2016
Purdue University
CNIT 242
Section 001
Authors: Benya Chongolnee
Noah Grostefon
Emily Harshman
TA: Professor Hands
Due Date: 12/13/16
Date Submitted: 12/10/16
-On Blackboard
Lab 03: Enterprise Windows Server/Client Administration
�Lab 03: Enterprise Windows Server/Client Administration
12/10/16
Table of Contents
Executive Summary......................................................................................2
Background & Business Scenario................................................................3
Procedures................................................................................................4-6
Phase 1.........4-5
New virtual machine port group to ESXi servers..4
Second domain controller........4
New windows 7 VM...4
Microsoft Backup...4
Printing.4-5
IIS web server.......5
Distributed File System....5
Phase 2..5-6
Windows Server Update Services...5-6
Powershell Remote...6
Virtualized Opera browser............6
Microsoft System Center Configuration Manager....6
Results.......................................................................................................7-9
IP schema and services....10
Network Diagram...................................................................................11
Conclusions and Recommendations.....................................................12-13
References............................................................................................14-15
Appendix................................................................................................16-17
Appendix A: Problem Solving and Troubleshooting..........................16
Appendix B: Cisco PIX Configuration................................................17
�Lab 03: Enterprise Windows Server/Client Administration
12/10/16
Executive Summary
The purpose of this report is to describe how Hands Publishing added more
virtual machines as well as other permissions to help them expand their business. With
these new virtual machines and software, they plan to not only expand their business
but also to communicate internally and externally more effectively and efficiently. This
report shows the in depth steps taken in order to ensure a successful setup. With these
added virtual machines, Hands Publishing would be able to promote their business
further in a more efficient manner as well as making company-wide updates more
efficient.
To ensure a successful setup for the new hardware and software, a relevant
literature review was conducted. This report will explore 4 main topics:
1) The businesses need for this particular hardware and software
2) The specific hardware and software used to implement the successful setup
3) The results of the test environment setup
4) Any recommendations from the team members to ensure a relatively easy setup
Important recommendations for improving implementation were identified with this
setup. Some of these recommendations include but are not limited to: continual updates
of software, training for the new software and hardware being used, and repeated
system checks to ensure reduction of errors.
�Lab 03: Enterprise Windows Server/Client Administration
12/10/16
Background and Business Scenario
Hands Publishing is in the process of expanding the company since they have
more budget. In order to expand, they added a few virtual machines such as a second
domain controller, IIS web server, Windows Server Update Services, and Microsoft
System Center Configuration Manager. These different virtual machines serves different
purposes for the company and gives the company many, different benefits. For
example, the IIS web server is the server for Hands Publishing websites so that the
company is able to create websites for the company for their customers to see as well
as get the name Hands Publishing out there. The Windows Server Update Services
virtual machines help with updating the companys servers and computers. This virtual
machine serves as a way for all of the computers in the company to be updated
automatically.
On top of this, Hands Publishing also added printing permissions, implemented
backup, virtualized a browser (Opera), and used PowerShell Remote to list/stop/start
services on a remote machine. By adding printing permissions, staffs of Hands
Publishing will be able to print anything they want from their computer. This
permission also allow some users such as the administrator to have printing priority so
that their documents would be printed before anyone elses. On top of this, by
implementing backup, the computers are backup every day to protect the data from
being lost. Doing this decreased the security risk of the company and help Hands
Publishing avoid frustrated customers. By implementing all of these tasks, Hands
Publishing will be a better and more profitable company.
�Lab 03: Enterprise Windows Server/Client Administration
12/10/16
Procedures
Phase 1
Added a new VM port group to ESXi server: (VMWARE)
1. Launched vSphere Client | Navigated to 10.18.17.4 | Configuration tab |
Networking | Add Networking | Virtual Machine | Next | Use vSwitch0 | Next | Set
Network Label to Site_2 | Next | Finish
Cloned 2012 VM template:
1. Launched vSphere Client | Navigated to left menu area | Right-clicked | Virtual
Machines and Templates | Right-clicked Clean Windows Server 2012 | Deploy
virtual machine from this template | Next | Chose ESXi host | Next | Datastore 1 |
Next | Finish
Implemented as second domain controller: (Support Microsoft and Windows IT Pro)
1. Started new cloned VM | Launched Server Manager | Manage | Add Roles and
Features | Role-based or feature-based installation | Next | Active Directory
Domain Services | Next | Add Features | Next | Install | Close | Click on Flag Icon
| Promote to domain controller | add to existing domain | enter credentials | Next |
Install
2. Moved FSMO roles > Run regsvr32 schmmgmt.dll | OK | OK | Run mmc | File |
Add/remove snap-in | Add | Active Directory Schema | Add | Close | OK |
Right-clicked Active Directory Schema | Change Domain Controller | Specified
Name | OK | Right-clicked Active Directory Schema | Operations Master |
Change | OK
Installed Windows 7 VM at the new VLAN:
1. Launched vSphere Client | Right-clicked 10.18.17.4 | New Virtual Machine |
Typical | Next | Named new vm | Next | Datastore 1 | Next | Windows 7 64-bit |
Next | Selected Site_2 from NIC 1: drop down menu | Next | Next | Finish
Set scheduled backup on the two Domain Controllers: (Technet)
1. Launched Windows Server Backup | Backup Schedule | Next | Custom | Next |
Add items | Added items needed for backup | OK | Once a day | Selected time |
Next | Back up to a hard disk | Next | Selected destination disk | Next | Finish
Created a print administrator user: (Support Microsoft and Technet)
1. Launched Server Manager | Tools | Active Directory Users and Groups | Users |
Create New User Icon | Enter credentials | Next | Finish
4
�Lab 03: Enterprise Windows Server/Client Administration
12/10/16
2. Create priority printing groups > Launch Server Manager | Tools | Print
Management | Right-click print server | Properties | Security | Add | Add Print
administrator user | OK | Permissions | Allow for Manage Server | OK
Cloned 2012 VM template:
1. Launched vSphere Client | Navigated to left menu area | Right-clicked | Virtual
Machines and Templates | Right-clicked Clean Windows Server 2012 | Deploy
virtual machine from this template | Next | Chose ESXi host | Next | Datastore 1 |
Next | Finish
Implemented IIS web server with a website:
1. Started new cloned VM | Launched Server Manager | Manage | Add Roles and
Features | Role-based or feature-based installation | Next | Web Server (IIS) |
Next | Next | Next | Next | Install | Close
Implemented DFS domain namespace: (Technet)
1. Launched Server Manager | Manage | Add Roles and Features | File Services |
Next | Distributed File System | Created Namespace | Install
2. Implemented DFS replication > Launched Server Manager | Manage | Add Roles
and Features | File Services | File and iSCSI Services | DFS Replication | Next |
Add Features | Next | Next | Install | Close > Launched DFS Management |
Right-clicked Replication | New Replication Group | Replication Group for Data
Collection | Next | Next | Entered Name | Next | Add folders | OK | Next | Next |
Next | Next | Create | Finish
Phase 2
Cloned Server 2008/12 VM template:
1. Launched vSphere Client | Navigated to left menu area | Right-clicked |
Virtual Machines and Templates | Right-clicked Clean Windows Server
2012 | Deploy virtual machine from this template | Next | Chose ESXi host
| Next | Datastore 1 | Next | Finish
Implemented a Windows Server Update Services (WSUS):
1. Launch Server Manager | Manage | Add roles and features | Role-based
or feature-based installation | Next | Windows Server Update Services |
Next | Next | Next | Next | Created Folder | Next | Install
�Lab 03: Enterprise Windows Server/Client Administration
12/10/16
2. Configured clients to pull updates from WSUS server using a GPO >
Launched Server Manager | Tools | Group Policy Management | Add
Group Policy | Update using WSUS policy | Finish
Implemented PowerShell for WSUS: (4sysops and How to Geek)
1. Opened PowerShell on Clean Windows Server 2012 | Entered
Enter-PSSession -ComputerName WSUS -Credential Administrator |
Entered Administrator credentials
To list services > Entered get-service on PowerShell
To stop services > Entered stop-service (service name)
To start services > Entered start-service (service name)
Used ThinApp to virtualize Opera:
1. Installed Opera browser | Navigated to
\\rtfm.cit.lcl\pub\c24200\VMWare\ThinApp\ | Launched Setup Capture |
Next | Prescan | Minimized Setup Capture
2. Opened Opera browser | Navigate to menu on upper left | Settings |
Checked Open a specific page or a set of pages | Clicked Set Pages |
Entered http://www.purdue.edu/ | OK
3. Navigated back to Setup Capture | Postscan | Next | Checked only the
following Active Directory Groups | Clicked Add | Entered Administrator |
OK | Next | Next | Next | Checked No | Next | Next | Clicked Generate MSI
package | Save | Next | Build | Finish
Cloned the Server 2012 VM template:
1. Launched vSphere Client | Navigated to left menu area | Right-clicked |
Virtual Machines and Templates | Right-clicked Clean Windows Server
2012 | Deploy virtual machine from this template | Next | Chose ESXi host
| Next | Datastore 1 | Next | Finish
Implemented Microsoft SCCM: (SCCMentor and Technet)
1. Launched Windows Explorer | Navigated to \\rtfm.cit.lcl\pub\c24200\sccm\
| Launched SCCM installer | Next | Next | Trial License | Next | Accept
Agreement | Accept Licenses | Next | Choose downloads folder | Next |
Select English | Next | Next | Entered Site Code and description | Next |
Stand-alone | Next | Yes | Next | Next | Configure the communication
method | Next | Next | Next | Install
�Lab 03: Enterprise Windows Server/Client Administration
12/10/16
Overview of Results
Upon completion of phase 1, the team successfully set up a second Domain
Controller virtual machine, implemented Microsoft Backup, created a print administrator
and introduced priority base printing queues, installed an IIS Web Server, and
implemented a DFS domain space with replication of the home directory and desktop
data between the two domain controllers. The second domain controller was added to a
new subnet/site, separate from the first domain controller. The two domain controllers
operated on separate sites and had separate FSMO roles that they followed. Microsoft
Backup Services were installed to routinely perform scheduled backups of important
data and files from the two domain controllers. Backups were saved on a targeted share
on the physical Windows 10 Machine (Optiplex 620). Only user files and the domain
controller database were backed up in order to conserve disk space.
Windows Server Backup
�Lab 03: Enterprise Windows Server/Client Administration
12/10/16
A print administrator user group was created to allow particular users and
administrators to have security rights and access to operate and manage print jobs.
Priority-based printing queues were added to allow for more important users to have
their print jobs finished before normal priority users. This works by having priority users
placed in higher priority groups in the queueing system. The higher priority users will
automatically have their print jobs queue in front of existing print jobs from normal
priority users.
An IIS Web Server was implemented and configured with one website and three
virtual links. One of the web pages was a public page that anyone on the network can
access. Another page was a private page that only allowed members of the domain to
access, while the third page was a site specific web page that was only accessible from
computers or VMs located on the Site_2 subnet/site.
A Distributed File System (DFS) was created in order to allow the multiple file
shares on both domain controllers to be combined into a single DFS. The roaming
profiles were redirected to the new namespace and DFS Replication was implemented
in order to add redundancy and improve reliability and availability of data.
Upon completion of phase 2, Windows Server Update Services (WSUS) was
installed, ThinApp was used to virtualize an Opera web browser, and Microsoft System
Center Configuration Manager (SCCM) was implemented. WSUS allowed for updates
to be managed, approved, and synchronised across all servers and VMs, improving
uptime, reliability, and consistency among the entire network. A group policy object
�Lab 03: Enterprise Windows Server/Client Administration
12/10/16
(GPO) was used in order to configure the clients to pull updates from the WSUS server
instead of Windows Update automatically.
Virtualized Opera Browser - Home Page
SCCM was not successfully implemented due to a multitude of errors with SQL
server. The intended purpose of SCCM; however, was to allow for hardware and
software auditing to be performed for the clients and servers as well as allow for
cooperative remote control of client machines from an SMS console.
SCCM Installation errors
�Lab 03: Enterprise Windows Server/Client Administration
12/10/16
IP Schema and Services
Table 1. IP Addresses
Operation
System
IP Address
Subnet mask
Default
Gateway
DNS
ESXi Server 1
10.18.17.3
255.255.255.0
10.18.17.1
10.2.1.11;
10.2.1.12
ESXi Server 2
10.18.17.4
255.255.255.0
10.18.17.1
10.2.1.11;
10.2.1.12
vCenter
10.18.17.9
255.255.255.0
10.18.17.1
10.18.17.11;
10.2.1.12
Domain
Controller
10.18.17.11
255.255.255.0
10.18.17.1
10.2.1.11;
10.2.1.12
First Windows
10
10.18.17.101
255.255.255.0
10.18.17.1
10.18.17.11;
10.2.1.12
Second
Windows 10
10.18.17.102
255.255.255.0
10.18.17.1
10.18.17.11;
10.2.1.12
WSUS
10.18.17.10
Table 1. IP Addresses
Table 2. Credentials [Usernames & Passwords]
Host(s)
Username
Password
ESXi Server 1
root
Group17
ESXi Server 2
root
Group17
vCenter
administrator@vsphere.local
Group17!
Backup
Administrator
group17
Table 2. Usernames and Passwords
10
�Lab 03: Enterprise Windows Server/Client Administration
12/10/16
Network Diagram
Network Diagrams for all of the virtual machines
11
�Lab 03: Enterprise Windows Server/Client Administration
12/10/16
Conclusions and Recommendations
In conclusion, Hands Publishing needed to expand their company by adding
more virtual machines as well as setting certain permissions within the company for
security purposes. The company also needed a way to promote their company to those
outside of the company on a more wide-spread scale. Hands Publishing desired to do
both without much added cost. With the added virtual machines and software, the
needs from the company and employees will be sufficiently met.
A test pilot was run on the new virtual machine as well as on the software and
privileges set and installed to test for any issues or errors that the system might
encounter. The test pilot successfully implemented the IIS Web Server and configured
one website with three clickable pages with different permissions. The test pilot team
was also able to successfully set print permissions for the employees as well allow for
the print jobs to be stopped and prioritized as necessary. Along with these particular
successes, the team was also able to create successfully a distributed file system (DFS)
so the company could allow multiple files to be shared.
The team also tested the Windows Server Update Services (WSUS), ThinApp
virtualization, and Microsoft System Center Configuration Manager (SCCM). They
successfully implemented the WSUS and ThinApp, but unfortunately ran into trouble
installing the SCCM. The team ran into trouble with errors occurring with the SQL
server. With further testing and time, the errors most likely would be smoothed out and
the procedures for SCCM would be implemented successfully.
12
�Lab 03: Enterprise Windows Server/Client Administration
12/10/16
Even though errors occurred during the test pilot, the team still believes that
implementing these procedures will ultimately benefit the company. Benefits from the
software will include: cost sustainability, successful company promoting outside the
company, and easier communication inside and outside of the office. Training and CEO
support will be necessary in order to successfully and smoothly implement the new
virtual machines and software. Overall, a high return on investment is predicted from
implementing these procedures, and the test pilot team highly recommends
implementing the virtual machine as well as the other software suggested above. The
team believes the new procedures will benefit the company more than it will cost the
company in the long run as well as benefit both the company and the employees.
13
�Lab 03: Enterprise Windows Server/Client Administration
12/10/16
References*
(August 2003). How can I move the Active Directory (AD) Global Catalog (GC) to
another domain controller (DC)? Windows IT Pro. Retrieved from
http://windowsitpro.com/windows-server/how-can-i-move-active-directory-a
d-global-catalog-gc-another-domain-controller-dc
(December 2012). How to use Group Policy settings to control printers in Active
Directory. Support Microsoft. Retrieved from
https://support.microsoft.com/en-us/kb/234270
(January 2013). Managing Services the PowerShell way - Part 3: Start and stop
Services. 4sysops. Retrieved from
https://4sysops.com/archives/managing-services-the-powershell-way-part3/#start-service
(November 2009). Windows Server Backup Step-by-Step Guide for Windows Server
2008 R2. Technet. Retrieved from
https://technet.microsoft.com/en-us/library/ee849849(v=ws.10).aspx
(November 2013). DFS Namespaces and DFS Replication Overview. Technet.
Retrieved from
https://technet.microsoft.com/en-us/library/jj127250(v=ws.11).aspx
(September 2009). Assigning Delegated Print Administrator and Printer Permission
Settings in Windows Server 2008 R2. Technet. Retrieved from
https://technet.microsoft.com/en-us/library/ee524015(v=ws.10).aspx
(September 2011). How to view and transfer FSMO roles in Windows Server 2003.
Support Microsoft. Retrieved from
https://support.microsoft.com/en-us/kb/324801
Add a Virtual Machine Port Group. VMWARE. Retrieved from
https://pubs.vmware.com/vsphere-4-esx-vcenter/index.jsp?topic=/com.vmw
are.vsphere.server_configclassic.doc_40/esx_server_config/networking/t_a
dd_a_virtual_machine_port_group.html
How to Run PowerShell Commands on Remote Computers. How to Geek. Retrieved
from
http://www.howtogeek.com/117192/how-to-run-powershell-commands-on-r
emote-computers/
(January 2014). SCCM 2012 R2 Step by Step Installation Guide. SCCMentor. Retrieved
from
https://sccmentor.com/2014/01/08/sccm-2012-r2-step-by-step-installation-g
uide/
BITS IIS Server Extension. Technet. Retrieved from
https://technet.microsoft.com/en-us/library/cc753301(v=ws.11).aspx
14
�Lab 03: Enterprise Windows Server/Client Administration
12/10/16
Remote Differential Compression Overview. Technet. Retrieved from
https://technet.microsoft.com/en-us/library/cc754372(v=ws.11).aspx
IIS 6 Compatibility components not installed. Techet. Retrieved from
https://technet.microsoft.com/en-us/library/bb397374(v=exchg.80).aspx
*Please note that the references do not include the teacher assistance and the CNIT242
lectures
15
�Lab 03: Enterprise Windows Server/Client Administration
12/10/16
Appendices
Appendix A: Problem Solving and Troubleshooting
Problem: Unable to install SCCM
Cause: Unidentified
Resolution: The problem while installing SCCM is suspected to be because some
parts of SQL server were not installed completely or correctly. On top of this, there were
multiple SQL servers installed on one machine. A way to solve this issue is to reinstall
SQL server completely.
Problem: Unable to make SITE_2 PDC Emulator
Cause: Unchanged property of SITE_2
Resolution: Both of the domain controllers were global catalog servers instead of PDC
Emulator. Since one of the domain controller needed to be a global catalog server and
one of the other domain controller needed to be a PDC Emulator, a change in the
domain controllers properties must be made. All that is needed to be done to fix this
issue is to change the property of SITE_2 so that it is no longer a global catalog server;
instead, it will automatically be a PDC Emulator.
Problem: Unable to create a new website using IIS
Cause: New site instead of a new virtual site
Resolution: The website from IIS was not directing to the page wanted, therefore; IIS
website must be configured to a private web page on the server for the members on the
domain. In order to do this, there needed to be a new virtual site instead of a completely
new site. Doing this helped to configure a site specific web page that only the first
machine on the VLAN can access.
16
�Lab 03: Enterprise Windows Server/Client Administration
12/10/16
Appendix B: NetGear PIX Configuration
(GS108T V1H1 - 3.0.2)
Port number
Cable label
CA
CB
Ethernet cable for DESKTOP_1
Ethernet cable for DESKTOP_2
Ethernet cable for DESKTOP_3
17
