KII5037 Network Solutions Assessment 2
KII5037 KINGSFORD INTERNATIONAL INSTITUTE NETWORK SOLUTIONS ASSESSMENT 2
Assessment Task 2
Network Software and Security
This assessment should take you about 12 - 14 hours to complete.
This assessment task is to be completed in the classroom under the supervision of your Facilitator.
When you are confident that you have met all requirements for this assessment task, upload your file using Our Learning Management System (www.KIIonline.edu.au) for marking.
It is recommended to use the “Kingsford Online Library” on Our Learning Management System ((www.KIIonline.edu.au) where the Study Skills Section has referencing guides available which provide clear and comprehensive information that should help.
As a member of Small Business Intranet’s task management group, by now you have successfully completed a planning of the installation and configuration architecture of a domain controller in Assessment 1. This server is to be used as an evaluation tool to help management decide the best possible replacement for the company’s existing domain controller. If you have not completed Assessment 1, please contact your facilitator for further instructions.
This assessment is a practical task and it requires you to complete the installation and configuration of Server 2012 R2 and Server 2016 as per as the design specification in Assessment 1. In order to fully evaluate the benefits of a domain controller in Windows 2012 R2 and server 2016, you will be asked to configure the domain controller with the needs of Small Business Intranet, in terms of application software, usability and security.
If you are using a machine of a PC outside the campus, the latest version of VMWare
Player can be downloaded from the following link: www.vmware.com/go/downloadplayer
(NOTE: To learn how to use VMWare Player, please refer to the VMPLAYER Tutorial available at the link below: https://www.youtube.com/watch?v=EKcpZHWLiYE
Learners should demonstrate their competency of the installation of the various tasks through step-by-step screenshots of the steps undertaken. The screenshots should be copied into a Microsoft word document and be accompanied by a written explanation of the step if applicable. Discuss with your facilitator prior to commencing these tasks. You will need to complete the following tasks:
Resources you will need:
- ISO images of Windows 2012 R2 server, Windows 2016 server and operating system software. It should be set up as a domain controller configured with Active Directory, DNS, and Terminal Services (Administration mode). The server build from Assessment Task 1 is preferable.
- Computer capable of running Windows 2016 server and operating system software. This will be used for implementing additional network services.
- Network cards, cables and modem (for internet access).
- Computer capable of running Windows 10 operating system software.
- Windows 2012 R2 and 2016 build disks available from KII.
You will need to complete the following tasks:
Note that the quality of your domain controller configuration and your depth of knowledge will be observed for each task.
Q1: Install system software
By completing you can demonstrate your ability to install an operating system which meets the specifications of a business. In this task you will install a server and a client operating system on separate computers. This task should take approximately 2 hours to complete.
You need to do:
- Install the Windows Server operating system, on a PC or Virtual Machine, recommended by your facilitator and related services that follow the specifications you identified in Task 1.
- Use another PC or Virtual Machine to install Windows 10 operating system and related services for a client machine.
- Apply static IP address on both the server and client machines so that they can reliably establish communication as identified Task 1. Also rename your server and client machines following appropriate naming convention as outlined in Task 1, and restart if required.
Load all required server roles such as Active Directory Domain Services, DNS, etc. that this server machine should run. Configure domain settings as identified in Assessment 1.
- Test the domain installation by logging on as “administrator” level user on the client computer and join the server’s domain.
- The system performance tool needs to be loaded and the event viewer to evaluate the status of the server’s hardware. Any problems identified here should be discussed with your supervising facilitator.
You should submit this task for approval prior to attempting Q2. Errors here can affect other tasks in the assessment.
Q2: Active Directory – corporate structure
This task allows you to demonstrate your ability to create an organisational structure to meet the needs of a business. This task should take approximately 45 minutes to complete.
What you need to do:
- Create an Active Directory structure for the Small Business Intranet Company. Each department must be represented through individual organizational units. The organisational units should reflect the company structure accurately.
- Move the user accounts (manually created or imported using a script in task 7) into each of the relevant organizational units (OUs).
- Install the ‘manager’ of each department as the manager of each relevant organisational unit.
You should submit this task for approval prior to attempting task Q3. Errors here can affect other tasks in the assessment.
Q3: Active Directory –create and configure user accounts
This task demonstrates your ability to complete basic configurations in Active Directory on the Windows 2012 R2 server. This task should take approximately 60 minutes to complete.
You are to:
Create a new Organisational Unit (OU) in Active Directory called ‘test unit’.
Also, create a ‘test user’ account within this OU.
- For the test unit OU, create a “group policy object (GPO)” with appropriate end user account security policies (as found in the IT Operational Plan).
- Configure and test that the user has appropriate password/account properties, a home directory accessible through a drive letter and a roaming user profile.
- Implement a welcome message (using basic login script or GPO settings) which all meet the requirements in the IT Operational Plan.
You should submit this task for approval prior to attempting Task Q4. Errors here can affect other tasks in the assessment.
Q4: Importing BULK users – create corporate users
This task allows you to demonstrate your ability to create multiple user accounts. This task should take approximately 45 minutes to complete.
What you need to do:
- To create all user accounts based on each department found in the staff list on the Small Business Intranet site. One account should be for the manager of the department and the others should be for employees in the department.
- Repeat the previous step for each of the other departments in Small Business Intranet. You may either do this manually or use the batch user import utilities or a custom script of your choice.
- Implement ‘Home directory’ and ‘Roaming profile’ as part of their user configuration.
You should submit this task for approval prior to attempting task Q5. Errors here can affect other tasks in the assessment.
Q5: Security Groups - Setting up NTFS permissions
This task allows you to demonstrate your ability to create appropriate security groups for user accounts. This task should take approximately 30 minutes to complete.
What you need to do:
Create a security group (local or global as required) for each department and allocate membership to all users appropriately.
- Allocate full permissions for each department’s directories to the relevant groups.
- Access the client machine now to check if user permissions were correctly applied. It is strongly recommended that you work on one security group at a time, testing security settings by logging on as a user from each group.
- Test each user’s access to the server’s directory structure and identify areas where security permissions require modification.
- Modify the permissions for the local security groups created earlier to ensure that the administrator can access all profile directories, but cannot access home directories.
You should submit this task for approval prior to attempting task Q6. Errors here can affect other tasks in the assessment.
Q6: Group Policy Objects - Configuration to user accounts
This task demonstrates your ability to complete configurations in Active Directory on machine running Windows Server 2012 R2. This task should take approximately 60 minutes to complete.
You are to create separate Group Policy Objects (GPO), one dedicated to each organizational unit (OU). Each GPO must implement the following features for the associated department:
- Loads a shortcut to the ‘User Documentation’ developed in task 5.
- Loads a dedicated wallpaper for each department (any wallpaper may be downloaded from the internet for each OU for this purpose).
- Deploys a dedicated IP based shared network printer to each department
- Automatically maps a ‘network drive’ accessible via a drive letter for each department with reference to the directory structure as implemented in task Q3.
You must now create a single Group Policy Objects (GPO), dedicated to the entire domain (all OUs). The GPO must implement the following features for all users of the domain: • Displays a welcome message (via user configuration or login script) as part of their logon process so that it meets the requirements of the Network
Security section of the IT Operational Plan.
- Enables system wide auditing of Logon events as required by the Network Security section of the IT Operational Plan.
- Enables encryption of data on the user’s home folder.
- Redirects users’ My Documents folder to their home directory on the server for all members of the OU.
- Limits access to GUI features by hiding the control panel and preventing browsing the network through My Network Places for all members of the OU.
You should submit this task for approval prior to attempting task Q7. Errors here can affect tasks in the assessment.
Q7: Active Directory resources – Deploying network printers
This task demonstrates your ability to recommend, install and configure hardware solutions that meet business requirements. This task should take approximately 45 minutes to complete.
You have recommended the purchase of a network printer in Assessment 1 Q5. You are now required to install the network printer by performing the following:
What you need to do:
- Download the driver for the printer from the manufacturer’s website and transfer it to the server for installation purposes.
- Create a series of printer queues, one for each department, all using the downloaded driver. Each printer must be allocated a dedicated IP address before deployment.
- Configure each queue to be managed by the members of the relevant OU allowing them to view the queues and delete their jobs.
- Test the queues by logging in as a user and printing to the queue, deleting print jobs, pausing and resuming the queue.
You should submit this task for approval prior to attempting task Q8. Errors here can affect other tasks in the assessment.
Q8: System Backup – Schedules and procedures
This task allows you to demonstrate your ability to complete a backup of the server data directories of the server. This task should take approximately 45 minutes to complete.
What you need to do:
- Apply the System Backup planning you completed in Assessment 1 Q8 and set up a backup regular backup system.
- Add a separate hard drive or partition that will be used to perform system backup. You may use the built-in Windows Server Backup tools and features for scheduling and performing system backup.
- Create a working backup of the Domain Controller’s data areas and test its functionality by restoring server data once the initial backup is completed.
Ensure that you have an image or complete backup of your system at the end of this Assessment 2. If there is a problem, please inform your facilitator.
Q9. Performance optimization – system and network monitoring
This task allows you to demonstrate your management and monitoring skills using the facilities supplied by the operating system. You are to load Microsoft Network Monitor, Performance Monitor and Disk Management on the domain controller. These components are accessed through Microsoft Management Console (MMC).
Demonstrate the features of:
- Network Monitor: Capture network traffic and view captured traffic logs. This includes identifying external network traffic, packet types (including broadcast packets), as well as the source/destination devices for those packets.
- Disk Management: Identify what dynamic disks are and their advantages. Show how to convert a standard disk into a dynamic disk.
- Performance Monitor: Create logs to record the performance of the CPU, disk utilisation and network card utilisation.
Alternatively, you may install other third-party software products that will capture the performance and utilization of the client computers under working conditions.
Your facilitator may provide you with an appropriate system monitoring package. Please consult with your facilitator first before implementing this feature.
Q10: Software deployment – implementation
This task allows you to demonstrate your ability to deploy software over a network with minimal disruption to clients. This task should take approximately 60 minutes to complete.
You are to:
- Create a backup of the server to use in case of any deployment failure.
- Using the test unit OU and test user account in your Active Directory structure from Assessment Task 1 deploy the application packages according to your chosen procedure. Test the installation by logging in as the test user.
- While installing, record the time taken, network traffic generated and server CPU utilisation during the installation process for the test user.
- Using the resource information gathered from the single user installation, determine the system’s capacity to deploy this software with minimal impact upon other users. This information can then be used to estimate the network resource requirements of rolling out this software to the company’s employees.
- Produce a memo recommending a software deployment schedule for the entire company for both the client operating installation and application software deployment. It should state any bandwidth, server utilisation and time implications.
Q11: Operating system security – analysis and update
This task allows you to demonstrate your ability to access independent security analysis tools to evaluate equipment in the network. This task should take approximately 60 minutes to complete.
You are to:
- Download and run security diagnosis tools such as Microsoft Baseline Security Analyser (MSBA) or Open Vulnerability Assessment System (OpenVAS).
- Identify the latest security patches for Windows Server 2012 R2 available from the Microsoft website by running Windows Update. Record the names and sizes of these patches prior to installing them.
- Configure your server to automatically update from the internet or other update source.
- Document all changes made for future reference. Write a brief memo summarising to management any update or patch that your server has received and applied and any possible fix conducted from your end.
- Solve any problems with your domain controller, raised in your memo. This may involve the modification of group policies, user accounts or the installation of the service packs.
Q12: Server integration – load balancing and redundancy
This task allows you to demonstrate your ability to integrate multiple server operating systems for authentication, file sharing, security and redundancy. This task should take approximately 60 minutes to complete.
You are to:
- Prepare a new server machine and load Windows Server 2016 operating system.
You may simulate the task by using a separate virtual machine.
- Update the IP settings of your new server to match the IP scheme for your network. This includes the configuration of the appropriate IP addresses, subnet mask, DNS settings and gateway settings.
- Add this new server to the existing domain used with your Active Directory domain controller. You do not need to install Active Directory and DNS services on this server.
- You are also required to use router for this practical and test the connection to ensure that the server machine has the appropriate connectivity.
- Browse the internet and check your server against the latest critical updates from Microsoft.
Q13: Server network and security – web and email support
This task allows you to demonstrate your ability to implement a wide range of server network and security services. This task should take approximately 60 minutes to complete.
You are to configure the following server roles on the new server running Windows Server 2016 operating system:
- Install and activate DHCP server services. You must create a new scope for DHCP services based on your IP address scheme previously planned for the entire network.
- Install and configure IIS Server (web server) services. Test and confirm using the default browser that the web server is running correctly.
- Install and configure FTP (file transfer protocol) services. Test and confirm using an FTP client and a nominated ‘user account’ that the FTP server is running correctly.
- Install and configure SMTP and proxy mail services. Confirm that they are functioning correctly.
- Configure Windows Firewall so that ‘firewall exceptions’ are added in order to allow access to IIS, FTP, SMTP and mail proxy services from external locations outside the network perimeter.
Q14. Event viewer – rectify system errors
This task allows you to demonstrate your ability to identify, research and solve problems on a live system.
You are to:
- Examine ‘event viewer’ and the system log for system errors. Select one of these critical errors for rectification.
- Research the error code (or error ID) and the error message using appropriate internet resources such as Microsoft’s knowledge base or third party resources.
- Identify the priority of action required based on the error’s ability to impair the performance of the system. Classify the error as having either high, medium or low priority.
- Document a procedure to correct the error based upon your research. It should aim to cause minimal server downtime.
- Document possible results of the procedure failing, the potential downtime and the strategies to be followed to recover the server.
- Perform the corrective action or procedure on the live system.
- Test the system and prepare a report detailing the actual results or outcome of the modification.
Q15: Integration testing and cleanup – system functionality
This task allows you to demonstrate your ability to identify the system’s capacity to handle high traffic situations.
You are to:
- Scan your server system using third party tools to ensure it is virus free.
- Perform full system testing based on the test plan previously created. Complete both the installation checklist and the test plan accurately.
- Confirm that all user accounts have the same account security features as defined in the Small Business Intranet operational plan.
- Ensure you have current valid backup sets and delete your current HDD. Test the consistency of your backup by restoring your server on a secondary machine or device.
- Follow the disaster recovery procedure and the resources stated in that procedure when performing a restoration of the server.
- Remove the additional facilities used, such as secondary machines or devices used, in order to clear the installation site.
Q16: Technical documentation – system handover document
This task allows you to document the server’s configuration (approximately 250 words).
This task should take approximately 60 minutes to complete.
You need to prepare a document called a Systems Handover Technical Reference that has the following sections.
- The roles and configuration of the server already implemented.
- A technical system specification of the actual server outlining the hardware configuration and drivers used. Include serial numbers for the OS and other major components.
- The disk partitions and directory information including share points.
- Outline security groups and allocated permissions.
- The Active Directory structure, login script details and group policy modifications.
- The password security configuration of the domain users.
- The system’s data backup and restore procedures. Also include a sample form for recording the backup media details.
- Draw a Prototype design using Visio or Pencil of the entire network. The design should also address the security concerns of the organsiation.