Beruflich Dokumente
Kultur Dokumente
4 Activities Worksheet
Make sure you are doing the activities on the correct machines and in the correct order or the
activities may not work. Any missing or incorrect screenshots will result in either a point reduction or
no credit at all for the activity.
When taking screenshots for each activity, make sure the VM number in the top left-hand
corner is in the screenshot or NO credit will be given for the screenshot.
The following is a checklist of the activities you will need to complete for Ch. 4:
The above activity is not graded but MUST be done for the activities to work proper.
Description: You have just installed a new disk in your server, and you need to prepare it for use.
First you bring the disk online and initialize it, and then you create a simple volume and format it. You
should already have a disk installed in ServerSA1 for use in this activity.
Note: The size of your disks may not match the size of the disks in the screenshots located in your
textbook.
6. To create a new volume, right-click the 20.0 GB DISK, and click New Volume to start the New
Volume Wizard. Read the information in the Before You Begin window, and then click Next.
(Note: File and Storage Services initializes a disk only as a basic disk. If you want a dynamic
disk, use Disk Management.)
7. In the Server and Disk window, make sure ServerSA1-# and the 20.0 GB disk are selected
(see Figure 4-5, p.122 in the textbook), and then click Next.
8. In the Size window, type 10 in the Volume size text box, and then click Next.
9. In the Drive Letter or Folder window, click H in the Drive letter list box. Notice that you can also
mount the volume in an empty folder or not assign a drive letter or folder at all. Click Next.
10. In the File System Settings window, click the File system list arrow to see the options for
formatting the volume. File and Storage Services lists only NTFS and ReFS as options. In Disk
Management, you also have FAT32 as an option (or exFAT for volumes larger than 32 GB).
11. Type NTFSvol in the Volume label text box, and then click Next.
12. In the Confirmation window, verify your choices, and then click Create. The Results window
shows you the progress. Click Close when the process is finished.
13. In Server Manager, click Volumes in the left pane to see the new volume. After clicking
Volumes, take a screenshot and paste it below. Make sure the VM number in the top left-hand
corner is in the screenshot for full credit for this step.
Screenshot:
Description: In this activity, you examine the options for working with basic and dynamic disks and
ReFS and NTFS volumes.
Note: The size of your disks may not match the size of the disks in the screenshots located in your
textbook.
1. Start ServerSA1-# (# being your VM number), and sign in as Administrator, if necessary.
2. Right-click Start and click Disk Management. Notice that Disk 0 has three volumes: the
Recovery Partition, the System partition, and the Boot partition (C:). These volumes contain
the Windows OS, so make sure you don’t make any changes to Disk 0.
Note: You may not have a Recovery Partition on your VM.
3. Right-click NTFSvol and notice the options for working with this volume. Click Extend
Volume. In the Extend Volume Wizard welcome window, click Next.
4. In the Select Disks window, you can add disks to extend to if any are available. If you do so,
you’re prompted to convert the disk to dynamic because basic disks don’t support extending to
other disks (disk spanning). In the Select the amount of space in MB text box, type 5000,
which makes the volume about 15 GB total. Click Next. After clicking Next, take a screenshot
and paste it below. Make sure the VM number in the top left-hand corner is in the screenshot
for full credit for this step.
Screenshot:
5. In the Completing the Extend Volume Wizard window, click Finish. The disk is extended to
about 15 GB.
6. In Disk Management, right-click NTFSvol, and click Shrink Volume to open the Shrink H:
dialog box. In the Enter the amount of space to shrink in MB text box, type 5000 and click
Shrink. The volume is back to 10 GB. Once you click Shrink and the volume is done
shrinking, take a screenshot and paste it below. Make sure the VM number in the top left-hand
corner is in the screenshot for full credit for this step.
Screenshot:
7. Next, you create an ReFS-formatted volume. Right-click the unallocated space next to
NTFSvol, and click New Simple Volume to start the New Simple Volume Wizard. Click Next.
8. In the Specify Volume Size window, click Next to accept the default size, which is the
remaining space on the disk. In the Assign Drive Letter or Path window, click the selection
arrow next to Assign the following drive letter and click I. Click Next.
7. In the Format Partition window, click the selection arrow next to File system and click ReFS. In
the Volume label box, type ReFSvol. Click Next, and then click Finish. Once the new volume
is done formatting, take a screenshot and paste it below. Make sure the VM number in the top
left-hand corner is in the screenshot for full credit for this step.
Screenshot:
9. Right-click NTFSvol and click Properties. Review the tabs available to configure the volume.
In particular, notice on the General tab the option to compress the drive to save disk space.
Also notice the Quota tab where you can set file quotas to restrict the amount of space a user’s
file can occupy on the volume. Click Cancel when you have finished exploring the properties
of NTFSvol.
10. Right-click ReFS vol and click Properties. Notice that there is no option to compress the drive
on the General tab and there are no quota tab and no Shadow Copies tab because ReFS
doesn’t support these features. Click Cancel.
11. Now, you will create a mirror volume. Right-click NTFSvol and click Add Mirror. There is only
one option for creating the mirror because the 10.0 GB disk is a little too small. In the Add
Mirror window (see Figure 4-6, p.123 in the textbook), click Disk 2 and click Add Mirror.
8. You see a Disk Management message explaining that the basic disks will be converted to
dynamic disks since dynamic disks are required to support a mirror. Click Yes. After a short
while, you see the mirror in which the volume is now shown on Disk 1 and Disk 2, and the
mirror is colored red to indicate it is a mirror (see Figure 4-7, p.124 in the textbook). You see
that in the top pane of Disk Management, the Layout column changes to Mirror. After this step
is completed, take a screenshot showing the mirrored volume and paste it below. Make sure
the VM number in the top left-hand corner is in the screenshot for full credit for this step.
Screenshot:
12. Next, you’ll create a RAID-5 volume, but you need three disks for a RAID-5 volume, so first
you delete the volumes you just created. Right-click NTFSvol, click Delete Volume, and click
Yes to confirm. Next, right-click ReFSvol, click Delete Volume, and click Yes to confirm.
13. Right-click Disk 1 Unallocated space (this should be the 20.0 GB disk, but it may show just
under 20.0 GB), click New RAID-5 Volume, and click Next.
14. In the Select Disks window, click Disk 2, click Add, click Disk 3, and then click Add (see
Figure 4-8, p.124 in the textbook). Notice that the total size of the RAID-5 will be about 20 GB
even though you are using 10 GB of space from each disk. This is because a RAID-5 uses the
equivalent of the space from one disk for the parity information needed to recreate missing
data if a disk fails. Click Next.
15. In the Assign Drive Letter or Path window, click the drive letter selection box, and click H. Click
Next.
16. In the Format Volume window, type RAID5vol in the Volume label box and click Next. Click
Finish, and then click Yes when prompted to convert basic disks to dynamic (when you
deleted the volumes, the disks were converted back to basic disks).
9. After a short while, you see the new RAID-5 volume as in Figure 4-9, p.125 in the textbook. It
will take a while for the volume to sync between the three disks and format. Once the
formatting is completed and the RAID 5 volume is created, take a screenshot and paste it
below. Make sure the VM number in the top left-hand corner is in the screenshot for full credit
for this step.
Screenshot:
17. You’ll be using these disks for other activities, so delete the RAID-5 volume as you did the
other volumes. Close Disk Management.
Description: Create and mount a virtual disk and view it in Disk Management and File Explorer.
Description: Create and mount a virtual disk using PowerShell cmdlets. A computer running Hyper-V
or at least one capable of running Hyper-V is required since the Hyper-V Module for Windows
PowerShell must be installed, and the cmdlets will work only on a computer that can run Hyper-V.
1. On ServerHyperV-#, right-click Start, click Run, type PowerShell, and click OK. (Alternatively,
you can click the search icon next to Start, start to type PowerShell, and click Windows
PowerShell in the search results.) Move to the root of the C: drive by typing cd \ and pressing
Enter.
2. To create a new VHDX file type, New-VHD Virtual1.vhdx -SizeBytes 5GB and press Enter.
You will see output similar to that in Figure 4-14, p.130 in the textbook. The default disk type is
dynamic, and because you specify the .vhdx extension in the file name, a VHDX file is created.
Notice the PhysicalSectorSize setting of 4096. After running the command, take a screenshot
of the results and paste it below. Make sure the VM number in the top left-hand corner is in the
screenshot for full credit for this step.
Screenshot:
3. To create a new VHD file, type New-VHD Virtual2.vhd -SizeBytes 5GB and press Enter. Pay
close attention when running the command because it has a different file extension than the
command you ran in Step 2. A VHD format virtual disk is created with PhysicalSectorSize of
512. Recall that VHD files do not support the more efficient 4096 byte sectors. After running
the command, take a screenshot of the results and paste it below. Make sure the VM number
in the top left-hand corner is in the screenshot for full credit for this step.
Screenshot:
4. To mount the virtual disk, type Mount-VHD Virtual1.vhdx. If there were volumes already
created, drive letters would be automatically assigned unless you include the -NoDriveLetter
option. At this point, working with the virtual disk is the same as working with a physical disk.
5. In order to work with the disk, you need the disk number assigned to it. Type Get-Disk and
press Enter. Look for the 5 GB disk; it should be assigned number 1.
6. To bring the disk online and initialize it. Type Set-Disk -Number 1 -IsOffline $false and press
Enter. If you get an error message when running this command that is because the disk is
already online. This can be verified during Step 5.
7. Type Initialize-Disk -Number 1 and press Enter.
8. Type Get-Disk and press Enter to see the results. Notice that the disk had a Partition Style of
Raw before it was initialized and now has a Partition Style of GPT. After running the command,
take a screenshot of the results and paste it below. Make sure the VM number in the top left-
hand corner is in the screenshot for full credit for this step.
Screenshot:
9. To create a new volume, type New-Partition -DiskNumber 1 -Size 4.9GB -DriveLetter V and
press Enter. Because the physical disk is only 5 GB, the largest partition you can create is just
a little smaller because the disk needs room for holding disk structures like the partition table
and sector information.
10. Format the volume. Type Format-Volume V -FileSystem NTFS -NewFileSystemLabel
VirtualVol and press Enter. After running the command, take a screenshot of the results and
paste it below. Make sure the VM number in the top left-hand corner is in the screenshot for
full credit for this step.
Screenshot:
11. To see the disk in Disk Management, right-click Start and click Disk Management. You
should see that Disk 1 is the virtual disk you just created and formatted. Close Disk
Management.
12. In PowerShell, dismount the disk by typing Dismount-VHD Virtual1.vhdx and pressing Enter.
13. Delete both virtual disks by typing del virtual* and pressing Enter.
14. Close all open windows and shut down ServerHV-#.
Note: Although you may find a number of uses for virtual disks in Windows, the most common use of
virtual disks is with Storage Spaces and with virtual machines running in Hyper-V, topics discussed in
Chapters 5 and 6, respectively. Now, we turn our attention to other storage topics including file
sharing and securing access to files with permissions.
4. OpenTestShare1’s Properties dialog box, and click the Security tab. Make a note of the
permissions assigned on this folder, and then close the Properties dialog box.
5. Right-click TestShare1, point to Share with, and click Specific people to open the File
Sharing dialog box. Notice that the Administrator user and Administrators group already have
access.
6. Click the list arrow next to the Add button, and click TestUser in the list. (You will need to
create a user account named TestUser. You can do this by clicking the Create a new user
option>Manage another account>Add a user account.) Click the Add button. By default, the
user has Read permission. Click the list arrow next to Read and click Read/Write.
7. Click Share. You see a message indicating the folder is shared. You can email links to the
shared folder or copy the links to the Clipboard. You can also click the Show me all the
network shares on this computer link to open the network browse window for your server. Take
a screenshot of the message indicating the folder is shared and paste it below. Make sure the
VM number in the top left-hand corner is in the screenshot for full credit for this step.
Screenshot:
8. Click Done.
9. Open TestShare1’s Properties dialog box. Click the Sharing tab, and then click Advanced
Sharing.
10. Click Permissions. Notice that the Everyone group and Administrators group are assigned
Full Control to the share, which is the default setting with simple file sharing. Permissions can
be restricted by using file and folder permissions through the Security tab. Click Cancel twice.
11. In the TestShare1 folder’s Properties dialog box, click the Security tab. Scroll through the
users and groups in the top pane. Notice that TestUser and Administrator were added to the
list and they have Full Control permissions. In addition, the CREATOR OWNER user has been
removed. However, all other groups and users were maintained. In the real world, this may or
may not be what you intended. Simple file sharing is just that—simple—but you might want to
exert more control over file sharing. After clicking the Security tab, take a screenshot of the
Properties window and paste it below. Make sure the VM number in the top left-hand corner is
in the screenshot for full credit for this step.
Screenshot:
12. Close all open windows and continue to the next activity.
Description: You’re concerned that simple file sharing doesn’t always have the results you want, so
you decide to experiment with advanced sharing. You create a new folder, share it, and assign
permissions. The permissions allow all members of the Users group to read files in the share, give all
members of the Administrators group full control, and allow TestUser to create new files (with full
control over them) and read files created by other users.
1. On ServerSA1-#, open File Explorer, and create a folder named TestShare2 on TestVol.
Open TestShare2’s Properties dialog box, and click the Security tab. Examine the new
folder’s default permissions. The Users group has Read & execute, List folder contents, and
Read permissions. The Administrators group has Full Control permission, and the CREATOR
OWNER special identity has advanced permissions that give any user who creates or owns a
file full control over the file.
2. Click the Sharing tab, and then click Advanced Sharing. Click to select the Share this folder
check box. Leave the share name as is, and then click Permissions. By default, the share
permission is Allow Read for Everyone.
3. In this activity, you don’t want Everyone to have Read permission, so click Remove. Click
Add, type Users, click Check Names, and then click OK. Next, click Add, type
Administrators, click Check Names, and then click OK to add the Administrators group. After
adding both groups, take a screenshot and paste it below. Make sure the VM number in the
top left-hand corner is in the screenshot for full credit for this step.
Screenshot:
4. Click Users and click the Full Control check box in the Allow column. Click Administrators
and click the Full Control check box in the Allow column. Even though the Users group
permission is set to Full Control, file and folder permissions will restrict them to Read and Read
& execute. Click OK twice.
5. Click the Security tab. Notice that the permissions haven’t changed as they did when you
used simple file sharing. Click Edit, and then click Add. Type TestUser and click Check
Names. Click OK.
6. Click TestUser. Notice that the permissions for TestUser are set to Read & execute, List folder
contents, and Read. Click Write in the Allow column, which gives TestUser the ability to create
and make changes to files. Click OK.
7. In the TestShare2 Properties window, under Group or user names: click TestUser. Take a
screenshot showing the permissions for the TestUser and paste it below. Make sure the VM
number in the top left-hand corner is in the screenshot for full credit for this step.
Screenshot:
Description: You want to practice creating shares by using simple and advanced file sharing. In this
activity, you use File and Storage Services to create a share.
9. Click Create. After the share is created successfully, click Close. You see the new share in the
list of shares.
10. Close all windows and continue with the next activity.
Description: You want to be able to keep users from seeing certain shares on the network unless
they type the UNC path for the share. You haven’t worked with hidden shares yet, so you want to
experiment with them. You create a new folder on TestVol and then share it with the Shared Folders
snap-in. You append a $ to the share name so that it’s hidden, verify that the share is hidden, and
then open it by using the full UNC path. Then you use the Shared Folders snap-in to monitor access
to the share.
1. On ServerSA1-#, open File Explorer and create a new folder on TestVol named HideMe.
2. Open Computer Management and click to expand Shared Folders. Right-click Shares and
click New Share to start the Create a Shared Folder Wizard. Click Next.
3. In the Folder Path window, type H:\HideMe in the Folder path text box, and then click Next.
4. In the Name, Description, and Settings window, type HideMe$ in the Share name text box,
and then click Next.
5. In the Shared Folder Permissions window, click Administrators have full access; other
users have read-only access, and then click Finish.
6. In the Sharing was Successful window, take a screenshot and paste it below. Make sure the
VM number in the top left-hand corner is in the screenshot for full credit for this step.
Screenshot:
11. Minimize the File Explorer window, and open the Computer Management window. In the left
pane, expand Shared Folders, click Shares, and you see the HideMe$ share listed. The
Client Connections column displays the number 1 because you currently have the share open.
After clicking Shares, take a screenshot of the Computer Management window and paste it
below. Make sure the VM number in the top left-hand corner is in the screenshot for full credit
for this step.
Screenshot:
12. Click Sessions, and you see that the Administrator account has one open file. Click Open
Files, and you see the H:\HideMe folder listed as an open file. (Folders are considered files in
Windows.) Close Computer Management and File Explorer.
13. Sign out or shut down ServerSA1 because you sign in as a different user in the next activity.
Description: In this activity, you use several methods to map a drive letter to a share. For testing
purposes, you will map the drive on the same server as the share is located, but you would use the
same procedure when accessing the share from another computer.
7. Right-click the M: drive and click Disconnect to remove the drive mapping.
8. On the File Explorer menu bar, click Computer, and then click Map network drive on the
ribbon to open the Map Network Drive window. Click the M: drive in the Drive list box. In the
Folder text box, type \\ServerSA1\NewShare1, and then click Finish.
9. Disconnect the M: drive again as you did in Step 5.
10. Open a command prompt window making sure NOT to open it as an Administrator. Type net
use m: \\ServerSA1\NewShare1 and press Enter. In File Explorer, verify that the drive has
been mapped. The net use command is good to use in batch files for mapping drives. After
running the command, take a screenshot of the results and paste it below. Make sure the VM
number in the top left-hand corner is in the screenshot for full credit for this step. (The prompt
should show that you are the TestUser and not an Administrator. No credit will be given if
TestUser is NOT shown.)
Screenshot:
11. At the command prompt, type net use and press Enter to see a list of mapped drives. Type
net use m: /delete and press Enter to disconnect the M: drive again.
12. Close all open windows and sign out or shut down ServerSA1 because you sign in as a
different user in the next activity.
Description: You want a solid understanding of which permissions are inherited by files and folders
created on a new volume, so you view the default permissions on a volume, create a folder, and see
how permissions are inherited.
13. Close all open windows and continue to the next activity.
Description: You may be somewhat confused about file and folder permissions, so you create some
files to use in a variety of permission experiments.
1. Sign in to ServerSA1 as Administrator, if necessary.
2. Open File Explorer, and navigate to the TestPerm folder you created on the TestVol volume.
3. First, you want to be able to view file extensions in File Explorer so that you can create batch
files easily. Click View on the toolbar, and then click the box next to File name extensions.
You can now see the .txt extension on the Permfile1 file you created previously.
4. Create a text file called TestBatch.bat in the TestPerm folder. When asked whether you want
to change the file extension, click Yes.
5. Right-click TestBatch.bat and click Edit. Type @ Echo This is a test batch file and press
Enter. On the next line, type @ Pause. Save the file, and then exit Notepad.
6. To test your batch file, double-click it. A command prompt window opens, and you see “This is
a test batch file. Press any key to continue . . . .” Take a screenshot of the message in the
command prompt and paste it below. Make sure the VM number in the top left-hand corner is
in the screenshot for full credit for this step.
Screenshot:
20. Click OK. Although you no longer have access to this file, you’re still the file owner and,
therefore, can assign yourself permissions.
21. Open the Properties dialog box for NewBatch, click the Security tab, and then click Edit. Click
Add. Type TestUser, click Check Names, and then click OK. Click Full control in the Allow
column in the Permissions for TestUser list box. Click OK twice. Double-click NewBatch to
verify that you can open and execute the file.
22. Sign out from the system, and continue to the next activity.
Activity 4-13: Restricting Access to Subfolders of Shares
Objective: Restrict access to a subfolder of a share.
Description: The Sales Department wants a subfolder of the Marketing share to store sensitive
documents that should be available only to users in the Sales Department because some Marketing
and Advertising users tend to leak information before it should be discussed outside the company.
You could create a new share, but the Sales Department users prefer a subfolder of the existing
share. To do this activity, you need to create a couple of groups and some users to put in the groups.
5. In the left pane, right-click Groups and click New Group. In the Group name text box, type
MarketingG.
6. Next, users in the Marketing and Sales departments should be added to the MarketingG
group. To do this, click Add. In the Select Users dialog box, type Marketing1; Sales1, click
Check Names, and then click OK. Click Create and then Close.
7. Create a group named SalesG and add the Sales1 user to the group.
8. In the Computer Management window, click Groups under Local Users and Groups. Take a
screenshot showing the two new groups and paste it below. Make sure the VM number in the
top left-hand corner is in the screenshot for full credit for this step.
Screenshot:
13. Click OK until you’re back to the MktgDocs Properties dialog box.
14. Click the Security tab. Currently, the Users group has Read permission to the folder and the
Administrators group has Full Control. Click Advanced. Click Disable Inheritance, and then
click the Convert option. Click OK.
15. Click Edit, click Users, and click Remove.
16. Add both the MarketingG and SalesG groups to the DACL. After adding both groups, take a
screenshot and paste it below. Make sure the VM number in the top left-hand corner is in the
screenshot for full credit for this step.
Screenshot:
17. Click MarketingG, and click the Write check box in the Allow column so that MarketingG has
Read & execute, List folder contents, Read, and Write permissions to the folder. Repeat for
SalesG. Click OK and then Close.
18. In File Explorer, open the MktgDocs folder, and then open the Properties dialog box for the
SalesOnly folder. Click the Security tab. The SalesOnly folder has inherited permissions from
the MktgDocs folder.
19. Disable inheritance on the SalesOnly folder, being sure to convert existing permissions. In the
Security tab, click Edit. Click MarketingG, and then click Remove. Click OK twice.
20. Sign out from ServerSA1 and log back on as Sales1. Open the MktgDocs share by right-
clicking Start, clicking Run, typing \\ServerSA1\MktgDocs, and pressing Enter. Create a text
file in MktgDocs named Mktg1.
21. Open the SalesOnly folder and create a text file named SalesDoc. You have verified that you
can create files while signed in as a member of the SalesG group. Open the Properties dialog
box for SalesDoc and click the Security tab. Note that SalesG and Sales1 are in the DACL.
Click SalesG, and notice that SalesG has Read & execute, Read, and Write permissions. Click
Sales1, and notice that Sales1 has Full control because it’s the file owner. After clicking
Sales1, take a screenshot showing the permissions and paste it below. Make sure the VM
number in the top left-hand corner is in the screenshot for full credit for this step.
Screenshot:
22. Sign out from ServerSA1 and sign back in as Marketing1. Open the MktgDocs share by right-
clicking Start, clicking Run, typing \\ServerSA1\MktgDocs, and pressing Enter. Create a text
file in MktgDocs named Mktg2. You have verified that members of the MarketingG group can
create files in the MktgDocs share.
23. Try to delete the Mktg1 file that Sales1 created. You can’t because you have only Write
permission to the file, which doesn’t allow you to delete files. Take a screenshot of the File
Access Denied message and paste it below. Make sure the VM number in the top left-hand
corner is in the screenshot for full credit for this step.
Screenshot:
24. Double-click the SalesOnly folder. You see a network error message because the Marketing1
user doesn’t have access to the SalesOnly folder. Take a screenshot of the Network Error
message and paste it below. Make sure the VM number in the top left-hand corner is in the
screenshot for full credit for this step.
Screenshot: