IST346: Lab
Last Update: 3/16/2016 8:36 PM
LAB – FILE SERVICES
O VERVIEW
In this lab you will have to configure your newly setup Active Directory configuration (from the previous lab) to
share files over the fauxco.com network. Throughout the process of this lab, you will create directory shares for



User settings
Individual files, or home directories
Group shared files
L EARNING O BJECTIVES
Upon completion of this lab, you should be able to



Configure the file services role on your Active Directory Domain Controller.
Create Accounts and Groups in Windows Active Directory (or from the command line).
Log-in to Active Directory bound computers to test roaming profiles, home directories and group shares.
L AB B REAKDOWN
This lab consists of 5 parts:
1.
2.
3.
4.
5.
Lab overview and creating the accounts and groups
Setup the file share on the Win2008 VM
Configure the home directories for the user accounts.
Test account and home directory access on your workstations, submit lab checker
Try to setup the group shares.
NOTE: Your deliverable for this lab will be your lab checker script
R EQUIREMENTS
Before you start this lab you will need:
1.
2.
These virtual machines,
a. Win2008 (Windows Server 2008) – acting as a server
b. Centos5 (Centos Linux 5) – acting as a server
c. Win 7 (Windows 7) – acting as a workstation
Startup the Win2008, Centos5 and Win7 virtual machines:
a. Logon to Win2008dc as Administrator (the account with the most access on the Windows
platform)
b. Logon to Centos5 as root (the account with the most access on a *nix platform)
c. Logon to Win7 as user (a non-privileged account)
Page 1
IST346: Lab
Last Update: 3/16/2016 8:36 PM
d.
P ART 1 – L AB
Remember, in all cases, the password is SU2orange!
OVERVIEW AND
C REATING A CTIVE D IRECTORY A CCOUNTS / G ROUPS
O VERVIEW
The goal of this lab is to install and configure your own file-sharing environment inside the fauxco.com virtual
network. We’ve seen file sharing before, but this time you’ll do it right by leveraging the power of a Directory
service – Microsoft Active Directory.
First you will create 4 domain user accounts and 2 domain groups, and add users to the appropriate groups. Then
you will configure the win2008 server to function as a file server for the ad.fauxco.com domain. And finally you will
test your configuration by logging on to the XP and Vista workstations at the domain users and making sure you
can access the shared folders.
C REATING U SERS
AND
G ROUPS
IN
A CTIVE D IRECTORY
From your Win2008 Active Directory domain controller, create the following users in the Users folder using the
Active Directory Users and Computers utility. (The previous lab explains where you can find this utility.) You can
use the command line if you like.
1. A C REATE U SERS
Create these 4 users in the table below.
First Name
Bob
Tally
Oliver
Sara
Last Name
Enweave
Itupp
Datasgon
Bellum
User Logon
benweave
titupp
odatasgo
sbellum
HOW TO: Create a user:



Right-click on the Users folder and select New  User
Enter the First Name, Last Name and User Logon Name as specified in the table below.
Set each user’s password to SU2orange!
Page 2
IST346: Lab


Last Update: 3/16/2016 8:36 PM
Un-check the “User must change password at next logon” box
check the “password never expires box
When you’re done you should see this in the Users folder of the Active Directory Users and Computers utility:
1. B C REATE G ROUPS
Next, use the same utility to create two global security groups: A global security group has global scope (in the
directory) and is for security purposes (controlling access to resources).
Create these two groups, and then after you create them add the people listed as members of the group:
Group Name
sales-group
service-group
Members of the Group
Bob Enweave; Tally Itupp
Oliver Datasgon; Sara Bellum
HOW TO: Creating a group:


Right click on the Users folder and select New  Group from the context menu.
Enter the group name and select Global for group scope and Security for group type.
Page 3
IST346: Lab
Last Update: 3/16/2016 8:36 PM
For example: (making the sales-group)
HOW TO: Adding users (or groups) to the group:


Double-click on the group, click on the Members tab. Click the Add button.
Enter the user names in the object names list, click Check Names to verify, and Ok to add.
For example:
Page 4
IST346: Lab
Last Update: 3/16/2016 8:36 PM
1. C C HECK YOURSELF !
Do you think you have got it right? Check yourself! Open a command prompt on the Win2008 virtual machine .
Let’s verify the user Tally Itupp is present: type Net user titupp
You should see the user information for Tally Itupp:
Active Directory records all sorts of “big brother-ish” stuff like when this user last logged in from. Well, it’s big
brother to the foil hat wearing community. To SA’s it’s damn useful information.
You can figure out how to check the other users. Make sure they’re present. 
Let’s check the membership of the sales-group and type Net group sales-group
You should see the user logons for Bob and Tally:
You can figure out how to check the other group. 
Page 5
IST346: Lab
Last Update: 3/16/2016 8:36 PM
Close the command prompt when you’re done.
P ART 2 – S ETTING UP F ILE S ERVICES
ON
W IN 2008
Now it’s time to setup file sharing for our users. For each user we would like:
1) A home directory share, viewable as the drive letter H: from any domain bound workstation. The H: drive
represents the personal space for each users’ files.
2) A group directory share, viewable as the drive letter G: from any domain bound workstation. The G: drive
represents a universal folder shared amongst all users and groups.
2. A M AKE
SURE THE
F ILE S ERVICES ROLE
IS CONF IGURED .
By now you should be familiar with configuring roles on the Windows Server 2008 operating system.
Make sure the File Services role is configured on the Win2008 virtual machine. If you don’t have it
configured, do it now. Consult a previous lab, if you’re shaky on the details, but it should be fairly
straightforward.
Note: If you see the file services role, then you’re all set! Move on….
2. B C REATE
THE FOLDERS
Open the C: drive on the Win2008 VM and create a Shares folder. Note: you might have a shares folder there
from a previous lab. That’s okay, if you do just make these folders inside the shares folder:
The groups folder will be for the group shares, and the homes folder will be for the individual user home
directories.
2. C S HARE
OUT THE
S HARES FOLDER
Page 6
IST346: Lab
Last Update: 3/16/2016 8:36 PM
Next share out the Share folder so that the Everyone security principal has read and write access. (Right click on
folder names Shares, choose share…)
NOTE: Don’t be alarmed at this - we will secure the folders using file permissions in a later step.
Test to make sure the share works. Start  Run  \\win2008.ad.fauxco.com\shares Do you see the Share and
Homes folders? (You might also see the winshare folder from a previous lab, too.)
P ART 3 – S ETTING UP H OME D IRECTORIES
In this next step we will use the file sharing from part two to enable home directores.
3. A S ET
THE HOME DIRECTORIES FOR YOUR USERS IN
ADUC.
Back in the Active Directory Users and Computers (ADUC) utility, set the home directory for each of the 4 users to
their corresponding folder.
For example, for Tally Itupp (titupp) her share should be \\win2008.ad.fauxco.com\Shares\homes\titupp
The following dialog displays the location of this setting in ADUC:
Page 7
IST346: Lab
Last Update: 3/16/2016 8:36 PM
Note: the ADUC utility will warn you regarding changing the permissions, click Yes
Page 8
IST346: Lab
Last Update: 3/16/2016 8:36 PM
IMPORTANT: Repeat this process for all 4 users
User Name
Bob Enweave
Tally Itupp
Oliver Datasgon
Sara Bellum
Home Folder, Connect H: to
\\win2008.ad.fauxco.com\Shares\homes\benweave
\\win2008.ad.fauxco.com\Shares\homes\titupp
\\win2008.ad.fauxco.com\Shares\homes\odatasgo
\\win2008.ad.fauxco.com\Shares\homes\sbellum
PRO TIP: You can use the system variable %username% in place of the user’s account. For example
\\win2008.ad.fauxco.com\Shares\homes\%username% this will make setting up the 4 users more of a copypaste type operation.
2. B V ERIFY
YOUR HOME DIRECTORY CONFIGURATION IS WORKING .
Next you must verify your configuration is working. This might take a while, but it’s an important step.
1.
2.
3.
4.
5.
6.
7.
Connect to your Win7 virtual machine.
Log on as one of the 4 Active Directory users you created: benweave, titupp, odatasgo, or sbellum
When the desktop appears, open My Computer.
If you are set-up correctly you will see an H: drive see if you can copy or save a file to this drive.
Repeat steps 1-4 using the other 3 Active Directory user accounts.
Be sure to log-on as each of the 4 users, or your lab check script checks for this!
Go back to your Win2008 domain controller. Open the c:\shares\homes folder – do you see the files you
copied in each of the home directory folders for each user?
If so, kudos. You’ve got it set-up correctly!
P ART 4 – R UNNING
THE
L AB C HECKER S CRIPT .
This lab will be checked/ graded with a lab-checker script. You will download this script to your win2008 virtual
machine and then run it. It will verify you have performed the steps outlined in the lab
1.
2.
3.
Make sure you are logged on to Win2008 as Administrator
Next, download the lab checker script from the course website to your Documents folder.
Run the script from the Powershell prompt by typing
cd documents and press ENTER then type:
.\L04.ps1
Or you can path it as follows:
.\Documents\L04.ps1
P ART 5 – C HALLENGE Y OURSELF ! A DVANCED
FILE SHARING
– G ROUP S HARES
In this next part we will configure group shares for the sales and service teams. We will set these shares so
everyone can read the folders but only members of the appropriate groups can write to the folders.
5. A NTFS
FILE SYSTEM
A CCESS C ONTROL L IST
ON THE GROUP FOLDERS .
From the Win2008 virtual machine
Page 9
IST346: Lab
Last Update: 3/16/2016 8:36 PM
1.
Bring up the properties for the c:\shares\groups\sales folder. (Right-click on the folder and select
Properties)
2.
Under the security tab, click Advanced. Then click Edit. If you’re in the right place, you should see this
Dialog:
3.
The permission inherits down, so we first need to block the interitable permissions.
Clear the checkbox titled Include inheritable permission from this object’s parent. You will see this
dialog:
Page 10
IST346: Lab
Last Update: 3/16/2016 8:36 PM
4.
Since we would like to keep the existing permissions in place, but edit them, click the Copy button.
Keep clicking Ok until you’re back at the Security tab., Like so:
5.
6.
Now click Edit to change the permissions.
Click on the group AD\Users and click Remove to remove the group.
Page 11
IST346: Lab
7.
Last Update: 3/16/2016 8:36 PM
Press the Add... button you will see the selection dialog:
8.
Enter sales-group, and click, Check Names to validate (this searches the directory for the object, making
sure it exists), then click Ok.
9. Back at the “Permission for Sales” dialog, give sales-group the following permissions Modify, Read, Write,
List, and Read & Execute permissions.
10. Click Ok until the dialogs are dismissed. You’ve now set the Sales folder to only be writable by users in the
sales-group congratulations
TODO: Repeat the above steps for the service folder and the service-group
5. B T EST
THE SHARED FOLDE RS
Next we will assign Now logon to Win7 as Administrator test your configuration.
1.
2.
3.
4.
Logon as someone from the sales group (Bob for example).
Click on Start  run and enter \\win2008x.ad.fauxco.com\shares\groups\ press ENTER
Open the sales folder make sure you can write to the sales folder. But not the service folder.
Repeat the process as someone from the service group (Oliver for example) and verify those settings, too.
Page 12