5ICW - Case Study

This case study is to be completed using Windows Server 2012R2 virtual machines and forms part of your assessment requirements for this subject.

This case study has two parts a design component and a implementation of your design.

Scenario

You have been hired as the Systems Administrator for a company called Sustainable Industries Education Centre (SIEC). Hank Green, the owner and CEO, is a tree hugging greenie who isn't the most tech savvy individual, but knows the value of having good people who know the ropes when it comes to computers. He has decided to convert his infrastructure to use Windows 2012 R2. He is prepared to buy new servers and workstations and appropriate software

You'll have the rare opportunity to build from scratch the corporate network, specifically Active Directory, for SIEC which includes users at its offices in:

• Adelaide
• Tea Tree Gully

The WAN connection between the two is considered a high speed link and at the moment considered as a single LAN

Overall Objective

-The case study will demonstrate that you can use Active Directory on Windows Server 2012 effectively and efficiently.

-Effective means that you can demonstrate what Roles and Features are needed to provide a solution to the problem.

-Efficient means that if there are different ways of achieving the solution your choice is the based on the stated requirements of the company and to ensure easier administration minimizing duplication

-To assess that objectives are completed, the case study is divided into two parts design and implementation.

Part 1 -DESIGN PROPOSAL FOR SIEC.ORG

The first part of your assignment is to submit to management the design that you propose that will satisfy the overall physical and logical requirements,

OVERALL GENERAL PHYSICAL REQUIRMENTS-

After discussions with Hank it appears that there is strong likelihood that in the future TTG and Adelaide will be separate sites so this needs to be considered when deciding on the purchase of servers. There will need to be Domain controller at each location but as the TTG location has not yet been fully built Hank is concerned that there could be physical and data security issues so the Domain controller at that location has be the most basic with a limited footprint

Hank is mindful of potential and outages problems So he is prepared to purchase further servers to make sure that

A separate machine is used for corporate data

The physical design will require you to prepare a document which includes showing the locations of the machines and their configuration both from a hardware and software perspective.A table like the one below which will document the servers, their roles eg DNS, DHCP, and specific hardware eg number of HDD's their name, their IP address any specific roles or functions for the general and specific requirements of the implementation.

A successful completion of this task will be demonstrated by any administrator being able to locate the server its role its location without problem. For example should an administrator require to find the server where Data backups are located this can be done easily. If this is correct it should be the solution to the first part of the implementation namely an effective proposal.

OVERALL GENERAL LOGICAL REQUIREMENTS-

The logical design is an outline of the Active Directory structure, this will involve proposed OU's ,groups their membership and users

The company will be named SIEC.ORG The Active Directory structure is to based on the object and on geographical location. This means users and computers can be considered separate OU's.

But they are all in the one geographic location, For example, this means that ALL users in Adelaide will be located in the same OU. including the managers there will not be a separate OU for the managers. Similarly the same concept will apply to computers. . Organizational Units based on job functionality are not accepted. Management has directed you to ensure efficiency the design of the system will incorporate only minimum deployment of any policies. For example if all sales users in the company required a specific software the relevant group policy is not duplicated and linked to the Adelaide and TTG OU.s .individually it is only applied once to the structure and the settings for that policy.

Part 2 - IMPLEMENTATION OF THE DESIGN PROPOSAL FOR SIEC.ORG

Once management has approved the design the implementation can commence.

SPECIFIC REQUIREMENTS-

Part A - User creation.

You will need to create the user accounts and groups for the organization. Below are the users. Demonstrate how you create a user using Powershell. This must be done using the most efficient method. Note: Hank would like to see a demonstration of how you did this.

User Accounts (with memberships)

Part B - Sharing and Printing

Now that you have created user and group accounts, we will need to control who has access to shared folders and printers.

1. You will need to add the following Shared Folders and Printers .

2. Ensure that files and folders that users do not have access to are hidden.

Folder Permissions

Here's the Security Permissions to set on the individual Folders that you'll be creating on the Data Server:

Hank's Files and the Financial Reports Folder

• Hank has emailed you three files (Create 3 files Surname1.Surname2 Surname3) and instructed you to do the following
• Put them in the Financial-Docs folder and apply appropriate NTFS permissions so that All Users can modify Surname1 and Surname2.Sales Managers still have Full Control
• Apply appropriate NTFS permissions to Surname3 so that All Users including the Sales Users can NOT modify It. But members of Sales Managers still have Full Control over

Printers

You have three print devices - two HP Color LaserJet CP4005 PCL6 and one Epson Stylus Photo RX630 (M) Inkjet. You will create a Printer for each of the devices, and then assign Permissions as displayed

Part C - Group Policies

• Sale Users (not including the sales mangers) cannot access the Display Control Panel

 • Users cannot install software that unless the path is authorized

Password Policies

Hank doesn't like the fact that he has to use all these newfangled password techniques with symbols and what not, and he doesn't want to have to think up a new password every 30 days. He wants to use the names of his favourite plants.

Exempt Hank and the managers from the Default Domain Password Policy Settings, and then reduce the complexity requirements and extend the expiration date so that Hank and the managers will only have to update their passwords every 3 months.

MERIT

Hank has been informed that having his infrastructure divided into sites may be a benefit to the organization.

Hank has asked you to research the affect sites would have on his company..He has asked that you to report to him covering the following

If sites will make the company infrastructure

a. More efficient?

b. More security?

A simple yes or no is not enough you must include what the benefit will be and in IT terms the reasons. Eg Will users be able to logon faster if so why.

Finally an important issue that Hank will have to consider is money. Will the implementation of sites involve extra hardware if so what equipment and why will the company need it.