7 & 8.

Audit Implementation & Account Policy and User Rights Management

Step 1: Enable Auditing

• Open Group Policy Management.

• Right-click on the domain or OU, then select Create a GPO in this domain, and Link it here.

• Name the GPO (e.g., "Audit Policy").

• Right-click the new GPO and select Edit.

• Navigate to Computer Configuration > Policies > Windows Settings > Security Settings >
Local Policies > Audit Policy.

• Enable auditing for Logon events, Account logon events, and Object access as needed.

Step 2: Configure User Rights Assignment

• In the same GPO, navigate to User Rights Assignment under Local Policies.

• Assign rights such as Deny log on locally, Allow log on locally, or Back up files and
directories to specific groups.

9. User Profile Implementation

Step 1: Configure User Profiles

• Open System Properties (Right-click Computer > Properties > Advanced system settings).

• Under the User Profiles section, click Settings.

• Here, you can manage existing profiles (e.g., delete or copy).

Step 2: Configure Folder Redirection (if applicable)

• Use Group Policy Management to create a GPO.

• Navigate to User Configuration > Policies > Windows Settings > Folder Redirection.

• Right-click the folder you want to redirect (e.g., Documents) and select Properties.

• Specify the target location (e.g., a network share).

10. System Policy Configuration

Step 1: Access Group Policy Management

• Open Group Policy Management.

• Right-click on the domain or OU where you want to apply the policy, and create a new GPO.

Step 2: Edit GPO Settings

• Right-click the GPO and select Edit.

• Configure settings under Computer Configuration or User Configuration as needed (e.g.,

11. Active Directory Installation, Configuration, and Maintenance

• Open Server Manager, click Roles > Add Roles.

• Select Active Directory Domain Services and complete the wizard.

Step 2: Promote to Domain Controller

• Click the notification in Server Manager and select Promote this server to a domain
controller.

• Follow the wizard to configure domain and forest settings, DNS options, and set DSRM
password.

Step 3: Maintenance

• Regularly check AD health using tools like dcdiag and repadmin.

• Backup AD using Windows Server Backup or similar tools.

12. Resource Sharing and Security

Step 1: Share a Resource

• Right-click the folder you want to share, and select Properties.

• Go to the Sharing tab and click on Advanced Sharing.

• Check Share this folder and set the share name.

Step 2: Set Permissions

• Click on Permissions and set user/group access (e.g., Read, Change).

• For NTFS permissions, go to the Security tab and adjust settings as needed.

13. File and Folder Auditing

Step 1: Enable Auditing on the Folder

• Right-click the folder you want to audit, and select Properties.

• Go to the Security tab, click Advanced, and navigate to the Auditing tab.

• Click Add, select a principal (e.g., Everyone), and set the permissions to audit (e.g., Write,
Delete).

Step 2: Review Audit Logs

• Open Event Viewer (type eventvwr in Run).

• Navigate to Windows Logs > Security to review audit logs related to file and folder access.

14. Setting File and Folder Permissions

1. Log in to the Windows Server with administrative credentials.

2. Navigate to the folder you want to set permissions for using Windows Explorer.

3. Right-click the folder and select Properties.

5. Click on Edit to change permissions.

6. To add a user or group, click Add. Enter the name and click Check Names.

7. Select the user/group, and set the permissions by checking the boxes under Allow or Deny.

8. Click Apply, then OK to save changes.

15. Resource Access and Permission Problems Troubleshooting

1. Identify the issue: Determine which resource is inaccessible and who is experiencing issues.

2. Check permissions: Right-click the resource, go to Properties > Security and verify
permissions.

3. Use the Effective Permissions feature to see what permissions a specific user has:

o Click Advanced, then the Effective Access tab.

4. Check group memberships: Ensure users are part of the correct groups that have the needed
permissions.

5. Event Viewer: Check the Event Viewer for any related error messages.

6. Test access: Log in as the affected user to replicate the issue and verify permissions.

16. Backup and Restore the Data

1. Open Windows Server Backup:

o Go to Start > Administrative Tools > Windows Server Backup.

2. Set up Backup:

o Click on Backup Schedule to set a regular backup.

o Choose Custom or Full Server for backup type.

o Select the destination (local disk, remote share).

3. Configure Backup Options: Specify what to back up and set the schedule.

4. Perform a Backup: Click on Backup Once for immediate backup.

5. Restore Data:

o Open Windows Server Backup, click Recover.

o Choose the backup location and the specific backup time.

o Select the items to restore and follow prompts.

17. DNS and WINS Installation, Configuration and Maintenance

DNS Installation:

1. Open Server Manager.

2. Click on Roles > Add Roles.

DNS Configuration:

1. Open DNS Manager from Administrative Tools.

2. Right-click on the server name and select New Zone to create a forward or reverse lookup
zone.

3. Add records (A, CNAME, MX) as necessary by right-clicking the zone and selecting New Host
(A or AAAA) or Other Record.

WINS Installation:

1. In Server Manager, go to Add Roles and select WINS Server.

2. Follow the installation wizard.

WINS Configuration:

1. Open WINS Manager from Administrative Tools.

2. Right-click on the server, configure settings as needed (e.g., replication).

18. TCP/IP Configuration

1. Open Network Connections:

o Go to Control Panel > Network and Sharing Center > Change adapter settings.

2. Right-click on the network adapter and select Properties.

3. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.

4. Configure IP settings:

o Select Use the following IP address and enter the IP address, subnet mask, and
default gateway.

o Optionally configure DNS servers.

5. Click OK to apply changes.

19. DHCP Configuration and Maintenance

1. Install DHCP:

o Open Server Manager > Add Roles > select DHCP Server and follow the prompts.

2. Configure DHCP:

o Open DHCP Management from Administrative Tools.

o Right-click on the server and select New Scope.

o Follow the wizard to define the scope (IP range, subnet mask, lease duration).

3. Activate Scope: Right-click the scope and select Activate.

4. Maintain DHCP:
 o Regularly check the DHCP logs for issues.

o Review address leases and reservations.

20. IIS Installation with its Services

1. Open Server Manager:

o Click on Roles > Add Roles.

2. Select Web Server (IIS) and follow the prompts to install.

3. Configure IIS:

o Open Internet Information Services (IIS) Manager.

o Right-click on Sites to add a new site.

4. Specify the site name, physical path, and binding options.

5. Enable/Configure services (e.g., Application Pools, authentication settings).

6. Test the installation by accessing http://localhost in a web browser.

21. RAS Installation and Configuration

1. Open Server Manager:

o Click on Roles and select Add Roles.

2. Select Network Policy and Access Services:

o Choose Network Policy and Access Services and proceed with the installation.

3. Configure RAS:

o After installation, go to Network Policy Server in Administrative Tools.

o Right-click on Network Policy Server, select Configure and Enable Routing and
Remote Access.

4. Routing and Remote Access Server Wizard:

o Select Custom configuration and choose VPN Access and/or LAN routing as needed.

o Click Next and then Finish.

5. Start the Service:

o Right-click the server name in the Routing and Remote Access console and select
Start.

22. VPN Configuration and Maintenance

1. Access the Routing and Remote Access Console:

o Go to Administrative Tools > Routing and Remote Access.

2. Right-click your server and select Properties.

3. Configure Ports:
 o In the properties window, go to the Ports tab.

o Right-click the port you want to configure and select Properties.

o Set the number of ports as needed.

4. Configure IP Address Assignment:

o Right-click on your server, go to IPv4 > Properties.

o Select the method for IP address assignment (static or dynamic).

5. Create User Accounts for VPN access:

o Open Active Directory Users and Computers.

o Right-click the user account and select Properties.

o Go to the Dial-in tab and set Allow access.

6. Test the VPN Connection:

o Use a client machine to connect via VPN to ensure the configuration works.

23. FTP Services Configuration

1. Open Server Manager:

o Go to Roles and select Add Roles.

2. Select Web Server (IIS):

o Ensure the FTP Server role service is selected during installation.

3. Configure FTP Site:

o Open IIS Manager from Administrative Tools.

o Right-click on Sites and select Add FTP Site.

o Provide the site name and physical path.

4. Configure Bindings:

o Specify the IP address and port (default is 21).

o Choose SSL settings (No SSL, Require SSL, etc.).

5. Set Authentication and Authorization:

o In the FTP site settings, go to the Authentication section.

o Enable Basic Authentication.

o Under Authorization, set who can access the site (specific users or groups).

6. Start the FTP Site:

o Right-click on the site and select Start.

24. Distributed File System Installation and Maintenance

o Click on Roles and select Add Roles.

2. Select File Services:

o Choose File Services and proceed with the installation.

3. Install DFS:

o After installation, expand File Services, and select Distributed File System.

4. Create a DFS Namespace:

o Right-click on Namespaces and select New Namespace.

o Choose the server that will host the namespace and click Next.

o Specify the namespace name and configure access settings.

5. Add Folder Targets:

o Right-click on the created namespace and select Add Folder Target.

o Specify the path to the shared folder.

6. Monitor DFS:

o Use DFS Management to check replication status and health.

25. NAT Services Configuration and Maintenance

1. Open Routing and Remote Access Console:

o Go to Administrative Tools > Routing and Remote Access.

2. Enable NAT:

o Right-click on your server, select Properties.

o Go to the IPv4 tab and select NAT.

3. Configure NAT:

o Right-click on NAT under the IPv4 section, select New Interface.

o Choose the interface connected to the Internet and configure it as Public.

o Select the private interface (local network) and configure it as Private.

4. Set NAT Rules:

o Right-click the NAT interface and select New Port Rule.

o Specify the type of traffic (e.g., FTP, HTTP) and the destination IP address.

5. Test Connectivity:

o Check connectivity from a client on the internal network to the Internet to verify NAT
is functioning.
 6. Monitor NAT Performance:

o Regularly review logs and NAT statistics in the Routing and Remote Access console.

26. Deploying and Managing Exchange Server 2010/2013

1. Prepare the Environment:

o Ensure your server meets the hardware and software requirements.

o Install necessary Windows Server roles (e.g., Active Directory).

o Ensure that your domain is prepared for Exchange by running the Exchange setup
commands to extend the schema.

2. Install Exchange Server:

o Insert the Exchange Server installation media.

o Run setup.exe from the installation media.

o Follow the wizard:

▪ Accept the license agreement.

▪ Choose the installation type (typically Mailbox role).

▪ Select the installation path.

3. Configure Exchange Settings:

o Use the Exchange Management Console (EMC) for initial configuration.

o Set up organization name and other basic settings.

4. Complete the Installation:

o After installation, run the Exchange Management Shell (EMS) to verify installation
and apply updates.

5. Manage Exchange:

o Use the EMC or EMS to create and manage databases, connectors, and settings.

27. Configuring Mailbox Servers

1. Open Exchange Management Console (EMC):

o Go to Microsoft Exchange > Recipient Configuration.

2. Create Mailbox Database:

o Right-click on Mailbox and select New Mailbox Database.

o Provide a name and select a storage location.

o Complete the wizard and mount the database.

3. Manage Mailbox Databases:

4. Configure Mailbox Settings:

o Use the EMC to set mailbox sizes, policies, and permissions.

28. Managing Recipient Objects

1. Open Exchange Management Console (EMC):

o Navigate to Recipient Configuration.

2. Create New Recipients:

o Right-click on Mailbox and select New Mailbox.

o Choose user type (User Mailbox, Shared Mailbox, etc.) and follow the prompts.

3. Manage Existing Recipients:

o Right-click on a mailbox to edit properties such as email address, mailbox quota, and
permissions.

4. Use PowerShell for Bulk Management:

o Open the Exchange Management Shell and use commands like New-Mailbox, Set-
Mailbox, or Remove-Mailbox for batch processing.

29. Installation of TMG Server

1. Prepare the Server:

o Ensure that Windows Server 2008 R2 is installed and updated.

o Install necessary roles such as Network Policy and Access Services.

2. Install TMG:

o Insert the TMG installation media.

o Run setup.exe.

o Follow the installation wizard and accept the license agreement.

3. Complete the Installation:

o Configure TMG to enable the necessary features (Web proxy, Firewall, etc.).

4. Install Updates:

o After installation, check for the latest updates for TMG.

30. Configuration of TMG Server

1. Open TMG Management Console:

o Launch Forefront TMG Management.

2. Configure Network Rules:

o Go to Network Configuration.
 o Define internal, external, and perimeter networks.

3. Create Access Rules:

o Under Firewall Policy, right-click and select New Access Rule.

o Define the rule type (e.g., Web Access), specify the source, destination, and action
(Allow or Deny).

4. Configure Web Proxy:

o In the TMG Management Console, navigate to Web Access Policy.

o Enable web proxy and configure settings as needed.

5. Monitor and Manage TMG:

o Use the TMG logs and reports to monitor traffic and manage security policies.

6. Backup TMG Configuration:

o Regularly export the TMG configuration for backup.