1. A. Datum wants to use shared printers in their environment. Objectives Create and share a local printe
Create and share a local printer
You need to create and share a printer on one of the local systems, and then test connectivity to it.
The main tasks for this exercise are as follows:
1. Add and share a local printer.
2. Configure printer security.
3. Log on to LON-CL2 as Adatum\Ed.
4. Connect to a network printer.
Task 1: Add and share a local printer
1. Log on to LON-CL1 as Adatum\Administrator, and then open the Control Panel.
2. Open the Add Printer Wizard.
3. Create and Share a Microsoft OpenXPS printer named ManagersPrinter using the Nul port.
Task 2: Configure printer security
1. Open the Print Management console.
2. Configure the ManagersPrinter so that Managers can print to it, and not Everyone.
3. Pause the ManagersPrinter.
Task 3: Log on to LON-CL2 as Adatum\Ed
• Log on to LON-CL2 as Adatum\Ed.
Task 4: Connect to a network printer
1. On Lon-CL2, open the Add Printer Wizard.
2. Connect to ManagersPrinter.
3. Switch to LON-CL1, verify that the test page is in the ManagersPrinter queue, and Resume Printing.
You need to create and share a printer on one of the local systems, and then test connectivity to it.
The main tasks for this exercise are as follows:
1. Add and share a local printer.
2. Configure printer security.
3. Log on to LON-CL2 as Adatum\Ed.
4. Connect to a network printer.
Task 1: Add and share a local printer
1. Log on to LON-CL1 as Adatum\Administrator, and then open the Control Panel.
2. Open the Add Printer Wizard.
3. Create and Share a Microsoft OpenXPS printer named ManagersPrinter using the Nul port.
Task 2: Configure printer security
1. Open the Print Management console.
2. Configure the ManagersPrinter so that Managers can print to it, and not Everyone.
3. Pause the ManagersPrinter.
Task 3: Log on to LON-CL2 as Adatum\Ed
• Log on to LON-CL2 as Adatum\Ed.
Task 4: Connect to a network printer
1. On Lon-CL2, open the Add Printer Wizard.
2. Connect to ManagersPrinter.
3. Switch to LON-CL1, verify that the test page is in the ManagersPrinter queue, and Resume Printing.
2. You have users that need to share files between computers. Objectives Create a folder shared to all users. Create a folder shared to specific users.
1. Create a folder shared to all users.
2. Create a folder shared to specific users
You need to share a folder to which everyone has Read access.
The main tasks for this exercise are as follows:
1. Create an Adatum folder.
2. Share the Adatum folder.
3. Log on to LON-CL2 as Adatum\Ed.
4. Access the Adatum folder as Adatum\Ed.
Task 1: Create an Adatum folder
1. Log on to LON-CL1 as Adatum\Administrator.
2. Start Windows Explorer.
3. Open the E:\Labfiles\Mod07 folder.
4. Create a folder named Adatum.
Task 2: Share the Adatum folder
• Share the Adatum folder so that Everyone can read it.
Task 3: Log on to LON-CL2 as Adatum\Ed
• Log on to LON-CL2 as Adatum\Ed.
Task 4: Access the Adatum folder as Adatum\Ed
1. Start Windows Explorer.
2. Open the \\Lon-CL1\Adatum folder.
3. Attempt to create a file in the \\Lon-CL1\Adatum folder.
At the end of this lab, you will have created a folder and shared it for all users.
Task 2. Creating a Shared Folder for the Marketing Group
You need to share a folder for the Marketing Department
The main tasks for this exercise are as follows:
1. Create a Marketing folder.
2. Share the Marketing folder for Everyone.
3. Configure NTFS permissions for the Marketing folder.
4. Attempt to access the Marketing folder as Adatum\Ed.
5. Log on to LON-CL2 as Adatum\Adam.
6. Attempt to access the Marketing folder as Adatum\Adam.
Task 1: Create a Marketing folder
• On LON-CL1, create a new folder in the E:\Labfiles\Mod07 folder named Marketing.
Task 2: Share the Marketing folder for Everyone
• Share the Marketing folder so that Everyone can read it.
Task 3: Configure NTFS permissions for the Marketing folder
1. Configure the Marketing folder so that the Marketing security group has Modify permission.
2. Close all open windows, and then log off of LON-CL1.
Task 4: Attempt to access the Marketing folder as Adatum\Ed
1. On LON-CL2, open the \\Lon-CL1\Marketing folder.
2. Attempt to create a file in the \\Lon-CL1\Marketing folder.
3. Log off LON-CL2.
Task 5: Log on to LON-CL2 as Adatum\Adam
• Log on to LON-CL2 as Adatum\Adam.
Task 6: Attempt to access the Marketing folder as Adatum\Adam
1. Start Windows Explorer.
2. Open the \\LON-CL1\Marketing folder.
3. Attempt to create a file in the \\LON-CL1\Marketing folder.
4. Close all windows, and then log off.
2. Create a folder shared to specific users
You need to share a folder to which everyone has Read access.
The main tasks for this exercise are as follows:
1. Create an Adatum folder.
2. Share the Adatum folder.
3. Log on to LON-CL2 as Adatum\Ed.
4. Access the Adatum folder as Adatum\Ed.
Task 1: Create an Adatum folder
1. Log on to LON-CL1 as Adatum\Administrator.
2. Start Windows Explorer.
3. Open the E:\Labfiles\Mod07 folder.
4. Create a folder named Adatum.
Task 2: Share the Adatum folder
• Share the Adatum folder so that Everyone can read it.
Task 3: Log on to LON-CL2 as Adatum\Ed
• Log on to LON-CL2 as Adatum\Ed.
Task 4: Access the Adatum folder as Adatum\Ed
1. Start Windows Explorer.
2. Open the \\Lon-CL1\Adatum folder.
3. Attempt to create a file in the \\Lon-CL1\Adatum folder.
At the end of this lab, you will have created a folder and shared it for all users.
Task 2. Creating a Shared Folder for the Marketing Group
You need to share a folder for the Marketing Department
The main tasks for this exercise are as follows:
1. Create a Marketing folder.
2. Share the Marketing folder for Everyone.
3. Configure NTFS permissions for the Marketing folder.
4. Attempt to access the Marketing folder as Adatum\Ed.
5. Log on to LON-CL2 as Adatum\Adam.
6. Attempt to access the Marketing folder as Adatum\Adam.
Task 1: Create a Marketing folder
• On LON-CL1, create a new folder in the E:\Labfiles\Mod07 folder named Marketing.
Task 2: Share the Marketing folder for Everyone
• Share the Marketing folder so that Everyone can read it.
Task 3: Configure NTFS permissions for the Marketing folder
1. Configure the Marketing folder so that the Marketing security group has Modify permission.
2. Close all open windows, and then log off of LON-CL1.
Task 4: Attempt to access the Marketing folder as Adatum\Ed
1. On LON-CL2, open the \\Lon-CL1\Marketing folder.
2. Attempt to create a file in the \\Lon-CL1\Marketing folder.
3. Log off LON-CL2.
Task 5: Log on to LON-CL2 as Adatum\Adam
• Log on to LON-CL2 as Adatum\Adam.
Task 6: Attempt to access the Marketing folder as Adatum\Adam
1. Start Windows Explorer.
2. Open the \\LON-CL1\Marketing folder.
3. Attempt to create a file in the \\LON-CL1\Marketing folder.
4. Close all windows, and then log off.
3. You are the System Administrator working in ABC-Systems. You should have access to some of the company's data all the time. You should be able to access this data from your mobile devices and phones. In addition, the data needs to be accessed from any location at any point of time, even if you do not have your company's system with you. What should you do for achieving the preceding requirements?
1. Click Internet icon on the task bat. the Internet Explorer window is displayed.
2. Select and replace the existing text with http://hotmail.com in the address bar, and then press the Enter key.
The Hotmail Sign in page is displayed.
3. Click the sign up now link. the Microsoft account page is displayed.
4. Type your first name in the First text box under the who atr you ? section.
5. Type your first name in the Last text box under the who atr you ? section.
6. Select the month of your date-of-birth the Month drop-Down list.
7. Select the month of your date-of-birth from the Day drop down list.
8. Select year of your date-of-birth the Year drop down list.
9. Select gender from the Gender drop down list.
10. Type the email id in the Microsoft account name text box under the how would you link to sign in? section.
11. Type pass@123 in the Create a password and Reenter password text boxes.
12. Select your country code in the phone number drop down list under the if you lose your password, how can we help you it?
section.
13. Type your phone number in the phone number drop down text box.
14. Type your alternate email id in the Alternate rmail address text box.
15. Select your country/region in the Country/region drop down list under the Where are you from? section.
16. Type your zip code text box.
17. Type the characters from the Security Image box in the Enter the characters you see text box under the help us make sure you're
not a robol section.
18. Click the I accept button. you profile page is displayed.
19. Click the SKyDrive link at the top of the page. the SKyDrive page is displayed.
20. Click the Get SKyDrive apps link at the button of the left pane.
21. Select the Windows desktop node from the left pane. the Windows desktop page is displayed.
22. Click the Downlod new link from the right pane under the SKyDrive desktop app for windows section. the SKyDrive.exe popup is displayed.
23. Click the Run button. the downloading of application will begin. After a few moments, the Microsoft SKyDrive wizard id displayed.
24. Close the window.
2. Select and replace the existing text with http://hotmail.com in the address bar, and then press the Enter key.
The Hotmail Sign in page is displayed.
3. Click the sign up now link. the Microsoft account page is displayed.
4. Type your first name in the First text box under the who atr you ? section.
5. Type your first name in the Last text box under the who atr you ? section.
6. Select the month of your date-of-birth the Month drop-Down list.
7. Select the month of your date-of-birth from the Day drop down list.
8. Select year of your date-of-birth the Year drop down list.
9. Select gender from the Gender drop down list.
10. Type the email id in the Microsoft account name text box under the how would you link to sign in? section.
11. Type pass@123 in the Create a password and Reenter password text boxes.
12. Select your country code in the phone number drop down list under the if you lose your password, how can we help you it?
section.
13. Type your phone number in the phone number drop down text box.
14. Type your alternate email id in the Alternate rmail address text box.
15. Select your country/region in the Country/region drop down list under the Where are you from? section.
16. Type your zip code text box.
17. Type the characters from the Security Image box in the Enter the characters you see text box under the help us make sure you're
not a robol section.
18. Click the I accept button. you profile page is displayed.
19. Click the SKyDrive link at the top of the page. the SKyDrive page is displayed.
20. Click the Get SKyDrive apps link at the button of the left pane.
21. Select the Windows desktop node from the left pane. the Windows desktop page is displayed.
22. Click the Downlod new link from the right pane under the SKyDrive desktop app for windows section. the SKyDrive.exe popup is displayed.
23. Click the Run button. the downloading of application will begin. After a few moments, the Microsoft SKyDrive wizard id displayed.
24. Close the window.
4. Holly, the IT manager, is concerned that staff are attempting to perform configuration changes on their computers for which they have no authorization. While Windows 8 does not allow the users to perform these tasks, Holly wants to ensure users are prompted properly about the actions that they are attempting. Objectives Modify the default UAC prompting behavior.
Modify the default UAC prompting behavior.
You decide to reconfigure the UAC notification behavior, and then reconfigure the UAC prompts.
The main tasks for this exercise are as follows:
1. Modify the UAC prompts.
2. Modify the UAC notification level.
3. Test the UAC settings.
Task 1: Modify the UAC prompts
1. Log on to LON-CL1 as Adatum\administrator with the password Pa$$w0rd.
2. Open the Local Group Policy Editor, and navigate to Computer Configuration > Windows
Settings > Security Settings > Local Policies.
3. Modify the User Account Control: Behavior of the elevation prompt for standard users value:
Prompt for credentials on the secure desktop
Task 2: Modify the UAC notification level
1. Enable the User Account Control: Only elevate executables that are signed and validated value.
2. Enable the User Account Control: Behavior of the elevation prompt for administrators in
Admin Approval Mode value and select the Prompt for consent on the secure desktop option.
Task 3: Test the UAC settings
1. Log on to LON-CL1 as Adatum\Dan with the password Pa$$w0rd.
2. Open Computer Management. You are prompted by UAC for credentials on the secure desktop.
Provide the necessary credentials, and after Computer Management opens, close Computer
Management. Log off.
3. Log on to LON-CL1 as Adatum\Administrator with the password Pa$$w0rd, and open Action
Centre to verify the notification settings for UAC are configured for Always notify.
You decide to reconfigure the UAC notification behavior, and then reconfigure the UAC prompts.
The main tasks for this exercise are as follows:
1. Modify the UAC prompts.
2. Modify the UAC notification level.
3. Test the UAC settings.
Task 1: Modify the UAC prompts
1. Log on to LON-CL1 as Adatum\administrator with the password Pa$$w0rd.
2. Open the Local Group Policy Editor, and navigate to Computer Configuration > Windows
Settings > Security Settings > Local Policies.
3. Modify the User Account Control: Behavior of the elevation prompt for standard users value:
Prompt for credentials on the secure desktop
Task 2: Modify the UAC notification level
1. Enable the User Account Control: Only elevate executables that are signed and validated value.
2. Enable the User Account Control: Behavior of the elevation prompt for administrators in
Admin Approval Mode value and select the Prompt for consent on the secure desktop option.
Task 3: Test the UAC settings
1. Log on to LON-CL1 as Adatum\Dan with the password Pa$$w0rd.
2. Open Computer Management. You are prompted by UAC for credentials on the secure desktop.
Provide the necessary credentials, and after Computer Management opens, close Computer
Management. Log off.
3. Log on to LON-CL1 as Adatum\Administrator with the password Pa$$w0rd, and open Action
Centre to verify the notification settings for UAC are configured for Always notify.
5. A user at A. Datum is working on a project that requires his data be restricted from other members of his project team. The data, stored in a shared folder, is accessible by all A. Datum personnel. You must select a method for providing data privacy for this user's data files. Objectives Encrypt files and test access to these encrypted files.
Encrypt files and test access to these encrypted files.
You decide that implementing encryption with EFS will enable the user to prohibit other team members
from accessing his data files and maintain security of the file data.
The main tasks for this exercise are as follows:
1. Create, share, and secure a data folder for the project team data.
2. Create a sample data file.
3. Encrypt the file and then test file access.
Task 1: Create, share, and secure a data folder for the project team data
1. On LON-DC1, open Windows Explorer.
2. Create a folder called C:\Sales-Data.
3. Share the C:\Sales-Data folder with the following properties:
o Share name: Sales-Data
o Share permissions: Authenticated Users, Full Control
o NTFS permissions: Authenticated Users, Full Control
Task 2: Create a sample data file
1. Switch to LON-CL1, and log on as Dan with the password of Pa$$word. Dan is a member of the sales
team.
2. Map a network drive to \\LON-DC1\Sales-Data using drive S:.
3. Create a new Microsoft Word document in S: called Team Briefing.
4. Add the following text to the document, and then save the file:
Task 3: Encrypt the file and then test file access
1. Encrypt the Team Briefing document.
2. Log on as Adatum\Vivian with the password Pa$$w0rd.
3. Map a network drive to \\LON-DC1\Sales-Data using drive S:.
4. In Windows Explorer and navigate to S:.
5. Attempt to open the Team Briefing document in S:.
You are denied access
6. Close Word and then log off of LON-CL1.
You decide that implementing encryption with EFS will enable the user to prohibit other team members
from accessing his data files and maintain security of the file data.
The main tasks for this exercise are as follows:
1. Create, share, and secure a data folder for the project team data.
2. Create a sample data file.
3. Encrypt the file and then test file access.
Task 1: Create, share, and secure a data folder for the project team data
1. On LON-DC1, open Windows Explorer.
2. Create a folder called C:\Sales-Data.
3. Share the C:\Sales-Data folder with the following properties:
o Share name: Sales-Data
o Share permissions: Authenticated Users, Full Control
o NTFS permissions: Authenticated Users, Full Control
Task 2: Create a sample data file
1. Switch to LON-CL1, and log on as Dan with the password of Pa$$word. Dan is a member of the sales
team.
2. Map a network drive to \\LON-DC1\Sales-Data using drive S:.
3. Create a new Microsoft Word document in S: called Team Briefing.
4. Add the following text to the document, and then save the file:
Task 3: Encrypt the file and then test file access
1. Encrypt the Team Briefing document.
2. Log on as Adatum\Vivian with the password Pa$$w0rd.
3. Map a network drive to \\LON-DC1\Sales-Data using drive S:.
4. In Windows Explorer and navigate to S:.
5. Attempt to open the Team Briefing document in S:.
You are denied access
6. Close Word and then log off of LON-CL1.
6. Holly Dickson is the IT manager at A. Datum Corp. She has expressed a concern that some of the laptop computers that are used outside of the A. Datum network are more susceptible to security breaches. She has asked that you investigate how best to configure security and other settings on these computers. Objectives Create multiple local GPOs. Apply the local GPOs.
Create multiple local GPOs.
Apply the local GPOs.
Although you typically configure most security and other settings by using domain-based GPOs, you
decide that for these laptop computers, implementing local GPOs would achieve Holly’s goal of securing
these roaming computers. You decide to implement multiple local GPOs to ensure that administrator and
standard user accounts can have different settings:
• The default computer policy will be configured to display a warning dialog box.
• The non-administrators policy will be configured with certain security restrictions.
• The administrators policy will not be configured with the same security restrictions.
The main tasks for this exercise are as follows:
1. Create a management console for multiple local Group Policies.
2. Configure the local computer settings.
3. Configure Non-Administrators security settings.
Task 1: Create a management console for multiple local Group Policies
1. Log on to LON-CL1 as administrator, and open the Microsoft Management Console.
2. Add the following snap-ins to the console:
o Group Policy Object Editor: Local Computer
o Group Policy Object Editor: Administrators
o Group Policy Object Editor: Non-Administrators
3. Save the console to the Desktop with the name Multiple Local Group Policy Editor.
Task 2: Configure the local computer settings
1. Create a logon script in the Local Computer Policy.
2. Add the following text to the script file: msgbox “Warning. You are not connected to the A
Datum Domain”.
3. Save the script file as RoamingScript.vbs.
4. Change Save as type: to All Files, and then click Save.
Task 3: Configure Non-Administrators security settings
1. Select the Non-Administrators Policy, and navigate to User Configuration > Administrative
Tools > Control Panel.
2. Enable the Prohibit access to Control Panel and PC settings setting.
After this exercise, you should have successfully created and configured multiple local GPOs.
Task 2. Testing the Application of the Local GPOs
You must now log on to test the application of local GPOs.
The main tasks for this exercise are as follows:
1. Log on as a standard user to test the policies.
2. Log on as administrator to test the policies.
Task 1: Log on as a standard user to test the policies
1. Log off from LON-CL1.
2. Log on as Adatum\Holly with the password Pa$$w0rd, and then verify that the logon script runs on
the desktop.
3. Attempt to open Control Panel.
Task 2: Log on as administrator to test the policies
1. Log on as Adatum\Administrator with the password Pa$$w0rd, and then verify that the logon
script runs on the desktop.
2. Attempt to open Control Panel.
3. Log off of LON-CL1.
After this exercise, you should have implemented and test multiple local GPOs successfully.
=To prepare for the next lab
• When you are finished the lab, leave the virtual machines running as they are needed for the next lab.
Apply the local GPOs.
Although you typically configure most security and other settings by using domain-based GPOs, you
decide that for these laptop computers, implementing local GPOs would achieve Holly’s goal of securing
these roaming computers. You decide to implement multiple local GPOs to ensure that administrator and
standard user accounts can have different settings:
• The default computer policy will be configured to display a warning dialog box.
• The non-administrators policy will be configured with certain security restrictions.
• The administrators policy will not be configured with the same security restrictions.
The main tasks for this exercise are as follows:
1. Create a management console for multiple local Group Policies.
2. Configure the local computer settings.
3. Configure Non-Administrators security settings.
Task 1: Create a management console for multiple local Group Policies
1. Log on to LON-CL1 as administrator, and open the Microsoft Management Console.
2. Add the following snap-ins to the console:
o Group Policy Object Editor: Local Computer
o Group Policy Object Editor: Administrators
o Group Policy Object Editor: Non-Administrators
3. Save the console to the Desktop with the name Multiple Local Group Policy Editor.
Task 2: Configure the local computer settings
1. Create a logon script in the Local Computer Policy.
2. Add the following text to the script file: msgbox “Warning. You are not connected to the A
Datum Domain”.
3. Save the script file as RoamingScript.vbs.
4. Change Save as type: to All Files, and then click Save.
Task 3: Configure Non-Administrators security settings
1. Select the Non-Administrators Policy, and navigate to User Configuration > Administrative
Tools > Control Panel.
2. Enable the Prohibit access to Control Panel and PC settings setting.
After this exercise, you should have successfully created and configured multiple local GPOs.
Task 2. Testing the Application of the Local GPOs
You must now log on to test the application of local GPOs.
The main tasks for this exercise are as follows:
1. Log on as a standard user to test the policies.
2. Log on as administrator to test the policies.
Task 1: Log on as a standard user to test the policies
1. Log off from LON-CL1.
2. Log on as Adatum\Holly with the password Pa$$w0rd, and then verify that the logon script runs on
the desktop.
3. Attempt to open Control Panel.
Task 2: Log on as administrator to test the policies
1. Log on as Adatum\Administrator with the password Pa$$w0rd, and then verify that the logon
script runs on the desktop.
2. Attempt to open Control Panel.
3. Log off of LON-CL1.
After this exercise, you should have implemented and test multiple local GPOs successfully.
=To prepare for the next lab
• When you are finished the lab, leave the virtual machines running as they are needed for the next lab.
No comments:
Post a Comment