Lab 06 ‐ Server Core Remote Administrator Tools - rune-seregina/sys-255-fa24 GitHub Wiki

Objective
In this lab, I learned to configure and a Server Core, including how to use sconfig to make network, hostname, and domain configurations and remote connecting from ad02. I also practiced using Server Manager to set up and use RSAT and File Services as well as more group policy practice.

Vocab:

  • sconfig: Server Configuration tool to configure and manage a Windows Server instance
  • RSAT: Remote Server Administration Tools, a set of tools that allows IT administrators to manage Windows servers remotely from a local machine.
  • Shares: allow administrators and software to remotely manage hosts on an internal network using the SMB protocol
  • NTFS: (New Technology File System) a type of access control that limits who can access files and folders on a computer or network
  • Local Permissions (also called NTFS Permissions): Permissions that are applied only Locally (and not Remotely) on the OS, and affects both Local (i.e. via keyboard) and Remote (i.e. via network) account access.
  • Share Permissions: Permissions that are applied only Remotely (and not Locally) to the OS, and affects only Remote (i.e. via network shares) account access.

Resources used:

IP Assignments:

  • WAN IP (synonymous with fw interface 1/em0): 10.0.17.112/24
  • LAN IP (synonymous with fw interface 2/em1): 10.0.5.2/24
  • wks02-rune IP: 10.0.5.150/24 (or as assigned by DHCP)
  • wks02/ad02/dhcp02/fs01 default gateway: 10.0.5.2/24
  • wks02/dhcp02/fs01 dns: 10.0.5.6
  • ad02-rune ip: 10.0.5.6/24
  • dhcp02-rune ip: 10.0.5.4/24
  • fs01-rune ip: 10.0.5.8/24

Accounts:

  • ad02-rune: rune\Administrator (password A)
  • rune.local: rune.seregina (password A)
  • rune.local: rune.seregina-adm (password A)
  • rune.local: alice (password A)
  • rune.local: bob (password A)
  • fs01-rune: Administrator (password B)

Using sconfig

  • Change network configuration: 8) network settings > 1) select available network adapters > 1) set adapter network address > set IP, netmask, default gateway. Select 2) Set DNS servers to add DNS
  • Change hostname: 2) Computer Name
  • Change Domain: 1) Domain/Work group > d for domain > type domain name (rune) > type in admin user in user\domain format (rune\rune.seregina-adm) > type in admin password

Add RSAT to FS01 via AD02

  • Add Roles and Features > Select Features > Remote Server Administration Tools > Role Administration Tools > File Services Tools > File Server Resource Manager Tools
  • Add Roles and Features > Server Roles > File and Storage Services > File Server Resource Manager

netsh

  • netsh advfirewall firewall set rule group=”Remote File Server Resource Manager Management” new enable=yes

Sales Drive Mapping

  • Configure Drive Mapping
  • Right-click domain to apply the policy, select "Create a GPO in this domain, and Link it here"
  • Name the new GPO (Sales Drive Mapping)
  • Right-click the newly created GPO > "Edit" > User Configuration > Preferences > Windows Settings > Drive Maps.
  • Right-click in the right pane and select New > Mapped Drive.
  • Configure the following:
    • Action: Create
    • Location: \FS01\Sales
    • Reconnect: Checked
    • Label: Sales Share (optional)
    • Drive Letter: S:
    • Hide/Show this drive: Show this drive
    • Hide/Show all drives: No change
  • Set Up Item-Level Targeting
  • New Drive Properties > Common tab
  • Check box "Item-level targeting" > click "Targeting..." > "New Item" > "Security Group" > "Group" field, enter "Sales-Users"
  • Perform "gpupdate /force" and "gpresult /r" to make sure everything went smoothly

Troubleshooting

  • Intentional, but FS01 did not show up in my "Networks" tab on either wks02 or ad02. However, I verified the existence of the share on FS01 by remote-connecting into it from ad02 using Powershell (Enter-PSSession -ComputerName FS01-RUNE), as shown below. Then, I tried the path "\FS01-RUNE\Sales" to access the Share on wks02.
    image

Reflection
I really liked this lab! I think it was insightful to gain more experience using server manager on my own after using it briefly with instructions in lab 5. I also liked the experience of having to configure a server core and learning how to remote connect into a server core.

⚠️ **GitHub.com Fallback** ⚠️