Differences between revisions 4 and 56 (spanning 52 versions)
Revision 4 as of 2014-10-01 19:29:29
Size: 852
Editor: scot
Comment:
Revision 56 as of 2023-09-28 17:31:52
Size: 2790
Editor: scot
Comment:
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:
== Instructions ==
In this lab you will use the organizational units, groups and users in your AD that we created last time to delegate control to managers of their department users. Then we will setup a share for each department and for each user. In your domain controller (Using the RSAT tools or powershell):
Line 3: Line 5:
In this lab you will create some organizational groups and users in  1. Delegate control over users in the OU_Sales Organizational unit to jpatterson so that he can change their password, but nothing else.
    a. Right click on the OU, select Delegate control, Add the user.
    a. On theTasks to Delegate select only the following:
       1. Reset user passwords and force password change at next logon
       1. Reset inetOrgPerson passwords and force password change at next logon
       1. Read all inetOrgPerson information
 1. Delegate control over users in the OU_Developers Organizational unit to kthompson
    a. like the first one...
 1. Delegate control over users in the OU_CSuite Organizational unit to kthompson
    a. ...
Line 5: Line 16:
In your primary domain: Shares:
Line 7: Line 18:
 1. Create an organizational group named OU_Contractors
    a. Create a global group in the OU_Contractors called g_contractors
    a. Create a user called "contractor" and put them in g_contractors group.
 1. Create a user mgr in the users folder.
    a. Make mgr the Administrator for the OU_Contractors set his password as {{{Hello123Password!}}} Make sure there is no requirement to change the password.
    a. Make mgr a member of the server operators group and give the account remote desktop access.
    a. I will test mgr's ability by changing the password for "contractor"		  1. Create a share for each group Sales, Developers and Managers and make sure the groups have modify/read/write access to the share.
    a. On C:\ create a folder called shares, we will use this for all our shares.
    a. Create folders in c:\shares named:
       1. sales
       1. developers
       1. managers
       1. home
    a. Share and Assign permissions to the sales, developers and managers
       1. Right click on sales, select properties, sharing, Share...
       1. add the sales group and set permission level to "Read/Write" and share.
       1. Select the security tab and make sure that the sales group does not have full control. Remove that right, by clicking on edit, selecting sales and unchecking Full Control.
    a. Repeat these steps for developers and managers.
 2. Create shares for users: Follow the directions at https://www.petenetlive.com/KB/Article/0000739 to complete this.
Line 15: Line 32:
In your subdomain:
Line 17: Line 33:
 1. Create a domain local group called dl_Temporary in the users folder.
    a. Add group to the dl_temporary group.
    		 == Documentation ==

 1. Document the delegations for control that you made in the "Organizational Units" section.
 1. Document the Share created and its purpose in a new page called "Shared Resources" under Windows Documentation

== Video Grade Guide ==
||'''Topics''' ||'''Points''' ||
||Video Shows: Login as one of the manager users using remote desktop and change a user's password for which they have been delegated control || 40 ||
||Video Shows: Login as the user you changed the password for and show that it worked. || 10 ||
||Video Shows: While still logged on, show shares by going to \\cptr230a. Access all the shares visible to demonstrate that access is allowed to those they should have access to and access is denied to those they shouldn't.|| 40 ||
||Video talks through the required documentation. || 10 ||

Lab 04

Instructions

In this lab you will use the organizational units, groups and users in your AD that we created last time to delegate control to managers of their department users. Then we will setup a share for each department and for each user. In your domain controller (Using the RSAT tools or powershell):

  1. Delegate control over users in the OU_Sales Organizational unit to jpatterson so that he can change their password, but nothing else.
    1. Right click on the OU, select Delegate control, Add the user.
    2. On theTasks to Delegate select only the following:
      1. Reset user passwords and force password change at next logon
      2. Reset inetOrgPerson passwords and force password change at next logon
      3. Read all inetOrgPerson information
  2. Delegate control over users in the OU_Developers Organizational unit to kthompson
    1. like the first one...
  3. Delegate control over users in the OU_CSuite Organizational unit to kthompson
    1. ...

Shares:

  1. Create a share for each group Sales, Developers and Managers and make sure the groups have modify/read/write access to the share.
    1. On C:\ create a folder called shares, we will use this for all our shares.
    2. Create folders in c:\shares named:
      1. sales
      2. developers
      3. managers
      4. home
    3. Share and Assign permissions to the sales, developers and managers
      1. Right click on sales, select properties, sharing, Share...
      2. add the sales group and set permission level to "Read/Write" and share.
      3. Select the security tab and make sure that the sales group does not have full control. Remove that right, by clicking on edit, selecting sales and unchecking Full Control.
    4. Repeat these steps for developers and managers.

  2. Create shares for users: Follow the directions at https://www.petenetlive.com/KB/Article/0000739 to complete this.

Documentation

  1. Document the delegations for control that you made in the "Organizational Units" section.
  2. Document the Share created and its purpose in a new page called "Shared Resources" under Windows Documentation

Video Grade Guide

Topics

Points

Video Shows: Login as one of the manager users using remote desktop and change a user's password for which they have been delegated control

40

Video Shows: Login as the user you changed the password for and show that it worked.

10

Video Shows: While still logged on, show shares by going to \\cptr230a. Access all the shares visible to demonstrate that access is allowed to those they should have access to and access is denied to those they shouldn't.

40

Video talks through the required documentation.

10

WindowsAdministration/Lab04DelegationAndShares (last edited 2023-09-28 17:31:52 by scot)