897
Comment:
|
2897
repurpose lab
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
## page was renamed from WindowsAdministration/Lab04DelegationAndShares ## page was renamed from WindowsAdministration/Lab04OuGroupLab |
|
Line 2: | Line 4: |
== Instructions == In this lab you will use the organizational units, groups and users in your AD that we created last time to delegate control to managers of their department users. Then we will setup a share for each department and for each user. In your domain controller (Using the RSAT tools or powershell): |
|
Line 3: | Line 7: |
In this lab you will create some organizational groups and users in | 1. Delegate control over users in the OU_Sales Organizational unit to jpatterson so that he can change their password, but nothing else. a. Right click on the OU, select Delegate control, Add the user. a. On theTasks to Delegate select only the following: 1. Reset user passwords and force password change at next logon 1. Reset inetOrgPerson passwords and force password change at next logon 1. Read all inetOrgPerson information 1. Delegate control over users in the OU_Developers Organizational unit to kthompson a. like the first one... 1. Delegate control over users in the OU_CSuite Organizational unit to kthompson a. ... |
Line 5: | Line 18: |
In your primary domain: | Shares: |
Line 7: | Line 20: |
1. Create an organizational group named {{{OU_Contractors}}} a. Create a global group in the {{{OU_Contractors}}} called {{{g_contractors}}} a. Create a user called {{{contractor}}} and put them in {{{g_contractors}}} group. 1. Create a user mgr in the users folder. a. Make mgr the Administrator for the {{{OU_Contractors}}} set his password as {{{Hello123Password!}}} Make sure there is no requirement to change the password. a. Make mgr a member of the server operators group and give the account remote desktop access. a. I will test mgr's ability by changing the password for "contractor" |
1. Create a share for each group Sales, Developers and Managers and make sure the groups have read/write access to the share. a. On C:\ create a folder called shares, we will use this for all our shares. a. Create folders in c:\shares named: 1. sales 1. developers 1. managers 1. home a. Share and Assign permissions to the sales, developers and managers 1. Right click on sales, select properties, sharing, Share... 1. add the sales group and set permission level to "Read/Write" and share. 1. Select the security tab and make sure that the sales group does not have full control. Remove if that right by clicking on edit, selecting sales and unchecking Full Control. a. Repeat these steps for developers and managers. 2. Create shares for users: Follow the directions at https://www.petenetlive.com/KB/Article/0000739 to complete this. |
Line 15: | Line 34: |
In your subdomain: | |
Line 17: | Line 35: |
1. Create a domain local group called {{{dl_Temporary}}} in the users folder. a. Add group to the {{{dl_temporary}}} group. |
== Documentation == 1. Document the delegations for control that you made in the "Organizational Units" section. 1. Document the Share created and its purpose in a new section called "Shared Resources" == Video Grade Guide == ||'''Topics''' ||'''Points''' || ||Video Shows: Login as one of the manager users using remote desktop and change a user's password for which they have been delegated control || 40 || ||Video Shows: Login as the user you changed the password for and show that it worked. || 10 || ||Video Shows: While still logged on, show shares by going to \\cptr230a. Access all the shares visible to demonstrate that access is allowed to those they should have access to and access is denied to those they shouldn't.|| 40 || ||Video talks through the required documentation. || 10 || |
Lab 04
Instructions
In this lab you will use the organizational units, groups and users in your AD that we created last time to delegate control to managers of their department users. Then we will setup a share for each department and for each user. In your domain controller (Using the RSAT tools or powershell):
- Delegate control over users in the OU_Sales Organizational unit to jpatterson so that he can change their password, but nothing else.
- Right click on the OU, select Delegate control, Add the user.
- On theTasks to Delegate select only the following:
- Reset user passwords and force password change at next logon
- Reset inetOrgPerson passwords and force password change at next logon
- Read all inetOrgPerson information
- Delegate control over users in the OU_Developers Organizational unit to kthompson
- like the first one...
- Delegate control over users in the OU_CSuite Organizational unit to kthompson
- ...
Shares:
- Create a share for each group Sales, Developers and Managers and make sure the groups have read/write access to the share.
- On C:\ create a folder called shares, we will use this for all our shares.
- Create folders in c:\shares named:
- sales
- developers
- managers
- home
- Share and Assign permissions to the sales, developers and managers
- Right click on sales, select properties, sharing, Share...
- add the sales group and set permission level to "Read/Write" and share.
- Select the security tab and make sure that the sales group does not have full control. Remove if that right by clicking on edit, selecting sales and unchecking Full Control.
- Repeat these steps for developers and managers.
Create shares for users: Follow the directions at https://www.petenetlive.com/KB/Article/0000739 to complete this.
Documentation
- Document the delegations for control that you made in the "Organizational Units" section.
- Document the Share created and its purpose in a new section called "Shared Resources"
Video Grade Guide
Topics |
Points |
Video Shows: Login as one of the manager users using remote desktop and change a user's password for which they have been delegated control |
40 |
Video Shows: Login as the user you changed the password for and show that it worked. |
10 |
Video Shows: While still logged on, show shares by going to \\cptr230a. Access all the shares visible to demonstrate that access is allowed to those they should have access to and access is denied to those they shouldn't. |
40 |
Video talks through the required documentation. |
10 |