LESSON 1:Using Virtualbox for the server 2008 R2

1)Create New Machine.

2) If you are using VirtualBox 3.1.0 or earlier versions, then you can’t find Windows 2008 R2 OS as
guest OS, so select Windows 2008 64 Bit. Later versions have 2008 R2 64 Bit selection.

3)Set memory size to 1024MB, and create a new hard disk with 20GB space.

Select Dynamically Expanding storage option. Set the disk size and location of disk file in next screen.

4)Press Finish to complete disk creation and virtual machine creation.

5)Click on storage option in virtual machine configuration settings.

6)Press ‘Empty’ IDE controller as mentioned below to insert Installation DVD or ISO image. If you
have installation DVD, then insert it to host DVD drive select ‘Host Drive- Drive letter’ mentioned
below. So when you boot a Windows 2008 R2 virtual machine, it will read your host physical DVD
drive. Here, I have ISO file and mount it by clicking on Folder arrow button.

7)Make sure the following settings are correct under system setting of the virtual machine. Click on
System to view the settings.

Processor – 1 and Enable PAE/NX enabled.

Desktop virtualization software

Hardware Virtualization Enable VT-x/AMD-V should be enabled.

Desktop virtualization software

Now start the Windows 2008 R2 virtual machine in VirtualBox.

The installation will go smoothly if all settings are correct. I’m not explaining any installation steps.

9)As usual, VirtualBox worked very faster and installation finished very quickly. The working
Windows server 2008 R2 on VirtualBox is below.

10) Install VirtualBox additions to get better mouse integration, display settings, folder share,
network speed and more. It’s always recommended to install or update VirtualBox additions in
virtual machines. Restart the virtual machine after VirtualBox additions installation.

LESSON 2:Installing Server 2008 R2

1. Insert the appropriate Windows Server 2008 installation media into your DVD drive. If you don’t
have an installation DVD for Windows Server 2008, you can download one for free from Microsoft’s
Windows 2008 Server Trial website.

2. Reboot the computer.

3. When prompted for an installation language and other regional options, make your selection and
press Next.

4. Next, press Install Now to begin the installation process.

5. Product activation is now also identical with that found in Windows Vista. Enter your Product ID in
the next window, and if you want to automatically activate Windows the moment the installation
finishes, click Next.

If you do not have the Product ID available right now, you can leave the box empty, and click Next.
You will need to provide the Product ID later, after the server installation is over. Press No.

6. Because you did not provide the correct ID, the installation process cannot determine what kind
of Windows Server 2008 license you own, and therefore you will be prompted to select your correct
version in the next screen, assuming you are telling the truth and will provide the correct ID to prove
your selection later on.

7. If you did provide the right Product ID, select the Full version of the right Windows version you’re
prompted, and click Next.

8. Read and accept the license terms by clicking to select the checkbox and pressing Next.

9. In the “Which type of installation do you want?” window, click the only available option – Custom
(Advanced).

10. In the “Where do you want to install Windows?”, if you’re installing the server on a regular IDE
hard disk, click to select the first disk, usually Disk 0, and click Next.
If you’re installing on a hard disk that’s connected to a SCSI controller, click Load Driver and insert
the media provided by the controller’s manufacturer.
If you’re installing in a Virtual Machine environment, make sure you read the “Installing the Virtual
SCSI Controller Driver for Virtual Server 2005 on Windows Server 2008”
If you must, you can also click Drive Options and manually create a partition on the destination hard
disk.

11. The installation now begins, and you can go and have lunch. Copying the setup files from the
DVD to the hard drive only takes about one minute. However, extracting and uncompressing the
files takes a good deal longer. After 20 minutes, the operating system is installed. The exact time it
takes to install server core depends upon your hardware specifications. Faster disks will perform
much faster installs… Windows Server 2008 takes up approximately 10 GB of hard drive space.
The installation process will reboot your computer, so, if in step #10 you inserted a floppy disk
(either real or virtual), make sure you remove it before going to lunch, as you’ll find the server
hanged without the ability to boot (you can bypass this by configuring the server to boot from a
CD/DVD and then from the hard disk in the booting order on the server’s BIOS)

12. Then the server reboots you’ll be prompted with the new Windows Server 2008 type of login
screen. Press CTRL+ALT+DEL to log in.

13. Click on Other User.

14. The default Administrator is blank, so just type Administrator and press Enter.
15. You will be prompted to change the user’s password. You have no choice but to press Ok.

16. In the password changing dialog box, leave the default password blank (duh, read step #15…),
and enter a new, complex, at-least-7-characters-long new password twice. A password like
“topsecret” is not valid (it’s not complex), but one like “T0pSecreT!” sure is. Make sure you
remember it.

17. Someone thought it would be cool to nag you once more, so now you’ll be prompted to accept
the fact that the password had been changed. Press Ok.

18. Finally, the desktop appears and that’s it, you’re logged on and can begin working. You will be
greeted by an assistant for the initial server configuration, and after performing some initial
configuration tasks, you will be able to start working.

LESSON 3:Server 2008 R2 Initial Configuration tasks

To access the ICT window after disabling its automatic launch when starting Server Manager, go to
the HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SERVER MANAGER\OOBE registry subkey and
find "Do not open Initial Configuration Tasks at logon." ”Set the “Do not show this windows at logon"
value back to 0. You can also use the registry editor to change this value, or alternatively run
OOBE.EXE to launch the ICT window.

LESSON 4:Installing virtualbox guest addtions

Once you have Windows running inside VirtualBox, go to the menu bar, then choose the Devices
menu. Here, scroll down and choose “Insert Guest Additions CD Image.”

Virtualbox Guest Additions Windows

Open My Computer or My PC. You may see the Guest Additions CD in the menu on the left. If you
don’t, click on This PC, and you should see it. Double-click the CD, then double-click
“VBoxWindowsAdditions.”

LESSON 5:Creating a Primary Domain Controller

Step 1: Install Active Directory Domain Services (ADDS)

Log into your Active Directory Server with administrative credentials.Open Server Manager → Roles
Summary → Add roles and features

how-to-setup-a-domain-controller
The "Before you begin" screen, which pops up next, is purely for an informational purpose. You may
read through it and click "next".Select the installation type. If you're going to deploy your DC in a
virtual machine, choose Remote Desktop Services installation. Else, choose Role-based or Feature-
based installation.

how-to-setup-a-domain-controller-2
Now, select the destination server on which the role will be installed. Make sure the IP address
points to the selected server. Else, close the server manager and retry.

how-to-setup-a-domain-controller-3
Select the roles you want to install on this server. The basic requirements to promote this server into
a domain controller is Active Directory Domain Services.
how-to-setup-a-domain-controller-4
The basic features required for proper functioning of this role are selected by default. Click next to
install them.

how-to-setup-a-domain-controller-5
Confirm your installation selections. It is recommended to select the "Restart the destination server
automatically if required" button. Select "Install" and once installation is complete, close the
window.

how-to-setup-a-domain-controller-6
Step 2: Promote the server into a domain controller
Once the ADDS role is installed in this server, you will see a notification flag next to the Manage
menu. Select "Promote this server into a domain controller"Select “Add a new forest” and enter
Root domain name. This domain name will also be the forest name.

how-to-setup-a-domain-controller-7
Select a forest functional level and a domain functional level of your choice. Ensure that the domain
functional level is equal to or higher than the forest functional leave.
Since this is the first domain controller, it automatically becomes the DNS server and also the Global
Catalog (GC).
Enter a unique Active Directory Restore Mode password used to retrieve Active Directory data.Since
a DNS Server is being configured as part of our efforts, you’ll be warned that a delegation for this
DNS server cannot be created. This can be safely ignored.

how-to-setup-a-domain-controller-8
Enter a NetBIOS name for your domain. It is preferable to match the NetBIOS name with the root
domain name. For more information on NetBIOS name restrictions, see
https://support.microsoft.com/en-us/kb/909264

how-to-setup-a-domain-controller-9
Select the folder where your database, log files, and SYSVOL will be stored. It is recommended to
stick to the default settings.

how-to-setup-a-domain-controller-10
Review your options and click Next. A prerequisites check will be done by Active Directory. Once it is
completed, click Install.

how-to-setup-a-domain-controller-11
Your system will be rebooted automatically for the changes to take effect. Verify the health of the
domain controller by running the command dcdiag /v from the command line.

LESSON 6:Creating user accounts in active directory

To create a new user, follow these steps:

 Click Start, point to Administrative Tools, and then click Active Directory Users and
Computers to start the Active Directory Users and Computers console.
 Click the domain name that you created, and then expand the contents.
 Right-click Users, point to New, and then click User.
 Type the first name, last name, and user logon name of the new user, and then click Next.
 Type a new password, confirm the password, and then click to select one of the following
check boxes:
 o Users must change password at next logon (recommended for most users)
o User cannot change password
o Password never expires
o Account is disabled
Click Next.
 Review the information that you provided, and if everything is correct, click Finish.
After you create the new user, give this user account membership in a group that permits that user
to perform administrative tasks. Because this is a laboratory environment that you are in control of,
you can give this user account full administrative access by making it a member of the Schema,
Enterprise, and Domain administrators groups. To add the account to the Schema, Enterprise, and
Domain administrators groups, follow these steps:
 On the Active Directory Users and Computers console, right-click the new account that you
created, and then click Properties.
 Click the Member Of tab, and then click Add.
 In the Select Groups dialog box, specify a group, and then click OK to add the groups that
you want to the list.
 Repeat the selection process for each group in which the user needs account membership.
 Click OK to finish.
The final step in this process is to add a member server to the domain. This process also applies to
workstations. To add a computer to the domain, follow these steps:
 Log on to the computer that you want to add to the domain.
 Right-click My Computer, and then click Properties.
 Click the Computer Name tab, and then click Change.
 In the Computer Name Changes dialog box, click Domain under Member Of, and then type
the domain name. Click OK.
 When you are prompted, type the user name and password of the account that you
previously created, and then click OK.

A message that welcomes you to the domain is generated.

 Click OK to return to the Computer Name tab, and then click OK to finish.
 Restart the computer if you are prompted to do so.

LESSON 7: Creating a Backup Domain Controller

First of all, add the Active Directory Domain Services role to our brand new server (that must be in
the same local network – or VPN – of the Primary Domain Controller but outside the domain):

Now that Active Directory Domain Services are installed, open the network preferences and add the
Primary Domain Controller as the primary DNS server (in our example 192.168.2.103 while the BDC
IP is 192.168.2.104). Then restart the machine:

It’s time to configure the new Backup Domain Controller. Click Promote this server to a domain
controller:

Check Add a domain controller to an existing domain then click Select:

Specify the credentials of the domain administrator:

Select the domain:

How to add a <strong>Backup Domain Controller (BDC)</strong> to an existing Active Directory
Domain” width=”400″ height=”302″ class=”aligncenter size-full wp-image-1709″ /></a></p>
<p>Click <em>Next:</em></p>
<p><a href=How to add a Backup Domain Controller to an existing Active Directory Domain

Specify a Directory Services Restore Mode password then click Next:

Click Next:

Select the Primary Domain Controller from the dropdown menu then click Next:

Default paths are fine. Click Next:

Click Next:

Windows Server will check if it’s all ok. Then click Install:

After a few minutes the Backup Domain Controller will be ready. Just restart the machine and
remember to add the Backup Domain Controller IP as a secondary DNS server in your client
machines:

LESSON 8: Configuring DHCP for IPv4

DHCP (Dynamic Host Configuration Protocol) is a method to assign IP addresses automatically to

network clients. You can configure your Firebox as a DHCP server for the networks that it protects. If
you have a DHCP server, we recommend that you continue to use that server for DHCP.

These DHCP settings apply to trusted, optional, or custom interfaces, and to VLAN, Bridge, and Link
Aggregation interfaces in trusted, optional, or custom security zones.

LESSON 9: Joining Windows 7

Click on Start > then right click on Computer and click on Properties

The basic system information page will open, under Computer name, domain, and workgroup
settings, click on Change Settings

On the System Properties page, click on Change...

Under Member of, select the radio button beside Domain: , type the name of the domain you want
your Windows 7 to join and then click OK

A pop up box requesting to enter credentials of an account with rights to join the domain (with
rights to create computer accounts), example of such user is one that is member of the Domain
Admins Active Directory group. Once the username and password are typed, click on OK

A confirmation pop up box will welcome you to the domain. Clicking on OK, will result in having
another message informing that a reboot for the machine is required to apply the changes. Click on
OK
Close System properties page, and on the You must restart your computer pop up message box, click
on Restart Now

Once your machine is rebooted, press CTRL + ALT + Del to log on

As you can see, the user that last logged on to the system was a local account user ( machine
name\username ), and we need to log on to the machine with a domain user account, to do this,
click on Switch User

Click on Other User

Type your domain user credentials and click on Enter key to log on. Note that, as seen in the below
image, my domain name is stated under the username and password textboxes. If it happens that
you have your local machine name is shown and not your domain name, then type the user name in
this format : domain name\username

If you want, after you log on to the machine, open the basic system properties page ( Right Click
Computer > Properties ), and check your computer full name, and the name of the domain your
machine is joined to.

LESSON 10: Sharing Folders and the File Services Role

As long as your Windows Server 2016 server has the File Server role installed, you can use Server
Manager to create and manage file shares. Run the following PowerShell "one-liner" to determine
whether the role's installed:
Get-WindowsFeature -Name FS-FileServer

If not, then you can install the role quickly and easily with the following command:
Install-WindowsFeature -Name FS-FileServer -IncludeAllSubFeature -IncludeManagementTools

You can start Server Manager from PowerShell simply by typing servermanager and pressing Enter.

In Server Manager, select the File and Storage Services node, and then Shares in the submenu. As
shown in the following screenshot, creating a new file share is as easy as choosing New Share from
the Tasks menu and then completing the New Share Wizard.

LESSON 11: Print Server Role and Deploying Printers

Press the Windows key.

Click Settings.

Click Devices > Printers & Scanners.

Click Add a printer.

Select Add a local printer or network printer with manual settings, and click Next.

Select Create a new port.

Change the Type of port to Standard TCP/IP Port, and click Next.
In the Hostname or IP address field, enter the IP address of the print server.

Click Next > Next > Finish.

If prompted, select a driver from the list or obtain a driver from the manufacturer of the printer, and
click Next.

Click Next until you you are asked if you want to print a test page. To confirm that the printer was
successfully added, you should send a test page to your printer.

LESSON 12: Creating Security Groups in Active Directory

New-ADGroup -Name "Test Group"-DisplayName "Test Group" -GroupScope Universal -

GroupCategory Security -Path "OU=Contoso Group,OU=Contoso,DC=Contoso,DC=com"

LESSON 13: Creating Organizational Units in Active Directory

On your Active Directory server, select Start > All Programs > Administrative Tools > Active Directory
Users and Computers.
Right-click the domain that contains your View machines and select New > Organizational Unit.
Type a name for the OU and click OK.
The new OU appears in the left pane.
To add View machines to the new OU:
Click Computers in the left pane.
All the computer objects in the domain appear in the right pane.
Right-click the name of the computer object that represents the View machine in the right panel and
select Move.
Select the OU and click OK.
The View machine appears in the right pane when you select the OU.

LESSON 14: Deleting Organizational Units in Active Directory

Select the Organizational Unit and select Properties in the Tasks pane on the right.

Uncheck the "Protect from accidental deletion" check box and click OK.

Select Delete in the Tasks pane on the right.

Confirm deletion of the Organizational Unit.

LESSON 15: Listing Shared Folders and Printers in Active Directory

Right click on the printer you wish to list in the Active Directory and select Properties
Select the 'Sharing' tab
Check the 'List in the Directory' box
Click here to view image
You can also select the General tab and enter details of location for the printer
Click Apply then OK

Lesson 6: Hub, Switch, and Router

Hub- connect all of your network devices together on an internal network. It is a device that has
multiple ports that excepts ethernet connections from network devices.

* Hub is not considered to be intellegent because it does not filter any data or does have any
intellegence as to where the data supposed to be sent and that's because the only thing that hub
knows is when a device is connected to one of its ports, so when a data arrives in one of its ports, it
is copied to all of its ports. So, all of the devices on that hub sees that data.

Switch- very similar to a hub. It's also a device that has multiple ports that excepts ethernet
connections from network devices but unlike a hub, a switch is intellegent. A switch can actually
learn the physical addresses of the devices that are connected to it and it stores the physical
addresses called the MAC addresses in its table. So when a data is sent to the switch, it's also
directed to the intended port.

Difference between Hub and Switch

Hub
* Only defects that a device is physically connected to it.

Switch
* Can detect specific devices that are connected to it.
* Keeps a record of the MAC addresses of those devices.

Router

* Routes or forwards data from one network based on their I.P. address.

LESSON 16: Delegating Control of an Organizational Unit

1.To open Active Directory Users and Computers, click Start, click Control Panel, double-click
Administrative Tools, and then double-click Active Directory Users and Computers.
In the console tree, right-click the organizational unit (OU) for which you want to delegate control.
Where?

2.Active Directory Users and Computers\domain node\organizational unit

3.Click Delegate Control to start the Delegation of Control Wizard, and then follow the
instructions in the wizard.

LESSON 17: Changing Password Requirements in Group Policy

Run > gpmc.msc

Expand your forest, expand the Domains container, expand your domain, and then right click on the
Domain Controllers container.
Pick "Create a GPO in this domain, and Link it here...".
Pick a name for your GPO (e.g. "Disable Password Complexity Rules") and click OK.

Expand the Domain Controllers container, right click on your new policy, and pick "Edit...".
Navigate through Computer Configuration > Policies > Windows Settings > Security Settings >
Account Policies.
Open the policy named "Password must meet complexity requirements" and set it to Disabled.
The policy is now set, and all you need to do is run gpupdate.

Run > cmd

Type gpupdate, hit enter, and wait for it to complete. It'll only take a few seconds.

LESSON 18: Enabling Ping Requests to Clients Using Group Policy

1.Edit an existing Group Policy object or create a new one using the Group Policy Management Tool.
2.Expand the Computer Configuration/Policies/Windows Settings/Security Settings/Windows
Firewall with Advanced Security/Windows Firewall with Advanced Security/Inbound Rules
node.Group Policy Management Editor
3.Check the Custom radio button and click Next
4. Check the All Programs radio button and click Next
5.From the Protocol Type: drop down list select ICMPv4 and click Customize
6.Check the All ICMP types radio botton and click OK.
Note: If you want to limit ICMP to specific types Echo Request should be allowed as a
minimum.Customize ICMP Settings
7.You may choose to restrict what IP addresses ICMP is allowed to and from or check the Any IP
address radio buttons to allow all then click Next.New Inbound Rule Wizard
8.Check the Allow the Connection radio botton and click Next.New Inbound Rule Wizard
9.Choose what profiles the rule will apply to. Check the Domain profile checkbox as a minimum and
click Next.New Inbound Rule Wizard
10.Add a meaninful name for the rule in the Name: field. Add a description if desired and click Finish
to exit and save the new rule.New Inbound Rule Wizard
11.Make sure the Group Policy Object is applied to the relevant computers using the Group Policy
Management Tool.

LESSON 19: Enabling Remote Desktop Using Group Policy

Open up Group Policy Management Console (GPMC).

Create a New Group Policy Object and name it Enable Remote Desktop.

Navigate to: Computer Configuration -> Windows Settings -> Security Settings -> Windows Firewall
with Advanced Security -> Windows Firewall with Advanced Security -> Inbound Rules and Create a
New Rule. Screenshot below.
Enable Remote Desktop via Group Policy

Select Port in the New Inbound Rule Wizard.

Ensure TCP and Specific Local Port : 3389

Firewall Rule Port 3389

Allow the Connection and only select Domain and Private Profiles.
Name this rule – Inbound Rule for RDP Port 3389

Now that we have added the local ports, we’ll need to enable the Remote Desktop Session Host
policies.
Go to Computer Configuration -> Policies -> Administrative Templates -> Windows Components ->
Remote Desktop Services -> Remote Desktop Session Host -> Connections

Allow users to connect remotely by using Remote Desktop Services to Enable.

Connections - Allow RDP Settings

Now we’re going to enable Network Level Authentication. This is highly recommended and has
many security advantages. However, that’s out of the scope of this article so I won’t go in to the
details now.

Go to Computer Configuration -> Policies -> Administrative Templates -> Windows Components ->
Remote Desktop Services -> Remote Desktop Session Host -> Security

Set Require user authentication for remote connections by using Network Level Authentication to
Enable.
Security - Enable NLA Group Policy

Last but certainly not least, we need to apply the newly created GPO to an Organizational Unit so it
actually works.

Close out of GPMC. There aren’t any more settings to configure.

LESSON 20: Group Policy Objects for Organizational Units

Click Start > Administrative Tools > Group Policy Management.

2 Select the Centrify organizational unit, right-click, then select Create a GPO in this domain, and Link
it here.
3 Type a name for the new Group Policy Object, for example, Centrify Policy, then click OK.