The dotcom project: Task 1 - Setting up the server

Task 1 - Setting up and testing the server

All steps contain links in the form of guides and videos that explain how to implement this step. During this task you will never need more than 2 VMs active at the same time, which means that 8 GB RAM is sufficient. However, please note that the next task will configure a system that consists of 3 VMs and therefore requires more RAM. The official operating instructions can be obtained directly from https://www.virtualbox.org/wiki/Documentation can be obtained directly from

Documentation

To document the work carried out, create the following documentation for the entire Task 1 a single document with a concise summary of the step, a description of the work process, the tests performed and a brief reflection based on this template:

Document template

In this document you document all tests that you carry out. If the tests turn out badly, leave the test results in the documentation and carry out new tests after making the necessary adjustments, which you then also enter in the documentation.

Step 1: VirtualBox

A NAT network with the name NATnet should be configured in VirtualBox for the virtual machine. The network CIDR should be: 10.0.2.0/24 (normally the NAT network already has this value)

Information

Siehe VM Operating Instructions Chapter 6.2, 6.4

Step 2

In this step, you will set up a virtual machine with Windows Server 2019 in VirtualBox based on the specifications.

Step 2a: Basic installation of Windows Server 2019

Before you start the Windows installation, configure the network adapter and use the NAT network that you created in step 1.

Server basic settings

Virtual HW: 2GB RAM,
1st partition: 40GB, 2nd partition 40GB
OS: Windows 2019 Server
Hostname: DC-ZH-01

Make sure that you install a version with a graphical user interface.

Information on

VM User manual chapter 1.7

Windows Server 2019 ISO Download

(Optional) Step 2b: Create an image of the Windows Server 2019

In the next task, you will set up a second server.
Cloning a server is much faster and more convenient than setting up a complete server each time as in step 2a.
Later in your day-to-day work, you will most likely also clone with a template to save time.

Prepare the server for cloning by removing specific information with sysprep.exe.
Export an image of the freshly installed server. Also remove the MAC address of the network adapter when exporting.

Information on

Windows Clone sysprep

VM Operating instructions Chapter 1.14

Step 3

In step 3, set up a Windows 10 Enterprise client that you will use to test the services that you will install in the course of this training task.

Step 3a: Installing a Windows 10 Enterprise client

Install a Windows 10 Enterprise client within your virtual dotcom environment - i.e. in the same NAT network - with the following specifications:

Client Base Settings

Virtual HW: 2GB RAM
Partition: 30GB
OS: Windows 10 Enterprise N
IP address: DHCP (still DHCP of the NAT network)
Hostname: PC-ZH-01

Host information

Windows 10 Enterprise ISO Download

(Optional) Step 3b: Create an image Windows 10 Enterprise Client

It is helpful to use several PCs for testing. It is therefore also advisable to create a template from the PC. Export an image of the Windows 10 client in the same way as step 2b. With the difference that you do not have to prepare the PC with sysprep.

Step 4

The Active Directory service provides authentication and authorisation functions within a network. For example, the AD service here at Rafisa allows you to log on to any PC with your account.

Step 4a: Activating the Active Directory service

Give the server the static IP address 10.0.2.15 and gateway 10.0.2.1

Activate the Active Directory domain server. Name the domain: DOTCOM.INTERN

AD users and groups
First create the containers DOTCOM\Users and DOTCOM\groups containers. Create the following users and groups in them:

Users

• Hans Müller (GL)
• Joseph Wolf (Technology / GL)
• Miriam Meier (Secretariat)
• Ismael Abramovic (Sales)
• Roger Schweizer (Purchasing)

Groups:

• GL
• Sales
• Secretariat
• Technology
• Purchasing

Information on

Step 4b: Join the domain

Join the domain set up under task 4a with your installed client.
When joining, the IP must be configured manually so that the client enters the network correctly.

Information

Step 4c: Check the AD service

Test whether the AD service is working correctly. You will need both VMs for this.

Document the test scenario with the documentation file created at the beginning.

Information on

</ignore>Nützliche CMD commands

Step 4d: Check the DNS service

The DNS service and the AD service are so closely linked that activating the AD service automatically activates the DNS service as well. If this has not happened, activate the </ignore>DNS role.
Test whether this works correctly and document your observations in the documentation file created at the beginning.

Information on

</ignore>Nützliche CMD commands

Step 5

DHCP is a communication protocol that is responsible for assigning the client's network configuration. For example, without DHCP you would have to explicitly configure the IP address, DNS server address etc. on each PC yourself.

Step 5a: Setting up the DHCP service

Deactivate DHCP support in the NAT network if you have not already done so.

DHCP server

Activate the DHCP server role with a suitable DHCP range and the following DHCP options:

• Gateway: 10.0.2.1
• DNS server: 10.0.2.15, 10.0.2.25
• Range: 10.0.2.75 to 10.0.2.149

Information about

Step 5b: Check the DHCP service

Configure the client so that it obtains the IP address automatically (from the DHCP server). Test whether the DHCP service is working correctly. You will need both VMs for this.

Document the test scenario using the documentation file created at the beginning.

Information on

</ignore>Nützliche CMD commands

Step 6

The Fileshare service enables access to shared resources throughout the network.

Step 6a: Fileshare shares

Activate the fileshare service if it is not already activated.

File server shares

Create the following shares on the second partition:

• GL
• Distribution
• Secretariat
• Engineering
• Purchasing
• Homes of the individual users

Set appropriate authorisations for the individual approvals.

Information on

Step 6b: Check the fileshare shares

Test whether the fileshare shares are working correctly. You need both VMs for this.

Document the tests again in the documentation file created at the beginning.

Information on

</ignore>Nützliche CMD commands

(Additional task) Step 7

In step 6 you probably noticed that the shares are not yet visible, e.g. drive (T:) Rafisa-Data-Share. We will change this in this task.

Step 7a: Mapping file shares to drives

Create logon script with GPO.
Try to create a logon script with the help of the following tutorial and activate it for your users.

Information on

(Configure the group policy as in the picture and not as in the video)

https://www.tech-faq.net/netzlaufwerk-verbinden-per-gruppenrichtlinie/

Step 7b: Testing the login script

Test the created logon script and document it in the documentation file.

Knowledge

Before continuing with the second task, please answer the following questions in your documentation file.

• Why can't the AD work without the DNS?
• Why did you have to explicitly configure the IP in the fourth task?

Further information

This section contains information that you do not necessarily need, but which can be very helpful.

Helpful CMD commands

• ipconfig can be used to display useful information about the system IP.
• ping can be used to test the following: connection to other devices in the internal network, DNS service, Internet connection
• nslookup is used to query the DNS server directly.

DNS server

The DNS server role should be activated automatically when the AD service is added. Here is more information on how to configure the DNS server separately.

Information on

</ignore>DNS Add server role

→ Click here to continue to Task 2