Windows Server Core Setup and File Services - Galen-Dively/SYS250-02-Journal GitHub Wiki

Tech Journal: Windows Server Core Setup and File Services

Step 1: Join FS01 to the Domain

To join the server to the Active Directory domain, I used sconfig again, selecting Option 1 (Domain/Workgroup). I joined the domain galen.local and provided my domain admin credentials to complete the process. After another reboot, I verified that FS01 was successfully joined to the domain by logging in with the domain admin account.

Step 3: Remote Administration Using RSAT

Next, I connected to FS01 remotely from AD02 using Remote Server Administration Tools (RSAT). To set this up:

  1. Open Server Manager on AD02.
  2. Add FS01 to All Servers.
  3. Install File Services Role on FS01 using the Add Roles and Features wizard.

Step 4: Setting Up the OU Structure and Creating Users

On AD02, I used Active Directory Users and Computers to set up the following:

  • Created an Organizational Unit (OU) named SYS255\Groups.
  • Created a new Global Security Group called Sales-Users.
  • Created two standard domain users: Bob and Alice, in the SYS255\Users OU.
  • Added Alice to the Sales-Users group.

Step 5: Configuring the File Share on FS01

To configure the Sales file share on FS01, I performed the following steps:

  1. Open Server Manager on AD02.

  2. Select Add Roles and Features on FS01 and ensure that File Server Resource Manager is installed.

  3. On AD02, connect to FS01 and use File and Storage Services to create a new SMB Quick Share:

    • Share Name: Sales
    • Local Path: C:\Shares\Sales
    • Remote Path: \\FS01\Sales

  4. Customize the share permissions by:

    • Assigning Sales-Users group with Full Control permissions.
    • Removing the Everyone group from the share.

Step 6: Testing Permissions

Testing access from WSK02 as both Bob and Alice yielded the following results:

  • Alice (member of Sales-Users): Could successfully read and write to \\FS01\Sales.
  • Bob (not a member of Sales-Users): Could not read or write to \\FS01\Sales.

Step 7: Group Policy to Map Network Drive

Group Policy Configuration:

I created a Group Policy Object (GPO) to map the S:\ drive to \\FS01\Sales for all members of the Sales-Users group.

Steps:

  1. Open Group Policy Management on AD02.
  2. Create a new GPO named Map Sales Drive.
  3. Navigate to User Configuration > Preferences > Windows Settings > Drive Maps.
  4. Create a new mapped drive with the following settings:
    • Location: \\FS01\Sales
    • Drive Letter: S:
    • Action: Create
  5. Enable Item-level targeting to apply the GPO only to the Sales-Users group.

gpresult and Mapped Drive Verification:

After running gpupdate /force, I used gpresult /r to confirm that the GPO was applied, and the S:\ drive was successfully mapped for Alice.