System Administration (CS-584)

Assignment 3 (Due Date: 21/01/2019)

Task 1: Design a Web Application Proxy solution

With certificate-based authentication, a key aspect is ensuring that the client trusts
the server performing the authentication. There are multiple ways to achieve this
trust relationship between client and server. For domain clients, an internal
Certificate Authority (CA) allows you to configure computers to trust the corporate
CA as well as enable auto-enrolment for client certificates. If a public CA is used, a
client-server trust typically exists already, but authentication using client certificates
becomes difficult. A hybrid certificate deployment, in which your enterprise CA uses
a root certificate from a trusted third party, allows you to combine the strengths of
both options: automatic enrolment of domain members and inherent trust from
external clients. Write-up the power Shell commands for the followings:

 Installing IIS 8 via PowerShell

 Module Management via PowerShell
 enable IIS module via PowerShell
 Site Setup via IIS Manager
 How would you set a registry value with PowerShell ?
 How would you ping a remote computer with 5 packets using PowerShell ?
 How to prepare window 7 bootable Disc using powershell?

Task 2: Windows Server NIC teaming

NIC Teaming is providing network availability and network performance. It acts as

bonding network adapters to form one logical network adapter. It provides useful
features such as load balancing across individual links and failover for network
connections. Perform the NIC Teaming Windows PowerShell cmdlets for followings:
 Adds a new member (network adapter) to a specified NIC team
 Adds a new interface to a NIC team.
 Gets a list of NIC teams on the system.
 Gets network adapters that are members of a NIC team
 Gets a list of team interfaces.
 Creates a new NIC team.
 Removes the specified NIC team from the host.
 Removes one or more network adapters from a NIC team.
 Removes a team interface from a NIC team.
 Renames a NIC team.
 Sets parameters on the specified NIC team.

1
  Sets the role of a member network adapter in a NIC team.
 Sets a new VLAN id on a team interface, or restores the interface to Default
mode

Task 2: Remote Desktop

1. You have the Web Server (IIS) role installed on a server that runs Windows
Server 2008. You make changes to the configuration of an application named
APP1. Users report that the application fails. You examine the event log and
discover the following error message: You need to ensure that users are able
to connect to APP1. Which command should you run at the command prompt
on the server?
2. Your company has an Active Directory domain. The company runs Remote
Desktop Services. A user has remotely logged on to the Remote Desktop
Session Host Server. The user requires help to use an application.
When you connect to the Remote Desktop session, you cannot operate any
applications. You need to ensure that you can assist any user on the Remote
Desktop Session Host Server. What should you do to run at the command
prompt on the server?
3. Write-up the power Shell commands for the followings:
a. Add an RD Session Host server
b. Add an RD Virtualization Host server and create a virtual switch
c. Add virtual desktops to a virtual desktop collection on an RD
Connection Broker
d. Get the list of applications available to publish for a session collection
e. Get certificates for an RD Connection Broker
f. Get the published virtual desktops for all collections
g. Gets configuration details of a virtual desktop collection
h. Enabling and configure Remote Desktop Gateway

Task 3: Read-only Domain Controllers

Case Study: Toyota Company had a remote office with about 15 users. They were
separated from their main office by railroad tracks, and the railroad company would
not allow cables to be run beneath the tracks. Users connected using a 256 Kbps
dial-up modem that created a VPN between the main office and the remote office.
Not surprisingly, the users often complained that the logons were taking too long.
Eventually, domain administrators created a domain controller and placed it in the
remote office. Unfortunately, the remote office had very poor physical security. About
a month after they placed the DC in the remote office, it disappeared. Users weren’t
even sure exactly when it disappeared, though administrators were able to narrow
down the time frame using logs. A lot of circumstantial evidence pointed to an
employee who had access to the office after hours, but nothing was ever proven.

2
Since the DC had a full copy of Active Directory, including all the administrative
accounts and their passwords, the IT department was soon in panic mode. They
spent a great deal of time changing passwords and renaming accounts. They even
seriously considered deleting their one-domain forest and starting over. Management
spent a lot of time evaluating the risk of not rebuilding the forest and weighing it
against the business impact of deleting the forest and rebuilding it from scratch.
Eventually they accepted the risk. It paid off. They never saw any evidence that
anything was compromised from this theft. If the DC were an RODC instead, the
company would have lost the cost of the server, but the added risks that caused so
much administrative and managerial headaches could have been avoided.
In this situation, An RODC holds all the Active Directory accounts and most of the
attributes that can be found on a writable DC. A significant difference between an
RODC and a writable DC is that an RODC holds very few passwords.
More specifically, the RODC will typically only hold the passwords of no
administrator users who log on in the remote office. Other passwords are specifically
blocked from being stored on the RODC.

Figure shows the process if an RODC is placed in a remote office. Imagine Sally is
logging onto the RODC for the first time. Her system will contact the RODC. The
RODC doesn’t have her account cached, so it will query the DC at the headquarters
location. To configure the RODC, please perform the following tasks.

 Prepare a forest and a domain for RODCs

 Prepare the domain
 Allow passwords on any RODC
 Allow passwords on a single RODC
 Perform RODC password replication policy
 Allowed RODC Password Replication Group
 Delegating Administration for an RODC
 Modifying the Allowed List
 Connectivity between RODC and Main server

3
Task 4: Installing and configure the Print and Document Services Role
Print and Document Services is a server role in Windows Server 2012 R2 that
enables you to share printers and scanners on a network, set up print servers and
scan servers, and centralize network printer and scanner management tasks. You
can do these tasks using the Print Management and Scan Management Microsoft
Management Console (MMC) snap-ins. You can use the snap-ins to monitor network
printers and scanners, and to manage Windows print servers and scan servers in
your organization.
Case Study: Mt. Mercy University was founded in 1928. It's a private, Catholic
university located in Cedar Rapids, Iowa. The University was disappointed with their
service provider and was looking for a new partner. Once they partnered with Marco,
they experienced the benefits of their managed print service (MPS) program. A total
of 92 new copier/printer devices were installed and repositioned throughout the
campus over a smooth, three-week period. A print software called PaperCut was
also implemented and it provides users an ID number to access all networked
devices. This made it possible for the University to assign and track print usage by
student, department and project type, providing control over print output and helping
them better manage costs. Write-up the power Shell commands for the followings:

 Gets configuration details of a virtual desktop collection

 View printers using custom filters
 Manage printer settings and drivers
 Monitor printer status and configure alerts
 Connect to remote print servers so you can do all this for your
 Viewing and Editing Port Settings
 Retrieves a list of print jobs in the specified printer.
 Restarts a print job on the specified printer.
 Sets the configuration information for the specified printer.
 Updates the configuration of an existing printer