98-365 – Microsoft MTA Windows Server 2008 – Active Directory – things you need to know Part 2

5. Permissions – lab

Let’s share some drives and folders. Let’s start on the server. What we want to achieve is, let’s say, Mike, right? That’s the name we gave it. Let’s say he has a lot of files, and he asks the administrator, “Can I have a place on your server, please?” And he said, “Yeah, whatever. I can do that for you.” So you go into the reword. In most cases, you would have a dedicated hard drive. We will use the C drive for a small company, and that’s okay. And let’s say it is user files. And inside, we want to create a folder for every single user, Mike. Now we have to allow Mike to give Mike permission to access that folder. So first of all, we have to share it.

Okay? Let’s go to advanced sharing. And what we want to do is give some permissions. We want to add, and here we just type “Mike.” It will recognize the name when we click OK. And now what does the level “read” mean when I can read only? “change” means I can read and write. Do not give full control to end users because they can change the attributes as well. That’s not a good test as well Now it is important to set NTFS permissions to default. Please keep in mind that users will have read. Yeah. We want to add Mike, which is NPFs; the previous was share permission. Okay? And Mike will be allowed to modify. Please do not use “deny.” It’s not a good idea. Avoid using “deny” at all. Do not use it. Just allow Microsoft to say you should avoid using Deny because it’s really confusing and can cause a lot of issues when you try and test it. That’s it.

We go to Windows 7. Now it’s time to test it. The easiest way to test it is to access this folder, 1921-6811, and let’s do it that way. It will list all available folders for us, and one of them is Mike. Now it is okay for you to type 1921-6811. It’s not a good thing for your user. That’s why what you can do is map a drive, okay? It means that Mike, when he goes to his computer, will see a new drive—a new network drive—here. That’s a good thing. Users like it. Please note that there is a map network drive here, and you can take advantage of that. Now, suppose we use X on the folder. The way I do that is I go back here and just go inside, right-click, and copy the address as text.

Thanks to that, you don’t have to type everything in here. Reconnect when you log in. It means that when he reboots his PC, it will be there. In most cases, when you go to a company, you will have a script that maps a drive. What I’m showing you at the moment applies to a small company because it means that you have to create that manually for every single user. It’s not a good thing. You could create a script. It is beyond our discussion. The idea is the same. The only difference is that there is a script that maps a drive. You don’t go to the computer and click on Map Network Drive. It happens when you boot up a PC. That’s it. Mike is a very happy user. He has a new network location.

6. Let’ add some roles

It’s time to add some roles. We proceed to the administrative tools. And here we go to the server manager. What I want to show you is DHCP. We will enable and add a DHCP role. It means that our server will be a DHCP server. It means it will provide shared IP addresses to our users. It is a popular solution in many businesses. Adhcp Server is a Windows Server box. We proceed to Roles. And here we click on “Add Role.” Again. That’s what we want. The http server Next. Next. Now the question is: what is your domain? As you can see, everything has been filled in for you. That’s fine. We don’t use wins. Now we have to create a scope.

A scope is a range of IP addresses that we want to give out and assign to our hosts. So let’s call it Scope One, and let’s start. It’s always a good idea to leave a gap. I’m not sure if you noticed. I started when we assigned IP addresses. You might be wondering why I chose eleven. Why? Your domain controller is one, and you left a gap like that. I did that on purpose. It is a very popular solution. Again, because you need some static IP addresses. Why? You need that for devices like printers and rotor switches. What else? Access points. Okay. That’s why it’s a good idea to leave a gap. It allows you to assign static IP addresses. Let’s say we have 15 users. So, if we give out 40 iPad addresses, that should be plenty. Subnet mask is zero. The default gateway will make it up to 54. The default leave time will be six days. That’s fine. Click Next. Yeah, we can enable it now. Let’s disable. We don’t use IPV6 yet. It’s done. We have the url. We navigate to Admin Tools. We can see the HTTP in place. That’s always a good sign, isn’t it? That’s our scope.

I’ll show you a few things. Here is the address pool that we created. The first IP address we are going to assign is 10. The last one is 50. That should be okay for, what did I say, 15 users? Yeah. We do not have any IP addresses yet. Scope options. That’s our router, which we made up. DNS is, of course, our domain control, and our domain name is Company Local. You ready?

It’s time to test it. We go to the Windows 7 Network and Sharing Center in here. To remember this place, we assigned an IP address over here. What we have to do is put up a domain, okay? Because I’m a user now, I’m not allowed to make any changes. Come on. Here we go. I opened it  okay? BecaAnd here we want to take the first option. Get an IP address from a DHCP server. Do the same for DNS. It may take some time to apply new settings after pressing OK. You should be patient and wait for this screen to disappear. Here we go.

How can we test it? We go to CMD, and do you remember the command that we have to use? Ipick confit. Fair enough. Let me change the sizes so you can see that the number is 1921-6810. Just one thing if you want to verify that you received an IP address from the correct server: we type “Ipconfigall,” and in here one of the lines will say “DHCP.” Please keep in mind that Windows 7 did accept an IP address from a DCP server. The DCP server has an IP address of 1921-6811. Every time I get a new IP address, I try to ping it to make sure that it’s still okay. It’s all good. Thank you very much.

7. Group Policy – let’s block some things!

Active Directory group policy That is a great topic. I love it. I have spent a lot of time implementing GPOs. It’s really fun to lock it down. Users don’t like it. Every time you ask a user and he thinks about group policies, he says, “Oh, that means I will not be able to change my wallpaper.” It means I will not be able to do this or that. Yeah, in many cases, we use GPO to force certain settings to make sure that users cannot do anything stupid. Of course, there are a lot of things that you can achieve using GPO.

For instance, you can deploy new applications, run scripts, and manage a lot of settings. You can make your life easier. For instance, when you have a certificate, you can deploy it using GPO, and so on. Group policy is a centralised place that you can use to provide settings and security options. Policy settings are stored in GPOs. Group policy objects. There are thousands of settings that you can choose from. I will say it again. The easiest way is to just open it, play with it, and see how it works. It’s really fun because you can block things. You can say, “Well, I don’t want you to change the time clock or the wallpaper.” I don’t want you to be able to make changes in Internet Explorer; you are not permitted to do so. You cannot remove any applications. You can’t use a USB drive, a DVD drive, and so on. In our next video, we are going to talk about GPO in action.

You will see how it can be applied. We play with some settings. Here it is, just like an introduction. We’ll go to a server. Anyway. I’ll show you a place where you can manage your group policy objects. We go to administrative tools, and in here you should see a group policy management snapping. If you open it, you will see a list of group policy objects. Objects that have been created and applied Be very careful. I think I mentioned that in our GPO lab as well. Be very careful when you apply GPOs because you can break things. If you apply a GPO and there is a domain controller inside or a very important server, a user will be affected. Make sure that you test it first. Make sure that you’re okay with the settings that are inside. Please keep in mind that you can access details and settings. It will produce a nice report. Make sure that you’re happy with everything that you want to implement, because you can break things in here. As I mentioned Please make sure you watch the next video. You will see GPO in action. How you can create a group policy object, how we apply it, and how we test it Thank you very much.

8. Group Policy in action

Group policy objects. I love that topic. I recall three or four years ago, when I spent a few weeks on-site at a large school developing, designing, implementing, and troubleshooting a policy. And I created a group policy for the whole school. And we locked down all PCs, which was really fun to do that.I encourage you to play with all settings. It’s not just to lock it down. You can use GPO to deploy software. You can add scripts and a lot of features as well. Of course, for MTA, we want to keep it simple. That’s why we are going to create a pretty simple GPO. We’ll see how it goes. The idea is to make sure it works the way you expect it to.

Test it, and you can take it from there. The first thing you have to do is go to Active Directory. Users and computers, as well as ensuring that users and computers are in the correct ou. In our case, we have a dedicated Ouuser, and I am okay with that. We’ll apply a group policy to all of them, and Mike should be affected. We have a group policy management snap; we click on it. That is a place where you go if you want to create troubleshooting tasks and apply GPOs. Be very careful if you make a mistake. That’s why I mentioned Ous. Make sure that you put your users and computers in the correct folder, because if you make a mistake, maybe your account is over there. You can lock it out and have a lot of problems. If there is a server or a very important laptop, a user should be very careful. Test it first. Create a user, then apply and test it. Make sure that it’s okay before you go and apply it in the real world. We want to create a GPO here.

You can right-click and edit that GPO. As you probably know, it is divided into two sections: settings that can be applied to a computer and settings that can be applied to a user account. We want to focus on this one because we have Mike Holland in Ottawa. Now the easiest way to learn and see what’s inside is to play with it. Click for instance here and say, okay, what will I achieve by doing this or that? Okay, what is available under printers? What can I do with the desktop? What can I do with shared folders and so on? On your MTA exam, Microsoft, they’re not going to ask you anything specific from here. However, if you want to go for MCSA, MCSC,  MCITP, and so on, you can expect a question. They can be very specific, and you can Okay, how can I disable the control panel? How can I remove all icons from the desktop? It can be a question, or it can be a simulation. It all depends. For MTA, it is more than enough to know how it works. I recommend that you spend some time getting used to it. Because if you have a domain controller, you have GPOs. That’s why it makes sense to know how it works. So what do you suggest? Let’s look at our desktop. We can see one icon on the desktop. Can we remove it? We should. That’s the option. To do that, I like to start with something simple. Make sure that GPO works the way I expect it to. Do not start with a sophisticated feature like “Oh, let’s do this or that.” Let’s replace a wallpaper with a shared file. No, don’t do it. Start with something simple. Make sure it works, and you can take it from there. We double-click “enable” and “apply,” and it changes to “enable.” That’s it. Want to test it? Let’s try it. It is possible to force it from the command line. I like to reboot first time. Make sure that it’s going to be applied. Let’s log in and see how it goes. Plug and pray. Come on. Come on. Let’s wait. Come on, come on. Yes, it’s Let’s log It’s gone. to make sure I’m not hiding anything in the background. Here we go. There is nothing on the screen. Our GPO is working now. Go away. Now. If you want to see all settings, you go to this GPO, and there is a nice report you can view. When you go to the settings here, it will show all the options that you decided to enable. Thank you very much.

9. An interview with an Active Directory Expert – bonus video

Hi Laurent, thank you very much for joining me tonight. I really appreciate that. Please, yes, tell me a little about yourself and your professional background. Hello, Maris. I appreciate you taking the time to listen to me. So I’ve been in the IT industry for ten years. I’m an Active Directory expert at the moment for a company called Frost because I’m working at Frost in Paris. So we met each other in London because I used to work in London in 2011 and 2012. So yeah, I’m back in force now in Paris, and maybe I can Yeah, you’re Microsoft Certified, and that’s what I want to focus on. And, as we all know, certificates are important. Do you agree with that? Will obtaining certification as a Microsoft Engineer help you find a better job? as a Microsoft Certified Engineer.

You specialise in Active Directory. Yes, I think it actually depends actually. Before I came to the UK, I didn’t have any certification, and I think that was a mistake. In France, it was okay, but when I came to the UK, I just realised that, because my English was not so good, it would be good if I had this certification because it’s recognised internationally. Right, yeah. But in France, it depends. When you own the interview, they will usually ask you what you know, what you did in your previous job, and if that matches what they want here. And I discovered some people I’ve known for a long time, some people who are MCTPs or whatever, and they don’t know anything. So it really depends. I believe that if you are in an interview, if you are in front of someone who actually knows this stuff, on the technical side, it will be less about the certification and more about what you did in your previous experience. Right. But if you are with HR, it will probably be very important for them. That’s right, because I’m not sure if you agree with me, but they do not have time to verify every single CV that arrives in their inbox.

So if they’re looking for an Active Directory specialist, it’s much easier for them to ask for MCSA and MCTTP because, in a way, it can show that at least you passed five exams, and then it’s much easier for them to verify it. Yeah, I’m not in HR; I don’t know. I believe they also use keywords on your CV to search for what you’ve done previously, and when they make a job offer, they discuss with the manager what they really need and try to match their needs. But obviously, in your CV, on the first page, there is the logo of Mcitpmcac, which I think is good. It’s better to have it than not have it, right? However, if you have it, you can be certain that you will be asked questions about your experience and specialisation during the interview. And if you don’t know it, if you don’t know the question or the answer to the question, it would be very bad because, okay, you have your certification, but you don’t really know it. Yeah, I agree with it. And do you remember your first job in It? How did you apply? How did you find your first job in It? Yeah, I remember it. It was in France, of course. It was something called Artelis, which is part time at school. part time at work. So it was the first job I had. I spent two weeks in the company and one week at ool. part tiand I didn’t know where to look. I had no experience with it. I liked it. It was passion. So this is why I wanted to work in It. But I just took the company directory and called them one by one. Nice. Monster was new to me. Now, obviously, I know and a lot of people know, but it was not so easy. Now we have to think about our image on the Internet, our blogs, everything, because they will obviously Google it, but they will also write it down before that existed. So it was cool. I called them. I called them for, I don’t remember, four weeks nonstop. And finally one guy said, “Okay, I’m looking for someone; come.” And I don’t remember exactly, but I received a new SMS text from him at midnight or something. He said, “Yeah, come on Tuesday.” I don’t know. I had an interview. It was relaxed.

I was young, he was young, and he was alone. He was looking for some guys to train, and I understand they trained you and allowed you to learn as well when you worked. Yes, because that was actually the goal, because I was going to school in this company, so obviously I would learn at school and practise in the company. And to be honest with you, it’s a cool thing for them because it’s cheaper. You’re a student; you’re not paid. It’s very good. And it’s a good thing for you as well, because it’s a good starting point later on. It’s a very good thing. When I left school, I had been out for two ng for youSo I heard this afternoon on the radio that one of the most recruiting industries in France is because there was a lot of unemployment in France. It’s crazy. It’s like it’s still increasing. And one of the most appealing aspects is that there are more jobs than these guys, and they claim that in 20 or 30 or 30 years, they will recruit. Still, because of the requirement, They need a lot of technicians and engineers. Yeah.

And why Microsoft? Yeah, I like it. before I work in it. I like it. So I installed Linux. I tape with Linux, with Microsoft, with everything, and even one of my first jobs was with Novo. domino and novo I remember that. Yeah, I liked it. But when I use Microsoft, I don’t know, to be honest with you. I think it’s intuitive. I like it. I don’t know why I like it. It is the most popular software and operating system. Do you like windows? Eight. Okay, thank you very much. I really appreciate it. Actually, I’m using separate windows. Eight. d operating You don’t have a job. I use Windows. Eight. When I was working with you, I was like, “The better tester for the company is not bad.” I think the idea is quite good. They haven’t implemented it quite well, I think. I think even 8.1 is not so good. There is now only Windows 10. It’s coming. There is no ninth. I’m not sure why, but what I’m really looking forward to is the new Windows Seven. because the Metro interface or the mobile interface is good. I think it’s good because tablets and everything I think is good is good, but not for a server. I don’t know about the server. And I hope they will do something a bit more clever on the server.