COMPETENCY-BASED LEARNING MATERIALS

SECTOR: ELECTRONIC SECTOR

QUALIFICATION: COMPUTER SYSTEM SERVICING NC II
UNIT OF COMPETENCY: SET-UP COMPUTER SERVERS
MODULE TITLE: SETTING-UP COMPUTER SERVERS
PREPARED BY: ALEXIS I. PIÑGOL

DepEd Legazpi City Division, Legazpi City, Albay

 HOW TO USE THIS COMPETENCY- BASED LEARNING
MATERIALS

Welcome!

The unit of competency, "Set-Up Computer Servers", is one of the

competencies of Computer System Servicing, a course which comprises the
knowledge, skills and attitudes required for a TVET trainer to possess. The module,
Setting-up Computer Servers, contains training materials and activities related to
identifying learner’s requirements, preparing session plan, preparing basic
instructional materials and organizing learning and teaching activities for you to
complete. In this module, you are required to go through a series of learning
activities in order to complete each learning outcome. In each learning outcome are
Information Sheets, Self-Checks and Task Sheets. Follow and perform the activities
on your own. If you have questions, do not hesitate to ask for assistance from your
facilitator.

Remember to:

Read information sheets and complete the self-checks. Suggested references are
included to supplement the materials provided in this module.

Perform the Task Sheets and Job Sheets until you are confident that your outputs
conform to the Performance Criteria Checklist that follows the sheets.

Submit outputs of the Task Sheets and Job Sheets to your facilitator for evaluation
and recording in the Accomplishment Chart. Outputs shall serve as your portfolio
during the Institutional Competency Evaluation. When you feel confident that you
have had sufficient practice, ask your trainer to evaluate you. The results of your
assessment will be recorded in your Progress Chart and Accomplishment Chart.
You must pass the Institutional Competency Evaluation for this competency before
moving to another competency. A Certificate of Achievement will be awarded to
you after passing the evaluation. You need to complete this module before you can
perform the module on Maintain and Repair Computer Systems and Networks.

2
 MODULE CONTENT

UNIT OF COMPETENCY : Set-up Computer Servers

MODULE TITLE : Setting-up Computer Servers

MODULE DESCRIPTOR : This competency learning materials covers the

learning outcomes required in setting-up computer
servers.

LEARNING OUTCOMES:
At the end of this module you MUST be able to:
• Set-up user access
• Configure network services
• Perform testing, documentation and pre-deployment practices

ASSESSMENT CRITERIA:
• User folder is created in accordance with network operating system (NOS)
features
• User access level is configured based on NOS features and established
network access policies/end-user requirements.
• Security check is performed in accordance with established network
access policies/end-user requirements.
• Normal functions of server are checked in accordance with manufacturer’s
instructions
• Required modules /add-ons are installed/updated based on NOS
installation procedures
• Network services to be configured are confirmed based on user/system
requirements
• Operation of network services are checked based on user/system
requirements
• Unplanned events or conditions are responded to in accordance with
established procedures
• Pre-deployment procedures is undertaken based on enterprise policies
and procedures
• Operation and security check are undertaken based on end-user
requirements
• Reports are prepared/ completed according to enterprise policies and
procedures.

3
 LEARNING OUTCOME NO. _1_
Set-up user access

Contents:

1. Network operating system (NOS) features

2. User access level configuration and Network Policies and services
3. Set up peer-to-peer (P2P) network access

Assessment Criteria

1. User folder is created in accordance with network operating system (NOS)

features
2. User access level is configured based on NOS features and established
network access policies/end-user requirements.
3. Security check is performed in accordance with established network
access policies/end-user requirements.

Conditions

The participants will have access to:

• PC or workstation network and server

• Network operating system (NOS)
• Network printer
• Tools and test instruments
• Appropriate software applications/programs

Assessment Method:

1. Hands-on
2. Direct observation
3. Practical demonstration

4
 Information Sheet 3.1-1
Network Operating System (NOS) features

Learning Objectives:
After reading this INFORMATION SHEET, YOU MUST be able to:
1. Define the Network Operating System (NOS).
2. Give the two types of Network Operating System (NOS).
3. Differentiate Peer-to-Peer to Client/Server
This information sheet will cover different types, common features of
Networking Operating System (NOS).

Pre-Test:
Directions: Encircle the letter of the best answer.
1. What is the minimum number of computers needed for a computer network?

A. 1. B. 2 C. 5 D. 10
2. How many users are in a single-server network?
A. 2-10 B. 10-50 C. 50-250 D. 250-1,000
3. It is a computer network where all computers are equal and designed
primarily in small to medium local area networks.
A. Client/Server B. Local Area C. Peer-to-Peer C. SOHO
4. It is a network which is recommended for large organizations.
A. Client/Server B. Local Area C. Peer-to-Peer C. SOHO
5. What does a computer server do?
A. It provides the basic functions of a computer
B. It connects computers together
C. It provides a particular service and manages resources
D. It is the computer's memory
6. In which of these places might you be most likely to find a peer-to-peer
network?
A. On the Internet C. In a large office building
B. In a home D. In a hospital
7. Operating system which provides all features required to communicate over a
network to access or share network resources is known as
A. Disk operating system C. Network operating system
B. Mac operating system D. Android operating system
8. Which of the following is true about client/server network set up?
A. All data and applications are held centrally
B. Complex to set up
C. Shared peripheral resources
D. Need basic technical skills
9. It enables the user to log in to any client computer and their desktop,
applications and data will be available as it is all stored on a remote server.
A. User roaming profile C. DHCP
B. Domain Name System D. Organizational Unit
10. Which of the following is NOT a property of client/server set up?
A. Access rights C. Basic login authentication
B. Storage D. Storage Limit
5
 NETWORK OPERATING SYSTEM

What is Network Operating System?

A network operating system (NOS) is a computer operating system (OS) that
is designed primarily to support workstations, personal computers and, in some
instances, older terminals that are connected on a local area network (LAN). The
software behind a NOS allows multiple devices within a network to communicate
and share resources with each other.
The composition of hardware that typically uses a NOS includes a number of
personal computers, a printer, a server and file server with a local network that
connects them together. The role of the NOS is to then provide basic network
services and features that support multiple input requests simultaneously in a
multiuser environment.
Due to earlier versions of basic operating systems not being designed for
network use, network operating systems emerged as a solution for single-user
computers.

Figure 3.1.1

6
Types of Network Operating Systems
• Peer-to-Peer
• Client/Server
Nearly all modern networks are a combination of both. The networking design
can be considered independent of the servers and workstations that will share it.

Peer-to-Peer
Peer-to-peer network operating systems allow users to share resources and
files located on their computers and to access shared resources found on other
computers. However, they do not have a file server or a centralized management
source (See fig. 3.1.2). In a peer-to-peer network, all computers are considered
equal; they all have the same abilities to use the resources available on the network.
Peer-to-peer networks are designed primarily for small to medium local area
networks. Nearly all modern desktop operating systems, such as Macintosh OSX,
Linux, and Windows, can function as peer-to-peer network operating systems.

Figure 3.1.2

In this configuration there is no central server. Instead, each workstation is

loaded with the appropriate applications needed for that machine and local
resources such as an attached printer folder or external hard drive can be shared.

The peer-peer network form is commonly found in the home or a small office.

In the set-up above the Modem / Router is providing access to the internet, it
is providing wireless access to the network and it may be set up to issue an IP
address for each machine , this is called a DHCP host or 'Dynamic Host
Configuration Protocol. If a new computer is plugged into the network, it requests an
IP address from the router.

7
Advantages of a peer-to-peer network:

• Less initial expense - No need for a dedicated server.

• Setup - An operating system (such as Windows XP) already in place may only
need to be reconfigured for peer-to-peer operations.

Disadvantages of a peer-to-peer network:

• Decentralized - No central repository for files and applications.

• Security - Does not provide the security available on a client/server network.

Client-Server network

A client server network has a powerful computer known as a server which

provides all the services required on the network. These can include directing traffic
around the network, managing disk drives and network peripherals such as printers
and scanners.

The 'client' part of the network are the workstations that people log onto in
order to use the network facilities.

This is the type of network most often used in middle to large organizations. In
larger set-ups there may be several servers on the network, each one dedicated to a
task or service. For instance, there could be:

• A print server which handles all the print jobs required by network users
• An email server which provides a centralized email service for all network
users
• File servers. There may be several file servers to provide plenty of storage
capacity
• An authentication server which handles all log-in and security measures
• A web server to provide an internal intranet service

Figure 3.1.3
8
Client-Server properties

There are strong economic and practical reasons why the client-server
topology is the preferred one for organizations such as schools, businesses,
hospitals, government and so on.

1. All data and applications held centrally

These can be performed centrally from the server rather than each
Data
individual client computer which would take up a lot of network
backups
bandwidth and management time.

Anti-virus schedules can be set by the server, so taking the

Anti-virus
processing burden away from the client computers. Easy to keep the
scans
AV software up to date with the latest threat database.

Security is improved as the data is held on a secure server in a data

room rather than an open office.

Security is improved as each used is authenticated by a user-name

Security
password

Security is improved as all access to the Internet is controlled through

the server, so proper Firewall and data policies can be managed.

Software licenses can be controlled, ensuring the organization is

Licenses
within its license quota for each application.

Assigning access rights or levels to users means that the files and
applications available to each user can be controlled according to a
Access set of rules. For example, at school, teachers need to be able to view
rights information about students such as name, address, d.o.b. However, it
would not be appropriate for cleaners or other students to be able to
access this information.

9
 Storage Storage quotas can be set for each user or department. Thus,
limits making the most efficient use of server hard disk storage space

People can log in to any client computer and their desktop,

User
applications and data will be available as it is all stored on a remote
Roaming.
server

2. Shared peripheral resources

Peripherals such as a heavy-duty Laser Printer are expensive to

purchase and maintain so it is best to make maximum use of them. This
can be done by sharing the peripheral between all the clients. The server
receives a print job from a client and sends it to the printer.

Time efficiency Saves the client from waiting around.

Performance is also improved as purchasing a single high-

Improved
speed laser printer is cheaper than buying several slower
performance and
printers attached to each client. By sharing this resource,
cost savings
the investment is worthwhile

Reliability improves. Having a single managed print service

Improved reliability is better than having to maintain a whole collection of
individual printers

Client-Server issues

Here are some advantages of client-server network set up.

Number of A client-server network is complex to set up. So, it is a bit of an

people over-kill if there are only two or three people using the system.

Setting up the server is a complex technical task as well as

Expertise maintaining and sorting out technical problems as they arise. So,
required it tends to need a network manager to handle this, this of course
is quite costly

10
 Servers are especially designed to be robust, reliable and high
Servers are performance and none of this is cheap. The operating system is
expensive also more costly that the standard stand-alone types as it has to
deal with a networked environment

If the server has a problem or the network connection fails, then

Server down no one can do any work. This is why servers are designed to be
reliable (see point 3)

Comparison

Client-Server Peer-Peer

Complex to set up Simple to set up

Requires technical expertise to set up

Needs basic technical skills
and maintain

No server present, each computer is a

Server present
'peer' of the others

Centralized data and application Each computer has its own data and
management applications loaded

Uses a dedicated network operating Uses standard operating system with

system network capabilities

11
 Only as secure are the most vulnerable
Security is managed centrally, and
computer in the network e.g. a wireless
server can be in a locked room
laptop is not physically secure

User access and authentication is Fairly basic login authentication for each
managed centrally user

Peripherals can be shared but the

Peripherals are managed centrally and
computer it is attached to must be
available to client computers
powered on as well

User data is one of the networked

Users can roam from machine to
machines which must be on for access.
machine and still have access to their
User data must be in a 'share' folder if it
applications, data and desktop setup
is to be visible on the other machines

12
 Self- Check 3.1-1

Directions: Encircle the letter of the best answer.

1.What is the minimum number of computers needed for a computer network?

A.1. B. 2 C. 5 D. 10
2.How many users are in a single-server network?
A.2-10 B. 11-50 C. 51-250 D. 251-1,000
3.It is a computer network where all computers are equal and designed primarily in
small to medium local area networks.
A.Client/Server B. Local Area C. Peer-to-Peer C. SOHO
4.It is a network which is recommended for large organizations.
A. Client/Server B. Local Area C. Peer-to-Peer C. SOHO
5.What does a computer server do?
A. It provides the basic functions of a computer
B. It connects computers together
C. It provides a particular service and manages resources
D. It is the computer's memory
6.In which of these places might you be most likely to find a peer-to-peer network?
A.On the Internet C. In a large office building
B.In a home D. In a hospital
7.Operating system which provides all features required to communicate over a
network to access or share network resources is known as
A.Disk operating system C. Network operating system
B.Mac operating system D. Android operating system
8.Which of the following is true about client/server network set up?
A.All data and applications are held centrally
B.Complex to set up
C.Shared peripheral resources
D.Need basic technical skills
9.It enables the user to log in to any client computer and their desktop, applications
and data will be available as it is all stored on a remote server.
A.User roaming profile C. DHCP
B.Domain Name System D. Organizational Unit
10.Which of the following is NOT a property of client/server set up?
A.Access rights C. Basic login authentication
B.Storage D. Storage Limit

13
Answer key 3.1-1

1. B
2. B
3. C
4. A
5. C
6. B
7. C
8. D
9. A
10. C

References:
https://searchnetworking.techtarget.com/definition/network-operating-system

https://fcit.usf.edu/network/chap6/chap6.htm

https://www.teach-
ict.com/as_a2_ict_new/ocr/A2_G063/333_networks_coms/client_server_peer/m
iniweb/pg5.htm

https://quizizz.com/admin/quiz/5a70a3e2b66186001d592e51/operating-
systems-and-network-review

https://www.pngwing.com/en/free-png-xpztj

https://enterprise-cio.com/resources/2016/jan/29/api-and-enterprise-design-
best-practices/

https://www.packetmischief.ca/2012/03/29/how-unix-made-me-a-better-
network-engineer/

14
 Information Sheet 3.1-2

User access level configuration

Learning Objectives:
After reading this INFORMATION SHEET, YOU MUST be able to:
1. Configure user access level

This information sheet will cover the different types of user accounts, types of
access to folder, levels of access to folder and procedures in user access level
configuration

Pre-Test
Directions: encircle the letter of the best answer.
1. It is a collection of settings and information that tells Windows which files and
folders you can access, what you can do on your computer, what are your
preferences, and what network resources you can access when connected to a
network.
A. User account B. Username C. User group D. Password
2. It is the name that you are giving to specific account.
A. User account B. Username C. User group D. Password
3. It is a user account has complete control over the PC.
A. Administrators B. Username C. User group D. Password
4. Those are classic user accounts that exist locally and can use blank passwords.
A. Local account B. Administrators C. User group D. Standard
5. It is a collection of user accounts that share the same security rights and
permissions.
A. User account B. Username C. User group D. Password
Enumeration:
Directions: Enumerate the types of file and folder permission in windows

15
 What is a user account?

A user account is a collection of settings and information that tells Windows

which files and folders you can access, what you can do on your computer, what are
your preferences, and what network resources you can access when connected to a
network.

The user account allows you to authenticate to Windows or any other

operating system so that you are granted authorization to use them. Multi-user
operating systems such as Windows don’t allow a user to use them without having a
user account.

In Windows, you can manage your computer’s user accounts by going to the
“Control Panel” and then to “User Accounts and Family Safety > User Accounts.”

Figure 3.1.4

A user account in Windows is characterized by the following attributes:

• Username – the name you are giving to that account.

• Password – the password associated with the user account (in Windows 7 or
older versions you can also use blank passwords).
• User group – a collection of user accounts that share the same security
rights and permissions. A user account must be a member of at least one
user group.
• Type – all user accounts have a type which defines their permissions and
what they can do in Windows.

16
Windows 7 User Accounts

Windows 7 and earlier versions has three important types of accounts:

Figure 3.1.5

Administrator

The “Administrator” user account has complete control over the PC. He or she
can install anything and make changes that affect all users of that PC.

Standard

The “Standard” user account can only use the software that’s already installed
by the administrator and change system settings that don’t affect other users.

Guest

The “Guest” account is a special type of user account that has the name
Guest and no password. This is only for users that need temporary access to the
PC. This user can only use the software that is already installed by the administrator
and cannot make any changes to system settings.

17
Windows 8 User Accounts

Windows 8 introduces two new types of user accounts, alongside those

already in Windows 7:

Figure 3.1.6

Microsoft account

Microsoft accounts are user accounts with an associated e-mail address that
give you access to all Microsoft products and services. They always have password
that’s not blank. If you are using an outlook.com e-mail address (let’s say
howtogeek@outlook.com), you have a Microsoft account with that address.

To further complicate things, Microsoft allows people to create Microsoft

accounts using third-party e-mail services like Gmail. To simplify things for you,
remember that you have a Microsoft account when you use an email address to log
into Windows or to any Microsoft product or service.

Microsoft accounts work on multiple systems and devices. Therefore you can
use the same account to log into all your Windows 8.x devices, your Xbox One
console and your Windows Phone. You don’t have to create a separate account for
each device. Microsoft accounts can be administrators or standard user accounts.

Local account
Local accounts are classic user accounts that exist locally and can use blank
passwords. For example, in Windows 7 all user accounts are local accounts. Local
accounts can be administrators or standard user accounts. They work on a single
system only, so if you do have multiple devices, you’ll have to create a separate
account for each.

18
 User accounts provide the added benefit of letting you share the same
computer with several people, while having your own files and settings. Each person
accesses his or her user account without interfering with others.

How to tell them apart?

In Windows 8.x you can quickly differentiate local user accounts from
Microsoft accounts by looking at whether they use an email address or not. Look at
the screenshot below, sharing the Manage Accounts window, which is accessed by
going to “Control Panel > User Accounts and Family Safety > User Accounts >
Manage Accounts.”

Figure 3.1.7

The first account, named Ciprian Rusen, is a Microsoft account. All the other
user accounts are local accounts. The Microsoft account is an administrator, which is
marked by the “Administrator” statement beneath its email address. All other user
accounts are standard user accounts because they do not have the “Administrator”
statement.

19
What is a User Group?

As mentioned earlier, the user group is a collection of user accounts that

share the same security rights and permissions.

Windows has a long list of predefined user groups which includes

“Administrators” and “Users.” However, most predefined user groups do not have
user accounts until the administrator or third-party apps start customizing them. User
groups can also be created by third-party software and services like virtual machines
which create hidden user accounts and groups in order to provide different features
or services.

A user account is a member of at least one user group while some user
accounts are members of two groups or more, depending on how they are set.

Figure 3.1.8

For example, all user accounts that are set as administrators will be part of
the “Administrators” group. Standard user accounts are part of the “Users” group.
However, both types of user accounts will become members of the “HomeUsers”
group, when you start using the Homegroup networking feature in Windows.

User groups are managed automatically by Windows and you won’t need to
fiddle with them, even though you can if you are an administrator. This concept is
important so that you better understand how file sharing works, how permissions are
assigned, etc.

20
 How to Set File and Folder Permissions in Windows

Every file and every folder

in Windows has its own set of
permissions. Permissions can be
broken down into Access
Control Lists with users and
their corresponding rights. Here
is an example with the user list
at the top and the rights at the
bottom:

Figure 3.1.9

Permissions are also either inherited or not. Normally in Windows, every file
or folder gets their permissions from the parent folder. This hierarchy keeps going all
the way up to the root of the hard drive. The simplest permissions have at least three
users: SYSTEM, currently logged in user account and the Administrators group.

These permissions usually come from the C:\Users\Username folder on your

hard drive. You can access these permissions by right-clicking on a file or folder,
choosing Properties and then clicking on the Security tab. To edit permissions for a
particular user, click on that user and then click the Edit button.

Figure 3.1.10

21
 Note that if the permissions are greyed out, like in the figure 3.1.10, the
permissions are being inherited from the containing folder. I’ll talk about how you can
remove inherited permissions further below, but first let’s understand the different
types of permissions.

Permission Types
There are basically six types of permissions in Windows: Full
Control, Modify, Read & Execute, List Folder Contents, Read, and Write. List
Folder Contents is the only permission that is exclusive to folders. There are more
advanced attributes, but you will never need to worry about those.

So what do each of these permissions mean? Well, here is a nice chart from
Microsoft’s website that breaks on what each permission means for files and for
folders:

Figure 3.1.11

Now that you understand what each permission controls, let us take a look at
modifying some permissions and checking out the results.

Editing Permissions
Before you can edit any permissions, you have to have ownership of the file
or folder. If the owner is another user account or a system account like Local System
or Trusted Installer, you won’t be able to edit the permissions.

22
 If you right-click on a
file or folder,
choose Properties and click
on the Security tab, we can
now try to edit some
permissions. Go ahead and
click the Edit button to get
started

Figure 3.1.12

At this point, you’ll

notice that
the Allow column is
probably greyed out and
can’t be edited.

Figure 3.1.13

23
However, you can
check items on
the Deny column. If
you want to block a
user to access the
folder, click
the Add button first
type the username,
click Check Names
then click Ok.
Figure 3.1.14

Figure 3.1.15

24
As you can see the Allow
and Deny column is
enabled. You can now
restrict the access to the
folder for the specific user
or for everyone.

Figure 3.1.16

25
 Self-check 3.1-2
Directions: Encircle the letter of the best answer.
1. It is a collection of settings and information that tells Windows which files and
folders you can access, what you can do on your computer, what are your
preferences, and what network resources you can access when connected to a
network.
A. User account B. Username C. User group D. Password
2. It is the name that you are giving to specific account.
A. User account B. Username C. User group D. Password
3. It is a user account has complete control over the PC.
A. Administrators B. Username C. User group D. Password
4. Those are classic user accounts that exist locally and can use blank passwords.
A. Local account B. Administrators C. User group D. Standard
5. It is a collection of user accounts that share the same security rights and
permissions.
A. User account B. Username C. User group D. Password
Enumeration:
Directions: Enumerate the types of file and folder permission in windows

26
Answer key:

1. A
2. A
3. A
4. A
5. C
ENUMERATION
1. Read
2. Full Control
3. Modify
4. Read & Execute
5. List Folder Contents
6. Write

References:
https://www.howtogeek.com/school/windows-network-sharing/lesson1/
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-
dc/active-directory-domain-services-overview
https://www.google.com/search?q=active+directory+domain+services&sxsrf=ALeKk0
21XrLuqi2ufYWbjAWVRFFiq_VsQw:1589704438674&source=lnms&tbm=isch&sa=X
&ved=2ahUKEwjQoPXCvrrpAhWpw4sBHed8A-
gQ_AUoAXoECA0QAw&biw=1350&bih=591#imgrc=AJ6LTF_l5awwmM
https://docs.looker.com/admin-options/tutorials/access-controls

27
 TASK SHEET 3.1-2

Title: Configure User Access Level

Performance Objective: Given required supplies and materials you should be

able to perform in one session.
1.Create user folder
2.Configure User Level Access
3. Perform Security Check

Supplies/Materials : Ethernet Cables

Equipment : Desktop Computers

Steps/Procedure:
1. Create a folder in your desktop.
2. Create two users and name them test1 and test2.
3. Set permission to test1 as allowed then set permission to test2 as denied.
Assessment Method:
Observation
Interview

28
 Information Sheet 3.1-3

Set up Peer-to-Peer network access

Learning Objectives:
After reading this INFORMATION SHEET, YOU MUST be able to:
1. Set up Peer-to-Peer network access
This information sheet will cover the step by step process of peer-to-peer
network set up in accordance to Computer Systems Servicing NCII assessment.
Pre-Test
Directions: Encircle the letter of the best answer.
1. Which of the following command is used to check internet connection?
A. ipconfig B. ipconfig/release C. ipconfig/new D. ping
2. Which of the following command is used to see all the devices connected to my network?
A. arp -a B. net view C. ipconfig D. ping
3. which of the following command is used to get NIC info about your network adapter’s
MAC address.
A. arp -a B. getmac C. net view D. ping
4. Using the ping command, which of the following is the router’s IP address?

A. 192.168.0.105 B. 255.255.255.0 C. 192.168.0.1

5. Which of the following parameters enables you to ping the specified address forever until
stopped manually?
A. -a B. -c C. -t D. -z
6. What does it indicate if there are no lost packets when running “ping’ command?
A. Faulty Connection C. Lost Connection
B. Good Connection D. Faulty Ethernet Cable
7. Which of the following is correct to type in accessing other computers in RUN window?
A. \\computername C. “computername”
B. //computername D. //IP address
8. Which of the following is the solution in accessing shared folder using an account without
password?
A. Turn off the firewall C. Turn off Anti-virus
B. Turn off password protected sharing D. Reboot
9. Which of the following is the solution if you cannot ping specified IP add given that the
cable is correctly installed?
A. Turn off the firewall C. Turn off Anti-virus
B. Turn off password protected sharing D. Reboot

29
 8 network commands you should know
Command Prompt proved itself to be one of the best tools for running basic
commands that allow you to work with files and folders from Windows. However,
the Command Prompt is much more powerful than just that. You can take things to
the next level by running more than just a few advanced commands, including a
range of handy network commands. Now, we're going to learn how to use Command
Prompt to check the internet connection, the network connections, view information
about network devices, and watch connections between your PC and other devices.
Without further ado, let's begin:

1. How to check internet connection in CMD

To check whether your internet connection works, you can

use Command Prompt to test your connection to a certain website or internet
location. To do that, you can use the ping network command, followed by a
web address or IP address. For instance, you can check the connectivity
to Digital Citizen without opening a web browser, by typing the
command "ping www.digitalcitizen.life." Then press Enter on your keyboard.

ping www.digitalcitizen.life
Figure 3.1.17
If the ping statistics don't show any loss of packets, your internet connection is
working as it should. However, if you get lost packets, that means that either your
internet connection is broken, or that the website you pinged is not online. To
double-check your internet connection, ping at least another website, preferably one
that it's always on, such as www.google.com.

30
 ping www.googole.com
Figure 3..1.18

The ping command also allows you to use the handy "-t" parameter,
which enables you to ping the specified address forever until it's manually
stopped. For instance, we typed "ping -t www.digitalcitizen.life." After some
time, we wanted to see some connection statistics and we used the keyboard
combination "CTRL + Break." This shows the averages of the ping commands
run until then.

ping www.digitalcitizen.life -t
Figure 3.1.19

31
 Finally, we terminated the command by using the keyboard
combination "CTRL + C." This stops the endless cycle of ping commands to
the specified address.

2. How can I see all the network adapters on my computer using CMD?

To obtain detailed information about your network adapters and

connections, use the ipconfig command. Open Command Prompt,
type ipconfig, and press Enter. As you can see in the screenshot below, when
you run this command, Windows displays the list of all the active network
devices, whether they're connected or disconnected, and their IP addresses.
You also get details such as their default gateway IP addresses, subnet
masks and the state of each network adapter.

Getting cmd NIC info (information about the Network

Interface Card) by running ipconfig
Figure 3.1.20

If you add the /all switch to the ipconfig command, you can get to a
whole new level of detail: DNS information, the MAC (Media Access
Control) (in the Physical Address field), and other information about each
network component. Check out the picture below to see a sample of what you
get from the "ipconfig /all" command.

32
 Running ipconfig /all to get detailed NIC (Network
Interface Card) information
Figure 3.1.21

3. How to check your network connection in CMD

If you want to check whether your network connection to the router is

operating as it should, you can use a combination of the
commands ipconfig and ping. First, get some cmd nic info about your
adapter. In other words, open Command Prompt and run ipconfig. In the list of
results, identify the network adapter that's used for connecting to the network
you want to test. Then, in its details, find the IP address of your router and
note it down. For example, if we'd want to check our Ethernet network
connection, we'd run ipconfig and see that our router's IP address is
192.168.50.1.

33
 Running ipconfig to identify the IP address of the router
Figure 3.1.22

The next step is to check that the network connection between the
router and the computer is OK. To do that, it's enough to run
the ping command on the router's IP address. In our example, that would
mean that we have to run this command in CMD: ping 192.168.50.1.

Pinging the router to check the network connection

Figure 3.1.23

If there are no packets lost, then the network connection tested is running
well. Otherwise, there's a problem somewhere between your computer and the
router, in which case you should check that your PC's network adapter is configured
correctly, that the Ethernet cable is OK (if you're using a wired connection), and that
the router is configured properly.

34
4. How to renew the IP address of your network adapter

When your network connection doesn't work as it should, your network

adapter might not have the right IP address assigned. A quick way of trying to
solve this issue is to renew its IP address and, fortunately, you can do that
quickly, straight from the Command Prompt. Open CMD and run the following
commands: ipconfig /release and ipconfig /renew. The first one (ipconfig
/release) forces your network adapter to drop its assigned IP address, and the
second command (ipconfig /renew) renews the network adapter's IP address.

Running ipconfig /release and ipconfig /renew to reset the IP

address
Figure 3.1.24

Note that you can also instruct CMD to run both commands in one line
by typing "ipconfig /release & ipconfig /renew," without the inverted quotation
marks. If you type them like this, Command Prompt executes the first
command and, when it's done, it automatically runs the second one.

35
Running ipconfig /release & ipconfig /renew by typing only one line in CMD
Figure 3.1.25
The release and renew parameters are useful in networks that
use DHCP (Dynamic Host Configuration Protocol) to distribute IP addresses
automatically. Your system gives up its current address and requests a new
one from the DHCP server, and that can help you troubleshoot certain
network issues.

5. How to get nic info about your network adapter's MAC addresses

One of the fastest and easiest ways to obtain the MAC addresses of
your network adapters is to use the getmac command. In Command Prompt,
type getmac and press Enter, as seen in the image below.

getmac displays the physical addresses of all the network adapters

Figure 3.1.26

6. How can I see the computers and devices connected to my network using
CMD?

In some cases, you might want to see what computers and devices are
connected to the same network as you are. One of the easy and friendly ways
to do that is to use the net view command. Launch Command Prompt and
run net view. After a while, you should see a list of the computers and devices
in your network.

36
Net view can show the computers and devices connected to the same network
Figure 3.1.27

However, there is a caveat about this command. Net view does not
show all the computers and devices that are in the same network as you.
Although it works well enough for private networks, it fails to identify devices
such as smartphones or printers, and also has issues with computers that are
running different operating systems. If you want to get a clear view of
everything that is connected to your network, you should also check the next
command.

7. How can I see all the devices connected to my network using CMD?

The best way to find all the devices connected to the same network as
you is based on using the arp command. Open Command Prompt and
run arp -a. The IP address shown first, next to Interface, displays your
network adapter's IP address. Then, there's a list of IP addresses and MAC
addresses (Physical Addresses). All the IP addresses that start with the same
numbers as your network adapter are in the same network and/or subnet as
you are. They are all devices connected to your network.

Arp -a shows all the devices connected to the same network

Figure 3.1.28

37
 The next ones are not real devices, but IP addresses used
for multicasting. They are commonly used by your real devices for streaming
media on your network. In our example, the devices connected to the same
network as our computer are all the ones that have IP addresses starting with
192.168.50.

If you want to see what those devices are, in a more human-friendly

way, copy their MAC addresses and look them up on the internet using
Google or on websites that let you check which vendors assign certain MAC
addresses, such as DNS Checker. For instance, if you are looking for the
MAC address 04-d9-f5-b5-b1-f0, you find that it's a device made by ASUS. In
truth, it's an ASUS ZenWiFi router.

8. How to check your computer's network connections and open ports

You can get other useful cmd nic info from the netstat command,
which lets you see the network connections that are active between your
system and any other systems on your network or the internet.

Netstat shows the active network connections and open ports

Figure 3.1.29

38
 If you add the -a parameter to the netstat command, you can get a list
with all the connections and listening ports, as seen in the image below.

Netstat -a displays the active network connections, open ports and listening ports
Figure 3.1.30

39
 Peer-to-Peer network setup

Prior to server configuration, peer to peer network access is used to assure the
connections of all the devices in the network.
Here are the steps in configuring peer-to-peer network access.
1. Assign static IP address to both client and server

Suggested IP address for server Suggested IP address for client

Figure 3.1.31 Figure 3.1.32

2. Disable the DHCP Services of your network Router. (Discussed in COC2)

3. In your server computer ping the following devices:

• Google’s public IP address (8.8.8.8) to check your internet connectivity
• Client Computer
• Network Router
• Access Point
• Main Router
• Network Printer IP address

40
 ping result showing the internet connectivity
Figure 3.1.33

ping result showing the connection to the client computer

Figure 3.1.34

ping result showing the connection to the network router

Figure 3.1.35

41
 ping result showing the connection to the main router
Figure 3.1.36

4. In your client computer ping the following devices:

• Google’s public IP address (8.8.8.8) to check your internet connectivity
• Server Computer
• Network Router
• Access Point
• Main Router
• Network Printer IP address

How to Create and Access Shared Folders in Windows 7

Windows XP by default allows anyone in the same local area network to
access its shared folders without the need to provide a username and password.
This is because the XP Simple File Sharing mode is enabled by default and can be
disabled from Control Panel > Folder Options. As for Windows 7, the default security
settings for folder sharing have been strengthened and you cannot access anyone’s
shared folder on the same network without providing the correct login information. An
attempt to connect to another computer will first prompt a Windows Security dialog
box asking you to enter network password.

Figure 3.1.37

42
 This is an improved security feature because previously anyone can access
an unprotected shared folder by simply using SoftPerfect Network Scanner to scan
for shared folders on the whole subnet. However, if you are the only user on the
network or your computers only connect to your personal private network, the
authentication to access shared folders is quite unnecessary. Here is how to share
folders and access the shared folders in Windows7.

How To Share A Folder In Windows 7

First you need to know how to share a folder so that other people on the same
network can access the shared folder.

1. Right click on the

folder that you want
to share, go
to Share with and
select “Specific
people “.

Figure 3.1.38

2. By default the owner of the computer with full permission to the folder will
be automatically added to the list. If you want anyone to be able to access this
folder, select everyone from the drop-down menu or manually type it in and
click the Add button. You will now see that the Everyone is added to the list
with Read permission only. You can grant them full access by clicking on the
Read drop down menu and select Read/Write.

Figure 3.1.39

43
 3. Finally click the Share button and click Done to close the file sharing
window.

Additional Tip: You may need to double check if the “everyone” group is also
listed in the Security tab of the folder’s properties by right clicking the shared
folder, select Properties and click on Security tab. Windows 7 should do this
automatically when you share a folder but there are times when it fails to add
“everyone” in, and this causes you to be denied access to the shared folder.

How To Access The Shared Folder

If you have network discovery turned on (which is enabled by default), simply
open Computer from the start menu and click on Network to see the list of computers
that are connected to the network.

Figure 3.1.40

44
 Alternatively, you can simultaneously press WIN+R to launch the Run window
and type \\computername (replace the computer name with the name of the
computer or internal IP address that you’re trying to access).

Figure 3.1.41
When you connect to a computer to access a shared folder, Windows 7 will
first try to use your currently logged in credentials on the other computer. If the
remote computer does not have the same credentials as the one that you’re logged
in to, then you are prompted to enter the network password.

Authenticate to Access Shared Folders

1. If you’re logged in to Windows as a user called johndoe with a password
(eg; mypassword) and the other computer on the network also has the same
user account credentials (username: johndoe, password: mypassword), then
Windows 7 will automatically use your current credentials to login which is
why you don’t get the Enter Network Password dialog box.

2. If both of the computers have different user login credentials, providing a

valid username and password in the Enter Network Password dialog box will
allow you to access the shared folders.

3. The tricky part is when the user account does not have a password (blank)
associated with it. If you’re logged in to Windows as a user called johndoe
with a password and you’re trying to access the other computer on the
network using an account WITHOUT a password (blank), you will get a logon
failure user account restriction message saying “Possible reasons are blank
passwords not allowed, logon hour restrictions, or a policy restriction has
been enforced”. See the solutions below to fix this problem.

45
 Figure 3.1.42

Solutions for Accessing Shared Folders Using An Account Without A

Password
1. Turn off password protected sharing
Go to Control Panel > Network and Sharing Center > Change
advanced sharing settings > expand the network profile that you’re
currently using (Home or Work / Public), select the option “Turn off
password protected sharing” and click Save changes.

Figure 3.1.43
Advantage: Turning off password protected sharing for your network
profile allows you to login using any random made up account without
a password to access folders that are shared to everyone. If you
happen to enter a valid user account that has no password, you will not
be able to access the user’s folder. If you need to access all files from
the user’s folder, use the second solution below.
2. Disable Limit local account use of blank passwords to console logon
only
For all versions of Windows 7: You can simply download this
registry fix file and run it on your computer to take effect instantly.

46
 Alternatively, for Windows 7 Professional, Enterprise and
Ultimate users only:
• Click Start, type gpedit.msc in the search box and press
enter.
• Expand Local Computer Policy > Computer Configuration
> Windows Settings > Security Settings > Local Policies >
Security Options.
• Look for the following line “Accounts: Limit local account
use of blank passwords to console logon only” and
double click on it to bring up the properties window.
• Select the “Disable” option and click OK to save the
changes.

Figure 3.1.44

Advantage: You get to access all of the user account’s files

(C:\Users\Username) even if they are not shared. This setting will not
accept random made up user accounts.

47
 Self-check 3.1-3

Directions: Encircle the letter of the best answer.

1. Which of the following command is used to check internet connection?
A. ipconfig B. ipconfig/release C. ipconfig/new D. ping
2. Which of the following command is used to see all the devices connected to my
network?
A. arp -a B. net view C. ipconfig D. ping
3. which of the following command is used to get NIC info about your network
adapter’s MAC address.
A. arp -a B. getmac C. net view D. ping
4. Using the ping command, which of the following is the router’s IP address?

A. 192.168.0.105 B. 255.255.255.0 C. 192.168.0.1

5. Which of the following parameters enables you to ping the specified address
forever until stopped manually?
A. -a B. -c C. -t D. -z
6. What does it indicate if there are no lost packets when running “ping’ command?
A. Faulty Connection C. Lost Connection
B. Good Connection D. Faulty Ethernet Cable
7. Which of the following is correct to type in accessing other computers in RUN
window?
A. \\computername C. “computername”
B. //computername D. //IP address
8. Which of the following is the solution in accessing shared folder using an account
without password?
A. Turn off the firewall C. Turn off Anti-virus
B. Turn off password protected sharing D. Reboot
9. Which of the following is the solution if you cannot ping specified IP add given that
the cable is correctly installed?
A. Turn off the firewall C. Turn off Anti-virus
B. Turn off password protected sharing D. Reboot
10. Which of the following is correct to type in accessing other computers in RUN
window?
A. //computername C. “computername”
B. //computername D. \\IP address

48
Reference:
https://www.digitalcitizen.life/command-prompt-advanced-networking-commands
https://www.raymond.cc/blog/how-to-access-shared-folders-in-windows-7-without-
username-and-password/

49
 TASK SHEET 3.1-3

Title: Set up Peer-to-Peer network access

Performance Objective: Given required supplies and materials you should be

able to perform in one session.
1.Set up peer-to-peer network access
2.Ensure connectivity between devices in the network

Supplies/Materials : UTP Cable, rj45

Equipment : Desktop computers, patch panel, network hub,

router, access point, network printer, crimping tool, LAN tester.

Steps/Procedure:
1. Set-up static IP on both client and server.
2. Ensure internet connectivity.
3. Ensure the connectivity between devices by using ping command.
4. Create folder in desktop of client computer. Name the folder as “shared
folder” then share it to the network.
5. The server computer should access the shared folder.
Assessment Method:
Observation
Interview

50
 LEARNING OUTCOME NO. _2_

Setting Up Computer Servers

Contents:

1. Types of server hardware

2. Network Services
3. Setting up and Configuring Servers

Assessment Criteria

1. Normal functions of server are checked in accordance with manufacturer’s

instructions.
2. Required modules /add-ons are installed/updated based on NOS
installation procedures.
3. Network services to be configured are confirmed based on user/system
requirements
4. Operation of network services are checked based on user/system
requirements
5. Unplanned events or conditions are responded to in accordance with
established procedures

Conditions

The participants will have access to:

• PC or workstation network and server

• Network operating system (NOS)
• Network printer
• Tools and test instruments
• Appropriate software applications/programs

Assessment Method:

1. Hands-on
2. Direct observation
3. Practical demonstration

51
 Information Sheet 3.2-1
Types of Server Hardware

Learning Objectives:
After reading this INFORMATION SHEET, YOU MUST be able to:
1. Compare the different types of Server Hardware.

This information sheet will cover the different types of server hardware.

Pre-test
True or False: Write true if the statement is correct and false if the statement is
wrong. Write your answer in the space provided.

__________1. Servers have more processing power, memory and storage

than their client computers.

__________2. The function of a computer server is only to store data.

__________3. Servers are commonly set-up as fault tolerant.

___________4. A server can be stored anywhere you want.

___________5. Blade servers has low energy spend.

___________6. Tower servers are servers built in a stand-alone chassis

configuration.

___________7. With their low component density, towers are more expensive
to cool than dense racks or blades.

___________8. Blade Servers provide high processing power while taking up

minimal space.

___________9. Any computer can act as server.

___________10. One of the cons of tower server is upgrade expense.

52
 What is a Server?
Server is a computer program that provides a service to
another computer programs and their users. A physical computer which runs a
server program is frequently refer to as a server. The device that makes the
request, and receives a response from the server, is called a client. Servers perform
various essential tasks and activities that is a very crucial thing of any organization's
IT infrastructure. The many complex processes that take place during an activity, for
example a security and authentication to billing and orders, the purchase could not
take place without several powerful servers handling the load hence servers are very
much important for any organization.

Biggest Server Centre in Google-Storage Cloud Technology

Figure 3.2.1

Functions of Server:
The main and important function of a server is to listen in on a port for
incoming network requests, and a good demonstration of this is the interaction
between a Web server and browser. For a user the process is instantaneous, but
when he clicks a link while surfing on the Web, several things are taking place
behind the scenes like the request for the Web page is transmitted to the
corresponding web server, and the server fetches and assembles the Web page and
retransmits it using a protocol like HTTP, and, the user's browser receives the data,
converts it, and displays the page.
53
 How DNS works
Figure 3.2.2

Why are servers always on?

Because they are commonly used to deliver services that are constantly
required, most servers are never turned off. Consequently, when servers fail, they
can cause the network users and company many problems. To alleviate these
issues, servers are commonly set up to be fault tolerant.

How do other computers connect to a server?

With a local network, the server connects to a router or switch that all other
computers on the network use. Once connected to the network, other computers can
access that server and its features. For example, with a web server, a user could
connect to the server to view a website, search, and communicate with other users
on the network.
An Internet server works the same way as a local network server, but on a
much larger scale. The server is assigned an IP address by InterNIC, or by web
host.
Usually, users connect to a server using its domain name, which is registered
with a domain name registrar. When users connect to the domain name (such as
"computerhope.com"), the name is automatically translated to the server's IP
address by a DNS resolver.

54
 The domain name makes it easier for users to connect to the server, because
the name is easier to remember than an IP address. Also, domain names enable the
server operator to change the IP address of the server without disrupting the way
that users access the server. The domain name can always remain the same, even if
the IP address changes.

Where are servers stored?

In a business or corporate environment, a server and other network
equipment are often stored in a closet or glass house. These areas help isolate
sensitive computers and equipment from people who should not have access to
them.
Servers that are remote or not hosted on-site are located in a data center.
With these types of servers, the hardware is managed by another company and
configured remotely by you or your company.

Can my computer be a server?

Yes. Any computer, even a home desktop or laptop computer, can act as a
server with the right software. For example, you could install an FTP server program
on your computer to share files between other users on your network.
Although it is possible to have your home computer act as a server, keep the
following ideas in mind.
• Your computer and the related server software must always be running to be
accessible.
• When your computer is acting as a server and being used by others, its
resources (e.g., processing and bandwidth) will be taken away from what you
have available to do other things.
• Connecting a computer to a network and the Internet can open up your
computer to new types of attacks.
• If the service you are providing becomes popular, a typical computer may not
have the necessary resources to handle all the requests.

55
 Types of Servers
There are mainly three types of Server Hardware are as given below.
1. Tower server
Tower servers are servers built in a stand-alone chassis configuration.
They are manufactured with minimal components and software, so mid-size
and enterprise customers can heavily customize the servers for specific tasks.
For example, tower servers usually do not come with additional components
like advanced graphic cards, high RAM, or peripherals.
Tower servers are typically targeted to customers who want to
customize their servers and maintain a customized upgrade path. For
example, customers can configure tower servers as general-purpose servers,
communication servers, web servers, or network servers that integrate using
HTTP protocols. Buyers may order the customization they need or do it
themselves when the tower server is shipped to their site. Another usage case
is a smaller business that needs a single powerful server to run multiple
processes and applications.
Externally they resemble desktop towers, and like desktops do not
share input devices. Multiple tower installations will require separate
keyboards, mice, and monitors; or switches that make it possible to share
peripheral devices. They can share network storage like any other type of
server.

Dell PowerEdge T320 Tower Server

Figure 3.2.3
Tower Server Pros
• Efficient scalability: Tower servers come with minimal configuration, so
IT can customize and upgrade them based on business needs. They
are less expensive to buy than a fully loaded server.

56
 • Low cooling costs: With their low component density, towers are less
expensive to cool than dense racks or blades.

Tower Server Cons

• Upgrade expense. Many customers buy tower servers for the
customization and not low capital costs. High-end hardware
components and software will raise the ongoing price considerably.
• Large footprint: These servers do not fit in racks and consume data
center space. They require opening the enclosure to troubleshoot and
add or upgrade internal components.
• Awkward peripheral management: In multiple tower server
environments, IT must invest in switches or re-plug external devices
into each separate server.

2. Rack server
A rack server is, predictably, a server mounted inside a rack. Rack
servers are typically general-purpose servers that support a broad range of
applications and computing infrastructure. The purpose behind vertical
stacking is saving on data center floor space. The more equipment that
admins can stack vertically, the more equipment they can house.
Standardized racks are measured in units (U’s) that are 1.75” tall and
19” wide. Rack servers fit into these dimensions by vertical multipliers,
meaning that rack server heights may be 1U, 4U, 10U, or higher. (A 10’ tall
70U rack came out in 2016.) Additional devices are also manufactured to fit
the rack unit standard.

Lenovo System x3650 M5 Rack Server

Figure 3.2.4
Rack Server Pros
• Self-contained: Each rack server has its own power source, CPU, and
memory; everything necessary to run as a stand-alone or networked

57
 system. This enables rack servers to run intensive computing
operations.
• Efficiency: Rack-mounting servers and other computing devices is a
highly efficient use of limited data center space. Rack servers can be
expanded with additional memory, storage, and processors. It’s
physically simple to hot-swap rack servers if admins have shared or
clustered the server data for redundancy.
• Cost-effective: Smaller deployments offer management and energy
efficiency at lower cost.
Rack Server Cons
• Power usage: Densely populated racks require more cooling units,
which raises energy costs. Large numbers of rack servers will raise
energy needs overall.
• Maintenance: Dense racks require more troubleshooting and
management time.
3. Blade server
A blade server is a server enclosure that houses multiple modular
circuit boards called server blades. Most blade servers are stripped down to
CPUs, network controllers, and CPUs. Some have internal storage drives.
Any other components are shared through the chassis.
Each blade shares server components within the enclosure like
switches, ports, and power connectors. Admins can cluster blades or manage
and operate each individually as its own separate server, such as assigning
applications and end-users to specific blades.
The enclosures typically fit rack unit measurements, which allows IT to
save space. Blade servers processing power serves high computing needs.
Their modular architecture supports hot swaps. Blades have small external
handles so it’s a simple matter to pull out or replace them.
Blade servers can scale to high performance levels, if the data center
has enough cooling and energy to support the dense infrastructure.

Dell PowerEdge M1000e Blade Enclosure

Figure 3.2.5
58
Blade Server Pros
• Low energy spend: Instead of powering and cooling multiple server, the
chassis supplies power to multiple blade servers. This reduces energy
spend.
• Processing Power: Blade Servers provide high processing power while
taking up minimal space.
• Multi-Purpose: They can host primary operating systems
and hypervisors, databases, applications, web services, and other
enterprise-level processes and applications.
• Availability: Centralized monitoring and maintenance, load balancing,
and clustered failover are simplified in the blade server environment.
Hot swapping also helps to increase system availability.
Blade Server Cons
• Upfront costs: Over time, operating expenses are reasonable thanks to
simplified management interfaces and lower energy usage. However,
initial capital, deployment, and configuration costs can be high.
• Energy costs: High density blade servers require advanced climate
control. Heating, cooling, and ventilation are all necessary expenditures
in order to maintain blade server performance.

59
 Self-check 3.2-1

True or False: Write true if the statement is correct and false if the statement is
wrong. Write your answer in the space provided.

__________1. Servers have more processing power, memory and storage

than their client computers.

__________2. The function of a computer server is only to store data.

__________3. Servers are commonly set-up as fault tolerant.

___________4. A server can be stored anywhere you want.

___________5. Blade servers has low energy spend.

___________6. Tower servers are servers built in a stand-alone chassis

configuration.

___________7. With their low component density, towers are more expensive
to cool than dense racks or blades.

___________8. Blade Servers provide high processing power while taking up

minimal space.

___________9. Any computer can act as server.

___________10. One of the cons of tower server is upgrade expense.

References:
https://www.sancuro.com/blog/post/What-Is-A-SERVER-And-What-Are-the-
Functions-of-It/
https://sites.google.com/site/storagecloudtechnology/our-biggest-server-centre-in-
google
https://www.serverwatch.com/server-trends/blade-vs-rack-vs-tower-servers.html
https://www.computerhope.com/jargon/s/server.htm
http://amar-linux.blogspot.com/2012/05/how-dns-works.html
60
Answer key:
1. True
2. False
3. True
4. False
5. True
6. True
7. False
8. True
9. False
10. True

61
 Information Sheet 3.2-2
Network Services

Learning Objectives:
After reading this INFORMATION SHEET, YOU MUST be able to:
1. Discuss the different network services

This information sheet will cover the different network services.

Pre-test
Multiple Choice: Encircle the letter of the best answer.
1. ________ is what allows a user to logon onto any computer in an organizations’
and have all their personal files and setting apply to that computer as it was the
last time they used a computer?
A. Configure networking
B. Provide computer name and domain
C. Roaming Profiles and Folder redirection
D. Set time zone
2. Which of the following is used to limit the size of the shared folder?
A. Folder Redirection C. Folder Quotas
B. Roaming User Profile D. Print Management
3. It is the central database on a domain controller where the login credentials of all
client computers, printers, and other shared resources in the network are stored.
A. Active Directory C. Domain Controller
B. DHCP D. File Services
4. Which of the following would you use if you want to prevent users in storing audio
and video files in the shared folder?
A. Folder Redirection C. Folder Quotas
B. File Screening D. Print Management
5. When Folder Redirection and Roaming user profile is Set up the files of the users
will be Automatically _______?
A. Deleted from the user C. Deleted from the Server
B. Save in the server D. Corrupted
6. It is a network management protocol used to automate the process of configuring
devices on IP networks.
A. Active Directory C. Domain Controller
B. DHCP D. File Services
7. Which of the following enables user’s profile and settings follow the user in any
computer connected to the domain?
A. Folder Redirection C. Infrared Data Access
B. Roaming Profile D. Printer Management
8. Which of the following enables user’s saved files follow the user in any computer
connected to the domain?
A. Folder Redirection C. Infrared Data Access
B. Roaming Profile D. Printer Management
9. You have selected Printers from the Settings submenu, and you notice that one
of the printer icons has a check mark symbol above it. What does this indicate
A. The printer is now printing C. Printer is available
B. That Printer is the default printer D. Printer is not available
10. What will happen if you fail to add “\%username%” to your profile path?
A. Users will have temporary profile
B. Users will not be able to log in
C. Users folder will not be redirected to the shared folder
D. Users profile folder will be automatically created in shared folder

62
 Network Services
In computer networking, a network service is an application running at the
network application layer and above, that provides data storage, manipulation,
presentation, communication or other capability which is often implemented using
a client-server or peer-to-peer architecture based on application layer network
protocols.[1]
Each service is usually provided by a server component running on one or
more computers (often a dedicated server computer offering multiple services) and
accessed via a network by client components running on other devices. However,
the client and server components can both be run on the same machine.
Clients and servers will often have a user interface, and sometimes other
hardware associated with it.
Here, we will be discussing some network services or server roles that is
needed to be configured in Computer Systems Servicing NCII assessment.

1. Domain controller

Each of the employees in Alexis’ office has a key to the building. One
weekend Alexis had some important work to do, but when he reached his
office, he realized he had forgotten his key. He called the security officer, who
authenticated him as an employee before letting him in.
A domain controller is in some ways similar to the security officer of an
office building. In an office there are many computers, each one requiring the
user to login with his or her own username and password. Suppose there are
a hundred office computers. From the perspective of an Information
Technology (IT) professional, it is difficult to manage the authentication of
each individual machine. A simpler solution is to configure one computer to
manage the authentication of all the others. All the office computers will then
be connected to this main computer to form a network. The main computer is
known as the domain controller, while the other computers it authenticates are
known as clients. In such set up, the client computers are said to be on the
Windows domain. Now the IT person finds that the login credentials will not
have to be managed on each individual computer. instead, the usernames
63
 and login credentials of all authenticated users in the office can be managed
much more easily through one machine, the domain controller.
Active Directory
Active Directory is the central database on a domain controller where
the login credentials of all client computers, printers, and other shared
resources in the network are stored. When someone tries to login, their login
credentials must match those saved in Active Directory. If the login credentials
do not match, the user will be denied access. All client computers on the
domain share this common Active Directory. Only an administrator or IT
professional has authority to add computers or shared resources to the
domain, further strengthening security.

Active Directory Domain Services (AD DS)

Active Directory Domain Services (AD DS) are the core functions in
Active Directory that manage users and computers and allow sysadmins to
organize the data into logical hierarchies.
AD DS provides for security certificates, Single Sign-On (SSO), LDAP,
and rights management.
Understanding AD DS is a top priority for Incident Response (IR) and
cybersecurity practitioners because all cyberattacks will affect AD, and you
need to know what to look for and how to respond to attacks when they
happen.

Benefits of Active Directory Domain Services

• There are several benefits to using AD DS for your basic network user and
computer management.
• You can customize how your data is organized to meet your companies
needs
• You can manage AD DS from any computer on the network, if necessary
• AD DS provides built in replication and redundancy: if one Domain
Controller (DC) fails, another DC picks up the load
• All access to network resources goes through AD DS, which keeps
network access rights management centralized

64
 Figure 3.2.6
Active Directory Domain Services Terms to Know
In order to understand AD DS, there are some key terms to define.
• Schema: The set of user configured rules that govern objects and
attributes in AD DS.
• Global Catalog: The container of all objects in AD DS. If you need to find
the name of a user, that name is stored in the Global Catalog.
• Query and Index Mechanism: This system allows users to find each
other in AD. A good example would be when you start typing a name in
your mail client, and the mail client shows you possible matches.
• Replication Service: The replication service makes sure that every DC on
the network has the same Global Catalog and Schema
• Sites: Sites are representations of the network topology, so AD DS knows
what objects go together to optimize replication and indexing.
• Lightweight Directory Access Protocol: LDAP is a protocol that allows
AD to communicate with other LDAP enabled directory services across
platforms.

What Services are Provided in Active Directory Domain Services?

Here are the services that AD DS provides as the core functionality
required by a centralized user management system.
• Domain Services: Stores data and manages communications between
the users and the DC. This is the primary functionality of AD DS.
• Certificate Services: Allows your DC to serve digital certificates,
signatures, and public key cryptography.
• Lightweight Directory Services: Supports LDAP for cross platform
domain services, like any Linux computers in your network.

65
• Directory Federation Services: Provides SSO authentication for multiple
applications in the same session, so users don’t have to keep providing
the same credentials.
• Rights Management: Controls information rights and data access
policies. For example, Rights Management determines if you can access a
folder or send an email.

Role of Domain Controllers with Active Directory Domain Services

Domain Controllers (DC) are the servers in your network that host AD DS.
DCs respond to authentication requests and store AD DS data. DCs host
other services that are complementary to AD DS as well. Those are:
• Kerberos Key Distribution Center (KDC): The kdc verifies and
encrypts kerberos tickets that AD DS uses for authentication
• NetLogon: Netlogon is the authentication communication service.
• Windows Time (W32time): Kerberos requires all computer times to be in
sync.
• Intersite Messaging (IsmServ): Intersite messaging allows DCs to
communicate with each other for replication and site-routing.

Figure 3.2.7

AD must have at least one Domain Controller. DCs are the containers
for the domains. Each domain is part of an AD Forest, which can include one
or more domains organized in Organizational Units. AD DS manages trusts
between multiple domains, so you can provide access rights to users in one
domain to others in your forest.
The most important concept to understand is that AD DS is a
framework for domain management, and the computer that users use to
access AD is the DC
Modern cybersecurity depends on a deep understanding of Active
Directory. Active Directory is central to attackers’ capabilities for infiltration,
lateral movement, and data exfiltration. No matter how stealthy or clever they
66
 are, attackers leave breadcrumbs in AD logs as they move through your
network.
Varonis monitors AD for those breadcrumbs, as well as file
activity, DNS calls, VPN activity, and more. Varonis correlates that data into a
full picture for each user and computer in AD, compares the current activity to
a normalized baseline and a catalog of data security threat models,
and proactively identifies potential threats to your data.

Installation of ADDS
Open Server Manager and click on roles, this will bring up the Roles
Summary on the right hand side where you can click on the Add Roles link.

Figure 3.2.8
This will bring up the Add Roles Wizard where you can click on next to see a
list of available Roles. Select Active Directory Domain Services from the list, you
will be told that you need to add some features, click on the Add Required Features
button and click next to move on.

Figure 3.2.9

67
 A brief introduction to Active Directory will be displayed as well as a few links
to additional resources, you can just click next to skip past here and click install to
start installing the binaries for Active Directory.

Figure 3.2.10

When the installation is finished you will be shown a success message, just
click close.

Figure 3.2.11

68
Configuration
Open up Server Manager, expand Roles and click on Active Directory Domain
Services. On the right hand side click on the Run the Active Directory Domain
Services Installation Wizard (dcpromo.exe) link.

Figure 3.2.12

This will kick off another wizard, this time to configure the settings for you
domain, click next to continue.

Figure 3.2.13

69
 The message that is shown now relates to older clients that do not support the
new cryptographic algorithms supported by Server 2008 R2, these are used by
default in Server 2008 R2, click next to move on.

Figure 3.2.14

Choose to create a new domain in a new forest.

Figure 3.2.15

70
 Now you can name your domain, we will be using surname.local domain.

Figure 3.2.16

Since this is the first DC in our domain we can change our forest functional
level to Server 2008 R2.

Figure 3.2.17

71
 Figure 3.2.18

We want to include DNS in our installation as this will allow us to have an AD

Integrated DNS Zone, when you click next you will be prompted with a message just
click yes to continue.

Figure 3.2.19
72
 You will need to choose a place to store log files, it is a best practice to store
the database and SYSVOL folder on one drive and the log files on a separate drive,
but since this is in a lab environment I will just leave them all on the same drive.

Figure 3.2.20

Choose a STRONG Active Directory Restore Mode Password and click next
twice to kick off the configuration.

Figure 3.2.21

73
 You will be able to see what components are being installed by looking in the
following box.

Figure 3.2.22

When it is done you will be notified and required to reboot your PC.

Figure 3.2.23

Now you have a working installation of Active Directory.

74
Creating User Profile
1. Go to Active Directory of Users and Computer by typing dsa.msc in the
search box or run window.

Figure 3.2.24

2. Once we are inside the Active Directory Users and Computers snap-in, we’ll
need to expand the domain in which we want to create the user, and right-
click on the Users folder. We’ll then select New|User.

Figure 3.2.25

75
3. The New Object – User box will pop up and require you to put in the user’s
name and create the user logon. You’ll need to use a standard method of
creating user logon names, as this will cause much less confusion in the
future. If you have a small network, you may want to just stick to using the first
initial and last name because it’s shorter. If you anticipate that your network
will grow quite large, the standard advice is to use the full first and last name
separated by a period, as we’ve done below.

Figure 3.2.26

4. Next we’ll give the user an initial password, and make sure to have them
change it as soon as they first logon.

Figure 3.2.27

76
5. When we’re finished, we’ll get a nice summary of our work.

Figure 3.2.28

6. When we go back to the Users folder in the domain, we can see our newly
created user.

Figure 3.2.29

Once we’ve created a user, there are many things that we’ll need to do
with them in order for them to be useful, like adding permissions and security
groups, but at least the operation for spawning them is simple and
straightforward.

77
2. What is a DNS Server?
The Domain Name System (DNS) is the phonebook of the Internet.
When users type domain names such as ‘google.com’ or ‘nytimes.com’ into
web browsers, DNS is responsible for finding the correct IP address for those
sites. Browsers then use those addresses to communicate with origin
servers or CDN edge servers to access website information. This all happens
thanks to DNS servers: machines dedicated to answering DNS queries.

How do DNS servers resolve a DNS query?

In a typical DNS query without any caching, there are four servers that
work together to deliver an IP address to the client: recursive resolvers, root
nameservers, TLD nameservers, and authoritative nameservers.
The DNS recursor (also referred to as the DNS resolver) is a server
that receives the query from the DNS client, and then interacts with other DNS
servers to hunt down the correct IP. Once the resolver receives the request
from the client, the resolver then actually behaves as a client itself, querying
the other three types of DNS servers in search of the right IP.

Figure 3.2.30

First the resolver queries the root nameserver. The root server is the
first step in translating (resolving) human-readable domain names into IP
addresses. The root server then responds to the resolver with the address of
a Top Level Domain (TLD) DNS server (such as .com or .net) that stores the
information for its domains.
78
 Next the resolver queries the TLD server. The TLD server responds
with the IP address of the domain’s authoritative nameserver. The recursor
then queries the authoritative nameserver, which will respond with the IP
address of the origin server.
The resolver will finally pass the origin server IP address back to the
client. Using this IP address, the client can then initiate a query directly to the
origin server, and the origin server will respond by sending website data that
can be interpreted and displayed by the web browser.

What is DNS Caching?

In addition to the process outlined above, recursive resolvers can also
resolve DNS queries using cached data. After retrieving the correct IP
address for a given website, the resolver will then store that information in its
cache for a limited amount of time. During this time period, if any other clients
send requests for that domain name, the resolver can skip the typical DNS
lookup process and simply respond to the client with the IP address saved in
the cache.
Once the caching time limit expires, the resolver must retrieve the IP
address again, creating a new entry in its cache. This time limit, referred to as
the time-to-live (TTL) is set explicitly in the DNS records for each site.
Typically the TTL is in the 24-48 hour range. A TTL is necessary because web
servers occasionally change their IP addresses, so resolvers can’t serve the
same IP from the cache indefinitely.

What happens when DNS servers fail?

DNS servers can fail for multiple reasons, such as power outages,
cyberattacks, and hardware malfunctions. In the early days of the Internet,
DNS server outages could have a relatively large impact. Thankfully, today
there is a lot of redundancy built into DNS. For example, there are many
instances of the root DNS servers and TLD nameservers, and most ISPs
have backup recursive resolvers for their users. (Individual users can also use
public DNS resolvers, like Cloudflare’s 1.1.1.1.) Most popular websites also
have multiple instances of their authoritative nameservers.
In the case of a major DNS server outage, some users may experience
delays due to the amount of requests being handled by backup servers, but it
would take a DNS outage of very large proportions to make a significant
portion of the Internet unavailable. (This actually happened in 2016 when
DNS provider Dyn experienced one of the biggest DDoS attacks in history).
Cloudflare offers a Managed DNS Service that comes with built-in DNS
security aimed at protecting DNS servers from attacks as well as other
common sources of server failure.

79
3. What is Dynamic Host Configuration Protocol (DHCP)?
Dynamic Host Configuration Protocol (DHCP) is a network
management protocol used to automate the process of configuring devices on
IP networks, thus allowing them to use network services such as DNS, NTP,
and any communication protocol
based on UDP or TCP. A DHCP
server dynamically assigns an IP
address and other network
configuration parameters to each
device on a network so they can
communicate with other IP networks.
DHCP is an enhancement of an older
protocol called BOOTP. DHCP is an
important part of the DDI
solution (DNS-DHCP-IPAM).

Configuration Data Sent by DHCP Server and Key Values

The basic flow is that a DHCP server hands out configuration data,
based on the administrator’s policy, to a requesting client. Common network
parameters (sometimes referred to as “DHCP Options“) requested include
subnet mask, router, domain name server, hostname and domain name.
As the requesting client has no IP address when joining the network, it
broadcasts the request. The protocol is thus used in a very early stage of IP
communication. If such dynamic protocol is not used to get an IP address, the
client has to use a predefined IP address generally called “static IP address”,
which is manually configured on the client network interface in configuration
files or with a specific command.
The DHCP service brings three key values: 1) Operation tasks are
reduced: the network administrator no longer needs to manually configure
each client before it can use the network 2) The IP addressing plan is
optimized: addresses no longer being used are freed up and made available
to new clients connecting 3) User mobility is easily managed: the
administrator doesn’t need to manually reconfigure a client when its network
access point changes.

DHCP Lease Time Management

The IP address information
assigned by DHCP is only valid for a
limited period of time, and is known as a
DHCP lease. The period of validity is
called the DHCP lease time. When the
lease expires, the client can no longer
use the IP address and has to stop all
communication with the IP network unless

80
he requests to extend the lease “rent” via the DHCP lease renewal cycle. To
avoid impacts of the DHCP server not being available at the end of the lease
time, clients generally start renewing their lease halfway through the lease
period. This renewal process ensures robust IP address allocation to devices.
Any device asking for a new IP version 4 address at arrival on the network
and not receiving an answer will use automatic private internet protocol
addressing (APIPA) to select an address. These addresses are in the network
range 169.254.0.0/16.

Usage Scenarios
There are four key DHCP usage scenarios: 1. Initial Client Connection:
the client requests from the DHCP server an IP address and other parameter
values for accessing network services 2. IP Usage Extension: the client
contacts the DHCP server to extend usage of its current IP address 3. Client
Connection After Reboot: the client contacts the DHCP server for confirmation
that it can use the same IP address being used before reboot 4. Client
Disconnection: the client requests the DHCP server to release its IP address.

DHCP Options
DHCP options can be used to automatically provide clients with
information on the network services it can use. This is a very efficient way to
push the IP
address of the
time server,
the mail
server, the
DNS server
and the printer
server. This
can also be
used to
provide a file
name and a
file server that
will be used by the client to start a specific boot process – mainly used for IP
phones and Wi-Fi access points, but can also be used for auto-installing
clients and servers with PXE (Preboot eXecution Environment).

Implementation of DHCP Service

The original and most comprehensive implementation of the DHCP
service is offered by the Internet Systems Consortium (ISC). Supporting both
IPv4 and IPv6, ISC DHCP offers a complete open source solution for

81
 implementing DHCP servers, relay agents, and clients. Other DHCP Server
products include the Microsoft DHCP server.
The DHCP service can be enhanced by DHCP failover to bring high
availability and load balancing of traffic. The ISC DHCP Failover relies on
having a pair of collaborating servers – a primary (master) server and a
secondary (backup) server. A TCP-based communication channel, called a
failover channel, then has to be set up between the two servers.

Installation of DHCP Server

To get started, fire up the Server Manager, right click on roles, and then select
add roles.

Figure 3.2.31

You will be prompted with the normal “Before You Begin” screen, and after
clicking Next you’ll be able to choose DHCP Server.

Figure 3.2.32

82
 Next you’ll want to select the network connection to bind the DHCP protocol
to.

Figure 3.2.33
Put in the IP address of your DNS Server, which in this case is the same
machine–but be careful not to put the loopback address (127.0.0.1) as this will be
the address your clients will go to for name resolution. Then click Validate

Server IP address

Figure 3.2.34

Click next again to skip the WINS setup, this will bring you to creating a DHCP
Scope, where you can click the Add button.

83
 Figure 3.2.35

Now you need to:

• Give your scope a name
• Enter the first address that you want available to clients to use
• Enter the last address that you want available to clients to use
• Enter the subnet mask (usually 255.255.255.0)
• Enter the IP address of your default gateway (usually your router IP at .1)
Once you have clicked on OK, you can click next 4 times to get to the confirmation
screen where you can finally click install.

Router’s IP address

Figure 3.2.36

84
 Figure 3.2.37

Once the installation is complete your DHCP will be functioning, and you can
start managing your DHCP server right away.

192.168.1.101 192.168.1.199

Figure 3.2.38

85
4. File Services

File Service Resource Manager (FSRM)

FSRM (File Server Resource Manager) is a service of the File Services role in
Windows Server 2008. You can use FSRM to enhance your ability to manage and
monitor storage activities on your file server.
The main capabilities of FSRM include:
• Folder Quotas
• File Screening
• Storage Reports
• Event Log Integration
• E-mail Notifications
• Automated Scripts
For example, you can use FSRM to perform the following tasks:
• Limit the size of a folder to 2GB and log an event when the Quota limit is
reached.
• E-mail an administrator whenever a specific folder reaches 85% of its
specified Quota.
• Create a File Screen to prevent users from saving of video/audio files to a
share and send notifications when users attempt to do that.
• Schedule and publish a periodic storage reports that shows how much
space is being used by each user.
• Generate an instant storage reports to list the largest files on a share.
• Automatically execute a script when a folder size exceeds 500 MB to clean
up stale data in the folder.
FSRM was introduced with Windows Server 2003 R2, but it remains as
one of those hidden gems in Windows Server that delight people that discover
it. It’s also important to note that FSRM fully supports Windows Server 2008
Failover Clustering.

How to install FSRM

“File Server Resource Manager” is one of the role services of the “File
Services” role.
To install it, open the “Server Manager” tool on your file server, right-click the
File Server node on the tree and select “Add Role Services”. The “Add Role
Services” wizard will start, as shown below:

86
 Figure 3.2.39

Check the “File Server Resource Manager” box and click “Next”. You will then
select the NTFS volumes you want to monitor:

Figure 3.2.40

Click on “Options” to see additional options for reports:

87
 Figure 3.2.41

The screen above shows the standard configuration for a volume, along with
the reports that are generated when that threshold is reached.
Select the reports you want, click “OK” to close that window, then click “Next’
to continue. This last window before the confirmation lets you specify the folder
where the reports are saved and also the e-mail reporting details:

Figure 3.2.42

Click "Next", review the confirmation and click “Install” to finish the wizard.
Keep in mind that you can decide not to add any volumes during this install
phase and add them later, after FSRM is already installed.
88
File Server Resource Manager MMC
Once the FSRM Role Service is properly configured, you will have an
additional item under the “Administrative Tools” menu.
Click on “Administrative Tools” and select “File Server Resource
Manager to launch the FSRM MMC (Microsoft Management Console). See
the screenshot below, with all the nodes of the tree expanded:

Figure 3.2.43

We’ll now examine the individual features exposed by this MMC.

Quota Management
Quotas help you restrict and/or monitor how much space a folder can
use.
FSRM can implement both hard Quotas (that actually prevent the users
from adding more files, as if the disk were full) and soft Quotas (which only
generate events and warnings).
You can see the Quotas in the screen below (“Quotas” node under
“Quota Management”):

Figure 3.2.44
Note that this is soft Quota we created during the FSRM installation.
To add more Quota restrictions, click on the “Create Quota…” action
(on the Actions pane on the right):

89
 Figure 3.2.45

Quotas are always placed on a folder. You have the choice of basing
your Quota on a template or defining a custom one. FSRM ships with a series
of sample Quota templates that you can adapt to your needs.
If you click on “Custom Properties”, you can provide many details, as
shown below:

Figure 3.2.46

90
 In addition to specifying the space limit (hard or soft), you can also
create different thresholds, with different actions. The sample above sends e-
mail alerts at 85%/95%/100% and logs events at 95%/100%. If you click on
the “Add…” button, you can see the configuration options for each threshold.
You can even choose to execute a command when a threshold is
reached, which is shown on the screen below. If you are skilled with scripting,
you can use this ability to perform a number of sophisticated tasks.

Figure 3.2.47

Instead of specifying custom Quotas folder by folder, you can use

standard FSRM Quota templates or define your own templates.
The screen below shows the default templates and also shows the
“Create Quota Template…” action on the right:

91
 Figure 3.2.48

The power of Quota Templates becomes much more obvious when

you use the option to “Auto apply template” while creating a Quota:

Figure 3.2.49
This option requires that you select a template (not a custom Quota). A
Quota is created based on that template for all folders under the specified
path.
Every time you add another subfolder to that folder, the template is
automatically used to create another Quota for it. This allows you much
simpler configuration for certain folder structures like web sites, project
folders, etc.

File Screening Management

File Screening helps you restrict and/or monitor which file extensions
can be used on your file server. FSRM can provide both active screening
(block file with certain extensions) or passive screening (monitor file
extensions without blocking).
File extensions can also be combined in “File Groups” like “Image
Files” and “Audio and Video Files”:

92
 Figure 3.2.50

You can see the existing File Screens in the “File Screens” node under
“File Screening Management”. None are defined by default.
To add a File Screen, click on the “Create File Screen…” action (on the
Actions pane on the right):

Figure 3.2.51

93
 As with Quotas, FSRM supplies some predefined File Screen
Templates. You can also opt to define your own File Screening properties, as
shown below:

Figure 3.2.52

Once you click on “Custom Properties”, you will see the window below:

Figure 3.2.53

94
 The basic properties include the path to monitor, the type of monitoring
(active or passive), the file groups to block/monitor and the specific actions to
take (e-mail, event log, command or report).
You will probably want to use a template to define your File Screening.
Below is the list of pre-defined templates included with FSRM:

Figure 3.2.54

You can also create your own File Screening Templates, just like with Quota
Templates.

FSRM includes a list of pre-defined File Groups, as shown below:

Figure 3.2.55

You can use those, modify them or create your own File Groups.

95
Storage Reports Management
One important feature of FSRM is the ability to provide many reports
associated with File Server Management to make your life simpler when
managing your file server. Those reports include Files by Group, Files by
Owner, Large Files, Most Recently Accessed Files and Duplicate Files, just to
mention a few (see screen below).
Reports can be generated manually, on a scheduled or triggered by a
Quota or File Screen. They can also be generated in different formats (see
options on the screen below) and are delivered to a folder defined when you
installed the role service.
That folder can also be updated in the FSRM configuration:

Figure 3.2.56

96
 Below you see a number of those manually generated reports using the
HTML format:

Figure 3.2.57

Please check the sample below, in HTML format, showing the Files by Owner
report:

Figure 3.2.58

97
 Folder Redirection
Group Policy
Group policy is a feature of Microsoft Windows Active Directory that adds
additional controls to user and computer accounts. Group policies provide
centralized management and operating systems configurations of user’s computing
environments. Group policies are another method of securing user’s computers from
infiltration and data breaches.
If you care about data security, you need to understand group policies. We
will discuss what group policies and GPOs are and how system administrators use
them to protect, secure, and lock down computers and user accounts. We will also
discuss how attackers can disable group policies as part of their infiltration.

What is Group Policy Object?

Figure 3.2.59

The GPO can be associated with one or more of the Active Directory
containers, such as sites, domains, or organizational units (OUs).

How Group Policy Objects Are Processed

Active Directory applies GPOs in the following predictable and logical order.

Figure 3.2.60

98
Do I Need a Group Policy?
Assuming the goal of your organization is to become more secure, then yes,
you need to understand and implement group policies.
Out-of-the-box Windows isn’t secure. Shocking.
There are ways to rectify those deficiencies through GPOs. Microsoft didn’t
assume how you wanted to secure your systems, but GPOs can move you closer.
For example, with GPOs you can completely disable Local
Administrator rights globally in your network and instead, grant administrative
permissions to a single individual or group based on their job. Ideally, you are
implementing a least-privileged model where even the system administrators are
limited to administering only the servers they are assigned.
Group policies can disable outdated protocols like SSLv2, prevent users from
making changes to local group policies, and much more.

Benefits of Group Policy

Figure 3.2.61

There are several advantages to implementing GPOs outside of security.

• Ease of management: Setting up new users on the network used to be a
long and tedious process. Pre-existing GPOs apply a standardized
environment to each new user and computer that joins your domain which
saves many hours of configurations.
• One-stop administration: Sysadmins can deploy patches, software, and
other updates via GPO.
• Password policy enforcement: Passwords can be easily brute-forced if they
aren’t changed regularly, contain simple words, or are short. GPOs establish
length, reuse rules, and other requirements for passwords to keep your
network safe.
• Folder redirections: Do you want users to keep important company files on a
centralized and monitored storage system? Use a folder redirection GPO to
redirect their user folder to your NAS.

99
Limitations of Group Policy
By now it sounds like GPOs are the bee’s knees. There are a few pitfalls to
using GPOs you want to consider before you dive in headfirst.
GPOs update randomly every 90 to 120 minutes or so, or when the computer gets
rebooted. You can specify an update rate from 0 to 64,800 minutes (or 45 days), but
if you select 0 minutes, the computer tries to update GPOs every 7 seconds. That’s
going to murder a network with traffic. If you must implement an emergency GPO
update, you have to keep this in mind and use another method to get users to
reboot.
Also, the GPO editor isn’t the best and most intuitive thing in the world. You
can learn to use PowerShell instead to make all the updates, which could be easier
for a command line person.
If you do implement GPOs, consider the possibility that an attacker tries to
circumvent security by changing local GPOs on a computer they have infiltrated. For
example, if you locked down the Local Administrator account with a GPO, an
attacker can try to reverse that GPO and take over Local Admin. Or they might re-
enable a less secure network protocol. Varonis monitors for changes in GPOs
and warns you of those changes, which can help you stop a data breach.

Folder Redirection
Folder Redirection enables users and administrators to redirect the path of a
known folder to a new location, manually or by using Group Policy. The new location
can be a folder on the local computer or a directory on a file share. Users interact
with files in the redirected folder as if it still existed on the local drive. For example,
you can redirect the Documents folder, which is usually stored on a local drive, to a
network location. The files in the folder are then available to the user from any
computer on the network.

How to configure Folder Redirection

1. Create a folder in the root directory of drive C then name it as “shared folder”.

Figure 3.2.62

100
2. Share it to everyone with “read and write” permission.

Figure 3.2.63

Figure 3.2.64

101
3. Copy the network path.

Figure 3.2.65

4. Go to Start menu > Administrative Tools > Group Policy Management.

Figure 3.2.66
102
5. In the Group Policy Management, we need to expand the domain then edit
the Default Domain Policy.

Figure 3.2.67

6. In the Group Policy Management Editor, go to User Configuration>Policies

> Window settings > Folder Redirection then choose what folder you want
to redirect.

Figure 3.2.68

103
7. In this example let us choose Desktop to be redirected.
Right-click on desktop and click properties.

Figure 3.2.69

8. On the Desktop properties Target Tab choose “Basic – Redirect

everyone’s folder to the same location”

Figure 3.2.70

104
9. Paste the network path of the “Shared Folder” you have created before on
the Root Path.

\\ALEXIS\Shared Folder

Figure 3.2.71

10. Under the Setting Tab uncheck the “Grant the user exclusive rights to
Desktop”

Figure 3.2.72

Explanation: If leave “Grant the user exclusive rights to Documents” ticked

then when the folder is initially setup Windows will block inheritance on the
folder and grant exclusive access to the users on these files. This will lockout
even administrators to the files which makes administration of these folders
105
 very difficult. If an administrator did need to access these files they will need
to take ownership which in turn removes access from the users to their files.
The admin will then need to ensure that they need to re-setup the permission
on the folder to ensure that they users can still access the files. The only
scenario I see you wanting to keep this ticked is if you have a VERY strict
privacy policy in your organization but as I said before it’s not as if a
determined administrator cannot get access to these files if they really wanted
to.

11. Click Ok then Apply.

Figure 3.2.73

12. Repeat the process to other folders that you want to redirect
After configuring the Folder Redirection, the next step is configuring the Roaming
User Profile, but before that let us discuss first what Roaming Profile is.

Roaming User Profiles

It redirects user profiles to a file share so that users receive the same
operating system and application settings on multiple computers. When a
user signs in to a computer by using an account that is set up with a file share
as the profile path, the user’s profile is downloaded to the local computer and
merged with the local profile (if present). When the user signs out of the
computer, the local copy of their profile, including any changes, is merged
with the server copy of the profile. Typically, a network administrator enables
Roaming User Profiles on domain accounts.

106
How to Configure Roaming User Profile
1. Click the Start Menu then on the search box type “dsa.msc” to go to Active
Directory of Users and Computers.

Type dsa.msc here then press enter

Figure 3.2.74

2. In the Active Directory of Users and Computers expand the Domain then go
to Users.

Figure 3.2.75

107
3. After expanding the Users right-click the user you want to roam the profile.

Figure 3.2.76

4. Under the user’s properties click on the Profile Tab then paste the Network
Path of the Shared Folder in the Profile Path then add “\%username%”. The
profile path should be “\\ALEXIS\Shared Folder\%username%”.

Figure 3.2.77

Note: Failure to add “\%username%” will result to temporary profile and lost
of file once the user log off.
5. Click OK then Apply. Repeat the process to all the users in the domain.
6. Perform Group Policy Update through “gpupdate” command in command
prompt.

108
How to join the client computers to domain
1. On the client computer obtain the IP address, the IP address detected should
come from your Server’s DHCP Services.
2. Now click on System and Security and then click on System. Finally, click
on Advanced system settings. If you’re not in the category view in Control
Panel, you can just click on System directly.

Figure 3.2.78

3. Now click on the Computer Name tab and click Change button at the bottom.

Figure 3.2.79

4. Now click on the Domain radio button and type in the name of the domain
name that you want to join this computer to. Then apply and restart the client.

pingol.local

Figure 3.2.80
109
 Troubleshoot Joining a Domain
It would be great if everything worked out the first time you tried, but that doesn’t
happen often. Even though joining a domain is normally a simple process, there are
a myriad of issues that you can run into. I won’t be able to cover all of them here, but
I’ll mention a few of the post popular problems and solutions.
• Use fully qualified domain name – If you’re typing in the domain name and
are getting back error messages, you should try using the FQDN instead of
the NetBIOS name.
• Check DNS settings – If the computer is not properly resolving DNS queries
or if it can’t contact the DNS server, it won’t be able to connect to the domain.
Try to do an NSLOOKUP from the PC and server and check if the entries are
listed. Also, check the client to make sure it’s using the proper DNS server
and not external DNS servers.
• Check network settings – If all other settings are correct, you issue is most
likely related to a port being blocked on the computer. Make sure port 445 is
open and also make sure the network type on the computer is Private.
• Disable IPv6 temporarily – Sometimes Windows will use IPv6 when trying to
join a domain and if you don’t have IPv6 setup, it won’t work. You can try
disabling IPv6 on your NIC and seeing if that works. You can always re-
enable it after the computer is joined to the domain.

5. Setting Up Printer Server

There are two main benefits to centralizing all your shared printers onto a print
server, firstly you can install all the different Windows client drivers on the server so
they are automatically deployed, and secondly it greatly simplifies the management
of the printers.
First of all you need to ensure that your Windows 2008 Server has the Print
Services role installed, so logon to it and open the “Server Management” console,
then click “Roles” in the left-hand pane:

Figure 3.2.81
110
 The “Roles Summary” will list all the roles currently installed on your server,
and if like above you don’t see Print Services then you will need to add it by clicking
the “Add Roles” link. This will start the “Add Roles Wizard”, click Next past the
introductory page and on the next one click to check the “Print & Document
Services” role:

Figure 3.2.82
Click “Next” and the next page explains some of the basic principles of the
Print Services role, once you’ve read it click “Next” and on the following page you
are asked to select specifically which services you require.
Here we only need “Print Server”, which should already be ticked, unless
you know you have a need for any of the other role services then leave them
unticked. Click “Next” to take you to the confirmation page and then
click “Install” to add the Print and Document Server role. The installation process
should only take a minute or two and then you can click “Finish” to close the wizard.
A restart of the server should not be required.

Figure 3.2.83

111
Adding Network Printer
1. Open the Print Management Tool via Start > All Programs >
Administrative Tools > Print Management unfold the Print
Servers from the list in the left pane, right click the local or remote print
server to which the new printer is to be added and select Add Printer....
This will display the Network Printer Installation Wizard then choose add
TCP/IP and click next as illustrated below:

Figure 3.2.84

Figure 3.2.85

2. Enter the IP address or hostname of the printer to be added to the print

server. The wizard will automatically generate a unique port name to
accompany the IP address or hostname. The option is also provided to
have the wizard attempt to identify the appropriate driver for the new
printer. The following figure illustrates the screen as described:
112
 Figure 3.2.86

3. Click Next to install a printer driver. If a driver for the printer is already
installed on the print server, select it from the drop down list. Alternatively
select the Install a new driver option and click Next to proceed to
the Printer Installation screen where a list of printer manufacturers and
models is presented. Select the make and model of the printer from the
list, or use the Have Disk to install the manufacturer supplied driver.

Figure 3.2.87

113
 Figure 3.2.88

4. With either a printer selected, click on Next to configure the Printer

Name and Share Settings. On this screen, click the Share this Printer
then enter the name by which the new printer will be shared to clients
over the network.

Figure 3.2.89

5. Click Ok and Apply

114
Deploying Printer with Group Policy Object
1. On the Print Management expand Print Servers then select Printers right-
click the printer then select “Deploy with Group Policy…”.

Figure 3.2.90

2. Click on Browse then select the Default Domain Policy.

Figure 3.2.91

3. Click deploy with users… computers… then click add.

Figure 3.2.92

115
4. Click Apply and Ok the run gpupdate command in cmd.

Figure 3.2.93

5. Go to Deployed Printers to check if the printer is already deployed.

Figure 3.2.94

6. Run gpupdate on the client computers then check if printer is deployed.

Figure 3.2.95

116
Setting up Computer Server in accordance with TESDA CSS NCII Assessment
package.

1. Perform Peer-to-Peer
In this section you will be asked to:
• set up static IP address to both Client and Server
• Disable the router’s DHCP Services
• Ping the following network devices:
-main router, network router (the one you are configuring)
access point, client computer, server computer and
network printer.

2. Install the following roles:

• Active Directory Domain Services
• Domain Name System
• Dynamic Host Configuration Protocol
• File Services
• Print Services

3. Configure File sharing through Folder Redirection and Roaming User

Profile
• Create Shared Folder preferably in the root directory of drive C.
• Share the folder with read and write permission for everyone.
• Configure folder redirection
• Configure roaming user profile

4. Joining the client computer to your domain

• Upon obtaining the IP add of your client it should also detect your
domain. Ex. “pingol.local”
• Once detected you can now join the client computer to your domain.
• You can also check the functionality of folder redirection and roaming
profile by checking if User Folder is automatically created in the
Shared Folder.

5. Deploying Printer
• Network printer should be automatically deployed in the client
computer

6. Printing of IP addresses used in the assessment process.

• Printing should be done in the client computer

117
 Self- Check 3.2-2

Multiple Choice: Encircle the letter of the best answer.

1. ________ is what allows a user to logon onto any computer in an
organizations’ and have all their personal files and setting apply to that
computer as it was the last time they used a computer?
A. Configure networking
B. Provide computer name and domain
C. Roaming Profiles and Folder redirection
D. Set time zone
2. Which of the following is used to limit the size of the shared folder?
E. Folder Redirection C. Folder Quotas
F. Roaming User Profile D. Print Management
3. It is the central database on a domain controller where the login
credentials of all client computers, printers, and other shared resources in
the network are stored.
A. Active Directory C. Domain Controller
B. DHCP D. File Services
4. Which of the following would you use if you want to prevent users in
storing audio and video files in the shared folder?
A. Folder Redirection C. Folder Quotas
B. File Screening D. Print Management
5. When Folder Redirection and Roaming user profile is Set up the files of
the users will be Automatically _______?
A. Deleted from the user C. Deleted from the Server
B. Save in the server D. Corrupted
6. It is a network management protocol used to automate the process of
configuring devices on IP networks.
A. Active Directory C. Domain Controller
B. DHCP D. File Services
7. Which of the following enables user’s profile and settings follow the user
in any computer connected to the domain?
A. Folder Redirection C. Infrared Data Access
B. Roaming Profile D. Printer Management
8. Which of the following enables user’s saved files follow the user in any
computer connected to the domain?
A. Folder Redirection C. Infrared Data Access
B. Roaming Profile D. Printer Management
9. You have selected Printers from the Settings submenu, and you notice
that one of the printer icons has a check mark symbol above it. What does
this indicate
A. The printer is now printing C. Printer is available
B. That Printer is the default printer D. Printer is not available
10. What will happen if you fail to add “\%username%” to your profile
path?
A. Users will have temporary profile
B. Users will not be able to log in
C. Users folder will not be redirected to the shared folder
D. Users profile folder will be automatically created in shared folder
118
 ANSWER KEY 3.1-4
1. C
2. C
3. A
4. B
5. B
6. B
7. B
8. A
9. B
10. A

References:
https://cd-ed.com/programs/it-professional/
https://www.pixelstalk.net/hd-computer-science-backgrounds/
https://urbanareas.net/info/training/computer-repair/
https://www.varonis.com/blog/active-directory-domain-services/
https://docs.microsoft.com/en-us/windows-server/identity/ad-
fs/deployment/join-a-computer-to-a-domain
https://www.petri.com/windows-2008-print-server-management
techotopia.com/index.php/Setting_Up_a_Windows_Server_2008_R2_Print_Server
https://helpdeskgeek.com/how-to/windows-join-domain/
https://study.com/academy/lesson/what-is-a-domain-controller-definition-
function.html
https://www.youtube.com/watch?v=uau3uiETdqY
https://www.cloudflare.com/learning/dns/what-is-a-dns-server/
https://www.efficientip.com/what-is-dhcp-and-why-is-it-important/
https://www.howtogeek.com/99323/installing-active-directory-on-server-2008-r2/
https://blogs.technet.microsoft.com/josebda/2008/08/20/the-basics-of-windows-
server-2008-fsrm-file-server-resource-manager/
https://www.howtogeek.com/50148/how-to-create-a-new-user-in-server-2008/

119
 TASK SHEET 3.2-2

Title: Set-Up Computer Server

Performance Objective: Given required supplies and materials you should be

able to perform in one session.
1.Create user folder
2.Set-up centralized file sharing
3. Deploy Network Printer

Supplies/Materials : Ethernet cables for network set-up

Equipment : Computer Server, Windows Server 2008 R2 installer,

Client/Workstations.

Steps/Procedure:
1. Ask your trainer to provide you with needed materials and equipment.
2. Install the following roles
- ADDS, DNS, DHCP, FILE SERVICES, PRINT
MANANGEMENT
3. Set up centralized file sharing through folder redirection and roaming
user profile
4. Deploy Network Printer
5. On the client computer print the following:
• Name
• IP address of Network Printer
• IP address of Main Router
• IP address of Workstation Router
• IP address of Access Point
• IP address of Server Computer
• IP address of Client Computer
Assessment Method:
Observation
Interview

120