Differences between revisions 26 and 39 (spanning 13 versions)
Revision 26 as of 2016-08-21 14:33:54
Size: 2451
Editor: scot
Comment:
Revision 39 as of 2021-09-16 18:24:42
Size: 2408
Editor: scot
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= Lab 04 = = Lab 03-04 =
Line 3: Line 3:
In this lab you will create some organizational groups and users in your AD. In this lab you will create some organizational units, groups and users in your AD. In your domain controller (Using the RSAT tools or powershell):
Line 5: Line 5:
In your primary domain:

1. Create an organizational unit named {{{OU_Contractors}}}
  a. Create a global group in the {{{OU_Contractors}}} called {{{g_contractors}}}
 1. Create an organizational unit in your domain named {{{OU_Contractors}}} and add the following items to this OU.
  a. Create a global group called {{{g_contractors}}}
Line 10: Line 8:
 1. Create a user mgr in the users folder.  1. Create a user mgr in the users folder of your domain.
Line 12: Line 10:
   1. set his password and document it in the "password" page. Make sure there is no requirement to change the password.
   1. Make mgr a member of the server operators group and give the account remote desktop access (through system, remote add user).
  a. Start Group Policy - Find the Domain Controllers Folder/OU, right click on the Default Domain Controller Policy, click edit
   1. Navigate to Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignments
   1. Add the mgr user to the "Allow Logon through remote desktop services" list.
   1. From a command prompt or powershell type: gpupdate /force
  a. You will demonstrate mgr's ability by changing the password for "contractor" (Note: When you try to run server manager, it will ask for a username and password. Use the mgr username and password. After that you can run the tools from the menu and they will work for you correctly. If you run "Active Directory Users and Computers" directly without going through the server manager you will have to again use the mgr username and password each time you open it or any other tool.)

In your subdomain:

 1. Create a domain local group called {{{dl_temporary}}} in the users folder.
  a. Add {{{g_contractors}}} group to the {{{dl_temporary}}} group.
  a. Set the mgr password and document it in the "password" page. Make sure there is no requirement to change the password.
 1. Create a new folder on your cpte230a and share it. Make the share name {{{contractors}}}.
  a. Set permissions on the share to allow {{{g_contractors}}} to read and write to it.
  a. Set permissions on the share to give the mgr user full control.
 1. You will demonstrate mgr's ability by changing the password for "contractor".
  a. You can demonstrate this by logging in to your windows 10 machine and starting the active directory users and computers tool.
  a. Find the contractor user and reset the password.
Line 26: Line 19:
 1. Document the OU structures added and Groups added to each domain on the domains page.
 1. Do this in a new section called "Organizational Units" and "Groups"
 1. Document the OU structures added and Groups added to each domain on the domains page. Do this in a new section called "Organizational Units" and "Groups"
 1. Document the Share created and its purpose in a new section called "Shared Resources"
Line 31: Line 24:
||Video Shows: OU structures and groups created in the instructions ||20 ||
||Video Shows: A remote login event using the mgr user. ||30 ||
||Video Shows: the mgr user changing the password for the contractor user. ||30 ||
||Video Shows: Server Manager on Windows 10 || 10 ||
||Video Shows: WAC running on Windows 10 with access to server || 10 ||
||Video Shows: Remote Power Shell session from windows 10 machine to server || 10 ||
||Video Shows: OU structures and groups created in the instructions ||10 ||
||Video Shows: A remote desktop login to windows 10 using the mgr user. ||10 ||
||Video Shows: the mgr user changing the password for the contractor user on the windows 10 machine. ||10 ||
||Video Shows: the contractor user accessing the file share and adding a new text file || 10 ||
||Video Shows: the mgr user accessing the file share and deleting the new text file || 10 ||

Lab 03-04

Instructions

In this lab you will create some organizational units, groups and users in your AD. In your domain controller (Using the RSAT tools or powershell):

  1. Create an organizational unit in your domain named OU_Contractors and add the following items to this OU.

    1. Create a global group called g_contractors

    2. Create a user called contractor and put them in g_contractors group.

  2. Create a user mgr in the users folder of your domain.
    1. Make mgr the Administrator for the OU_Contractors by using the delegation wizard. Make sure the the user has "Reset user passwords..." and "Modify the membership of a group"

    2. Set the mgr password and document it in the "password" page. Make sure there is no requirement to change the password.
  3. Create a new folder on your cpte230a and share it. Make the share name contractors.

    1. Set permissions on the share to allow g_contractors to read and write to it.

    2. Set permissions on the share to give the mgr user full control.
  4. You will demonstrate mgr's ability by changing the password for "contractor".
    1. You can demonstrate this by logging in to your windows 10 machine and starting the active directory users and computers tool.
    2. Find the contractor user and reset the password.

Documentation

  1. Document the OU structures added and Groups added to each domain on the domains page. Do this in a new section called "Organizational Units" and "Groups"
  2. Document the Share created and its purpose in a new section called "Shared Resources"

Video Grade Guide

Topics

Points

Video Shows: Server Manager on Windows 10

10

Video Shows: WAC running on Windows 10 with access to server

10

Video Shows: Remote Power Shell session from windows 10 machine to server

10

Video Shows: OU structures and groups created in the instructions

10

Video Shows: A remote desktop login to windows 10 using the mgr user.

10

Video Shows: the mgr user changing the password for the contractor user on the windows 10 machine.

10

Video Shows: the contractor user accessing the file share and adding a new text file

10

Video Shows: the mgr user accessing the file share and deleting the new text file

10

Video talks through the required documentation.

20

WindowsAdministration/Lab04DelegationAndShares (last edited 2024-10-03 19:39:01 by scot)