Create an Active Directory Domain Services (AD DS) network called Dodgyxx.nz (with xx being your initials). Initially you only need to have one Windows 2016 domain controller called dc01 and it should also be a DNS server as well as at least three other machines (one server and two clients). Create a user called Kim (a manager) and two ordinary users; Mike (works in the main office) and Rongo (roams between a home office, client sites or the main office), and then complete the following tasks, using the tools and technologies from the second part of this course.

Write a brief report on what you configured to meet the requirements of each question, along with comprehensive screen shots (as evidence of your work), and comments on what alternative methods you could have used instead of the method you chose. Name the document as YourName.docx and upload it to Moodle when finished.

1) Implement a Windows 2016 file server (fs01) with a share called “Data” that contains subdirectories and files that users need. This should be set up in the following way:

a) One “management” subdirectory that managers and network administrators should be able to access but no one else. Ensure that this subdirectory is only visible to managers from within the data directory.

(3 marks)

b) One “info” subdirectory where all users should be able to read but not modify data (including subdirectories). Managers (like Kim) should be able to modify all subdirectories and files.

(2 marks)

c) One “staff” folder should contain files and subdirectories that all users should be able to read and modify, including all future users.

(1 mark)

d) Only network administrators should be able to modify the top level of the share, in other words the subdirectories and files directly under the Data share.

(1 mark)

e) Create an additional top-level share called “Reports” where only managers should have modify access to all files and subdirectories.

(1 mark)

f) Along with describing how you implemented a solution for this, please comment on how you implemented and tested your work. Points are awarded for thorough testing and the use of automation.

(3 marks）

2) Configure at least two Windows 10 client machines:

a) One computer for the systems administrator, with Remote Server Administration Tools (RSAT) installed.

(2 marks)

b) One computer each for ordinary users, Mike, and Rongo (who is using a laptop). When any user logs on to any machine, a network drive (using the letter “S”), which is mapped to the Data share above should be automatically mapped. Managers will get an additional drive mapping (R) to the “Reports” share. Ideally these drive mappings should be applied to the network as a whole, and not individually on each machine.

(3 marks)

3) Grant Rongo the ability to change all standard user passwords (he should not be able to change management user passwords).

(3 marks)

a) Ensure all users have complex passwords and that attempts will be locked out for 1 day after 3 bad attempts within 5 minu.

(1 mark)

b) All PCs should have the “run” menu disabled and laptops should have the screensaver protected by a password.

(1 mark)

c) Prevent all standard users from running the Notepad application.

(1 mark)

c) Deploy the Cosmo application (P:\Courses\CS253\Group Policy\Files\cosmo.msi) to all desktop computers only (ie. every machine but Rongo’s).

(2 marks)

d) Configure default firewall rules for all user machines (desktop and laptop) to allow the “Remote Desktop – User Mode (TCP In)” rule.

(1 mark)

5) Create a child domain of Dodgyxx.nz called chch.Dodgyxx.nz using a server called DC02. Create a new forest called Trustworthyxx.com using a server called DC03 and create a trust between Dodgyxx.nz and Trustworthyxx.com so that users in Trustworthyxx.com can access resources in dodgyxx.nz but not the other way around. Implement multiple measures to ensure recovery of data that if someone deleted an OU containing many user accounts in the Dodgyxx.com forest they can be recovered. Comment  on why you selected the methods you did. As a result of the change to the Dodgyxx.com forest, comment on the ability of the administrators of chch.Dodgyxx.nz and Trustworthyxx.com to be able to recover deleted users if the same happened to them.

(5 marks)

Total 30 marks.