Python Notes for mca i year students osmania university.docx
Ca1 report
1. CA1 Report
ST3241: Network and Server Management
Done by:
Lim Yiling (P1031243)
Ally Tan (P1031045)
DICT 2A/03
2. Task 1:
You are required to set up a small server/client network with one server and one client for
TripSmart Company. The server name is S****** and the client name is C******, where
****** is the admission number of any member in your team. Use 198.168.100.10 and
192.168.100.11 for the IP address of the server and the client respectively
Server Side
Step 1: Log on as administrator in Server01( Windows Server 2008).
Step 2: Right-Click the Network icon in the Systems Tray and select Properties.
Step 3: Click on View status as shown below:
Step 4: Click on Properties button under the Local Area Connection Status window.
Step 5: Double click on Internet Protocol Version 4 (TCP/IPv4).
Step 6: Click on OK button after you have filled in as follows:
3. Step 7: Right-Click the Computer icon on the Desktop and select Properties
Step 8: Click Change Settings, then click on Change under Computer Name tab.
Step 9: Click on OK button after you have filled in as follows, restart when prompted:
4. Client Side
Step 10: Log on as administrator in Client01 (Windows XP).
Step 11: Fill in the following TCP/IP properties:
Step 12: Right-click on My Computers and select Properties, and click on Change under
Computer Name.
Step 13: Click on OK button after you have filled in as follows, restart when prompted:
5. Task 2:
Install Active Directory in the server to promote it to be a domain controller and install
DNS accordingly. Create a domain with the domain name that is DM******.com
(where ****** is your admission number) and join the client to the domain.
Install DNS Server Role
Step 1: Go to Start > Programs > Administrative Tools > Server Manager.
Step 2: Click on Roles and select Add Roles under Roles Summary
Step 3: Click on Next and check on “DNS Server” Option, and click Next again.
6. Step 4: Install the DNS Server Role.
Install Active Directory Domain Services
Step 5: Repeat Step 1 – 2.
Step 6: Click on Next and check on “Active Directory Domain Services” Option, and
click Next again.
Step 7: Install the Active Directory Domain Services Role.
Step 8: Click on Start > Run, type in “dcpromo.exe”.
7. Step 9: Click on Next, and Next again. Check “Create a new domain in a new forest”,
and Next.
Step 10: Click on Next after you have filled in as follows:
Step 11: Select “Windows Server 2008” for the Forest functional level and click Next
twice, select Yes when a pop-up screen appears.
Step 12: Click on Next. Input Password as: “P@ssw0rd”, click on Next twice.
Step 13: Check on “Reboot on Completion”.
Join Client to the Domain
Step 14: Log on as administrator on Client
Step 15: Right-click on My Computers and select Properties, and click on Change under
Computer Name.
8. Step 16: Click on OK button after you have filled in as follows:
Step 17: Enter administrator’s name and password when required.
Task 3:
The TripSmart Company has 3 departments and there is no strong security boundaries
required between the departments.
a) As an administrator, you have to decide how to setup the network for the company.
The user accounts and group memberships are shown in the following table:
Department User Account Group Membership
Sales Sale1, Sale2, Sale3 Marketing, Domain Users
Human Resource Clerk1, Clerk2 HR, Domain Users
Technical Support TSO1, TSO2 TSO, Domain Admins
Step 1: Logon as administrator in Server
Step 2: Click Start > Administrative Tools > Active Directory Users and Computers.
Step 3: Right click Users folder and select the New User... option.
Step 4: Fill in the following fields in the New User window for all the User Accounts
stated above:
Username:
Full Name:
Description:
Password:
Confirm Password:
9. Step 5: Open Active Directory Users and Computers tool. Right click
DM*******.com and select the New Organization Unit option.
Step 6: The new object – group dialog box appears. Enter the name of the group as
‘Sales’, leave the Group scope as ‘Global’ and click OK.
Step 7: Repeat Step 6 for both Human Resource and Technical Support.
Step 8: Open Active Directory Users and Computers tool. Right click
DM*******.com and select the New Group option.
Step 9: Create 3 groups named “Marketing”, “HR” and “TSO”
b) Configure the security settings to meet the following requirements:
i. The password for the users’ accounts in Technical Support department should
never be expired.
Step 1: Right click “Properties” on both TSO users’ accounts, select the “Account” tab
and check “Password never expires” under Account options.
ii. The users in the Sales department are allowed to log into the domain during the
office hours (from 9am to 5pm, Monday to Friday).
Step 1: Right click “Properties” on all 3 Sale users’ accounts, select the “Account” tab
and click “Logon Hours”….
10. Step 2: Select Monday to Friday and then permit working hours from 9am to 5pm for all
3 Sale Accounts.
iii. Clerk2 is on two month no‐pay leave starting from 15 November 2011.
Step 1: Right click “Properties” on Clerk2’s user account, select the “Account” tab and
select End of: Tuesday, November 15, 2011 under “Account expires”….
iv. The users in the Sales department are not allowed to access to the
Control Panel.
Step 1: Logon as Administrator on Server, open Group Policy Management and right
click on Sales OU, select Create a GPO in this domain, and Link it here.
11. Step 2: Name the new policy as Default Sales Policy. Click OK and right click on the
newly created Default Sales Policy and select Edit.
Step 3: Under User Configuration console tree, expand Administrative Templates and
then Control Panel and enable the following setting:
Prohibit access to the Control Panel
Step 4: Run gpupdate /force to refresh the policy settings.
v. The users in the Human Resource department are not allowed to use the
Run menu from Start Menu
Step 1: Logon as Administrator on Server, open Group Policy Management and right
click on Human Resource OU, select Create a GPO in this domain, and Link it here.
Step 2: Name the new policy as Default HR Policy. Click OK and right click on the
newly created Default Sales Policy and select Edit.
Step 3: Under User Configuration console tree, expand Administrative Templates and
then Start Menu and Taskbar and enable the following setting:
12. Remove Run menu from Start Menu
Step 4: Run gpupdate /force to refresh the policy settings.
vi. All Users must change their password every 3 months and cannot re-use any of
the 3 recent passwords he/she has used for his/her account.
Step 1: Logon as Administrator on Server, open Group Policy Management and right
click on Default Domain Policy, select Edit.
Step 2: Under Computer Configuration console tree, expand Windows Settings and
then Security Settings > Account Policies.
Step 3: Select Password Policy and change the settings for the following:
13. Enforce password history- Keep password history for 3 passwords remembered.
Maximum password age- Password will expire in 90days/3months
Step 4: Run gpupdate /force to refresh the policy settings.
vii. All Users would require the administrator to unlock the account after 5
unsuccessful attempts.
Step 1: Logon as Administrator on Server, open Group Policy Management and right
click on Default Domain Policy, select Edit.
Step 2: Under Computer Configuration console tree, expand Windows Settings and
then Security Settings > Account Policies.
Step 3: Select Account Lockout Policy and change the settings for the following:
Account lockout threshold- Account will lock out after 5 invalid logon attempts
Task 4:
The users from the Sales and Human Resource departments have requested to create
two shared folders in the domain controller: StaffData and SalesData. The appropriate
permissions must be set in order to meet the following requirements:
a) For StaffData folder: The users in Human Resource department can have
Modify (Change) permission when they access the folder locally or across the
network. Other users should have no access to this folder.
14. Step 1: Create a StaffData folder in Local Disk (C:), right click and select Properties >
Sharing > Advanced Sharing… > Check the box for Share this folder.
When accessing across network
Step 2: Select permissions under Advanced Sharing and add the HR group. Check Allow
for Change and automatically Read will be allowed too.
Add Everyone and check Allow for Read only.
Add Administrators and check Allow for Full Control and Change and Read would be
automatically allowed too. Apply and click OK.
When accessing locally
Step 3: Properties > Security, then click Edit to change permissions. Add the HR group
and check Allow for Modify and automatically Read & Execute, List folder contents,
Read and Write will be allowed too.
Add Administrators and check Allow for Full Control and Modify, Read & Execute,
List folder contents, read and write will be automatically allowed too. Apply and click
OK.
You should be able to see this if other users try to access this folder:
b) For SalesData folder: The users in the Sales department have Modify permission
when they access the folder locally but only have Read permission when they access the
folder across the network.
15. Note: The administrator has Full Control permission for both folders
regardless of whether the folders are accessed locally or across the network.
Step 1: Create a SalesData folder in Local Disk (C:), right click and select Properties >
Sharing > Advanced Sharing… > Check the box for Share this folder.
Step 2: Select permissions under Advanced Sharing and add the Marketing group.
Check Allow for Read only.
Add Administrators and check Allow for Full Control and Change and Read would be
automatically allowed too. Apply and click OK.
You should be able to see this if the users in the Sales department try to modify the
folder:
Task 5:
As the StaffData folder contains confidential data, it is required to keep track of all
users’ access to the folder.
Step 1: Logon as Administrator on Server, open Group Policy Management, right-click
on “Default Domain Policy”, select Edit.
Step 2: Computer Configuration > Policies > Windows Settings > Security Settings >
Local Policies > Audit Policy
16. Step 3: Right-click on “Audit object access”, select “Properties”, check the boxes as
below:
Step 4: Go to “Computer” > “Local Disk (C:)”. Right-click on StaffData > Properties
> Security > Advanced > Auditing > Edit
Step 5: Click on Add, type in Everyone and select Check Name. Check the
“Successful” and “Failed” box for “List folder / read data”, and select OK.
Step 6: Logon to Sale1 in Client to test the failed audit.
Step 7: My Network Places > Entire Network > Microsoft Windows Network >
DM1031243 > S1031243 > StaffData. You should be unable to access the folder.
Step 8: In Server side, click on Administrator Tools > Event Viewer > Windows Logs
> Security. You should see “Audit Failure”:
17. Step 9: Logon to Clerk1 in Client to test the success audit.
Step 10: My Network Places > Entire Network > Microsoft Windows Network >
DM1031243 > S1031243 > StaffData. You should be able to access the folder.
Step 11: In Server side, click on Administrator Tools > Event Viewer > Windows
Logs > Security. You should see “Audit Success”:
18. b) The auditing records may be very large, how can you use the filter feature to allow
the system to show only the events associated with the failure object access?
Step 12: Click on Administrator Tools > Event Viewer Windows Logs > Security.
Step 13: Click on Filter Current Log and set the settings like the following:
Step 13: Click “OK”. You should only be able to see failed object events only.
Task 6:
The TSO group would need to require to have some commands run automatically each
time they log on to the domain. The commands should accomplish the following tasks:
a) Display the global groups in the domain.
b) Display the list of computer or shared resources available in the domain.
Step 1: Click on Computers > Local Disk (C:) > Windows > System32
Step 2: Create repl folder, inside repl folder, create import folder, inside import folder,
create scripts folder.
Step 3: Open Notepad, type in the followings:
@echo off
net group
net share
pause
19. Step 4: Save it as cmd file. Name it as “logon_test”.
Step 5: Open Active Directory Users and Computers, select Technical Support.
Step 6: Right-click on TSO1 > Properties > Profile.
Step 7: Fill in the followings:
Step 8: Repeat step 7 for TSO2.
Step 9: Login to TSO1 in Server side.
Step 10: You should be able to see the logon script:
20. Task 7:
a) How should you configure your system in order to complete the following task?
You want to start a performance counter log to monitor Interrupts/sec counter at an
interval of 3 seconds for the period of 15 minutes when the processor utilization goes
above 80%. The log file name is Interrupt.blg.
Step 1: Click on Start > Programs > Administrative Tools > Reliability and
Performance Monitor > Data Collector Sets
Step 2: Right-click on User Defined > New > Data Collector Set
Step 3: Name it as Interrupts, check on Create manually (Advanced), Next.
Step 4: Check on Create data logs and Performance counter.
Step 5: Click on Add, expand Processor, select Interrupts/sec from Available counters,
and click on Add>> to the Added counters. Click OK.
Step 6: Under Sample interval, change from 15 to 3.
Step 7: Click on Next and Finish.
Step 8: Right-click on User Defined > New > Data Collector Set
Step 9: Name it as Alert, check on Create manually (Advanced).
21. Step10: Check on Performance Counter Alert
Step 11: Click on Add, expand Processor, select % Processor Time from Available
counters, and click on Add>> to the Added counters. Click OK.
Step 12: Under Alert when, change from 1 to 80.
Step 13: Click on Next and Finish.
Step 14: Click on Interrupt under User Defined, right-click on DataCollector01 >
Properties > File. Change the Log file name to Interrupt.
Step 15: Click on Alert under User Defined, right click on DataCollector01 >
Properties > Alert Action. Check on “Log an entry in the application event log”.
Under “Start a data collector set:” select Interrupts from the dropdown list.
b) Which object(s) & counter(s) would you use to monitor/diagnose the followings?
i) You have installed two disk drives in your system and want to determine which
one gets used more so you can balance the load between them.
- Object: Physical Disk, Counters: %Disk Time & Avg. Disk Bytes/Transfer
ii) You suspect your system does not have enough RAM and want to find out
whether system uses too much paging file or not.
- Object: Memory, Counter: Committed Bytes
22. Task 8:
Set up a practical to verify the following differences between incremental backups and
differential backups. Explain how you would do and show your results in the report.
An incremental backup clears file’s archive attribute but a differential backup does not.
To restore all data back, differential backups are less time‐consuming than incremental
backups.
No detailed steps are required for this task. You can use any way to explain your method
(e.g. diagram, table, flowchart…) as long as it can clearly explain what you would do.
You must practically try out your method to see whether it works or not. You should
include screen shots of your practical results in the report
Setting up an Incremental Backup
1. Create a new folder with Full BU.zip and FullBU1.zip.
2. Full Backup this folder.
3. Create INCRE1.zip into the folder.
4. Backup this folder with incremental backup, only the newly created INCRE1.zip
is backed up.
5. Create INCRE2.zip and INCRE2.1 zip into the folder
6. Backup this folder with incremental backup, only the newly created INCRE2.zip
and INCRE2.1 are backed up.
Day Monday Wednesday Friday Sunday
Type of Full Incremental Incremental Restore
Backup
Before Incremental backup
23. After Incremental backup
Setting up a Differential Backup
1. Create a new folder with Full BU.zip and FullBU1.zip.
2. Full backup this folder.
3. Create DIFF1.zip into the folder.
4. Backup this folder with differential backup, only DIFF.zip is backed up; however,
the archive bit is not turned off.
5. Create DIFF2.zip and DIFF2.1 zip into the folder.
6. Backup this folder with differential backup, DIFF.zip, DIFF2.zip and DIFF2.1.zip
is backed up, because DIFF1.zip’s archive bit is still on.
Day Monday Wednesday Friday Sunday
Type of Backup Full Differential Differential Restore
Before and after Differential backup
24. Results:
Archive Attribute Backup Time Restore Time
Incremental Before: ON Full Backup(Monday): Full Restore:
After: OFF 31 Seconds 18 Seconds
Incremental(Wednesday): First & Second
6 Seconds Incremental:
Incremental(Friday): 7 Seconds, 11 Seconds
9 Seconds
Total: 36 Seconds
Total: 46 Seconds
Differential Before: ON Full Backup(Monday): Full Restore: 18
After: ON 31 Seconds Seconds
Differential(Wednesday): Differential Restore: 7
4 Seconds Seconds
Differential(Friday):
12 Seconds Total: 25 Seconds
Total: 47 Seconds
Incremental
1. Time for first Full Backup on Monday took 31 seconds; subsequent incremental
backup took 6 and 9 second respectively.
2. Have to restore the entire backup files.
3. First Full Restore took 18 seconds; subsequent restore took 7 and 11 seconds
respectively.
Differential
1. Time for first Full Backup on Monday took 31 seconds; subsequent differential
backup for Wednesday and Friday took 4 and 12 second respectively, the second
one is longer because it backed the files that is on Wednesday too.
2. Just have to restore the first backup file and the last backup file.
3. First Full Restore took 18 seconds; last backup took 7 seconds.