COMPETENCY-BASED LEARNING MATERIAL

SECTOR Electronics Sector

QUALIFICATION TITLE Computer Systems Servicing NC II

UNIT OF COMPETENCY Set-up computer servers

MODULE TITLE Setting up computer server

 (Computer System Servicing NC II)
COMPETENCY-BASED LEARNING MATERIALS

List of Competencies

No. Unit of Competency Module Title Code

Installing and ELC724331

1. Install and configure
configuring computer
computer systems
systems

Set-up computer Setting up computer ELC724332

2.
networks networks

Set up computer Setting up computer ELC724333

3.
servers servers

Maintain and repair Maintaining and ELC724334

4. computer systems repairing computer
and networks systems and networks

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 2 of 139
Servers
 HOW TO USE THIS COMPETENCY- BASED LEARNING
MATERIALS

Welcome!
The unit of competency, “Set-up computer servers", is one of the
competencies of Computer System Servicing NCII, a course which comprises
the knowledge, skills and attitudes required for a TVET trainer to possess. The
module, Setting up computer servers, contains training materials and
activities related to identifying learner’s requirements, preparing session plan,
preparing basic instructional materials and organizing learning and teaching
activities for you to complete. In this module, you are required to go through a
series of learning activities in order to complete each learning outcome. In each
learning outcome are Information Sheets, Self-Checks, Task Sheets and Job
Sheets. Follow and perform the activities on your own. If you have questions,
do not hesitate to ask for assistance from your facilitator.

Remember to:

 Read information sheets and complete the self-checks. Suggested

references are included to supplement the materials provided in this
module.

 Perform the Task Sheets and Job Sheets until you are confident that
your outputs conform to the Performance Criteria Checklist that follows
the sheets.

 Submit outputs of the Task Sheets and Job Sheets to your facilitator for
evaluation and recording in the Accomplishment Chart. Outputs shall
serve as your portfolio during the Institutional Competency Evaluation.
When you feel confident that you have had sufficient practice, ask your
trainer to evaluate you. The results of your assessment will be recorded
in your Progress Chart and Accomplishment Chart. You must pass the
Institutional Competency Evaluation for this competency before moving
to another competency. A Certificate of Achievement will be awarded
to you after passing the evaluation. You need to complete this module
before you can perform the module on Maintain and repair computer
systems and networks.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 3 of 139
Servers
QUALIFICATION : COMPUTER SYSTEMS SERVICING NCII

UNIT OF COMPETENCY : SET-UP COMPUTER SERVERS

MODULE TITLE : Setting up Computer Servers

MODULE DESCRIPTOR : This module covers the knowledge, skill and

attitudes needed to set-up computer servers for
LANs and SOHO systems. It consists of
competencies to set-up user access and configures
network services as well as to perform testing,
documentation and pre-deployment procedures.

NOMINAL DURATION : 40 hours

LEARNING OUTCOMES:

Upon completion of this module the students/trainees must be able to:

1. Set-up user access

2. Configure network services
3. Perform testing, documentation and pre-deployment practices

ASSESSMENT CRITERIA:

1. User folder is created in accordance with network operating system

(NOS) features.
2. User access level is configured based on NOS features and
established network access policies/end-user requirements.
3. Security check is performed in accordance with established
network access policies/end-user requirements.
4. Normal function of server are checked in accordance with
manufacturer’s instruction.
5. Required modules/add-ons are installed/updated based on NOS
installation procedures.
6. Network services to be configured are confirmed based on
user/system requirements.
7. Operation of network services are checked base on user/system
requirements.
8. Unplanned events or conditions are responded to in accordance
with established procedures.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 4 of 139
Servers
 9. Pre-deployment procedures is undertaken based on enterprise
policies and procedures.
10. Operation and security check are undertaken based on end-user
requirements.
11. Reports are prepared/completed according to enterprise policies
and procedures

CONDITIONS:

The students/trainees must be provided with the following:

 Reference Book
 Handout
 Computer set with accessories and peripherals

ASSESSMENT METHODS:

 Interview
 Written
 Actual Exam
 Practical exam/oral questioning & observation

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 5 of 139
Servers
 Learning Experiences
Learning Outcome 1
(Set-up user access)

Learning Activities Special Instructions

Read Information Sheet 3.1-1 in Familiarize Active Directory Domain

Installing Primary Domain Controller Services

Answer Self-Check 3.1-1 in Installing Try to answer without looking at the

Primary Domain Controller key answer

Perform Task Sheet 3.1-1 on Installing Insure that every devices is

Primary Domain Controller connected properly before installing.

Rate your own performance using 80% of the criteria must be obtained
performance criteria checklist 3.1-1 by the trainee

Read Information Sheet 3.1-2 in Familiarize configuration and

DHCP Role and Scope procedure in DHCP Role and Scope

Answer Self-Check 3.1-2 in DHCP Try to answer without looking at the

Role and Scope key answer

Perform Task Sheet 3.1-2 on in DHCP Perform proper configuration in

Role and Scope DHCP Role and Scope

Rate your own performance using 80% of the criteria must be obtained
performance criteria checklist 3.1-3 by the trainee

Read Information Sheet 3.1-3 in User Familiarize server roles in User &
& User template User template

Answer Self-Check 3.1-3 in User & Try to answer without looking at the
User template key answer

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 6 of 139
Servers
Perform Task Sheet 3.1-3 on User & Perform proper configuration in
User template User & User template

Rate your own performance using 80% of the criteria must be obtained
performance criteria checklist 3.1-3 by the trainee

Read Information Sheet 3.2-1 in Familiarize procedure on configuring

Group Policy Group Policy

Answer Self-Check 3.2-1 in Group Try to answer without looking at the

Policy key answer

Perform Task Sheet 3.2-1 on Group Perform proper configuration on

Policy group policy

Rate your own performance using 80% of the criteria must be obtained
performance criteria checklist 3.2-1 by the trainee

Read Information Sheet 3.2-2 in

Familiarize Remote desktop services
Remote desktop services

Answer Self-Check 3.2-2 in Remote Try to answer without looking at the

desktop services key answer

Perform Task Sheet 3.2-2 on Remote Configure properly Remote desktop

desktop services services

Rate your own performance using 80% of the criteria must be obtained
performance criteria checklist 3.2-2 by the trainee

Read Information Sheet 3.2-3 in File Familiarize File server

server
Try to answer without looking at the
Answer Self-Check 3.1-3 in File server key answer

Perform Task Sheet 3.2-3 on File Configure File Server properly

server
Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 7 of 139
Servers
Rate your own performance using 80% of the criteria must be obtained
performance criteria checklist 3.2-3 by the trainee

Read Information Sheet 3.3-1 in Familiarize procedure on configuring

Managing remote print server and Managing remote print server

Answer Self-Check 3.3-1 in Managing Try to answer without looking at the

remote print server key answer

Read Information Sheet 3.3-2 in

Follow instruction on how to Deploy
Deployment of remote print server to
remote print server to client
client

Answer Self-Check 3.3-2 in Try to answer without looking at the

Deployment of remote print server to key answer
client
Read Information Sheet 3.3-3 in Test
Familiarize Test Print procedures.
Printing

Answer Self-Check 3.3-3 in Test Try to answer without looking at the

Printing key answer

Perform Task Sheet 3.3-3 on Test

Printing Test Print on print server

Rate your own performance using 80% of the criteria must be obtained
performance criteria checklist 3.3-3 by the trainee

Information Sheet (3.1-1)

(Installing Primary Domain Controller)

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 8 of 139
Servers
Learning Objectives:

After reading this INFORMATION SHEET, YOU MUST be able to:

1. Describe the Active Directory Domain Services.

2. Explain the uses and application of Active Directory Domain Services.

3. Configure ADDS properly according to standards.

This information sheet will cover the details on Active Directory Domain
Services. It also cover the procedure and steps on how to install and configure
Domain controller.

Installing Active Directory Domain Services on Windows Server 2008 R2

Enterprise 64-bit

This article provides prerequisites and steps for installing Active Directory
Domain Services (AD DS) on Microsoft Windows Server 2008 R2 Enterprise 64-
bit (W2K8).

This article does not provide instructions for adding a Domain Controller (DC)
to an already existing Active Directory Forest Infrastructure.

Prepare for Active Directory

Before you install AD DS on a Rackspace Cloud Server running Windows

Server 2008 R2 Enterprise 64-bit (W2K8), you must perform the following
prerequisite tasks.

Select Domain Name and Password

Select your domain name and know the domain administrator password that
you want to use.
Note: Your domain name should be reliably unique. Do not use the same domain
as your website, for example, and avoid extensions like “.local” unless you have
registered that domain name in DNS. We suggest a domain name that is not
used for anything else, like "internal.example.com"..

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 9 of 139
Servers
Specify the Preferred DNS Server

Windows Server 2008 can properly install and configure DNS during the AD
DS installation if it knows that the DNS is local. You can accomplish this by
having the private network adapter’s preferred DNS server address point to the
already assigned IP address of the same private network adapter, as follows:

1. From the Windows Start menu, open Administrative Tools > Server
Manager.

2. In the Server Summary section of the Server Manager window, click

View Network Connections.

3. In the Network Connections window, right-click the private adapter and

select Properties.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 10 of 139
Servers
4. Select Internet Protocol Version 4, and then click Properties.

5. Copy the IP address that is displayed in the IP address box and paste it
into the Preferred DNS server box. Then, click OK.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 11 of 139
Servers
 6. Click OK in the Properties dialog box, and close the Network Connections
window.
7.
Note: The last step for prepping W2K8 for AD is adding the proper Server Role.
The “Active Directory Domain Services” Role will be added. This only installs the
framework for W2K8 to become a DC and run AD. It does not promote the server
to DC or install AD.

Add the Active Directory Domain Services Role

Adding the Active Directory Domain Services role installs the framework for
Windows Server 2008 to become a DC and run AD DS. It does not promote the
server to a DC or install AD DS.

1. In the Server Manager window, open the Roles directory and in the
Roles Summary section, click Add Roles.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 12 of 139
Servers
2. On the Before You Begin page of the Add Roles Wizard, click Next.

3. On the Select Server Roles page, select the Active Directory Domain
Services check box, and then click Next on this page and on the
Confirmation page.

4. On the Installation Progress page, click Install.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 13 of 139
Servers
 5. On the Results page, after the role is successfully added, click Close.

Enable the Remote Registry

1. Open the Server Manager window if it is not already open.

2. In the Properties area of the Local Servers page, click Remote
Management.
3. Select the Enable remote management of this server from other
computers check box.
Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 14 of 139
Servers
Install Active Directory Domain Services (DCPROMO)

Now that you have prepared the server, you can install AD DS.

Tip: As an alternative to performing steps 1 through 3, you can type

dcpromo.exe at the command prompt. Then, skip to step 4.

1. If it is not already open, open the Server Manager window.

2. Select Roles > Active Directory Domain Services.
3. In the Summarysection,clickRun the Active Directory Domain
Services Installation Wizard (dcpromo.exe). or Open RUN and Type
DCPROMO

4. On the Welcome page of the Active Directory Domain Services

Installation Wizard, ensure that the Use advanced mode installation
check box is cleared, and then click Next.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 15 of 139
Servers
5. On the Operating System Capability page, click Next.

6. On the Choose a Deployment Configuration page, select Create a new

domain in a new forest and then click Next.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 16 of 139
Servers
7. On the Name the Forest Root Domain page, enter the domain name that
you choose during preparation steps. Then, click Next.

8. After the installation verifies the NetBIOS name, on the Set Forest
Functional Level page, select Windows Server 2008 R2 in the Forest
function level list. Then, click Next.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 17 of 139
Servers
 The installation examines and verifies your DNS setting.
9. On the Additional Domain Controller Options page, ensure that the DNS
server check box is selected, and then click Next.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 18 of 139
Servers
10. In the message dialog box that appears, click Yes.

11. On the Location for Database, Log Files, and SYSVOL page, accept
the default values and then click Next.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 19 of 139
Servers
12. On the Directory Services Restore Mode Administrator Password
page, enter the domain administrator password that you chose during
the preparation steps. This is not your admin password that was emailed
to you during the creation of your server, although you can use that
password if you want to. Then, click Next.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 20 of 139
Servers
13. On the Summary page, review your selections and then click Next.
The installation begins.

14. If you want the server to restart automatically after the installation
is completed, select the Reboot on completion check box.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 21 of 139
Servers
15. If you did not select the Reboot on completion check box, click
Finish in the wizard. Then, restart the server.

16. After a few minutes, reconnect to your server by using the Console
in your Control Panel or RDP.
17. To log in, perform the following steps:

a. Click Switch User, and then click Other User.

b. For the user, enter the full domain name that you chose, followed by a
back slash and Administrator (for example,
Example.com\Administrator).

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 22 of 139
Servers
 c. Enter the password that was emailed to you when you first built the
server. If you changed your password
for the local admin account to this server before you began the
installation of Active Directory Domain Services, use that password.

d. Click the log in button.

The installation of Active Directory Domain Services on your server is complete.

.
Network Terminology
Workgroup - A workgroup is a network setup in which each computer on the
network keeps its own store of user names and passwords. In order to access
another computer on the network, you need to know a username and password
on that computer. This does not scale well. The user will be prompted for a
username and password when he or she accesses another computer when the
passwords are not in sync.

 HomeGroup - Available only in a pure Windows 7 network. HomeGroup

provides a simple way to share files and printers in a network. HomeGroup
allows Windows 7 computers to be grouped together to share each other’s
resources using just one centralized password.

Domain - A domain is a logical group of computers that share the same Active
Directory database. A domain allows you to manage a group of computers
rather than one by one. This is done through the central use of usernames and
passwords and the configuration of computers using group policy.

Domain Controller - A Domain Controller is a Windows Server that has Active

Directory Services roles configured on it by using a process called promotion.
The Domain Controller holds a writeable copy of the Active Directory database.
Each domain has at least one Domain Controller but more should be added for
redundancy.

Active Directory Database - Active Directory uses a database to hold objects

like users and settings. The database uses multi-master replication and thus
can have multiple copies of the database stored in multiple locations around
the world. Each of these copies is writeable. Active Directory automatically fixes
any replication conflicts that may occur by using a last writer wins system.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 23 of 139
Servers
That is, the latest update of any object is used when there is a replication
conflict.

Domain Links - Active Directory supports multiple domains to be linked

together by using a trust. Each domain has a separate Active Directory
database but resources can be shared between the different domains.

NTDS.DIT - The Active Directory Database by default is stored in c:\windows\

NTDS\ntds.dit. This file is based on the X.500 standard. Originally Active
Directory was called NT Directory Services and this is where the file got its
name.
Each domain in Active Directory will have a separate database. Domain
Controllers hold the copy of the database in the ntds.dit file and replicate
changes to each other. If you have more than one domain, then each separate
domain will have its own copy of the ntds.dit file.

Organization Units - In order to organize objects in Active Directory more

easily, objects in Active Directory can be organized into Organization Units,
also known as OUs. These OUs are like folders on your hard disk.

LDAP Syntax - LDAP uses a syntax that refers to the most significant part first
followed by less significant or precise parts afterwards. This is the opposite of
other systems, like filenames or paths. The main syntax of any LDAP command
is like this example: CN=Joe, OU=Users, DC=ITFreeTraining, DC=Com. When
an object can be defined uniquely, like in this example, it is called the
distinguished name.

Canonical Name (CN) - This is the name of the object in Active Directory that
you want to access. For example, if you wanted to access a user called Joe, you
would use CN=Joe.

Organization Unit (OU) - Organization units in Active Directory are used to

sort objects into different areas or folders. If you have multiple OUs, then start
with the lowest in the tree and expand downwards. For example if a user was
in Users\Acounts\Payable you would use OU=Users, OU=Accounts,
OU=Payable.

Domain Component (DC) - This is the domain in which the object is located.
For example DC=ITFreeTraining, DC=com.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 24 of 139
Servers
Tree - When you have multiple domains in the same namespace (e.g.,
ITFreeTraining.com, west.ITFreeTraining.com, and sales.ITFreeTraining.com),
they are considered to be in the same tree. The tree also supports multiple
levels of domains. For example, you could have west.sales.ITFreeTraining.com
and east.ITFreeTraining.com in the same tree.

 Forest - A forest is a collection of one or more domains which may have one or
more trees. What makes a forest unique is that it shares the same schema. The
schema defines what and how Active Directory objects are stored. The schema
defines the database for the whole forest but it should be remembered that
each domain in the forest has its own copy of the database based on the
schema.

Trusts - Parent and child domains are automatically linked by a trust. Users in
different domains can use these trusts to access resources in another domain
assuming that they have access. Trees in the forest are linked together via a
trust automatically. This ensures that any users in any domain in the forest
can access any resource in the forest to which they have access.

Global Catalog - In order for users to find resources in any domain in the
forest (remember that each domain has a separate database), Domain
Controllers can be made into Global Catalog Servers. A Global Catalog Server
contains partial information about every object in the forest. Using this
information, the user can conduct searches.

Self-Check 3.1-1
Multiple Choice: Write your answer on a separate sheet of paper.

1. A network setup in which each computer on the network keeps its own store of
user names and passwords.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 25 of 139
Servers
 a. Domain b. HomeGroup c. WorkGroup d. OU
2. Provides a simple way to share files and printers in a network
a. Domain b. HomeGroup c. WorkGroup d. OU
3. A collection of one or more domains which may have one or more trees.
a. Trust b. Forest c. Organization Unit d. Tree
4. A logical group of computers that share the same Active Directory database.
a. Domain b. HomeGroup c. WorkGroup d. OU
5. Used to sort objects into different areas or folders.
a. Trust b. Forest c. Organization Unit d. Tree

Answer Key 3.1-1

1. C
2. B
3. B
4. A
5. C

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 26 of 139
Servers
 TASK SHEET 3.1-1
Title: Installing Primary Domain Controller

Performance Objective: Given required supplies and materials you

should be able to perform in appropriate time:

1. Install Primary Domain Controller.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 27 of 139
Servers
2. Identify the needed data in Installing Primary Domain Controller.

Supplies/Materials : Wireless Network Card

Equipment : Computer, Patch Panel, Router, Switch,

Laptop, wireless Devices, Printer

Steps/Procedure:

1. Ask your trainer to provide you with needed hardware devices

2. Using blank sheet of paper write down data in configuring and
installing Active directory domain services.
3. Test if the ADDS is installed and configured properly.
4. Submit to your trainer for evaluation.

Assessment Method:

Observation

Interview

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 28 of 139
Servers
Performance Criteria Checklist 3.1-1

CRITERIA
YES NO
Did you….
1. Install and Configured ADDS properly?

1. List the needed data in blank sheet of paper?

2. Test the computer and Devices connected

successfully?
3. Complete the task in appropriate time?

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 29 of 139
Servers
 Information Sheet (3.1-2)
(DHCP Role and Scope)

Learning Objectives:

After reading this INFORMATION SHEET, YOU MUST be able to:

1. Describe the DHCP Role and Scope.

2. Explain the uses and application of DHCP Role and Scope.

3. Install and Configure DHCP Role and Scope.

This information sheet will cover the details and information about DHCP Role
and Scope. It also covers the procedure on how to add roles to server.

BY STEP GUIDE TO INSTALL DHCP ROLE AND CONFIGURE

DHCP servers centrally manage IP addresses and related information and

provide it to clients automatically. This allows you to configure client network
settings at a server, instead of configuring them on each client computer. If you
want this computer to distribute IP addresses to clients, then configure this
computer as a DHCP server.

This topic explains the basic steps that you must follow to configure a DHCP
server. When you have finished setting up a basic DHCP server, you can
complete additional configuration tasks, depending on how you want to use the
DHCP server.

To start first need to log in to the server with administrator privileges. Then
start the “server Manager” by clicking on “Server Manager” icon on task bar.
Then go to “Roles”

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 30 of 139
Servers
Then click on “Add Roles” option to open Add roles Wizard.

Then it will load the Roles Wizard and select the “DHCP Server” From the list
and click next to continue.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 31 of 139
Servers
Then it will give description about the role. Click next to continue.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 32 of 139
Servers
Next window is asking to use which interface to serve DHCP clients. If server
has multiple NIC with multiple IP you can add them also to serve DHCP clients.

In next window it will give opportunity to add DNS settings that should apply
for DHCP clients.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 33 of 139
Servers
Next window is to define the WINS server details.

In next window we can add the scope, the Starting IP, End IP of the DHCP
range, subnet mask, default gateway, leased time etc.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 34 of 139
Servers
In next Window it can configure to support IPv6 as well.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 35 of 139
Servers
Then it will give the confirmation window before begin the install. Click on
“Install”

Once installation finishes DHCP server interface can open from Start >
Administrative Tools > DHCP

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 36 of 139
Servers
Using the DHCP it is possible to even configure multiple Scopes configurations
to the network. In a network there can be different network segments. It is
waste to setup different DHCP servers for each segment. Instead of that it is
possible to create different Scopes to issue DHCP for them.

DHCP terminology

Scope -  is the full consecutive range of possible IP addresses for a network.
Scopes typically define a single physical subnet on your network to which
DHCP services are offered. Scopes also provide the primary way for the server
to manage distribution and assignment of IP addresses and any related
configuration parameters to clients on the network.

Superscope -  is an administrative grouping of scopes that can be used to

support multiple logical IP subnets on the same physical subnet. Superscopes
only contain a list of member scopes or child scopes that can be activated
together. Superscopes are not used to configure other details about scope
usage. For configuring most properties used within a superscope, you need to
configure member scope properties individually.

Exclusion - range is a limited sequence of IP addresses within a scope,

excluded from DHCP service offerings. Exclusion ranges assure that any
addresses in these ranges are not offered by the server to DHCP clients on your
network.

Address Pool - After you define a DHCP scope and apply exclusion ranges, the
remaining addresses form the available address pool within the scope. Pooled
addresses are eligible for dynamic assignment by the server to DHCP clients on
your network.

lease  - is a length of time that a DHCP server specifies, during which a client
computer can use an assigned IP address. When a lease is made to a client, the
lease is active. Before the lease expires, the client typically needs to renew its
address lease assignment with the server. A lease becomes inactive when it
expires or is deleted at the server. The duration for a lease determines when it
will expire and how often the client needs to renew it with the server.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 37 of 139
Servers
reservation  - is used to create a permanent address lease assignment by the
DHCP server. Reservations assure that a specified hardware device on the
subnet can always use the same IP address.

Option types  - are other client configuration parameters a DHCP server can
assign when serving leases to DHCP clients. For example, some commonly
used options include IP addresses for default gateways (routers), WINS servers,
and DNS servers. Typically, these option types are enabled and configured for
each scope. The DHCP console also permits you to configure default option
types that are used by all scopes added and configured at the server. Most
options are predefined through RFC 2132, but you can use the DHCP console
to define and add custom option types if needed.

options class  - is a way for the server to further manage option types
provided to clients. When an options class is added to the server, clients of that
class can be provided class-specific option types for their configuration. For
Microsoft® Windows® 2000 and Windows XP, client computers can also specify
a class ID when communicating with the server. For earlier DHCP clients that
do not support the class ID process, the server can be configured with default
classes to use instead when placing clients in a class. Options classes can be of
two types: vendor classes and user classes.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 38 of 139
Servers
 Self-Check 3.1-2
Multiple Choice: Write your answer on a separate sheet of paper.

1. It is used to create a permanent address lease assignment by the DHCP

server.
a. Reservation b. Option Class c. lease d. Scope
2. It is the full consecutive range of possible IP addresses for a network.
Scopes typically define a single physical subnet on your network to
which DHCP services are offered.
a. Reservation b. Option Class c. lease d. Scope
3. It is a way for the server to further manage option types provided to
clients.
a. Reservation b. Option Class c. lease d. Scope
4. It is range is a limited sequence of IP addresses within a scope, excluded
from DHCP service offerings.
a. Option Class b. Lease c. Exclusion d. Scope
5. It is an administrative grouping of scopes that can be used to support
multiple logical IP subnets on the same physical subnet.
a. Superscope b. Scope c. leased d. reservation

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 39 of 139
Servers
 Answer Key 3.1-2
1. A
2. D
3. B
4. C
5. A

TASK SHEET 3.1-2

Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 40 of 139
Servers
Title: DHCP Roles and Scopes

Performance Objective: Given required supplies and materials you

should be able to perform in appropriate time:

1. Install and Configure DHCP Role and Scope.

2. Identify the needed data in DHCP Role and Scope.

Supplies/Materials : Wireless Network Card

Equipment : Computer Server, Patch Panel, Router,

Switch,

Laptop, wireless Devices, Printer

Steps/Procedure:

1. Ask your trainer to provide you with needed hardware devices

2. Using blank sheet of paper write down details in Configuring
DHCP Role and Scope.
3. Test if the Configure DHCP Role and Scope is installed and
configured properly.
4. Submit to your trainer for evaluation.

Assessment Method:

Observation

Interview

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 41 of 139
Servers
Performance Criteria Checklist 3.1-2

CRITERIA
YES NO
Did you….
1. Install and Configured Configure DHCP Role and
Scope properly?
4. List the needed data in blank sheet of paper?

5. Test the computer and Devices connected

successfully?
6. Complete the task in appropriate time?

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 42 of 139
Servers
 Information Sheet (3.1-3)
(User & User template)

Learning Objectives:

After reading this INFORMATION SHEET, YOU MUST be able to:

1. Describe the user and user template.

2. Explain the procedure on how to create user and user template.

3. Create user and user template.

This information sheet will cover the details on creating user and user template
on server. It also cover the procedure on how to create and configure user and
user templates.

How to Create Users and User Templates in Windows Server 2008

Active Directory

You probably already know that a User Account in Active Directory is an Active
Directory Object, or simply said, a record in an AD database. Most of the time
we create user accounts for people, however user accounts can also be created
for applications or processes.
User accounts allow a person to access resources on a network. But we can
just as easily deny access to certain resources on the network through the user
account. That’s why, User Account Objects are quite important and very
useful.

User Groups and Organizational Units. Now, let’s get started with creating a
user account.

How To Create a New User Account in Active Directory

1. To start let’s go ahead and open up Server Manager

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 43 of 139
Servers
2. Next we will open up the Roles section, next to Active Directory Users and
Computers section and finally the Active Directory Users and Computers.
You should now see your domain name.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 44 of 139
Servers
3. We are going to click on our Users section where we are going to create a
new User Account. To do so, right-click on the blank section, point to New and
select User.

4. In this window you need to type in the user’s first name, middle initial and
last name. Next you will need to create a user’s logon name.
In our example we are going to create a user account for Billy Miles and his
logon name will be bmiles. When done, click on the Next button.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 45 of 139
Servers
5. In the next window you will need to create a password for your new user and
select appropriate options.

In our example we are going to have the user change his password at his next
logon. You can also prevent a user from changing his password, set the
password so that it will never expire or completely disable the account.
When you are done making your selections, click the Next button.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 46 of 139
Servers
6. And finally, click on the Finish button to complete the creation of new User
Account.

How To Create a User Template in Active Directory

A user template in Active Directory will make your life a little easier, especially
if you are creating users for a specific department, with exactly the same
properties, and membership to the same user groups. A user template is
nothing more than a disabled user account that has all these settings already
in place. The only thing you are doing is copying this account, adding a new
name and a password.

You may have multiple user templates for multiple purposes with different
settings and properties. There is no limit on the number of user templates, but
keep in mind that they are there to help you, not to confuse you, so keep in
mind less is better.

To create a user template, we are going to create a regular user account just
like we did above. A little note here, you may want to add an * as the first
character of the name so it floats at the top in AD and is much easier to find.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 47 of 139
Servers
1. To start out, right-click on the empty space, point to new, and select User.

2. Type in the user’s name (with asterisks if so desired) and click Next.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 48 of 139
Servers
3. Create the template’s password and do not forget to check the box next to
the Account is disabled option. When ready, click Next.

4. Once the account is created, you can go ahead and add all the properties
you need for that template. To do so, double-click on that account and navigate
to a specific tab. Once done click OK.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 49 of 139
Servers
 How To Use a User Template in Active Directory

1. Now in order to use that user template, we are going to select it, copy it and
add the unique information such as user name, password, etc.
We can do that for as many users as needed. Let’s start by right-clicking on the
template and selecting Copy.

2. Next we are going to enter the user’s name, login and password information
while making sure the checkbox next to Account is disabled is unchecked.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 50 of 139
Servers
3. Once we finish, our new user account is created with all the properties of
the template account. Now wasn’t that easy!

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 51 of 139
Servers
 Self-Check 3.1-3
Enumeration: Write your answer on separate sheet of paper.

1. What are the steps on how to create user template on active directory?

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 52 of 139
Servers
 Answer Key 3.1-3
 To start out, right-click on the empty space, point to new, and select
User
 Type in the user’s name (with asterisks if so desired) and click Next.
 Create the template’s password and do not forget to check the box next
to the Account is disabled option. When ready, click Next.
 Once the account is created, you can go ahead and add all the properties
you need for that template. To do so, double-click on that account and
navigate to a specific tab. Once done click OK.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 53 of 139
Servers
 TASK SHEET 3.1-3
Title: User and User Template

Performance Objective: Given required supplies and materials you

should be able to perform in appropriate time:

1. Install and Configure User and User Template.

2. Identify the needed data in User and User Template.

Supplies/Materials : Wireless Network Card

Equipment : Computer Server, Patch Panel, Router,

Switch, Laptop, wireless Devices, Printer

Steps/Procedure:

1. Ask your trainer to provide you with needed hardware devices

2. Using blank sheet of paper write down details in Configuring
User and User Template .
3. Test if User and User Template is installed and configured
properly.
4. Submit to your trainer for evaluation.

Assessment Method:

Observation

Interview

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 54 of 139
Servers
Performance Criteria Checklist 3.1-3

CRITERIA
YES NO
Did you….
1. Install and Configured User and User Template
properly?
2. List the needed data in blank sheet of paper?

3. Test the computer and Devices connected

successfully?
4. Complete the task in appropriate time?

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 55 of 139
Servers
 Information Sheet (3.2-1)
(Group Policy)

Learning Objectives:

After reading this INFORMATION SHEET, YOU MUST be able to:

1. Identify Group Policy.

2. Explain the uses and application of Group Policy.

3. Configure Group Policy properly according to network standards.

This information sheet will cover the details on Group Policy. It also covers the
procedures on how to configure Group Policy on server.

Group Policy in Windows 2008 Server R2

Overview of Group Policy

Group Policy is simply the easiest way to reach out and configure computer
and user settings on networks based on Active Directory Domain Services (AD
DS). If your business is not using Group Policy, you are missing a huge
opportunity to reduce costs, control configurations, keep users productive and
happy, and harden security. Think of Group Policy as “touch once, configure
many.”

The requirements for using Group Policy and following the instructions that
this white paper provides are straightforward:

The network must be based on AD DS (that is, at least one server must have
the AD DS role installed). To learn more about AD DS, see Active Directory
Domain Services Overview on TechNet.

Computers that you want to manage must be joined to the domain, and users
that you want to manage must use domain credentials to log on to their
computers.

You must have permission to edit Group Policy in the domain.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 56 of 139
Servers
Although this white paper focuses on using Group Policy in AD DS, you can
also configure Group Policy settings locally on each computer. This capability
is great for one-off scenarios or workgroup computers, but using local Group
Policy is not recommended for business networks based on AD DS. The reason
is simple: Domain-based Group Policy centralizes management, so you can
touch many computers from one place. Local Group Policy requires that you
touch each computer—not an ideal scenario in a large environment. For more
information about configuring local Group Policy, see Local Group Policy Editor
on TechNet.

Windows 7 enforces the policy settings that you define by using Group Policy.
In most cases, it disables the user interface for those settings. Additionally,
because Windows 7 stores Group Policy settings in secure locations in the
registry, standard user accounts cannot change those settings. So, by touching
a setting one time, you can configure and enforce that setting on many
computers. When a setting no longer applies to a computer or user, Group
Policy removes the policy setting, restoring the original setting and enabling its
user interface. The functionality is all quite amazing and extremely powerful.

Essential Group Policy Concepts

You can manage all aspects of Group Policy by using the Group Policy
Management Console (GPMC). Figure 1 shows the GPMC, and this white paper
will refer to this figure many times as you learn about important Group Policy
concepts.

Figure1. Group Policy Management Console

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 57 of 139
Servers
You start the GPMC from the Start menu: Click Start, All Programs,
Administrative Tools, Group Policy Management. You can also click Start, type
Group Policy Management, and then click Group Policy Management in the
Programs section of the Start menu. Windows Server 2008 and Windows Server
2008 R2 include the GPMC when they are running the AD DS role. Otherwise,
you can install the GPMC on Windows Server 2008, Windows Server 2008 R2,
or Windows 7 as described in the section “Installing the GPMC in Windows 7,”
later in this white paper.

Group Policy objects

GPOs contain policy settings. You can think of GPOs as policy documents that
apply their settings to the computers and users within their control. If GPOs
are policy documents, then the GPMC is like Windows Explorer. You use the
GPMC to create, move, and delete GPOs just as you use Windows Explorer to
create, move, and delete files.

In the GPMC, you see all the domain’s GPOs in the Group Policy objects folder.
In Figure 1, the callout number 1 shows three GPOs for the domain
corp.contoso.com domain. These GPOs are:

Accounting Security. This is a custom GPO created specifically for Contoso, Ltd.

Default Domain Controller Policy. Installing the AD DS server role creates this
policy by default. It contains policy settings that apply specifically to domain
controllers.

Default Domain Policy. Installing the AD DS server role creates this policy by
default. It contains policy settings that apply to all computers and users in the
domain.

Group Policy Links

At the top level of AD DS are sites and domains. Simple implementations will
have a single site and a single domain. Within a domain, you can create
organizational units (OUs). OUs are like folders in Windows Explorer. Instead
of containing files and subfolders, however, they can contain computers, users,
and other objects.

For example, in Figure 1 you see an OU named Departments. Below the

Departments OU, you see four subfolders: Accounting, Engineering,
Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 58 of 139
Servers
Management, and Marketing. These are child OUs. Other than the Domain
Controllers OU that you see in Figure 1, nothing else in the figure is an OU.

What does this have to do with Group Policy links? Well, GPOs in the Group
Policy objects folder have no impact unless you link them to a site, domain, or
OU. When you link a GPO to a container, Group Policy applies the GPO’s
settings to the computers and users in that container. In Figure 1, the callout
number 1 points to two GPOs linked to OUs:

The first GPO is named Default Domain Policy, and this GPO is linked to the
domain corp.contoso.com. This GPO applies to every computer and user in the
domain.

The second GPO is named Accounting Security, and this GPO is linked to the
OU named Accounting. This GPO applies to every computer and user in the
Accounting OU.

In the GPMC, you can create GPOs in the Group Policy objects folder and then
link them—two steps. You can also create and link a GPO in one step. Most of
the time, you will simply create and link a GPO in a single step, which the
section “Creating a GPO,” later in this white paper, describes.

Group Policy Inheritance

As the previous section hinted, when you link a GPO to the domain, the GPO
applies to the computers and users in every OU and child OU in the domain.
Likewise, when you link a GPO to an OU, the GPO applies to the computers
and users in every child OU. This concept is called inheritance.

For example, if you create a GPO named Windows Firewall Settings and link it
to the corp.contoso.com domain in Figure 1, the settings in that GPO apply to
all of the OUs you see in the figure: Departments, Accounting, Engineering,
Management, Marketing, and Domain Controllers. If instead you link the GPO
to the Departments OU, the settings in the GPO apply only to the Departments,
Accounting, Engineering, Management, and Marketing OUs. It does not apply
to the entire domain or the Domain Controllers OU. Moving down one level, if
you link the same GPO to the Accounting OU in Figure 1, the settings in the
GPO apply only to the Accounting OU, as it has no child OUs. In the GPMC,
you can see what GPOs a container is inheriting by clicking the Group Policy
Inheritance tab (callout number 1 in Figure 2).

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 59 of 139
Servers
Figure 2. Group Policy inheritance and precedence

So, what happens if multiple GPOs contain the same setting? This is where
order of precedence comes into play. In general, the order in which Group
Policy applies GPOs determines precedence. The order is site, domain, OU, and
child OUs. As a result, GPOs in child OUs have a higher precedence than GPOs
linked to parent OUs, which have a higher precedence than GPOs linked to the
domain, which have a higher precedence than GPOs linked to the site. An easy
way to think of this is that Group Policy applies GPOs from the top down,
overwriting settings along the way. In more advanced scenarios, however, you
can override the order of precedence.

You can also have—within a single OU—multiple GPOs that contain the same
setting. Like before, the order in which Group Policy applies GPOs determines
Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 60 of 139
Servers
the order of precedence. In Figure 2, you see two GPOs linked to the domain
corp.contoso.com: Windows Firewall Settings and Default Domain Policy.
Group Policy applies GPOs with a lower link order after applying GPOs with a
higher link order. In this case, it will apply Windows Firewall Settings after
Default Domain Policy. Just remember that a link order of 1 is first priority,
and a link order of 2 is second priority. You can change the link order for a
container by clicking the up and down arrows as shown by callout number 2 in
Figure 2.

Group Policy Settings

To this point, you have learned about GPOs. You have learned that GPMC is to
GPOs and OUs as Windows Explorer is to files and folders. GPOs are the policy
documents. At some point, you are going to have to edit one of those
documents, though, and the editor you use is the Group Policy Management
Editor (GPME), which Figure 3 shows. You open a GPO in the GPME by right-
clicking it in the GPMC and clicking Edit. Once you are finished, you simply
close the window. The GPME saves your changes automatically, so you do not
have to save.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 61 of 139
Servers
Figure 3. Group Policy Management Editor

In Figure 3, callout numbers 1 and 2 point to Computer Configuration and

User Configuration, respectively. The Computer Configuration folder contains
settings that apply to computers, regardless of which users log on to them.
These tend to be system and security settings that configure and control the
computer. The User Configuration folder contains settings that apply to users,
regardless of which computer they use. These tend to affect the user
experience.

Within the Computer Configuration and User Configuration folders, you see
two subfolders (callout numbers 3 and 4 in Figure 3):

Policies.Policies contains policy settings that Group Policy enforces.

Preferences.Preferences contains preference settings that you can use to

change almost any registry setting, file, folder, or other item. By using
preference settings, you can configure applications and Windows features that
are not Group Policy–aware. For example, you can create a preference setting
that configures a registry value for a third-party application, deletes the
Sample Pictures folder from user profiles, or configures an .ini file. You can
also choose whether Group Policy enforces each preference setting or not.
However, standard user accounts can change most preference settings that you
define in the User Configuration folder between Group Policy refreshes. You
can learn more about preference settings by reading the Group Policy
Preferences Overview.

When you are first learning Group Policy, most of the settings that you will
configure will be in the Administrative Templates folders. These are registry-
based policy settings that Group Policy enforces. They are different from other
policy settings for two reasons. First, Group Policy stores these settings in
specific registry locations, called the Policies branches, which standard user
accounts cannot change. Group Policy–aware Windows features and
applications look for these settings in the registry. If they find these policy
settings, they use the policy settings instead of the regular settings. They often
disable the user interface for those settings as well.

Second, administrative template files, which have the .admx extension, define
templates for these settings. These templates not only define where policy
settings go in the registry but also describe how to prompt for them in the
Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 62 of 139
Servers
GPME. In the Group Policy setting that Figure 4 shows, for example, an
administrative template file defines help text, available options, supported
operating systems, and so on.

Figure 4. Group Policy setting

When you edit a policy setting, you are usually confronted with the choices
that callout numbers 1 to 3 indicate in Figure 4. In general, clicking:

Enabled writes the policy setting to the registry with a value that enables it.

Disabled writes the policy setting to the registry with a value that disables it.

Not Configured leaves the policy setting undefined. Group Policy does not write
the policy setting to the registry, and so it has no impact on computers or
users.

Generalizing what enabled and disabled means for every policy setting is not
possible. You can usually read the help text, shown in callout number 5, to
Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 63 of 139
Servers
determine exactly what these choices mean. You must also be careful to read
the name of the policy setting. For example, some policy settings say, “Turn on
feature X,” whereas other policy settings say, “Turn off feature Y.” Enabled and
disabled have different meanings in each case. Until you are comfortable, make
sure you read the help text for policy settings you configure.

Some policy settings have additional options that you can configure. Callout
number 4 in Figure 4 shows the options that are available for the Group Policy
refresh interval policy setting. In most cases, the default values match the
default values for Windows. As well, the help text usually gives detailed
information about the options you can configure.

Group Policy Refresh

As you learned in the previous section, GPOs contain both computer and user
settings. Group Policy applies: Computer settings when Windows starts. User
settings after the user logs on to the computer.

Group Policy also refreshes GPOs on a regular basis, ensuring that Group
Policy applies new and changed GPOs without waiting for the computer to
restart or the user to log off. The period of time between these refreshes is
called the Group Policy refresh interval, and the default is 90 minutes with a
bit of randomness built in to prevent all computers from refreshing at the same
time. If you change a GPO in the middle of the day, Group Policy will apply
your changes within about 90 minutes. You don’t have to wait until the end of
the day, when users have logged off of or restarted their computers. In
advanced scenarios, you can change the default refresh interval.

Essential Group Policy Tasks

You have now learned the essential Group Policy concepts. You know that a
GPO is like a document that contains policy settings. You manage GPOs by
using the GPMC and you edit them by using the GPME.

You also know that you link GPOs to AD DS sites, domains, and OUs to apply
the GPOs’ settings to those containers. Domains, OUs, and child OUs inherit
settings from their parents, but duplicate settings in GPOs linked to child OUs
have precedence over the same settings in GPOs linked to parent OUs, which
have precedence over GPOs linked to the domain, and so on.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 64 of 139
Servers
You also know that within a site, domain, or OU, the link order determines the
order of precedence (the smaller the number, the higher the precedence). Last,
you have an essential understanding of how to edit GPOs and what types of
settings they contain.

Now that you know the essential concepts, you are ready to learn the essential
tasks. This section describes how to create, edit, and delete GPOs. It describes
many other tasks, as well. For each task, you’ll find an explanation of its
purpose and step-by-step instructions with screenshots at each step.

Creating a GPO

You create a GPO by using the GPMC. There are two ways to create a GPO:

Create and link a GPO in one step.

Create a GPO in the Group Policy objects folder, and then link it to the domain
or OU.

The instructions in this section describe how to create and link a GPO in one
step.

You can start with a blank GPO, which the instructions describe, or you can
use a starter GPO. Starter GPOs are an advanced topic that you can learn
about in Working with Starter GPOs.

To create and link a GPO in the domain or an OU

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 65 of 139
Servers
In the GPMC, right-click
the domain or OU in
which you want to create
and link a GPO, and
click Create a GPO in
this domain, and Link it
here.

In the Name box on
the New GPO dialog box,
type a descriptive name
for the GPO, and then
click OK.

Editing a GPO

In the GPMC, you can open GPOs in the GPME to edit them within any
container. To see all of your GPOs, regardless of where you link them, use the
Group Policy objects folder to edit them.

To edit a GPO in the domain, an OU, or the Group Policy objects folder

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 66 of 139
Servers
In the left pane of the GPMC,
click Group Policy objects to
display all the domain’s GPOs
in the right pane. Alternatively,
you can click the domain or any
OU to display that container’s
GPOs in the right pane.

In the right pane of the GPMC,

right-click the GPO that you
want to edit, and click Edit to
open the GPO in the GPME.

In the GPME, edit the Group

Policy settings that you want to
change, and close the GPME
window when finished. You do
not have to save your changes,
because the GPME saves your
changes automatically.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 67 of 139
Servers
Linking a GPO

If you create and link GPOs in one step, you do not have to manually link
GPOs to the domain or OUs. However, if you create a GPO in the Group Policy
objects folder or unlink a GPO and want to restore it, you will need to manually
link the GPO. The easy way to link a GPO is to simply drag the GPO from the
Group Policy objects folder and drop it onto the domain or OU to which you
want to link it.

To link a GPO to a domain or OU

In the GPMC, right-click the

domain or OU to which you
want to link the GPO, and then
click Link an Existing GPO.

In the Select GPO dialog box,

click the GPO that you want to
link to the domain or OU, and
then click OK.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 68 of 139
Servers
Updating Clients

While editing, testing, or troubleshooting GPOs, you do not need to wait for the
Group Policy refresh interval (90 minutes, by default). You can manually
update Group Policy on any client computer by running Gpupdate.exe.
Gpupdate.exe supports many command-line options, which you can learn
about by typing gpupdate.exe /? in a Command Prompt windows In most
cases, however, you can follow the instructions in this section to update Group
Policy.

To manually update Group Policy by using Gpupdate.exe

Click Start, type cmd, and

press Enter to open a
Command Prompt window.

At the Command Prompt, type

gpupdate and press Enter.
Gpupdate.exe will update any
changed settings. You can force
Gpupdate.exe to update all
settings, whether or not they
have changed recently, by
typing gpupdate /force and
pressing Enter.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 69 of 139
Servers
 Self-Check 3.2-1
Short answer: Write your answer on a separate sheet of paper.

1. What is Group Policy?

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 70 of 139
Servers
 Answer Key 3.2-1
1. Group Policy is simply the easiest way to reach out and configure
computer and user settings on networks based on Active Directory
Domain Services (AD DS).

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 71 of 139
Servers
 TASK SHEET 3.2-1
Title: Group Policy

Performance Objective: Given required supplies and materials you

should be able to perform in appropriate time:

1. Configure Group Policy.

2. Identify the needed data in Group Policy .

3. Familiarize Group Policy Management.

Supplies/Materials : Wireless Network Card

Equipment : Computer Server, Patch Panel, Router,

Switch, Laptop, wireless Devices, Printer

Steps/Procedure:

1. Ask your trainer to provide you with needed hardware devices

2. Using blank sheet of paper write down details in Configuring
Group Policy.
3. Test if Group Policy is configured properly.
4. Submit to your trainer for evaluation.

Assessment Method:

Observation

Interview

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 72 of 139
Servers
Performance Criteria Checklist 3.2-1

CRITERIA
YES NO
Did you….
1. Configured Group Policy?

2. List the needed data in blank sheet of paper?

3. Test if Group Policy is applied to server?

4. Complete the task in appropriate time?

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 73 of 139
Servers
 Information Sheet (3.2-2)
(Remote desktop services)

Learning Objectives:

After reading this INFORMATION SHEET, YOU MUST be able to:

1. Describe and familiarize remote desktop services.

2. Explain the procedure on how to set up remote desktop services.

3. Perform remote desktop services.

This information sheet will cover the details on remote desktop services. It also
covers the procedures on how to set up remote desktop services.

Remote Desktop Services

Remote Desktop Services, formerly Terminal Services, is a server role in

Windows Server that provides technologies that enable users to access session-
based desktops, virtual machine-based desktops, or applications in the data
center from both within a corporate network and from the Internet. Remote
Desktop Services enables a rich-fidelity desktop or application experience, and
helps to securely connect remote users from managed or unmanaged devices

HOW TO SETUP REMOTE DESKTOP SERVICES

Step 1: Begin the installation

Launch Server Manager, and select "roles." Once the roles manager
screen is up, check the box for Remote Desktop Services (see Figure 1).

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 74 of 139
Servers
Figure 1
 

 After clicking Next, you should see an introduction to Remote Desktop

Services (see Figure 2).

Figure 2

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 75 of 139
Servers
Step 2: Select Remote Desktop Services roles you want to install

Remote Desktop Services (RDS) includes several components (see Figure 3).
These components can be on one machine or many. Let's take a look at each of
them.
 Remote Desktop Session Host: This is the new name of Terminal Server.
 Remote Desktop Virtualization Host: This component integrates with Hyper-
V. This allows for the pooling of virtual machines on Hyper-V to be used for
virtual desktops.
 Remote Desktop Connection Broker: This component is used to bridge the
user with a virtual desktop, remote application or Terminal Server session.
 Remote Desktop Licensing: This is the new name of Terminal Server
licensing server that also includes licensing for Microsoft's Virtual Desktop
Infrastructure (VDI).
 Remote Desktop Gateway: This provides a single connection point for clients
to connect to a specific virtual desktop, remote app or Terminal Server
session.
 Remote Desktop Web Access: This provides clients an interface to access
their virtual desktop, remote app or Terminal Server sessions.

Figure 3 

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 76 of 139
Servers
Step 3: Pick the license mode

As with past Terminal Server licensing, there are two license options: per device
and per user (see Figure 4).

Figure 4 

Step 4: Allowing access to Terminal Server (not required)

Select which users to give access to the local terminal services. This component
is not required for RDS to work. If you choose to install "Remote Desktop
Session Host" as I have, you will get this prompt (see Figure 5).

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 77 of 139
Servers
Figure 5
 

Step 5: Configure the client experience

The next screen is "Configure Client Experience" (see Figure 6). This is where
you set the defaults for the experience the end user will have with the VDI
system.
Figure 6 

 
Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 78 of 139
Servers
Step 6: Configure license scope (see Figure 7)

Just as with Terminal Server of the past, you can configure the scope of the
license server. You have the following two options:
1. Domain: This limits the licensing to only servers in the domain.
2. Forest: This allows any Terminal Server in the forest to attain a license.

Figure 7 

Step 7: Assigning the SSL certificate for Remote Desktop Gateway (see
Figure 8)

The Remote Desktop Gateway uses Secure Sockets Layer (SSL) to tunnel and
encrypt traffic from the client. This functionality requires a certificate. There
are two options for certificates:
1. Specify a certificate from the certificate store.
2. Produce a self-signed certificate.
In either case, the client must trust the certificate.
 

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 79 of 139
Servers
Figure 8
 

Step 8: Configure network access protection (optional)

These next few screens go beyond the scope of RDS but are related, so I will
just cover the basics.

Create authorization policies (see Figure 9)

I skipped this part because it is beyond this article's scope. This is where you
would configure a policy that states who is allowed to use the Remote Desktop
Gateway.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 80 of 139
Servers
Figure 9 

Install and configure network access and protection policies (see Figure
10 and Figure 11)

This is used to configure and enforce network access polices such as IPsec and
network access protection from the client. This feature can also be used to
define different policies based on users' connectivity (dial-up or virtual private
network).

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 81 of 139
Servers
Figure 10

Figure 11
 

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 82 of 139
Servers
Step 9: Install IIS and Remote Desktop Web Access

Remote Desktop Web Access requires Internet Information Services (IIS), so the
next two screens are for installing and configuring IIS. Figure 12 is an overview
screen, while Figure 13 is the configuration screen.

Figure 12
 

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 83 of 139
Servers
Figure 13
 

 
Step 10: The final steps

At this point, you're done. The last two screens just let you know what you're
installing (see Figure 14), and a final screen (see Figure 15) lets you know
whether any additional steps like rebooting are required.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 84 of 139
Servers
Figure 14

Figure 15
 

 
Now that you have installed and configured RDS, you can start using Terminal
Services and Remote Desktop Gateway Manager.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 85 of 139
Servers
 Self-Check 3.2-2

Enumeration: Write your answer on separate sheet of paper.

1. Give at least 5 remote desktop services component and their role.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 86 of 139
Servers
 Answer Key 3.2-2
 Remote Desktop Session Host: This is the new name of Terminal Server.
 Remote Desktop Virtualization Host: This component integrates with Hyper-
V. This allows for the pooling of virtual machines on Hyper-V to be used for
virtual desktops.
 Remote Desktop Connection Broker: This component is used to bridge the
user with a virtual desktop, remote application or Terminal Server session.
 Remote Desktop Licensing: This is the new name of Terminal Server
licensing server that also includes licensing for Microsoft's Virtual Desktop
Infrastructure (VDI).
 Remote Desktop Gateway: This provides a single connection point for clients
to connect to a specific virtual desktop, remote app or Terminal Server
session.
 Remote Desktop Web Access: This provides clients an interface to access
their virtual desktop, remote app or Terminal Server sessions.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 87 of 139
Servers
 TASK SHEET 3.2-2
Title: Remote Desktop Services

Performance Objective: Given required supplies and materials you

should be able to perform in appropriate time:

1. Configure Remote Desktop Services .

2. Identify the needed data in Remote Desktop Services.

3. Familiarize Remote Desktop Services .

Supplies/Materials : Wireless Network Card

Equipment : Computer Server, Patch Panel, Router,

Switch, Laptop, wireless Devices, Printer

Steps/Procedure:

1. Ask your trainer to provide you with needed hardware devices

2. Using blank sheet of paper write down details in setting up Remote
Desktop Services.
3. Test if Remote Desktop Services set up properly.
4. Submit to your trainer for evaluation.

Assessment Method:

Observation

Interview

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 88 of 139
Servers
Performance Criteria Checklist 3.2-2

CRITERIA
YES NO
Did you….
1. Set up Remote Desktop Services?

2. List the needed data in blank sheet of paper?

3. Test if Remote Desktop Services is applied to

clients and server?
4. Complete the task in appropriate time?

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 89 of 139
Servers
 Information Sheet (3.2-3)
(File server)

Learning Objectives:

After reading this INFORMATION SHEET, YOU MUST be able to:

1. Describe and familiarize Filer server services.

2. Explain the procedure on how to set up Filer server.

This information sheet will cover the details on File Server and procedures on
how to install and configure file server.

File server
In the client/server model, a file server is a computer responsible for the
central storage and management of data files so that other computers on the
same network can access the files. A file server allows users to share
information over a network without having to physically transfer files by floppy
diskette or some other external storage device. Any computer can be configured
to be a host and act as a file server. In its simplest form, a file server may be an
ordinary PC that handles requests for files and sends them over the network.
In a more sophisticated network, a file server might be a dedicated network-
attached storage (NAS) device that also serves as a remote hard disk drive for
other computers, allowing anyone on the network to store files on it as if to
their own hard drive.

How to install and configure File Server

Open "Server Manager" and click "Add Role". Select "File Services" from the
Server role list.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 90 of 139
Servers
 Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 91 of 139
Servers
 Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 92 of 139
Servers
 Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 93 of 139
Servers
 Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 94 of 139
Servers
Now create a Folder and share it with below permissions.
Share name: UserData$ (You can hide the share using the dollar sign ($) at
the end of the share name)

Administrators : Full Control

System : Full Control
Authenticated Users : Full Control

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 95 of 139
Servers
Security settings
Group :  Authenticated Users
Type :    Allow
Applies to : This folder only

Permissions:
Traverse folder / execute file
List folder / read data
Read attributes
Read extended attributes
Read permissions

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 96 of 139
Servers
Create a Quota Template.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 97 of 139
Servers
 Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 98 of 139
Servers
 Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 99 of 139
Servers
 Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 100 of 139
Servers
Attach to a User's profile.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 101 of 139
Servers
 Self-Check 3.2-3
True or False: Write T if the answer is True and f if the answer is False. Write
your answer on a separate sheet of paper.

________ 1. In the client/server model, a file server is a computer responsible

for the central storage and management of data files so that other computers
on the same network can access the files.

________ 2. A file server allows users to share information over

a network without having to physically transfer files by floppy diskette or some
other external storage device.

________ 3. In a more sophisticated network, a file server might be a dedicated

network-attached storage (NAS) device that also serves as a remote hard disk
drive for other computers, allowing anyone on the network to store files on it as
if to their own hard drive.

________ 4. You can hide the share using the dollar sign ($) at the end of the
share name

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 102 of 139
Servers
 Answer Key 3.2-3
1. T
2. T
3. T
4. T

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 103 of 139
Servers
 TASK SHEET 3.2-3
Title: File Server

Performance Objective: Given required supplies and materials you

should be able to perform in appropriate time:

1. Configure and Install File Server .

2. Identify the needed data in File Server .

Supplies/Materials : Wireless Network Card

Equipment : Computer Server, Patch Panel, Router,

Switch, Laptop, wireless Devices, Printer

Steps/Procedure:

1. Ask your trainer to provide you with needed hardware devices

2. Using blank sheet of paper write down details in Configuring and
Installing File Server.
3. Test if File Server Services Configure and Install properly.
4. Submit to your trainer for evaluation.

Assessment Method:

Observation

Interview

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 104 of 139
Servers
Performance Criteria Checklist 3.2-3

CRITERIA
YES NO
Did you….
1. Configure and Install File Server?

2. List the needed data in blank sheet of paper?

3. Test if Configured and Installed File Server is

applied to clients and server?
4. Complete the task in appropriate time?

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 105 of 139
Servers
 Information Sheet (3.3-1)
(Managing remote print server)

Learning Objectives:

After reading this INFORMATION SHEET, YOU MUST be able to:

1. Familiarize print servers.

2. Explain the uses and application of remote print server.

3. Manage remote print server.

This information sheet will cover the details on Managing remote print server.
It also covers details on how to manage remote print server.

Managing Remote Print Servers

In the previous chapter it was stated that the Print Management tool provides a
central location from which the print services for an entire network may be
managed. So far we have only looked and managing the print server running
on the local computer. In this section we will look at adding remote servers to
the local Print Management configuration.
For the purposes of this example a theoretical configuration consisting of two
Windows Server 2008 systems named winserver-1 and winserver-2 is assumed.
Both systems have the print services role installed and Print Management
on winserver-1will be configured to also manage print services on winserver-2.
This is achieved by first launching Print Management on the local winserver-
1 system (Start -> Administration Tools -> Print Management), right clicking on
the Print Servers node of the tree hierarchy in the left hand pane and selecting
the Add/Remove Servers option.
From the resulting menu, select the Add/Remove Servers option. The resulting
dialog box displays the currently configured print servers under the
management of local Print Management. If no remote print servers have been
added previously the only server listed will be the local system. To add
additional print servers either enter a comma separated list of server names, or
use the Browse button to locate servers on the network. When one or more
servers have been selected, click on the Add to list button to add the servers to

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 106 of 139
Servers
the list. The following figure illustrates the Add/Remove Servers dialog box
configured with both the local and remote servers:

Once all the required remote print servers have been added to the list, click
on Apply then close the dialog to return to the main Print Management
window. The new print servers will now appear alongside the local server
under Print Servers in the left hand pane of the Print Management screen as
illustrated below:

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 107 of 139
Servers
Migrating Printers and Queues Between Servers

Windows Server 2008 also provides the ability to migrate both printers and
print queues from one print server to another. This makes it easy, for example,
to take a print server off-line for maintenance or to permanently re-assign a
printer from one print server to another. The steps outlined below assume that
print Management has been configured to manage both the source and target
print servers as outlined in the preceding section of this chapter. If this is not
the case, the printer export file will need to be copied onto the destination
server or made available via file sharing and imported using Print Management
on that server.
This form of migration is performed using the Printer Migration Wizard which,
along with most other tasks, is accessed from the Print Management interface.
Once Print Management is up and running, right click on the server in the left
pane from which the printer is to be migrated (the source server) and
select Export Printers To a File from the menu. Print Management will
subsequently display a dialog listing the printer drivers, port and queues
currently configured on the selected print server as illustrated below:

After reviewing the listed information click Next and select a suitable location

to save the printer export file and click Next once again to perform the export
process. Depending on the number of printers being exported and the size of
the drivers the export process may take a few minutes to complete. If the
export was successful a message will appear beneath the progress bar stating
Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 108 of 139
Servers
this fact. If the export was unsuccessful, click on the Open Event Viewer button
provided to learn more about the cause of the problem so that remedial action
may be taken. Assuming a successful export click Finishto dismiss the Printer
Migration dialog.
The next step is to import the printers into the target server. Begin by right
clicking on the destination server in the Print Management window and
selecting Import printers from a file.... In the resulting dialog, use the browse
button to navigate to the export file, select it and click on Next to proceed. Once
the file has been read a screen will appear identical to the one displayed prior
to exporting the printer objects in the preceding step. Review this information
and click Next to display the Select import options screen as illustrated in the
following figure:

These options require a little explanation:

 Keep existing printers; import copies - It is possible that a printer being

imported is already also installed on the destination server. With this option
selected, the original printer on the destination server will be left unchanged
and the new printer imported as a copy.

 Overwrite existing printers - If the printer being imported is already

installed on the target server it is overwritten by the imported copy when
this option is selected.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 109 of 139
Servers
 List printers that were previously listed - When selected, only printers
that were already listed in Active Directory will still be listed after the import
process is completed.

 List all printers - All printers are listed in Active Directory

 Don't list any printers - No printers are listed in Active Directory

Once the required settings are configured, click Next to initiate the printer
import process. The printer configurations, drivers and queues will be
subsequently be imported onto the target print server. If errors are reported
click on the Open Event Viewer button to obtain additional information. In
particular, be mindful of printers that were physically connected to the source
print server. Since they are not physically connected to the target server an
error will likely occur during the migration. Even if the printer was physically
moved to the target system prior to migration it is also possible that it is
connected to a different physical port to that used on the source server. Such
problems can be resolved by right clicking on the imported printer in Print
Management, selecting Properties and making the necessary configuration
changes.

Configuring Printer Permissions

Access to printers is controlled through the configuration of printer

permissions. By default, a printer is accessible to all users on the local system,
and if shared, all users elsewhere on the network. Printer permissions are
divided into two categories, special permissions and standard permissions.
Before describing how to change the permissions on a printer it is first
important to understand the meaning of each permission option.
The standard printer permissions are outlined in the following table:

Permission Description

Allows users and groups to send documents to the printer and

to manage their own print jobs. Also includes the Read special
Print
permission allowing viewing, but not alteration, of printer
permissions

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 110 of 139
Servers
 Allows full management of the printer, including changing
shared status, changing of permissions and properties, taking
Manage
ownership of printers and print jobs and starting and stopping
Printers
print jobs. Includes the Read, Change and Take
Ownership special permissions.

Allows user and groups to manage print jobs but does not
provide the ability to print. Permissions consist of pausing,
Manage
restarting, resuming and reordering and canceling print jobs.
Documents
Includes the Read, Change and Take Ownership special
permissions

The special permissions are as follows:

Permission Description

Read Permissions User or Group may view the permissions on the printer.

Change
User or Group may change the permissions of a printer.
Permissions

User or Group may take ownership of printer and/or

Take Ownership
print jobs.

The current permissions for a printer may be viewed and changed by right
clicking on that printer in the Print Management tool (Start -> Administrative
Tools -> Print Management), selecting Properties and clicking on
the Security tab:

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 111 of 139
Servers
To change the permissions for a currently listed user or group, select the user
or group and change the Allow and Deny permissions to the required settings.
When the settings are configured, click on apply to commit the changes. If the
user or group is not currently listed in the properties dialog, click on
the Add... button to invoke the Select Users or Groups dialog. Change
the Location setting if necessary and then enter the names of the users or
groups, separated by semi-colons into the bottom text box. Click the Check
Names button to verify the selected users or groups exist within the current
location scope:

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 112 of 139
Servers
Assuming the names are correct click on OK to return to the properties dialog
where the selected users and/or groups will now be included in the Group or
user names list. To configure permissions, select a user or group and set the
permissions in the Permissions for section of the dialog. Click Apply to commit
the changes and repeat the task for any other users or groups added to the list.
To configure the special permissions click on the Advanced button in the
Security page of the properties panel to display the Advanced Security
Settings dialog as illustrated below:

To modify the permissions for a user or group select that object from the list
and click Edit... to display the Permission Entry for dialog. In this dialog both
the standard and special permissions for the selected user or group are
displayed and may be changed as required. As noted previously, certain special
permissions are implicit in standard permission settings. For example, setting
the Manage Printers standard permission also enables
the Read, Change and Take Ownership special permissions. Once the desired
permission changes have been made click on OK to dismiss the Permission
Entry for dialog, followed by Apply, then OK in the Advanced Security
Settings dialog. Finally, click on OK to dismiss the properties dialog and return
to Print Management.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 113 of 139
Servers
Changing Printer Ownership

After a printer has been installed the owner, by default, is SYSTEM. Ownership
may be taken either by an administrator or by a user or group which has been
assigned Take ownership permission for the printer.
To assign ownership to another user or group, open the properties dialog for
the printer, select the Security tab and then click on Advanced. In the
advanced settings screen, select the Owner tab. This screen will list the current
owner, together with a list of users and group to which ownership may be
changed. If the intended new owner is not listed in the Change owner to: list,
click on the Other users or groups... button to access the Select User or
Group dialog box. Enter the name of a user or group and click on the Check
Names button. With the correct name selected, click on OK to return to the list
of owners. Select the desired owner from the list and click on Apply to commit
the change of ownership.

Printer Pooling Configuration

Printer Pooling refers to the process of allocating multiple physical print devices
to a single logical printer. In such a configuration print jobs to the logical
printer are assigned by the print server to the first available physical printer in
the pool. A key requirement is that the physical printers that make up a pool
must all use the same print driver and have the same amount of memory.
To configure printer pooling, install a printer such that it uses a particular port
(such as a local port or IP address). Attach the other printers that are to make
up the pool, but do not install them via Print Management. Once the first
printer is installed, open the properties dialog for that printer by right clicking
on it in Print Management and select the Ports tab. In the Ports page select
the Enable printer pooling option. If the ports to which the additional printers
are connected are listed make sure they are all selected. Note that a pool can
be made up of printers connected in any combination of ways (network, serial,
parallel, USB etc). In the case of network printers, click on Add Port... and
enter the IP address of the additional printer, click New Port... and allow the
wizard to create the new port. Once all the new ports are added and selected,
click Apply to create the printer pool. The following figure illustrates a printer
pool comprising three HP Deskjet network printers:

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 114 of 139
Servers
Configuring Printer Availability and Priority

Rather than working with the actual physical printers, users are in fact
working with logical printers which map onto a physical print device. Windows
allows a single physical print device to be assigned to multiple logical printers.
This approach brings considerable flexibility in terms of controlling the
availability of a printer to different groups of users and the priority of their
print jobs.
This concept is best described by example. Suppose that a printer is to be
made available to members of an engineering group only during the office
hours. That same printer, however, is to always be available to the
management group. Similarly, any print jobs belonging to the management
group must be given a higher priority than those of the engineering group. To
achieve this objective, two logical printers assigned to the same physical print
device will be created, one for engineering and one for management. The
availability of the engineering logical printer will be restricted to office hours
and given a low priority. The management logical printer will always be
available and will be given a high priority. Permissions on the logical printers
will then be configured such that the engineering team is denied access to the
management printer.
Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 115 of 139
Servers
Availability and priority is configured from the printer property panel. To
access these settings, launch Print Management and navigate to the required
printer in the left pane. Right click on the printer, select Properties and then
choose the Advanced tab. Once selected, the property panel will appear as
follows:

For the management logical printer the Always available option will be selected

and a high priority assigned (for example 95). Once these values are set, click
on the Security tab of the properties dialog and deny access to the printer for
the engineering group. Repeat these steps for the engineering logical printer,
this time selecting the Available from option and specifying the hours that the
printer is available.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 116 of 139
Servers
 Self-Check 3.3-1
True or False: Write T if the answer is True and f if the answer is False. Write
your answer on a separate sheet of paper.

________ 1. Windows Server 2008 does not provides the ability to migrate both
printers and print queues from one print server to another.

________ 2. It is possible that a printer being imported is already also installed

on the destination server.

________ 3. User or Group may view the permissions on the printer.

________ 4. User or Group may not take ownership of printer and/or print jobs.

________ 5. Ownership may be taken either by an administrator or by a user or

group which has been assigned Take ownership permission for the printer.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 117 of 139
Servers
 Answer Key 3.3-1

1. F
2. T
3. T
4. F
5. T

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 118 of 139
Servers
 Information Sheet (3.3-2)
(Deployment of remote print server to client)

Learning Objectives:

After reading this INFORMATION SHEET, YOU MUST be able to:

1. Familiarize remote print server to client.

2. Deploy remote print server to client.

This information sheet will cover the details on how to install and deploy print
server to client.

Installing the Print Server

The first step in setting up a Windows Server 2008 print server is to install the
Print Server role. This is achieved by launching the Server Manager,
selecting Roles item from the tree in the left pane and clicking on Add Roles. In
the Add Roles Wizard click next on the Welcome screen if one appears and then
select the Print Services option. Click Next and read the information displayed
before clicking Next once again to proceed to the Select Role Services screen.
On this screen a number of different service options are available for selection
and installation as outlined in the following table:

Option Description

Print Installs the print server and Print Management console. This is a
Server prerequisite for configuring print services on Windows Server 2008.
LDP Installs the TCP/IP Line Printer Daemon Service (LPDSV) allowing
Service UNIX, Linux and other Line Printer Remote (LPR0) based
computers to print via the print server. This setting also opens port
in the Windows Firewall.
Internet Creates an Internet Information Service (IIS) hosted web site where
Printing users can manage printers and connect and print to shared
printers hosted in the server using the Internet Printing Protocol
(IPP). The default URL for the web site is
http://servername/Printers, where servername is the name of the
server running the print services.
Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 119 of 139
Servers
With the required options selected, click Next. Note that if Internet Printing was
selected and the IIS role is not currently installed in the server, the wizard will
prompt to add additional roles. If prompted, click on the Add Required Role
Services button to proceed. Click Next on any information pages that may be
displayed until the Confirmation screen appears. After reviewing the summary
information provided, click Install to initiate the installation process.

Print Services Management Tools

Once print services are installed a number of print management tools are now
available on the system. First and foremost is the Print Management snap-in
which may be accessed via Start -> All Programs -> Administrative Tools -> Print
Management. A useful command-line tool is also available in the form of the
Print Backup Recovery Migration tool. The executable is named Printbrm.exe
and is located in %SystemRoot%\System32\Spool\Tools.

A number of useful VBscript tools are also available in %SystemRoot%\

System32\Printing_Admin_Scripts\en-US (note that if you use a language other
than en-US the path will need to be change accordingly).
Scripts are available for configuring printer settings (prncfg.vbs), listing and
managing printer drivers (prndrvr.vbs), managing print jobs (prnjobs.vbs),
managing print queues (prnQctl.vbs), publishing printers to active directory
(pubprn.vbs), installing and managing printers (prnmngr.vbs) and for
managing TCP/IP printer ports (prnport.vbs).

The scripts are executed using the cscript.exe command and when run without
any command-line options will display a list of supported options. For example:

cscript prnjobs.vbs

Microsoft (R) Windows Script Host Version 5.7

Copyright (C) Microsoft Corporation. All rights reserved.

Usage: prnjobs [-zmxl?] [-s server][-p printer][-j jobid][-u user name][-w

password]

Arguments:
-j - job id

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 120 of 139
Servers
-l - list all jobs
-m - resume the job
-p - printer name
-s - server name
-u - user name
-w - password
-x - cancel the job
-z - pause the job
-? - display command usage

Examples:
prnjobs -z -p printer -j jobid
prnjobs -l -p printer
prnjobs -l

Adding Network Printers to the Print Server using Auto-detect

Obviously, a print server without any printers isn't going to be of much use.
Not surprisingly, therefore, the next step after installing Print Services is to add
printers. Printers may either be network based, or locally connected to the
server. In the case of network printers, these may be added either manually or
using auto-detection. Under auto-detection, Print Management scans the
subnet on which the server resides and searches for any devices it can identify
as being printers. As printers are detected on the network they are displayed in
a list here they may be selected and added to the print server.
To add network printers using auto-detection, open the Print Management tool
via Start -> All Programs -> Administrative Tools -> Print Management, unfold
the Print Servers from the list in the left pane, right click the local or remote
print server to which the new printer is to be added and select Add Printer....
This will display the Network Printer Installation Wizard as illustrated below:

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 121 of 139
Servers
In order to have the wizard search for printers on the network, ensure that
the Search for network printers is selected and click on Next. At this point the
wizard will begin the process of scanning the network for printers. As each
printer is detected it will be listed. In the following example, the wizard has
detected an HP Deskjet 5800 printer on the network with an IP address of
192.168.2.10:

If no printers are detected, ensure that the printers are connected to the
network and powered on and are on the same subnet as the print server. Once
the scan is complete, select the required printer from the list and click Next to
proceed to the Printer Driver screen. If a driver for the printer is already
installed, select it from the drop down list. Alternatively select the Install a new
driver option and click Next to proceed to the Printer Installation screen where a
Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 122 of 139
Servers
list of printer manufacturers and models is presented. Select the make and
model of the printer from the list:

If the make and model of printer are not listed, check to see if the printer was
supplied with a driver disk, or whether a driver can be obtained from the
manufacturer's web site. Assuming this to be the case, use the Have
Disk button to browse for and select the appropriate manufacturer driver. With
either a printer selected from the list, or a suitable driver specified, click
on Next to configure the Printer Name and Share Settings. On this screen, enter
the name by which the new printer will be shared to clients over the network. If
the printer is not to be shared, ensure that the Share this printer is not
selected. Also, enter a location description (for example, "Printer in Accounts")
and comment if desired. Click Next to display the printer summary screen as
illustrated below where the selected settings are presented for review:

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 123 of 139
Servers
Assuming the configuration summary is correct, click Next to install the new
printer. At this point the wizard will report that the driver has been
successfully installed and that a test page is ready to be printed. If another
printer is to be added to the print server, select the Add Another Printer option
to instruct the wizard to loop back to the start of the installation process.

Manually Adding Network Printers to a Print Server

The preceding section discussed the use of auto-detection to locate and install
and network attached printer. This section will cover the manual installation of
a network printer. As with auto-detection, begin by invoking the Print
Management tool (Start -> All Programs -> Administrative Tools -> Print
Management), unfold the Print Servers category from the list in the left pane,
right click the local or remote print server to which the new printer is to be
added and select Add Printer.... This will launch the Network Printer Installation
Wizard. On the initial page of the wizard select the option labeledAdd a TCP/IP
or Web Services Printer by IP address or hostname and click Next to proceed to
the Printer Address screen. If the type of printer is known (TCP/IP
device or Web Services Printer) make the appropriate selection. Alternatively,
leave the setting as Auto Detect to have the wizard identify the printer type.
Enter the IP address or hostname of the printer to be added to the print server.
The wizard will automatically generate a unique port name to accompany the
IP address or hostname. The option is also provided to have the wizard attempt
to identify the appropriate driver for the new printer. The following figure
illustrates the screen as described:

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 124 of 139
Servers
Click Next to install a printer driver. If a driver for the printer is already
installed on the print server, select it from the drop down list. Alternatively
select the Install a new driver option and click Next to proceed to the Printer
Installation screen where a list of printer manufacturers and models is
presented. Select the make and model of the printer from the list, or use
the Have Disk to install the manufacturer supplied driver.
With either a printer selected, click on Next to configure the Printer Name and
Share Settings. On this screen, enter the name by which the new printer will be
shared to clients over the network. If the printer is not to be shared, ensure
that the Share this printer is not selected. Also, enter a location description (for
example, "Color Printer in Sales") and comment if desired. Click Next to
perform the installation and print an optional test page.

Adding a Locally Connected Printer

Since servers are generally sequestered in climate controlled server room and
printers are located in proximity to the users it always seems a little odd to talk
about installing printers with are locally connected to servers. That said, it is a
topic which needs to covered, and cover it we will.
Local printers will be connected to the server using a serial (COM) port, a
parallel (LPT) port or a Universal Serial Bus (USB) port. Often, Windows will
automatically detect a new printer as soon as it is connected and powered up.
In this situation an icon will appear in the task bar indicating that the new
device has been detected. Clicking on this icon presents the option to view
details about the installation process, resulting in the appearance of a dialog
Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 125 of 139
Servers
similar to the one illustrated below, where a Brother MFC-420CN printer has
been detected and is being installed:

Once the printer has been installed, it will likely need to be configured for
network sharing. To achieve this, launch the Print Management tool, select the
print server to which the printer is physically connected and click on Printers.
The center pane of the tool will display a list of printers installed on the current
print server. Identify the required printer in the list, double click on it to
display the properties dialog and select the Sharing tab:

If the printer is to be shared with network client, set the Share this

printer check box and enter a suitable share name for the printer. This page
also allows Client-side Rendering(CSR) to be configured. When selected, all
rendering of print jobs is performed on the client and just the RAW print data
Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 126 of 139
Servers
sent to the server for printing. This offloads the rendering overhead to the client
computers, thereby reducing the load, and increasing the scalability of the
print server.
If Windows fails to auto-detect the printer it may be added manually from Print
Management by right clicking on the print server to which the device is
attached and selecting Add Printer.... On the initial screen select the Add new
printer using an existing port and choose the port to which the printer is
connected from the drop down list. Once selected, click Next to install a printer
driver. If one is already installed, select it from the drop down next to the use
an existing printer driver on the computer. Alternatively, select Install a new
printer driver and either select the printer make and model from the list, or use
the Have Disk to install the manufacturer supplied driver. Click Next to
proceed to the Printer Name and Sharing screen. Choose whether the printer is
to be shared and, if so, by what name. Proceed to the summary screen, review
the information and complete the installation.
With a printer server configured and printers added the next step is to cover
the management of printer servers on Windows Server 2008.

INSTALL PRINTER SERVER USING DEDICATED PRINTER SERVER

We are using TP-link TL-PS110UPrinter server the default IP is 192.168.0.10

Setup the Printer Server

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 127 of 139
Servers
Edit the Printer Server Name
Setup the TCP/IP Address to your desired IP

HERE ARE THE STEPS FOR THE RESETTING THE PRINTER SERVER.

1. Unplug the power adapter of print server;

2. Press the Reset key on the print server and hold;

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 128 of 139
Servers
 3. Plug-in the power adapter with the Reset key pressing for no less than 7
seconds;
4. Release the Reset key.

For TL-WPS510U, when the Wireless LED light flashes regularly, the TL-
WPS510U has finished the resetting and you can see the WLAN-PS Ad-Hoc
network in your wireless network list.

HOW TO INSTALL PRINTER USING TCP/IP PORT.

The following steps illustrate how to install a network printer using TCP/IP in
Windows 7. In order to complete the steps you will need to know details such
as the printer model and IP address. Click the Start button, type print in the
Search programs and files box and click Add a printer

1. Choose Add a local printer

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 129 of 139
Servers
2. Click the bullet which says Create a new port and use the drop down
menu to choose Standard TCP/IP Port

3. Click Next
4. In the Hostname or IP Address field enter the IP Address for the printer
you are adding
Instuctions for looking up your IP Address (authentication required)

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 130 of 139
Servers
5. Click Next
6. Choose the driver that corresponds to your printer model (or click the
Have Disk button to search for downloaded drivers)

7. Click Next
8. Click the bullet beside Use the driver that is currently installed
(recommended)

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 131 of 139
Servers
9. Click Next
10. Take note of the name given to the printer
11. Click Next
12. Make sure the bullet is selected beside Do not share this printer
13. Click Next
14. Click to put a check mark beside of Set as the default printer (if you
do wish to make it your default printer)
15. Click the Print a test page button (if you wish to do so)
16. Click Finish. Your printer should now be set up and ready to use.

Self-Check 3.3-2

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 132 of 139
Servers
Enumeration: write your answer in a separate sheet of paper.

1. What are the steps for the resetting the printer server.

Answer Key 3.3-2

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 133 of 139
Servers
1. Unplug the power adapter of print server;
2. Press the Reset key on the print server and hold;
3. Plug-in the power adapter with the Reset key pressing for no less
than 7 seconds;
4. Release the Reset key.

Information Sheet (3.3-3)

Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 134 of 139
Servers
 (Test Printing)

Learning Objectives:

After reading this INFORMATION SHEET, YOU MUST be able to:

1. Familiarize Test Printing.

2. Perform test prints on printers connected to server and clients.

This information sheet will cover the details on how to perform test printing on
server and client computers.

Share a printer between multiple computers

Those who have multiple computers in their home or workplace may want to
share a printer for convenience or cost efficiency. This document contains
different ways you may make a printer available to multiple computers using
various methods. Before you share a printer on a network, you should decide
what configuration you'd like to go with. Below are the different setups and
their advantages and disadvantages.

Wireless printer
Printer connected to a computer or server
Dedicated print server

Wireless printer

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 135 of 139
Servers
Many of today's printers (often middle to high-end ones) have the capability of
connecting directly to a user's network. This attribute gives these printers the
distinct advantage of ease of use as they are the simplest to set up and detect.
In, fact from Windows Vista onward, printers with wireless capabilities are
more or less Plug-and-Play; detectable by a node computer's word processor or
Internet browser. The only downside to this configuration is that it requires
a wireless network to be setup.

Printer connected to computer or server

The most common solution for distributing a printer (because of the ease and
price) is to connect it to a host computer. Essentially, the host computer
"shares" the printer by allowing other computers on the network to print
through it over a Local Area Network or Internet connection. The primary
disadvantage of this method is that the host computer must always be on in
order for other machines to use the printer. In order to print through another
machine on your network, you must already have a network setup at your
home as well as a printer installed on the host computer.

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 136 of 139
Servers
Dedicated print server

Another option is a hardware device called a print server. Print servers enable
you to connect a small appliance to your network that delegates and queues
print jobs for multiple machines. They have the advantage of being able to be
used when the main computer connected to your printer is turned off (network
printer setup), but the disadvantage of added cost in addition to setup time.

Self-Check 3.3-2
Date Developed: Document No. 3 Revision # 01
CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 137 of 139
Servers
Enumeration: Answer the following question. Write your answer on a separate
sheet of paper.

1. What are the different setups in sharing printer on multiple

computers?

Answer Key 3.3-2

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 138 of 139
Servers
1. Wireless printer
Printer connected to a computer or server
Dedicated print server

Date Developed: Document No. 3 Revision # 01

CBLM in CSS NC II Issued by:
Set-Up Computer Developed by: Page 139 of 139
Servers