Inhaltsverzeichnis
The dotcom project: Task 1 - Setting up the server
Task 1 - Setting up and testing the server
All steps contain links in the form of guides and videos that explain how to implement this step. During this task you will never need more than 2 VMs active at the same time, which means that 8 GB RAM is sufficient. However, please note that the next task will configure a system that consists of 3 VMs and therefore requires more RAM. The official operating instructions can be obtained directly from https://www.virtualbox.org/wiki/Documentation can be obtained directly from
Documentation
To document the work carried out, create the following documentation for the entire Task 1 a single document with a concise summary of the step, a description of the work process, the tests performed and a brief reflection based on this template:
In this document you document all tests that you carry out. If the tests turn out badly, leave the test results in the documentation and carry out new tests after making the necessary adjustments, which you then also enter in the documentation.
Step 1: VirtualBox
A NAT network with the name NATnet should be configured in VirtualBox for the virtual machine. The network CIDR should be: 10.0.2.0/24 (normally the NAT network already has this value)
Information
Siehe VM Operating Instructions Chapter 6.2, 6.4
Step 2
In this step, you will set up a virtual machine with Windows Server 2019 in VirtualBox based on the specifications.
Step 2a: Basic installation of Windows Server 2019
Before you start the Windows installation, configure the network adapter and use the NAT network that you created in step 1.
Server basic settings
Virtual HW: 2GB RAM,
1st partition: 40GB, 2nd partition 40GB
OS: Windows 2019 Server
Hostname: DC-ZH-01
Make sure that you install a version with a graphical user interface.
Information on
Windows Server 2019 ISO Download
(Optional) Step 2b: Create an image of the Windows Server 2019
In the next task, you will set up a second server.
Cloning a server is much faster and more convenient than setting up a complete server each time as in step 2a.
Later in your day-to-day work, you will most likely also clone with a template to save time.
Prepare the server for cloning by removing specific information with sysprep.exe.
Export an image of the freshly installed server. Also remove the MAC address of the network adapter when exporting.
Information on
VM Operating instructions Chapter 1.14
Step 3
In step 3, set up a Windows 10 Enterprise client that you will use to test the services that you will install in the course of this training task.
Step 3a: Installing a Windows 10 Enterprise client
Install a Windows 10 Enterprise client within your virtual dotcom environment - i.e. in the same NAT network - with the following specifications:
Client Base Settings
Virtual HW: 2GB RAM
Partition: 30GB
OS: Windows 10 Enterprise N
IP address: DHCP (still DHCP of the NAT network)
Hostname: PC-ZH-01
Host information
Windows 10 Enterprise ISO Download
(Optional) Step 3b: Create an image Windows 10 Enterprise Client
It is helpful to use several PCs for testing. It is therefore also advisable to create a template from the PC. Export an image of the Windows 10 client in the same way as step 2b. With the difference that you do not have to prepare the PC with sysprep.
Step 4
The Active Directory service provides authentication and authorisation functions within a network. For example, the AD service here at Rafisa allows you to log on to any PC with your account.
Step 4a: Activating the Active Directory service
Give the server the static IP address 10.0.2.15 and gateway 10.0.2.1
Activate the Active Directory domain server. Name the domain: DOTCOM.INTERN
AD users and groups
First create the containers DOTCOM\Users and DOTCOM\groups containers. Create the following users and groups in them:
Users
- Hans Müller (GL)
- Joseph Wolf (Technology / GL)
- Miriam Meier (Secretariat)
- Ismael Abramovic (Sales)
- Roger Schweizer (Purchasing)
Groups:
- GL
- Sales
- Secretariat
- Technology
- Purchasing
Information on
Step 4b: Join the domain
Join the domain set up under task 4a with your installed client.
When joining, the IP must be configured manually so that the client enters the network correctly.
Information
Step 4c: Check the AD service
Test whether the AD service is working correctly. You will need both VMs for this.
Document the test scenario with the documentation file created at the beginning.
Information on
</ignore>Nützliche CMD commands
Step 4d: Check the DNS service
The DNS service and the AD service are so closely linked that activating the AD service automatically activates the DNS service as well.
If this has not happened, activate the </ignore>DNS role.
Test whether this works correctly and document your observations in the documentation file created at the beginning.
Information on
</ignore>Nützliche CMD commands
Step 5
DHCP is a communication protocol that is responsible for assigning the client's network configuration. For example, without DHCP you would have to explicitly configure the IP address, DNS server address etc. on each PC yourself.
Step 5a: Setting up the DHCP service
Deactivate DHCP support in the NAT network if you have not already done so.
DHCP server
Activate the DHCP server role with a suitable DHCP range and the following DHCP options:
- Gateway: 10.0.2.1
- DNS server: 10.0.2.15, 10.0.2.25
- Range: 10.0.2.75 to 10.0.2.149
Information about
Step 5b: Check the DHCP service
Configure the client so that it obtains the IP address automatically (from the DHCP server). Test whether the DHCP service is working correctly. You will need both VMs for this.
Document the test scenario using the documentation file created at the beginning.
Information on
</ignore>Nützliche CMD commands
Step 6
The Fileshare service enables access to shared resources throughout the network.
Step 6a: Fileshare shares
Activate the fileshare service if it is not already activated.
File server shares
Create the following shares on the second partition:
- GL
- Distribution
- Secretariat
- Engineering
- Purchasing
- Homes of the individual users
Set appropriate authorisations for the individual approvals.
Information on
Step 6b: Check the fileshare shares
Test whether the fileshare shares are working correctly. You need both VMs for this.
Document the tests again in the documentation file created at the beginning.
Information on
</ignore>Nützliche CMD commands
(Additional task) Step 7
In step 6 you probably noticed that the shares are not yet visible, e.g. drive (T:) Rafisa-Data-Share. We will change this in this task.
Step 7a: Mapping file shares to drives
Create logon script with GPO.
Try to create a logon script with the help of the following tutorial and activate it for your users.
Information on
(Configure the group policy as in the picture and not as in the video)
https://www.tech-faq.net/netzlaufwerk-verbinden-per-gruppenrichtlinie/
Step 7b: Testing the login script
Test the created logon script and document it in the documentation file.
Knowledge
Before continuing with the second task, please answer the following questions in your documentation file.
- Why can't the AD work without the DNS?
- Why did you have to explicitly configure the IP in the fourth task?
Further information
This section contains information that you do not necessarily need, but which can be very helpful.
Helpful CMD commands
- ipconfig can be used to display useful information about the system IP.
- ping can be used to test the following: connection to other devices in the internal network, DNS service, Internet connection
- nslookup is used to query the DNS server directly.
DNS server
The DNS server role should be activated automatically when the AD service is added. Here is more information on how to configure the DNS server separately.
Information on
→ Click here to continue to Task 2