Добавил:

Upload Опубликованный материал нарушает ваши авторские права? Сообщите нам.

Вуз:

Алматинский университет энергетики и связи

Предмет:

[НЕСОРТИРОВАННОЕ]

Файл:

20411B-ENU-TrainerHandbook

.pdf

Скачиваний:

237

Добавлен:

01.05.2015

Размер:

16.48 Mб

Скачать

☆

<<< < Предыдущая 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 5152 / 5352 53 > Следующая >>>

			MCT
		L11-79
Module 11: Configuring Encryption and Advanced Auditing
Lab: Configuring Encryption and Advanced			USE
Auditing			USE
Auditing
Exercise 1: Encrypting and Recovering Files
 Task 1: Update the recovery agent certificate for the Encrypting File System (EFS)			.ONLY
1.	On LON-DC1, in Server Manager, click Tools, and then click Group Policy Management.		.ONLY
1.
2.	In Group Policy Management, expand Forest: Adatum.com, expand Domains, expand
	Adatum.com, and then click Default Domain Policy.
3.	In the Group Policy Management Console dialog box, click OK to clear the message.
4.	Right-click Default Domain Policy, and then click Edit.
5.	In the Group Policy Management Editor window, under Computer Configuration, expand Policies,
	expand Windows Settings, expand Security Settings, expand	Public Key Policies, and then click	STUDENT
	expand Windows Settings, expand Security Settings, expand	Public Key Policies, and then click
	Encrypting File System.
6.	Right-click the Administrator certificate, and then click Delete.
7.	In the Certificates window, click Yes.
8.	Right-click Encrypting File System, and then click Create Data Recovery Agent.
9.	Read the information for the new certificate that was created. Notice that this certificate was obtained
	from AdatumCA.
10.	Close the Group Policy Management Editor.
11.	Close Group Policy Management.

 Task 2: Update Group Policy on the computers

1.On LON-DC1, on the taskbar, click the Windows PowerShell® command-line interface shortcut.

2.At the Windows PowerShell prompt, type the following command, and then press Enter:

gpupdate /force

3.Close the command prompt.

4.Switch to LON-CL1.

5.On LON-CL1, at the Start screen, type cmd, and then press Enter.

6.At the prompt, type the following command, and then press Enter

gpupdate /force

7.Close the command prompt.

8.Log off of LON-CL1.

 Task 3: Obtain a certificate for EFS

1.On LON-CL1, log on as Adatum\Doug with a password of Pa$$w0rd.

2.On the Start screen, type mmc, and then press Enter.

PROHIBITED USE

L11-80 Configuring Encryption and Advanced Auditing

3.In Console1, click File, and then click Add/Remove Snap-in.

4.In the list of available snap-ins, click Certificates, and then click Add.

5.In the Add Or Remove Snap-ins dialog box, click OK.

6.In the left pane, click Certificates – Current User, right-click Personal, point to All Tasks, and then click Request New Certificate.

7.In the Certificate Enrollment Wizard, click Next.

8.On the Select Certificate Enrollment Policy page, click Next to use the Active Directory Enrollment Policy.

9.On the Request Certificates page, select the Basic EFS check box, and then click Enroll.

10.On the Certificate Installation Results page, click Finish.

11.In the Console1 window, in the left pane, expand Certificates – Current User, expand Personal, and then click Certificates.

12.Read certificate details, and note that it was issued by AdatumCA.

13.Close Console1, and do not save the settings.

 Task 4: Encrypt a file

1.On LON-CL1, open Windows Explorer, type \\LON-DC1\Mod11Share\Marketing in the address field, and then press Enter.

2.Right-click DougFile, and then click Properties.

3.On the General tab, click Advanced.

4.In the Advanced Attributes dialog box, select the Encrypt contents to secure data check box, and then click OK.

5.In the DougFile Properties dialog box, click OK.

6.In the Encryption Warning dialog box, click Encrypt the file only, and then click OK. Wait a few seconds for the file to be encrypted.

7.Look at the color of the file name.

8.Close the Windows® Explorer window.

9.Log off of LON-CL1.

 Task 5: Use the recovery agent to open the file

1.On LON-DC1, on the taskbar, click the Windows Explorer shortcut.

2.In the Windows Explorer, browse to E:\Labfiles\Mod11\Mod11Share\Marketing.

3.Double-click DougFile.txt.

4.In Notepad, add some text to the file, click File, and then click Save.

5.Close Notepad and Windows Explorer.

Results: After completing this exercise, you will have encrypted and recovered files.

PROHIBITED USE STUDENT .ONLY USE MCT

Administering Windows Server® 2012	MCT
	L11-81
Exercise 2: Configuring Advanced Auditing
 Task 1: Create a Group Policy Object (GPO) for advanced auditing

1.On LON-DC1, open Server Manager, click Tools, and then click Active Directory Users and USE

Computers.

2.In Active Directory Users and Computers, right-click Adatum.com, click New, and then click

Organizational Unit.

3.Type File Servers, and then press Enter.

4.Click the Computers container, right-click LON-SVR1, click Move, click the File Servers ONLY organizational unit (OU), and then click OK.

5.In Server Manager, click Tools, and then click Group Policy Management.

6.In Group Policy Management, expand Forest: Adatum.com, expand Domains, expand

Adatum.com, click and then right-click File Servers, and then click Create a GPO in this domain

and Link it here. .

7.In the New GPO window, type File Audit, and then press Enter.

8.Double-click the Group Policy Objects container, right-click File Audit, and then click Edit. STUDENT

9.In the Group Policy Management Editor, under Computer Configuration, expand Policies, expand

Windows Settings, expand Security Settings, expand Advanced Audit Policy Configuration, expand Audit Policies, and then click Object Access.

10.Double-click Audit Detailed File Share.

11.In the Properties dialog box, select the Configure the following events check box.

12.Select both Success and Failure check boxes, and then click OK.

13.Double-click Audit Removable Storage.

14.In the Properties dialog box, select the Configure the following events check box.

15.Select both Success and Failure check boxes, and then click OK. USE

16.Close the Group Policy Management Editor.

17.Restart LON-SVR1.

18.Log on to LON-SVR1 as Adatum\Administrator with a password of Pa$$w0rd.

 Task 2: Verify audit entries

1.Log on to LON-CL1 as Adatum\Allan with a password of Pa$$w0rd.

2.On the Start screen, type \\LON-SVR1\Mod11, and then press Enter.

3.Double-click the Testfile.txt file to open it in Notepad.

4.Close Notepad.

5.Switch to LON-SVR1.

6.On LON-SVR1, in Server Manager, click Tools, and then click Event Viewer.

7.In Event Viewer, double-click Windows Logs, and then click Security.

PROHIBITED

L11-82 Configuring Encryption and Advanced Auditing

8.Double-click one of the log entries with a Source of Microsoft Windows security auditing, and a

Task Category of Detailed File Share.

9.Click the Details tab, and note the access that was performed.

Results: After completing this exercise, you will have configured advanced auditing.

 To prepare for the next module

When you finish the lab, revert the virtual machines to their initial state. To do this, complete the following steps:

1.On the host computer, start Hyper-V Manager.

2.In the Virtual Machines list, right-click 20411B-LON-DC1, and then click Revert.

3.In the Revert Virtual Machine dialog box, click Revert.

4.Repeat these steps for 20411B-LON-SVR1 and 20411B-LON-CL1.

PROHIBITED USE STUDENT .ONLY USE MCT

			MCT
		L12-83
Module 12: Implementing Update Management
Lab: Implementing Update Management			USE
Exercise 1: Implementing the WSUS Server Role			USE
Exercise 1: Implementing the WSUS Server Role
 Task 1: Install the Windows Server® Update Services (WSUS) server role
1.	Log on to LON-SVR4 as Adatum\Administrator with a password of Pa$$w0rd.		.ONLY
2.	On LON-SVR4, in Server Manager, click Manage, and then click Add Roles and Features.		.ONLY
2.
3.	In the Add Roles and Features Wizard, click Next.
4.	On the Select installation type page, ensure Role-based or feature-based installation is selected,
	and then click Next.
5.	On the Select destination server page, click Next.
6.	On the Select server roles page, select the Windows Server Update Services check box.		STUDENT
7.	In the pop-up window, click Add Features.		STUDENT
7.	In the pop-up window, click Add Features.
8.	On the Select server roles page, click Next.
9.	On the Select features page, click Next.
10.	On the Windows Server Update Services page, click Next.
11.	On the Select role services page, confirm that both WID Database and WSUS Services are selected,
	and then click Next.
12.	On the Content location selection page, in the text box, type C:\WSUSUpdates, and then click
	Next.
13. On the Web Server Role (IIS) page, click Next.
14. On the Select role services page, click Next.			USE
15. On the Confirm installation selections page, click		Install.	USE
15. On the Confirm installation selections page, click		Install.
16. When the installation completes, click Close.
17. In Server Manager, click Tools, and then click Windows Server Update Services.
18. In the Complete WSUS Installation window, click Run, and wait for the task to complete. Click Close.
19. Do not close the Windows Server Update Services Configuration Wizard window.
 Task 2: Configure WSUS to synchronize with an upstream WSUS server			PROHIBITED
1.	In the Windows Server Update Services Configuration Wizard window, click Next twice.
2.	On the Choose Upstream Server page, click the Synchronize from another Windows Server
2.
	Update Services server option, in the Server name text box, type LON-SVR1.Adatum.com, and
	then click Next.
3.	On the Specify Proxy Server page, click Next.
4.	On the Connect to Upstream Server page, click Start Connecting. Wait for the upstream server
	settings to be applied, and then click Next.
5.	On the Choose Languages page, click Next.
6.	On the Set Sync Schedule page, click Next.

L12-84 Implementing Update Management

7.		On the Finished page, click the Begin initial synchronization option, and then click Finish.
8.		In the Windows Server Update Services console, in the navigation pane, double-click LON-SVR4, andMCT
		then click Options.	USE
9.		In the Options pane, click Computers. In the Computers dialog box, select Use Group Policy or	USE
9.
		registry settings on computers. Click OK.

	Results: After completing this exercise, you should have implemented the WSUS server role.

	Exercise 2: Configuring Update Settings		.ONLY
	Exercise 2: Configuring Update Settings
	 Task 1: Configure WSUS groups
1.		On LON-SVR4, in the WSUS console, in the navigation pane, double-click LON-SVR4, and then
		double-click Computers.	STUDENT
5.		In the New GPO dialog box, in the Name text box, type WSUS Research, and then click OK.	STUDENT
2.		Click All Computers, and then, in the Actions pane, click Add Computer Group.
3.		In the Add Computer Group dialog box, in the Name text box, type Research, and then click Add.
1.		Switch to LON-DC1.
2.		In Server Manager, click Tools, and then click Group Policy Management.
3.		In the Group Policy Management Console, double-click Forest: Adatum.com, double-click Domains,
		and then double-click Adatum.com.
4.		Right-click the Research OU, and then click Create a GPO in this domain, and Link it here.
6.		Double-click the Research organizational unit (OU), right-click WSUS Research, and then click Edit.	USE
7.		In the Group Policy Management Editor, under Computer Configuration, double-click Policies,	USE
7.
		double-click Administrative Templates, double-click Windows Components, and then click
		Windows Update.
8.		In the Setting pane, double-click Configure Automatic Updates, and then click the Enabled option.	PROHIBITED
9.		In the Configure automatic updating field, click and select 4 – Auto download and schedule the	PROHIBITED
9.

install, and then click OK.

10. In the Setting pane, double-click Specify intranet Microsoft update service location, and then click the Enabled option.

11. In the Set the intranet update service for detecting updates and the Set the intranet statistics server text boxes, type http://LON-SVR4.Adatum.com:8530, and then click OK.

12. In the Setting pane, double click Enable client-side targeting.

13. In the Enable client-side targeting dialog box, click the Enabled option, in the Target group name for this computer text box, type Research, and then click OK.

14. Close the Group Policy Management Editor and the Group Policy Management console. 15. Open Active Directory Users and Computers.

		Administering Windows Server® 2012	MCT
		Administering Windows Server® 2012	L12-85
16.		In Active Directory Users and Computers, double-click Adatum.com, click Computers, right-click
		LON-CL1, and then click Move.
17.		In the Move dialog box, click the Research OU, and then click OK.	USE
18.		Close Active Directory Users and Computers.	USE
18.		Close Active Directory Users and Computers.
	 Task 3: Verify the application of Group Policy settings
1.		Switch to LON-CL1.
2.		On LON-CL1, move the mouse pointer to the right-hand side of the screen, click the Settings icon,
		click Power, and then click Restart.	.ONLY
		click Power, and then click Restart.
3.		After LON-CL1 restarts, log on as Adatum\Administrator with a password of Pa$$w0rd.
4.		On the Start screen, type cmd, right-click the Command Prompt tile, and then click Run as
		Administrator.
5.		At the command prompt, type the following command, and then press Enter:

		Gpresult /r

6.		In the output of the command, confirm that, under COMPUTER SETTINGS, WSUS Research is listed
		under Applied Group Policy Objects.
1.		On LON-CL1, at the command prompt, type the following command, and then press Enter:


2.		Switch to LON-SVR4.	STUDENT
3.		In the Update Services console, expand Computers, All Computers, and then click Research.
4.
4.		Verify that LON-CL1 appears in the Research Group. If it does not then repeat steps 1-3. It may take
		several minutes for LON-CL1 to display.
5.		Verify that updates are reported as needed. If there are not updates reported, repeat steps 1-3. It may
		take 10-15 minutes for updates to register.	USE
			USE

Results: After completing this exercise, you should have configured update settings for client computers.

Exercise 3: Approving and Deploying an Update by Using WSUS

 Task 1: Approve WSUS updates for the Research computer group

1.	On LON-SVR4, in Windows Server Update Services, under Updates, click Security Updates, right-	PROHIBITED
	click Security Update for Microsoft Office 2010 (KB2553371), 32-bit edition, and then click	PROHIBITED

	Approve.
2.	In the Approve Updates window, in the Research drop-down list box, select Approved for Install.
3.	Click OK and then click Close.

L12-86 Implementing Update Management

 Task 2: Deploy updates to LON-CL1

1.On LON-CL1, at the command prompt, type the following command, and then press Enter:

Wuauclt.exe /detectnow

2.Click to the Start screen and then type Windows Update.

3.Under Search, click Settings and then click Windows Update.

4.Click Check for updates now.

5.Click We’ll install 1 important update automatically.

6.Click Install to install the approved update.

7.Close the PC Settings window when the installation is complete.

 Task 3: Verify update deployment to LON-CL1

1.On LON-CL1, on the Start screen, type Event Viewer, click Settings, and then press Enter.

2.In Event Viewer, expand Applications and Services Logs, expand Microsoft, expand Windows, and click WindowsUpdateClient – Operational to view events.

3.Confirm that events are logged in relation to the update.

Results: After completing this exercise, you should have approved and deployed an update by using WSUS.

 To prepare for the next module

When you finish the lab, revert all virtual machines back to their initial state. To do this, perform the following steps:

1.On the host computer, start Hyper-V Manager.

2.In the Virtual Machines list, right-click 20411B-LON-DC1, and then click Revert.

3.In the Revert Virtual Machines dialog box, click Revert.

4.Repeat steps 2 to 3 for 20411B-LON-SVR1, 20411B-LON-SVR4, and 20411B-LON-CL1.

PROHIBITED USE STUDENT .ONLY USE MCT

		MCT
	L13-87
Module 13: Monitoring Windows Server® 2012
Lab: Monitoring Windows Server 2012		USE
Exercise 1: Establishing a Performance Baseline		USE
Exercise 1: Establishing a Performance Baseline
 Task 1: Create and start a data collector set
1.	Switch to the LON-SVR1 computer.	.ONLY
2.	Pause your mouse pointer in the lower-left of the taskbar, and then click Start.	.ONLY
2.
3.	In Start, type Perf, and in the Apps list, click Performance Monitor.
4.	In Performance Monitor, in the navigation pane, expand Data Collector Sets, and then click
	User Defined.
5.	Right-click User Defined, point to New, and then click Data Collector Set.
6.	In the Create new Data Collector Set Wizard, in the Name box, type LON-SVR1 Performance.	STUDENT
14.	In the Available counters list, expand System, click Processor Queue Length, and then click	STUDENT
7.	Click Create manually (Advanced), and then click Next.
8.	On the What type of data do you want to include? page, select the Performance counter check
	box, and then click Next.
9.	On the Which performance counters would you like to log? page, click Add.
10.	In the Available counters list, expand Processor, click %Processor Time, and then click Add >>.
11.	In the Available counters list, expand Memory, click Pages/sec, and then click Add >>.
12.	In the Available counters list, expand PhysicalDisk, click %Disk Time, and then click Add >>.
13.	Click Avg. Disk Queue Length and then click Add >>.
	Add >>.	USE
15.		USE
15.	In the Available counters list, expand Network Interface, click Bytes Total/sec, click Add >>, and
	then click OK.
16.	On the Which performance counters would you like to log? page, in the Sample interval box,
	type 1, and then click Next.	PROHIBITED
17.	On the Where would you like the data to be saved? page, click Next.	PROHIBITED
17.
18.	On the Create the data collector set? page, click Save and close, and then click Finish.
19.	In Performance Monitor, in the results pane, right-click LON-SVR1 Performance, and then
	click Start.
 Task 2: Create a typical workload on the server
1.	Pause your mouse in the lower-left of the taskbar, and then click Start.
2.	In Start, type Cmd, and in the Apps list, click Command Prompt.
3.	At the command prompt, type the following command, and then press Enter:

Fsutil file createnew bigfile 104857600

L13-88 Monitoring Windows Server 2012

4.At the command prompt, type the following command, and then press Enter:

Copy bigfile \\LON-dc1\c$

MCT

5.		At the command prompt, type the following command, and then press Enter:		USE

		Copy \\LON-dc1\c$\bigfile bigfile2

6.		At the command prompt, type the following command, and then press Enter:
		Del bigfile.		.ONLY
		Del bigfile.

7.		At the command prompt, type the following command, and then press Enter:

		Del \\LON-dc1\c$\bigfile.

8.		Do not close the command prompt.
	 Task 3: Analyze the collected data		STUDENT
1.		Switch to Performance Monitor.	STUDENT
1.		Switch to Performance Monitor.
2.		In the navigation pane, right-click LON-SVR1 Performance, and then click Stop.
3.		In Performance Monitor, in the navigation pane, click Performance Monitor.
4.		On the toolbar, click View Log Data.
5.		In the Performance Monitor Properties dialog box, on the Source tab, click Log files, and then
		click Add.
6.		In the Select Log File dialog box, double-click Admin.
7.		Double-click LON-SVR1 Performance, double-click the LON-SVR1_date-000001 folder, and then
		double-click DataCollector01.blg.
8.		Click the Data tab, and then click Add.	USE
9.		In the Add Counters dialog box, in the Available counters list, expand Memory, click Pages/sec,	USE
9.
		and then click Add >>.
10.		Expand Network Interface, click Bytes Total/sec, and then click Add >>.
11.		Expand PhysicalDisk, click %Disk Time, and then click Add >>.	PROHIBITED
17.		Record the values listed in the report for later analysis.	PROHIBITED
12.		Click Avg. Disk Queue Length and then click Add >>.
13.		Expand Processor, click %Processor Time, and then click Add >>.
14.		Expand System, click Processor Queue Length, click Add >>, and then click OK.
15.		In the Performance Monitor Properties dialog box, click OK.
16.		On the toolbar, click the down arrow, and then click Report.

Results: After this exercise, you should have established a baseline for performance-comparison purposes.

<<< < Предыдущая 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 5152 / 5352 53 > Следующая >>>

Соседние файлы в предмете [НЕСОРТИРОВАННОЕ]

#
01.05.201559.39 Кб111_Diplom_Trebovania_Tekhnika_bezopasnosti.doc
#
01.05.201548.15 Кб272 д-ріс.docx
#
01.05.2015110.08 Кб152 лаба.doc
#
01.05.2015224.26 Кб52-РГР техника жне технология негіздері.doc
#
01.05.2015624.64 Кб542012215.pdf
#
01.05.201516.48 Mб23720411B-ENU-TrainerHandbook.pdf
#
01.05.2015134.66 Кб192192_srs2_politology.doc
#
10.03.2016475.65 Кб52222.doc
#
01.05.201569.93 Кб2024 билет ЗИ в ТКС.docx
#
01.05.201518.89 Кб143 д-ріс.docx
#
01.05.2015675.84 Кб123 лаба метод указ.doc