You have been given the post of Network Manager at a firm of accountants, Lyall
Associates. As part of your role you have been asked to set up a prototype network
consisting of a server and a client computer. The server will be running the Windows
Server 2008 operating system and the client computer will be running the Windows 7
operating system. The client computer has been fitted with 2 physical hard disks.
The default username is administrator and the default password is P@ssw0rd
Computer and Network Setup
The computers will need to be setup with the following settings:
Role Server Client
Name Server1 Client1
IPv6 address efXX::1 where XX is your efXX::50 where XX is your
station no. station no.
Note IPv4 should be disabled on both computers.
Perform a baseline analysis of the client computer using Performance
monitor. Create a User Defined Data Collector set with the following settings:
o Create a performance counter log containing the following counters:
Average disk queue length
% Processor time
Available memory in MB
o Samples should be taken every 30 seconds
o The log should be saved to a new folder named Baseline on the C
o Allow the Data Collector to run for about 1 minute and then stop it
Turn on Remote Desktop for the server and the client computers.
Set up Server1 as a domain controller with a domain name of lyall.com.
Within the domain create the following OU structure:
Partners Newcastle Leeds Edinburgh Durham
Clients Staff Clients Staff Clients Staff Clients Staff
Accountants Support Accountants Support Accountants Support Accountants Support
Add the client computer to the domain.
User Account and Group Setup
Create the following users in the appropriate OUs
Name Job Role OU Permanent /
Your name Network Manager Tech support Permanent
Frank Smith IT technician Tech support Permanent
Francis Smith IT technician Tech support Permanent
Toby Green IT technician Tech support Permanent
Claire Young IT technician Tech support Temporary
Jane Dunn Partner Partner Permanent
Natalie Jones Partner Partner Permanent
Paul Rennie Admin support Newcastle/Support Temporary
Jenny Smith Accountant Newcastle/Accountant Permanent
Ray Snell Admin support Newcastle/Support Permanent
Nicholas Young Accountant Newcastle/Accountant Permanent
Service Service account Tech support Permanent
All users should have an initial password of lyall
Note: You may need to make changes to the password policies for the
Users should not be forced to change their password when they logon.
All users except administrators, IT technicians, the Service account and the
Network Manager are only allowed to logon Monday –Friday and 8am – 6pm.
All temporary staff are on 6 month contracts which will end on 6 th June 2011.
Ensure that the user accounts of all temporary staff will expire on this date.
Jenny Smith is on holiday for the next 3 weeks and therefore as a security
measure her account should be disabled.
Note: the IT technicians should NOT be made administrators.
Create the following groups and add the required user accounts:
Group Name Membership
Management Network manager
Support staff All admin support staff
Technical support Network manager
All IT technicians
Staff All staff accounts
Finance All partners
Implement the following security rules for the organisation:
All passwords except the Service account must be changed every 14 days.
You cannot use any of the previous 10 passwords
Accounts will be locked after 4 bad password attempts and will unlock after
Only administrators, IT technicians and the Network Manager are allowed to
log on to the server.
Only administrators and the Network Manager are allowed Remote Desktop
access to the server.
Administrators and all members of Tech Support are allowed Remote Desktop
access to the client computers.
The last username should not be displayed at login for any client computers
Only administrators, the network manager and IT technicians can access
Control Panel on client computers.
Only administrators and the network manager are allowed to access Control
Panel on the server.
Display the logon message “Welcome to Lyall Associates” on all client
Display the logon message “Authorised users only” on the server.
Make sure that the following programs/services are allowed through the client
and server firewalls:
o Windows Remote Management
o Remote Desktop
o Remote Assistance
o Network Discovery
o File and Print sharing
Rename the administrator account on the server to Admin
Create the following folder structure on the C: drive of the server:
Notices Software Forms Newcastle Leeds Edinburgh Durham
Notices Notices Notices Notices
Letters Letters Letters Letters
Forms Forms Forms Forms
Documents Documents Documents Documents
Accounts Accounts Accounts Accounts
Share the folders with the following settings:
Folder path Share name NTFS Permissions
Shares\notices Group_Notices Full control: Management
Modify: Support staff
Read: Authenticated users
Shares\Software Software Full control: Technical Support
Read and execute:
Shares\Forms Group_Forms Full control: Management,
Read: Authenticated users
Shares\Newcastle\Notices Newcastle_Notices Full control: Management
Modify: All staff accounts
Shares\Newcastle\Forms Newcastle_Forms Full control: Management
Modify: Support staff
Read: All staff accounts
Shares\Newcastle\Accounts Newcastle_Accounts Full control: Management
All the above folders should be shared with share permissions set to Full
control for Authenticated Users.
Add a shared printer to the server with the following settings:
Printer name Office printer
Port type TCP/IP
IP Address efXX::50 where XX is your station number
Printer type HP2500C printer
Print server settings Custom settings
Print server protocol LPR
Queue name Lp1
Permissions Print: Staff
Manage Documents: Support Staff
Manage Printer: Technical support
The printer does not need to be physically installed
Do not use the query printer option to detect the printer driver.
There may be a long pause when detecting the printer, this is normal.
Do not print a test page!
Create the following group policy objects:
GPO Name GPO Description
Newcastle Set the desktop background to Newcastle.jpg
Durham Desktop Set the desktop background to Durham.jpg
Firefox Assign the Firefox software package to a computer
Folder Redirection Use folder redirection to redirect the Documents and AppData
folders to a shared folder on the server. Each user should have
their own folder.
Start Menu Remove the Games link and Run command from the Start
Updates The computer should automatically download and install
updates. The computer should check for updates every Friday
at 16:00. Updates should be downloaded from update.lyall.com
Note: All the files required to implement the policies are on the disk provided
The Newcastle Desktop policy should be applied to all user accounts in the
The Durham Desktop policy should be applied to all user accounts in the
The Firefox policy should be applied to all client computers in the domain
except for those in the Leeds OU.
The Folder Redirection policy should be applied to all users.
The Updates policy should be applied to all client computers in the domain.
The Start Menu policy should be applied to all users except the Network
Manager, the Partners and IT technicians.
Note: Think carefully about the placement of the policies. Policies should be
applied with least administrative effort
Network Administration Tasks
Delegate control of the Newcastle OU to Francis Jones. Ensure that Francis
has the ability to add/remove users and to change passwords.
One of the applications to be run on the client computers requires a large
amount of memory. Modify the virtual memory settings on the client computer
to provide a minimum of 5 times the amount of physical RAM. To make the
computer run more efficiently, all virtual memory should be placed on a
different drive to the operating system.
The partners are increasingly worried about security. Set up an audit policy to
monitor all access to the files and folders in the c:\shares\newcastle\accounts
folder on the server.
Add the following records into DNS on the server:
Name Record type IP Address
Update.lyall.com Host record efef::12
Mail.lyall.com Mail exchange efef::4