the network browse window for your server. Take
a screenshot of the message indicating the folder is shared and paste it below. Make sure the
VM number in the top left-hand corner is in the screenshot for full credit for this step.
Screenshot:

8. Click Done.
9. Open TestShare1’s Properties dialog box. Click the Sharing tab, and then click Advanced
Sharing.
 10. Click Permissions. Notice that the Everyone group and Administrators group are assigned
Full Control to the share, which is the default setting with simple file sharing. Permissions can
be restricted by using file and folder permissions through the Security tab. Click Cancel twice.
11. In the TestShare1 folder’s Properties dialog box, click the Security tab. Scroll through the
users and groups in the top pane. Notice that TestUser and Administrator were added to the
list and they have Full Control permissions. In addition, the CREATOR OWNER user has been
removed. However, all other groups and users were maintained. In the real world, this may or
may not be what you intended. Simple file sharing is just that—simple—but you might want to
exert more control over file sharing. After clicking the Security tab, take a screenshot of the
Properties window and paste it below. Make sure the VM number in the top left-hand corner is
in the screenshot for full credit for this step.
Screenshot:

12. Close all open windows and continue to the next activity.

Activity 4-7: Sharing a Folder with Advanced Sharing

Objective: Create a new folder and share it with advanced sharing.

Required VM: ServerSA1-# (# being your VM number)

Description: You’re concerned that simple file sharing doesn’t always have the results you want, so
you decide to experiment with advanced sharing. You create a new folder, share it, and assign
permissions. The permissions allow all members of the Users group to read files in the share, give all
members of the Administrators group full control, and allow TestUser to create new files (with full
control over them) and read files created by other users.

1. On ServerSA1-#, open File Explorer, and create a folder named TestShare2 on TestVol.
Open TestShare2’s Properties dialog box, and click the Security tab. Examine the new
folder’s default permissions. The Users group has Read & execute, List folder contents, and
Read permissions. The Administrators group has Full Control permission, and the CREATOR
OWNER special identity has advanced permissions that give any user who creates or owns a
file full control over the file.
2. Click the Sharing tab, and then click Advanced Sharing. Click to select the Share this folder
check box. Leave the share name as is, and then click Permissions. By default, the share
permission is Allow Read for Everyone.
3. In this activity, you don’t want Everyone to have Read permission, so click Remove. Click
Add, type Users, click Check Names, and then click OK. Next, click Add, type
 Administrators, click Check Names, and then click OK to add the Administrators group. After
adding both groups, take a screenshot and paste it below. Make sure the VM number in the
top left-hand corner is in the screenshot for full credit for this step.
Screenshot:

4. Click Users and click the Full Control check box in the Allow column. Click Administrators
and click the Full Control check box in the Allow column. Even though the Users group
permission is set to Full Control, file and folder permissions will restrict them to Read and Read
& execute. Click OK twice.
5. Click the Security tab. Notice that the permissions haven’t changed as they did when you
used simple file sharing. Click Edit, and then click Add. Type TestUser and click Check
Names. Click OK.
6. Click TestUser. Notice that the permissions for TestUser are set to Read & execute, List folder
contents, and Read. Click Write in the Allow column, which gives TestUser the ability to create
and make changes to files. Click OK.
7. In the TestShare2 Properties window, under Group or user names: click TestUser. Take a
screenshot showing the permissions for the TestUser and paste it below. Make sure the VM
number in the top left-hand corner is in the screenshot for full credit for this step.
Screenshot:

8. and then Close.

9. Later in this chapter, you will learn more about permissions and work with them. Close all open
windows, and continue to the next activity.

Activity 4-8: Creating a Share with File and Storage Services

Objective: Create a share with File and Storage Services.

Required VM: ServerSA1-# (# being your VM number)

Description: You want to practice creating shares by using simple and advanced file sharing. In this
activity, you use File and Storage Services to create a share.

1. Sign in to ServerSA1-# as Administrator, if necessary.

2. In Server Manager, click File and Storage Services, and then click Shares.
3. Click the Tasks list box under the Shares pane and click New Share to start the New Share
Wizard. In the Select Profile window, click SMB Share - Quick, and then click Next.
 4. In the Share Location window, click the H: volume in the Select by volume section, and then
click Next.
5. In the Share Name window, type NewShare1 in the Share name text box. By default, the local
path to the share is set to H:\Shares\NewShare1. You can change the local path, but for now,
leave it as is. Click Next.
6. In the Other Settings window, read the descriptions for the three options described previously.
Leave the default settings and click Next.
7. In the Permissions window, review the default permissions. Note that the share permissions
are Everyone Read Only, which means that only Read access to the share is allowed for all
users. The Folder permissions lists the file and folder permissions. By default, Administrators
have Full Control, and Users can read and create files when accessing the folder locally. Click
the Customize permissions button to open the Advanced Security Settings for NewShare1
dialog box where you can change the file and folder permissions and share permissions, if
necessary. Click Cancel, and then click Next.
8. In the Confirmation window, take a screenshot and paste it below. Make sure the VM number
in the top left-hand corner is in the screenshot for full credit for this step.
Screenshot:

9. Click Create. After the share is created successfully, click Close. You see the new share in the
list of shares.
10. Close all windows and continue with the next activity.

Activity 4-9: Creating a Hidden Share and Monitoring Share Access

Objective: Create a hidden share and monitor access to shared folders.

Required VM: ServerSA1-# (# being your VM number)

Description: You want to be able to keep users from seeing certain shares on the network unless
they type the UNC path for the share. You haven’t worked with hidden shares yet, so you want to
experiment with them. You create a new folder on TestVol and then share it with the Shared Folders
snap-in. You append a $ to the share name so that it’s hidden, verify that the share is hidden, and
then open it by using the full UNC path. Then you use the Shared Folders snap-in to monitor access
to the share.

1. On ServerSA1-#, open File Explorer and create a new folder on TestVol named HideMe.
2. Open Computer Management and click to expand Shared Folders. Right-click Shares and
click New Share to start the Create a Shared Folder Wizard. Click Next.
3. In the Folder Path window, type H:\HideMe in the Folder path text box, and then click Next.
4. In the Name, Description, and Settings window, type HideMe$ in the Share name text box,
and then click Next.
5. In the Shared Folder Permissions window, click Administrators have full access; other
users have read-only access, and then click Finish.
6. In the Sharing was Successful window, take a screenshot and paste it below. Make sure the
VM number in the top left-hand corner is in the screenshot for full credit for this step.
Screenshot:

7. Click Finish, in the Sharing was Successful window.

8. Right-click Start, click Run, type \\ServerSA1 and press Enter. A File Explorer window opens
listing the shares on ServerSA1. The share you just created isn’t listed because it’s hidden.
Take a screenshot of the File Explorer window showing all the shares and paste it below. Make
sure the VM number in the top left-hand corner is in the screenshot for full credit for this step.
Screenshot:

9. Close the File Explorer window.

10. Right-click Start, click Run, type \\ServerSA1\HideMe$, and press Enter. A window opens
showing the share’s contents (the folder should be empty). A hidden share is hidden only in
network browse lists, but if you specify the share in a UNC path, it’s available to all who have
permission. After clicking enter, take a screenshot of the File Explorer window and paste it
below. Make sure the VM number in the top left-hand corner is in the screenshot for full credit
for this step.
Screenshot:

11. Minimize the File Explorer window, and open the Computer Management window. In the left
pane, expand Shared Folders, click Shares, and you see the HideMe$ share listed. The
Client Connections column displays the number 1 because you currently have the share open.
After clicking Shares, take a screenshot of the Computer Management window and paste it
below. Make sure the VM number in the top left-hand corner is in the screenshot for full credit
for this step.
Screenshot:
 12. Click Sessions, and you see that the Administrator account has one open file. Click Open
Files, and you see the H:\HideMe folder listed as an open file. (Folders are considered files in
Windows.) Close Computer Management and File Explorer.
13. Sign out or shut down ServerSA1 because you sign in as a different user in the next activity.

Activity 4-10: Mapping a Drive

Objective: Map a drive letter to a shared folder.

Required VM: ServerSA1-# (# being your VM number)

Description: In this activity, you use several methods to map a drive letter to a share. For testing
purposes, you will map the drive on the same server as the share is located, but you would use the
same procedure when accessing the share from another computer.

1. On ServerSA1-#, log in as TestUser.

2. Right-click Start, click Run, type \\ServerSA1, and press Enter.
3. Right-click the NewShare1 share and click Map network drive to open the Map Network
Drive dialog box (see Figure 4-25, p.144 in the textbook).
4. Click the Drive list arrow, and click M:. By default, the Reconnect at sign-in check box is
selected, which is what you usually want in this situation. This option means the M drive
always connects to this share when the user logs on. For this activity, click to clear the
Reconnect at sign-in check box. You can also use a different user name to access this share,
if necessary.
5. Click Finish. A File Explorer window opens, showing the contents of the share (the folder
should be empty). Close this window.
6. In the File Explorer window that’s still open, click This PC. Notice that the M: drive is listed
under Network Locations, below the Devices and drives section. After This PC, take a
screenshot showing the Network locations and paste it below. Make sure the VM number in
the top left-hand corner is in the screenshot for full credit for this step.
Screenshot:

7. Right-click the M: drive and click Disconnect to remove the drive mapping.
8. On the File Explorer menu bar, click Computer, and then click Map network drive on the
ribbon to open the Map Network Drive window. Click the M: drive in the Drive list box. In the
Folder text box, type \\ServerSA1\NewShare1, and then click Finish.
9. Disconnect the M: drive again as you did in Step 5.
 10. Open a command prompt window making sure NOT to open it as an Administrator. Type net
use m: \\ServerSA1\NewShare1 and press Enter. In File Explorer, verify that the drive has
been mapped. The net use command is good to use in batch files for mapping drives. After
running the command, take a screenshot of the results and paste it below. Make sure the VM
number in the top left-hand corner is in the screenshot for full credit for this step. (The prompt
should show that you are the TestUser and not an Administrator. No credit will be given if
TestUser is NOT shown.)
Screenshot:

11. At the command prompt, type net use and press Enter to see a list of mapped drives. Type
net use m: /delete and press Enter to disconnect the M: drive again.
12. Close all open windows and sign out or shut down ServerSA1 because you sign in as a
different user in the next activity.

Activity 4-11: Examining Default Settings for Volume Permissions

Objective: Examine default permission settings on a volume.

Required VM: ServerSA1-# (# being your VM number)

Description: You want a solid understanding of which permissions are inherited by files and folders
created on a new volume, so you view the default permissions on a volume, create a folder, and see
how permissions are inherited.

1. Sign in to ServerSA1-# as Administrator.

2. Right-click TestVol and click Properties. Click the Security tab in the Properties dialog box.
3. Click each ACE in the volume’s DACL to see the assigned permissions. You might need to
scroll the Permission list box to see the Special permissions entry. (If there is a check in the
Special permissions row, it means the account has been assigned one or more advanced
permissions.)
4. Click the Advanced button. Notice that the Administrators group and SYSTEM and CREATOR
OWNER special identities are granted Full control. Double-click the CREATOR OWNER entry.
This special identity is given Full control but only over subfolders and files. This entry ensures
that any user who creates a file or folder is granted Full control permission for that object. A
user must have at least the Write basic permission to create files and folders. Click Cancel.
5. Double-click the Users entry with Create files/write data in the Access column. This entry and
the Users entry above it allow users to create folders and files, but files can be created only in
 subfolders. This permission prevents users from creating files in the root of the volume. Click
Cancel.
6. Double-click the Everyone entry. This set of permissions allows the Everyone special identity
to read and execute files and view a list of files and folders in the root of the volume. The
Applies to setting “This folder only” prevents child objects from inheriting these permissions.
After double-clicking the Everyone entry, take a screenshot and paste it below. Make sure the
VM number in the top left-hand corner is in the screenshot for full credit for this step.
Screenshot:

7. Click Cancel three times.

8. Create a folder in the root of the TestVol volume named TestPerm.
9. Open the TestPerm folder’s Properties dialog box, and click the Security tab. Click any ACE in
the Group or user names list box. Permissions for the entries are grayed out, meaning you
can’t change them because they are inherited. Click on the Users ACE, take a screenshot of
the properties window and paste it below. Make sure the VM number in the top left-hand
corner is in the screenshot for full credit for this step.
Screenshot:

10. Click Cancel.

11. Create a text file in the TestPerm folder named Permfile1.
12. Open the Permfile1 file’s Properties dialog box, and click the Security tab. Notice that the file
inherits the TestPerm folder’s permissions except the CREATOR OWNER special identity,
which is assigned only to folders, not files. After clicking the Security tab, take a screenshot of
the Permfile1 Properties window and paste it below. Make sure the VM number in the top left-
hand corner is in the screenshot for full credit for this step.
Screenshot:

13. Close all open windows and continue to the next activity.

Activity 4-12: Experimenting with File and Folder Permissions

Objective: Experiment with file and folder permissions.

Required VM: ServerSA1-# (# being your VM number)

Description: You may be somewhat confused about file and folder permissions, so you create some
files to use in a variety of permission experiments.
1. Sign in to ServerSA1 as Administrator, if necessary.
2. Open File Explorer, and navigate to the TestPerm folder you created on the TestVol volume.
3. First, you want to be able to view file extensions in File Explorer so that you can create batch
files easily. Click View on the toolbar, and then click the box next to File name extensions.
You can now see the .txt extension on the Permfile1 file you created previously.
4. Create a text file called TestBatch.bat in the TestPerm folder. When asked whether you want
to change the file extension, click Yes.
5. Right-click TestBatch.bat and click Edit. Type @ Echo This is a test batch file and press
Enter. On the next line, type @ Pause. Save the file, and then exit Notepad.
6. To test your batch file, double-click it. A command prompt window opens, and you see “This is
a test batch file. Press any key to continue . . . .” Take a screenshot of the message in the
command prompt and paste it below. Make sure the VM number in the top left-hand corner is
in the screenshot for full credit for this step.
Screenshot:

7. Press the spacebar or Enter to close the command prompt window.

8. Open the Properties dialog box for TestBatch.bat, click the Security tab, and then click
Advanced. Click the Disable inheritance button. In the message box that opens, click
Convert inherited permissions into explicit permissions on this object. Notice that the
three permissions entries now indicate None in the Inherited from column (see Figure 4-32,
p.156 in the textbook). Click OK.
9. On the Security tab for TestBatch.bat, click Edit. Click Users in the Group or user names list
box. In the Permissions for Users list box, click to clear the Read & execute check box in the
Allow column and leave the Read check box selected. Click OK twice.
10. Sign out and sign in as TestUser with Password01. In File Explorer, browse to the TestPerm
folder on the TestVol volume. Double-click the TestBatch.bat file. Read the error message.
The error message indicates that you cannot access the file. This is because you are trying to
run (execute) the batch file and you no longer have the Read & execute permission. Take a
screenshot of the error message and paste it below. Make sure the VM number in the top left-
hand corner is in the screenshot for full credit for this step.
Screenshot:

11. Click OK.

12. Right-click TestBatch.bat and click Edit. Notice that you can still open this file because you
have Read permission. Click File, and then click Save. A dialog box opens asking you to save
 the file (you may need to add .bat to the end of the file name). Click Save. When prompted to
replace the file, click Yes. You see a message indicating that access is denied because you
don’t have write permission to the file. Take a screenshot of the Access is denied message
and paste it below. Make sure the VM number in the top left-hand corner is in the screenshot
for full credit for this step.
Screenshot:

13. Click OK and exit Notepad.

14. In File Explorer, right-click the right pane and point to New. Strangely, the right-click New
menu and the Quick Access toolbar menu offer only Folder as an option. However, you can
save a file you create in Notepad in this folder.
15. Right-click TestBatch.bat and click Edit. Click File, Save As from the menu. In the Save As
dialog box, type NewBatch.bat and click Save. Exit Notepad.
16. Open the Properties dialog box for NewBatch, and click the Security tab. Click TestUser. This
user has been assigned Full control of the file because of the CREATOR OWNER Full control
permission on the parent folder. Click Advanced. You see TestUser next to Owner. Notice that
you can change the owner if you click the Change link.
17. Disable permission inheritance and convert the existing permissions. (Refer back to Step 6, if
necessary.) Click OK until you get back to the Security tab of the NewBatch file’s Properties
dialog box.
18. Click Edit. Click TestUser, and then click Remove. Click the Users entry, and then click
Remove. Only SYSTEM and Administrators are left in the DACL. Click OK twice.
19. Double-click NewBatch. You see a message indicating that access is denied because you no
longer have permission to open or execute this file. Take a screenshot of the access denied
message and paste it below. Make sure the VM number in the top left-hand corner is in the
screenshot for full credit for this step.
Screenshot:

20. Click OK. Although you no longer have access to this file, you’re still the file owner and,
therefore, can assign yourself permissions.
21. Open the Properties dialog box for NewBatch, click the Security tab, and then click Edit. Click
Add. Type TestUser, click Check Names, and then click OK. Click Full control in the Allow
column in the Permissions for TestUser list box. Click OK twice. Double-click NewBatch to
verify that you can open and execute the file.
22. Sign out from the system, and continue to the next activity.
Activity 4-13: Restricting Access to Subfolders of Shares
Objective: Restrict access to a subfolder of a share.

Required VM: ServerSA1-# (# being your VM number)

Description: The Sales Department wants a subfolder of the Marketing share to store sensitive
documents that should be available only to users in the Sales Department because some Marketing
and Advertising users tend to leak information before it should be discussed outside the company.
You could create a new share, but the Sales Department users prefer a subfolder of the existing
share. To do this activity, you need to create a couple of groups and some users to put in the groups.

1. Sign in to ServerSA1-# as Administrator.

2. Right-click Start and click Computer Management.
3. You’ll create two users named Marketing1 and Sales1. Click to expand Local Users and
Groups and then click the Users folder. Click Actions and click New User.
4. Type Marketing1 in the User name text box. Type Password01 in the Password and Confirm
password text boxes. Click to clear User must change password at next logon and click
Create. Repeat this step, replacing Marketing1 with Sales1. Click Close when finished. After
clicking close, take a screenshot of the Computer Management window showing the new users
and paste it below. Make sure the VM number in the top left-hand corner is in the screenshot
for full credit for this step.
Screenshot:

5. In the left pane, right-click Groups and click New Group. In the Group name text box, type
MarketingG.
6. Next, users in the Marketing and Sales departments should be added to the MarketingG
group. To do this, click Add. In the Select Users dialog box, type Marketing1; Sales1, click
Check Names, and then click OK. Click Create and then Close.
7. Create a group named SalesG and add the Sales1 user to the group.
8. In the Computer Management window, click Groups under Local Users and Groups. Take a
screenshot showing the two new groups and paste it below. Make sure the VM number in the
top left-hand corner is in the screenshot for full credit for this step.
Screenshot:

9. Close Computer Management.

10. Open File Explorer. On TestVol, create a folder named MktgDocs. In the MktgDocs folder,
create a subfolder named SalesOnly.
11. Open the Properties dialog box for MktgDocs and click Sharing. Click Advanced Sharing,
and then click Share this folder. Click Permissions, and then remove Everyone from the
DACL.
12. Add the Users group to the DACL and give the group Full Control to the share. You limit
access to files and subfolders by using file and folder permissions. After completing this step,
take a screenshot of the Permissions for MktgDocs dialog box and paste it below. Make sure
the VM number in the top left-hand corner is in the screenshot for full credit for this step.
Screenshot:

13. Click OK until you’re back to the MktgDocs Properties dialog box.
14. Click the Security tab. Currently, the Users group has Read permission to the folder and the
Administrators group has Full Control. Click Advanced. Click Disable Inheritance, and then
click the Convert option. Click OK.
15. Click Edit, click Users, and click Remove.
16. Add both the MarketingG and SalesG groups to the DACL. After adding both groups, take a
screenshot and paste it below. Make sure the VM number in the top left-hand corner is in the
screenshot for full credit for this step.
Screenshot:

17. Click MarketingG, and click the Write check box in the Allow column so that MarketingG has
Read & execute, List folder contents, Read, and Write permissions to the folder. Repeat for
SalesG. Click OK and then Close.
18. In File Explorer, open the MktgDocs folder, and then open the Properties dialog box for the
SalesOnly folder. Click the Security tab. The SalesOnly folder has inherited permissions from
the MktgDocs folder.
19. Disable inheritance on the SalesOnly folder, being sure to convert existing permissions. In the
Security tab, click Edit. Click MarketingG, and then click Remove. Click OK twice.
20. Sign out from ServerSA1 and log back on as Sales1. Open the MktgDocs share by right-
clicking Start, clicking Run, typing \\ServerSA1\MktgDocs, and pressing Enter. Create a text
file in MktgDocs named Mktg1.
21. Open the SalesOnly folder and create a text file named SalesDoc. You have verified that you
can create files while signed in as a member of the SalesG group. Open the Properties dialog
box for SalesDoc and click the Security tab. Note that SalesG and Sales1 are in the DACL.
 Click SalesG, and notice that SalesG has Read & execute, Read, and Write permissions. Click
Sales1, and notice that Sales1 has Full control because it’s the file owner. After clicking
Sales1, take a screenshot showing the permissions and paste it below. Make sure the VM
number in the top left-hand corner is in the screenshot for full credit for this step.
Screenshot:

22. Sign out from ServerSA1 and sign back in as Marketing1. Open the MktgDocs share by right-
clicking Start, clicking Run, typing \\ServerSA1\MktgDocs, and pressing Enter. Create a text
file in MktgDocs named Mktg2. You have verified that members of the MarketingG group can
create files in the MktgDocs share.
23. Try to delete the Mktg1 file that Sales1 created. You can’t because you have only Write
permission to the file, which doesn’t allow you to delete files. Take a screenshot of the File
Access Denied message and paste it below. Make sure the VM number in the top left-hand
corner is in the screenshot for full credit for this step.
Screenshot:

24. Double-click the SalesOnly folder. You see a network error message because the Marketing1
user doesn’t have access to the SalesOnly folder. Take a screenshot of the Network Error
message and paste it below. Make sure the VM number in the top left-hand corner is in the
screenshot for full credit for this step.
Screenshot:

25. Click Close.

26. Shut down ServerSA1.