Lab 03: Linux - Galen-Dively/SYS250-02-Journal GitHub Wiki

Tech Journal: Windows Server Core Setup and File Services

Step 1: Configure Network on FS01

The first step in setting up the FS01 machine was to configure its network using the built-in sconfig command-line utility. I used Option 8 in the sconfig menu to set the following static IP configuration:

  • IP Address: 10.0.5.8
  • Subnet Mask: 255.255.255.0 (/24)
  • Default Gateway: 10.0.5.1
  • DNS Server: 10.0.5.5 (address for AD02)
  • Search Domain: yourdomain.local
  • Hostname: fs01-firstname

The configuration was verified after a reboot and confirmed by using ipconfig to check the assigned IP and the hostname change.

Step 2: Join FS01 to the Domain

To join the server to the Active Directory domain, I used sconfig again, selecting Option 1 (Domain/Workgroup). I joined the domain yourdomain.local and provided my domain admin credentials to complete the process. After another reboot, I verified that FS01 was successfully joined to the domain by logging in with the domain admin account.

Step 3: Remote Administration Using RSAT

Next, I connected to FS01 remotely from AD02 using Remote Server Administration Tools (RSAT). To set this up:

  1. Open Server Manager on AD02.
  2. Add FS01 to All Servers.
  3. Install File Services Role on FS01 using the Add Roles and Features wizard.

Step 4: Setting Up the OU Structure and Creating Users

On AD02, I used Active Directory Users and Computers to set up the following:

  • Created an Organizational Unit (OU) named SYS255\Groups.
  • Created a new Global Security Group called Sales-Users.
  • Created two standard domain users: Bob and Alice, in the SYS255\Users OU.
  • Added Alice to the Sales-Users group.

Step 5: Configuring the File Share on FS01

To configure the Sales file share on FS01, I performed the following steps:

  1. Open Server Manager on AD02.

  2. Select Add Roles and Features on FS01 and ensure that File Server Resource Manager is installed.

  3. On AD02, connect to FS01 and use File and Storage Services to create a new SMB Quick Share:

    • Share Name: Sales
    • Local Path: C:\Shares\Sales
    • Remote Path: \\FS01\Sales

  4. Customize the share permissions by:

    • Assigning Sales-Users group with Full Control permissions.
    • Removing the Everyone group from the share.

Step 6: Testing Permissions

Testing access from WSK02 as both Bob and Alice yielded the following results:

  • Alice (member of Sales-Users): Could successfully read and write to \\FS01\Sales.
  • Bob (not a member of Sales-Users): Could not read or write to \\FS01\Sales.

Step 7: Group Policy to Map Network Drive

Group Policy Configuration:

I created a Group Policy Object (GPO) to map the S:\ drive to \\FS01\Sales for all members of the Sales-Users group.

Steps:

  1. Open Group Policy Management on AD02.
  2. Create a new GPO named Map Sales Drive.
  3. Navigate to User Configuration > Preferences > Windows Settings > Drive Maps.
  4. Create a new mapped drive with the following settings:
    • Location: \\FS01\Sales
    • Drive Letter: S:
    • Action: Create
  5. Enable Item-level targeting to apply the GPO only to the Sales-Users group.

gpresult and Mapped Drive Verification:

After running gpupdate /force, I used gpresult /r to confirm that the GPO was applied, and the S:\ drive was successfully mapped for Alice.