Microsoft Network Administrator competition brief - UK Skills by xiaohuicaicai


									You have been given the post of Network Manager at a firm of accountants, Lyall
Associates. As part of your role you have been asked to set up a prototype network
consisting of a server and a client computer. The server will be running the Windows
Server 2008 operating system and the client computer will be running the Windows 7
operating system. The client computer has been fitted with 2 physical hard disks.

The default username is administrator and the default password is P@ssw0rd

Computer and Network Setup
      The computers will need to be setup with the following settings:

Role                         Server                       Client
Name                         Server1                      Client1
IPv6 address                 efXX::1 where XX is your     efXX::50 where XX is your
                             station no.                  station no.

Note IPv4 should be disabled on both computers.

      Perform a baseline analysis of the client computer using Performance
       monitor. Create a User Defined Data Collector set with the following settings:
          o Create a performance counter log containing the following counters:
                  Average disk queue length
                  % Processor time
                  Available memory in MB
          o Samples should be taken every 30 seconds
          o The log should be saved to a new folder named Baseline on the C
          o Allow the Data Collector to run for about 1 minute and then stop it
      Turn on Remote Desktop for the server and the client computers.

Domain Setup
       Set up Server1 as a domain controller with a domain name of
       Within the domain create the following OU structure:


           Partners                         Newcastle                                Leeds                                  Edinburgh                               Durham

                                  Clients               Staff             Clients               Staff             Clients               Staff             Clients             Staff

                                        Accountants             Support         Accountants             Support         Accountants             Support         Accountants           Support

   Add the client computer to the domain.

   User Account and Group Setup
Create the following users in the appropriate OUs

Name                  Job Role             OU                   Permanent /
Your name             Network Manager      Tech support         Permanent
Frank Smith           IT technician        Tech support         Permanent
Francis Smith         IT technician        Tech support         Permanent
Toby Green            IT technician        Tech support         Permanent
Claire Young          IT technician        Tech support         Temporary
Jane Dunn             Partner              Partner              Permanent
Natalie Jones         Partner              Partner              Permanent
Paul Rennie           Admin support        Newcastle/Support    Temporary
Jenny Smith           Accountant           Newcastle/Accountant Permanent
Ray Snell             Admin support        Newcastle/Support    Permanent
Nicholas Young        Accountant           Newcastle/Accountant Permanent
Service               Service account      Tech support         Permanent

      All users should have an initial password of lyall
      Note: You may need to make changes to the password policies for the
      Users should not be forced to change their password when they logon.
      All users except administrators, IT technicians, the Service account and the
       Network Manager are only allowed to logon Monday –Friday and 8am – 6pm.
      All temporary staff are on 6 month contracts which will end on 6 th June 2011.
       Ensure that the user accounts of all temporary staff will expire on this date.
      Jenny Smith is on holiday for the next 3 weeks and therefore as a security
       measure her account should be disabled.
      Note: the IT technicians should NOT be made administrators.

Create the following groups and add the required user accounts:

Group Name                                  Membership
Management                                     Network manager
                                               All partners
Support staff                                  All admin support staff
Technical support                              Network manager
                                               All IT technicians
Staff                                          All staff accounts
Finance                                        All partners
                                               Accountants

Security configuration
Implement the following security rules for the organisation:

      All passwords except the Service account must be changed every 14 days.
      You cannot use any of the previous 10 passwords
      Accounts will be locked after 4 bad password attempts and will unlock after
      Only administrators, IT technicians and the Network Manager are allowed to
       log on to the server.
      Only administrators and the Network Manager are allowed Remote Desktop
       access to the server.
      Administrators and all members of Tech Support are allowed Remote Desktop
       access to the client computers.
      The last username should not be displayed at login for any client computers
      Only administrators, the network manager and IT technicians can access
       Control Panel on client computers.
      Only administrators and the network manager are allowed to access Control
       Panel on the server.
      Display the logon message “Welcome to Lyall Associates” on all client
      Display the logon message “Authorised users only” on the server.
      Make sure that the following programs/services are allowed through the client
       and server firewalls:
           o Windows Remote Management
           o Remote Desktop
           o Remote Assistance
           o Network Discovery
           o File and Print sharing
      Rename the administrator account on the server to Admin

Shared Resources
Create the following folder structure on the C: drive of the server:


  Notices    Software      Forms     Newcastle     Leeds       Edinburgh     Durham

                                         Notices     Notices      Notices      Notices

                                         Letters     Letters       Letters     Letters

                                          Forms      Forms         Forms        Forms

                                       Documents   Documents     Documents    Documents

                                        Accounts    Accounts      Accounts    Accounts

Share the folders with the following settings:

Folder path                    Share name    NTFS Permissions
Shares\notices                 Group_Notices Full control: Management
                                             Modify: Support staff
                                             Read: Authenticated users
Shares\Software           Software           Full control: Technical Support
                                             Read and execute:
                                             Authenticated Users
Shares\Forms              Group_Forms        Full control: Management,
                                             Support staff
                                             Read: Authenticated users
Shares\Newcastle\Notices  Newcastle_Notices  Full control: Management
                                             Modify: All staff accounts
Shares\Newcastle\Forms    Newcastle_Forms    Full control: Management
                                             Modify: Support staff
                                             Read: All staff accounts
Shares\Newcastle\Accounts Newcastle_Accounts Full control: Management
                                             Modify: Finance

      All the above folders should be shared with share permissions set to Full
       control for Authenticated Users.

       Add a shared printer to the server with the following settings:

Printer name                          Office printer
Port type                             TCP/IP
IP Address                            efXX::50 where XX is your station number
Printer type                          HP2500C printer
Print server settings                 Custom settings
Print server protocol                 LPR
Queue name                            Lp1
Permissions                           Print: Staff
                                      Manage Documents: Support Staff
                                      Manage Printer: Technical support


       The printer does not need to be physically installed
       Do not use the query printer option to detect the printer driver.
       There may be a long pause when detecting the printer, this is normal.
       Do not print a test page!

Group Policy
Create the following group policy objects:

GPO Name              GPO Description
Newcastle             Set the desktop background to Newcastle.jpg
Durham Desktop        Set the desktop background to Durham.jpg
Firefox               Assign the Firefox software package to a computer
Folder Redirection    Use folder redirection to redirect the Documents and AppData
                      folders to a shared folder on the server. Each user should have
                      their own folder.
Start Menu            Remove the Games link and Run command from the Start
Updates               The computer should automatically download and install
                      updates. The computer should check for updates every Friday
                      at 16:00. Updates should be downloaded from

Note: All the files required to implement the policies are on the disk provided

      The Newcastle Desktop policy should be applied to all user accounts in the
       Newcastle OU.
      The Durham Desktop policy should be applied to all user accounts in the
       Durham OU.
      The Firefox policy should be applied to all client computers in the domain
       except for those in the Leeds OU.
      The Folder Redirection policy should be applied to all users.
      The Updates policy should be applied to all client computers in the domain.
      The Start Menu policy should be applied to all users except the Network
       Manager, the Partners and IT technicians.

Note: Think carefully about the placement of the policies. Policies should be
applied with least administrative effort

Network Administration Tasks
      Delegate control of the Newcastle OU to Francis Jones. Ensure that Francis
       has the ability to add/remove users and to change passwords.
      One of the applications to be run on the client computers requires a large
       amount of memory. Modify the virtual memory settings on the client computer
       to provide a minimum of 5 times the amount of physical RAM. To make the
       computer run more efficiently, all virtual memory should be placed on a
       different drive to the operating system.
      The partners are increasingly worried about security. Set up an audit policy to
       monitor all access to the files and folders in the c:\shares\newcastle\accounts
       folder on the server.
      Add the following records into DNS on the server:

Name                         Record type                  IP Address             Host record                  efef::12               Mail exchange                efef::4


To top