PRACTICAL ON WINDOWS SERVER PROPOSED BY AZOBOU CEDRIC

PRACTICALS: NETWORK
ADMINISTRATION AND SECURITY
1. Set the Server’s Static IP Address
Objective: Assign a static IP to the server.
Steps:
1. Go to Control Panel → Network and Sharing Center → Change adapter settings.
2. Right-click your active Ethernet adapter → Properties.
3. Select Internet Protocol Version 4 (TCP/IPv4) → Properties.
4. Choose Use the following IP address and enter:
o IP address: 192.168.1.10
o Subnet mask: 255.255.255.0
o Default gateway: 192.168.1.1
5. Set DNS servers: 8.8.8.8 and 8.8.4.4
6. Click OK to apply.

2. Rename the Server

Objective: Rename the server to “Server01”.
Steps:
1. Open System Properties (sysdm.cpl).
2. Click Change next to computer name.
3. Type Server01.
4. Restart the server to apply the change.

3. Promote to Domain Controller (Install Active Directory)

Objective: Install and configure Active Directory.
Steps:
1. Open Server Manager → Add Roles and Features.

Page 1 of 11
 PRACTICAL ON WINDOWS SERVER PROPOSED BY AZOBOU CEDRIC

2. Select Active Directory Domain Services → Click Next and install.

3. After installation, click the yellow flag → Promote this server to a domain controller.
4. Choose Add a new forest, set Root domain name: example.local.
5. Set DSRM password → Complete setup → Reboot server.

4. Create a New User in Active Directory

Objective: Create user jsmith.
Steps:
1. Open Active Directory Users and Computers.
2. Right-click Users OU → New → User.
3. Fill in: First name: John, Last name: Smith, User logon: jsmith.
4. Set a password → Finish.

5. Create a Security Group

Objective: Create group HRGroup.
Steps:
1. In AD Users and Computers, right-click Users OU → New → Group.
2. Group name: HRGroup, Group scope: Global, Group type: Security.
3. Click OK.

6. Add User to a Group

Objective: Add jsmith to HRGroup.
Steps:
1. Double-click jsmith user → Go to Member Of tab.
2. Click Add → Type HRGroup → Click OK.

7. Set a User Account to Expire

Objective: Set jsmith account to expire after 30 days.
Steps:

Page 2 of 11
 PRACTICAL ON WINDOWS SERVER PROPOSED BY AZOBOU CEDRIC

1. Open jsmith’s Properties.

2. Go to Account tab.
3. Check Account expires → Choose a date 30 days from now → Click OK.

8. Create an Organizational Unit (OU)

Objective: Create OU called Staff.
Steps:
1. In ADUC, right-click domain → New → Organizational Unit.
2. Name it Staff → Click OK.

9. Move a User to an OU
Objective: Move jsmith to the Staff OU.
Steps:
1. Drag and drop jsmith from Users to Staff OU.
2. Confirm the move.

10. Install DNS Server Role

Objective: Install the DNS role.
Steps:
1. Open Server Manager → Add Roles and Features.
2. Choose DNS Server → Install.
3. Wait for installation to complete.

11. Create a New DNS Zone

Objective: Create a forward lookup zone for company.local.
Steps:
1. Open DNS Manager.
2. Right-click Forward Lookup Zones → New Zone.
3. Choose Primary zone, zone name: company.local → Finish.

Page 3 of 11
 PRACTICAL ON WINDOWS SERVER PROPOSED BY AZOBOU CEDRIC

12. Add a Host Record in DNS

Objective: Add webserver.company.local pointing to 192.168.1.20.

Steps:
1. Right-click company.local zone → New Host (A or AAAA).
2. Name: webserver, IP: 192.168.1.20 → Add Host.

13. Install DHCP Server Role

Objective: Enable dynamic IP address assignment.
Steps:
1. Open Server Manager → Add Roles and Features.
2. Select DHCP Server → Install.

14. Create a DHCP Scope

Objective: Create a scope for 192.168.1.50 – 192.168.1.100.
Steps:
1. Open DHCP Manager.
2. Right-click IPv4 → New Scope.
3. Set:
o Range: 192.168.1.50 – 192.168.1.100
o Subnet: 255.255.255.0
o Gateway: 192.168.1.1
o DNS: 192.168.1.10
4. Activate the scope.

15. Test DHCP Assignment

Objective: Confirm a client gets an IP from DHCP.
Steps:
1. Connect a Windows PC to the network.

Page 4 of 11
 PRACTICAL ON WINDOWS SERVER PROPOSED BY AZOBOU CEDRIC

2. Run ipconfig /release then ipconfig /renew.

3. Verify IP is in the configured range.

16. Install and Configure File Sharing

Objective: Share a folder named Public.

Steps:
1. Create C:\Public folder.
2. Right-click folder → Properties → Sharing → Advanced Sharing.
3. Check Share this folder, set name: Public.
4. Set permissions as needed.

17. Map a Network Drive from a Client

Objective: Map \\Server01\Public as drive Z.

Steps:
1. On client PC, open File Explorer → Map Network Drive.
2. Choose Z: → Folder: \\Server01\Public → Finish.

18. Create a Group Policy to Disable USB Storage

Objective: Block USB storage for domain users.
Steps:
1. Open Group Policy Management.
2. Create new GPO: BlockUSB and link it to domain.
3. Edit GPO:
o User Config → Admin Templates → System → Removable Storage Access.
o Enable “All Removable Storage classes: Deny all access”.

19. Force Group Policy Update

Objective: Apply a GPO immediately.
Steps:

Page 5 of 11
 PRACTICAL ON WINDOWS SERVER PROPOSED BY AZOBOU CEDRIC

1. On the client PC, open Command Prompt.

2. Run gpupdate /force.

20. Enable Remote Desktop on the Server

Objective: Allow remote RDP access.

Steps:
1. Go to System Properties → Remote tab.
2. Enable Allow remote connections to this computer.

21. Check Open Ports Using PowerShell

Objective: List all listening ports.
Steps:
powershell
CopierModifier
Get-NetTCPConnection | Where-Object {$_.State -eq 'Listen'}

22. Create a Scheduled Backup

Objective: Backup C:\Users daily at 10PM.
Steps:
1. Open Task Scheduler.
2. Create task → Action: wbadmin start backup -backupTarget:D: -include:C:\Users
3. Set schedule to 10PM daily.

23. Install Windows Server Backup Feature

Objective: Enable backup functionality.
Steps:
1. Server Manager → Add Features.
2. Select Windows Server Backup → Install.

Page 6 of 11
 PRACTICAL ON WINDOWS SERVER PROPOSED BY AZOBOU CEDRIC

24. Audit Logon Events

Objective: Enable auditing of user logons.
Steps:
1. Open Group Policy Management.
2. Edit GPO → Computer Config → Policies → Windows Settings → Security Settings → Local
Policies → Audit Policy.
3. Enable Audit logon events → Success and Failure.

25. Monitor System with Event Viewer

Objective: View logon attempts.

Steps:
1. Open Event Viewer → Windows Logs → Security.
2. Look for Event ID 4624 (logon) or 4625 (failed logon).

What You’ll Learn:

You will configure roaming profiles so that when a user logs into any domain-joined computer,
their desktop environment, files, and settings follow them automatically.

Prerequisites:
• A Windows Server with Active Directory Domain Services (AD DS) installed.
• A domain-joined Windows client (e.g., Windows 10/11).
• A domain user account.
• Administrator privileges.

Step-by-Step: Configure Roaming Profiles

Step 1: Create a Shared Folder for Profiles

Explanation:
This folder will store all users’ roaming profile data centrally on the server.

Page 7 of 11
 PRACTICAL ON WINDOWS SERVER PROPOSED BY AZOBOU CEDRIC

Instructions:
1. On the domain controller or a file server, create a folder:
o Example: D:\RoamingProfiles
2. Right-click the folder → Properties.
3. Go to the Sharing tab → Click Advanced Sharing.
4. Check “Share this folder”.
5. Set Share name: Profiles$ (adding $ makes it hidden).
6. Click Permissions:
o Allow Everyone: Read
o Later, permissions will be refined for security.
7. Click OK to apply sharing.

Set NTFS Permissions:

1. Go to the Security tab → Click Edit.

2. Add:
o Authenticated Users: Modify, Read & Execute, List folder contents, Read, Write
o Ensure Administrators have full control.
3. Click OK.

Why this matters: This ensures that users can access their profile, and the system can
read/write user data.

Step 2: Create or Use an Existing User Account in Active Directory

Instructions:

1. Open Active Directory Users and Computers (ADUC).

2. Create a new user or locate an existing one.
o Example: jdoe

Step 3: Assign a Roaming Profile Path

Explanation:
This step tells Windows where to store and retrieve the user's profile.

Page 8 of 11
 PRACTICAL ON WINDOWS SERVER PROPOSED BY AZOBOU CEDRIC

Instructions:
1. In ADUC, right-click the user (e.g., jdoe) → Properties.
2. Go to the Profile tab.
3. Under Profile path, enter:
ruby
CopierModifier
\\ServerName\Profiles$\%username%
Replace ServerName with your actual server's name.

Example:
ruby
CopierModifier
\\DC01\Profiles$\%username%
%username% is automatically replaced with the user's login name.
4. Click Apply and OK.

Step 4: Log In from a Domain-Joined Client Machine

Instructions:
1. Go to a domain-joined client computer.
2. Log in as the domain user (e.g., jdoe).
3. Windows will create the user profile locally and sync it with the server path.

Test roaming:
Log out and log in from another domain-joined PC. You should see the same desktop
environment, files, and settings.

Step 5: (Optional but Recommended) Secure Folder Permissions Per User

Why:
To ensure each user can only access their own profile folder.

Instructions:
1. In D:\RoamingProfiles (server-side):

Page 9 of 11
 PRACTICAL ON WINDOWS SERVER PROPOSED BY AZOBOU CEDRIC

2. As each user logs in, a subfolder like jdoe will be created.

3. Right-click the user's profile folder → Properties → Security.
4. Ensure only:
o That user has full control.
o Administrators have access.

Step 6: Configure Group Policy for Roaming Profiles (Optional)

Why:
To enforce profile behavior for many users.

Instructions:

1. Open Group Policy Management Console (GPMC).

2. Create or edit a GPO linked to the target OU.
3. Navigate to:
User Configuration → Policies → Administrative Templates → System → User Profiles
4. Configure:
o Set roaming profile path for all users logging onto this computer
o Set to: \\ServerName\Profiles$\%username%

Final Testing:
1. Log in as jdoe from PC1.
2. Create a file on the desktop.
3. Log out.
4. Log in from PC2 with the same user.
5. You should see the same desktop and the file.

Summary:

Step Description

1 Create and share a folder for profiles

Page 10 of 11
 PRACTICAL ON WINDOWS SERVER PROPOSED BY AZOBOU CEDRIC

Step Description

2 Create or locate domain user

3 Assign profile path in ADUC

4 Log in from a domain client

5 Secure user folder access

6 (Optional) Apply GPO settings

Page 11 of 11