Installing Windows Server 2008

Figure 0386 : Launch My Computer
71. There are now one additional drive appears at the bottom (Figure 0387).

Figure 0387 : Network Drive

72. Log off the client computer.

Summary
Permissions are assigned at the SHARE and at the File system level. By default, Windows
Server 2003 places every use created into the group EVERYONE, and, when creating a new
directory or share, automatically assigns rights to that resource so the group EVERYONE can
access it.

If you want to secure any resources by restricting access, you should ensure that the
appropriate permissions have been set at both the share and file system level.

Publishing shared folders in Active Directory simplifies the task of locating resources.

Exercise 12

Logon Scripts

Exercise 12 : Logon Scripts

In this exercise you will create logon and logoff scripts and apply these to users in an
organizational unit. You will specify a network home directory for users and arrange for this
directory to be mapped when the user logs on. Finally, you will specify disk space restrictions for
specific users.
EXERCISE 12.1
Logon Scripts
A logon script is a sequence of commands that executes when a user logs onto the network.

1. Log on server as Administrator (Figure 0388).

Figure 0388 : Administrator Login

2. Launch Group Policy Management. Click Start ► Administrative Tools ► Group Policy
Management (Figure 0389).

Figure 0389 : Launch Group Policy Management
3. Expand the Forest (Figure 0390).

Figure 0390 : Group Policy Management - Forest
4. Expand the Domains (Figure 0391).

Figure 0391 : Group Policy Management – Domains
5. Expand your domain.com (Figure 0392).

Figure 0392 : Group Policy Management – myserver.com
6. Right-click the STKM Group Policy and select Edit (Figure 0393).

Figure 0393 : STKM Group Policy - Edit
7. The group policy editor allows you to specify user and computer settings. In the

following steps, you will change some of these settings (Figure 0394).

Figure 0394 : Group Policy Management Editor
8. Expand User Configuration (Figure 0395).

Figure 0395 : Group Policy Management Editor – User Configuration
9. Expand the Policies folder (Figure 0396).

Figure 0396 : Group Policy Management Editor – Policies

10. Expand the Windows Setting folder (Figure 0397).

Figure 0397 : Group Policy Management Editor – Windows Setting
11. Click the Scripts (Logon/Logoff) (Figure 0398).

Figure 0398 : Group Policy Management Editor – Scripts (Logon/Logoff)
12. Double-click Logon (Figure 0399).

Figure 0399 : Group Policy Management Editor – Logon

13. In the Logon Properties windows, click Show Files… button (Figure 0400).

Figure 0400 : Logon Properties
14. Create new text document.

Right-click inside the new windows and select New ► Text Document (Figure 0401).

Figure 0401 : Create New Text Document
15. Double-click the text document. This will load the Notepad editor. Type the following

text into the file (Figure 0402).

echo off
cls
echo This is a log on script for the Stkm OU
echo Welcome %USERNAME% , member of the Stkm OU
pause

Figure 0402 : Notepad editor – New Text Document

16. Save the file as Stkm.cmd

16.1. From Menu bar, click File ► Save As… (Figure 0403).

16.2. Figure 0403 : Menu bar - Save As…
Enter Stkm.cmd in the “File name:” box (Figure 0404).

Figure 0404 : Save As – File Name

16.3. Select All Files from the “Save as type:” drop menu (Figure 0405).

Figure 0405 : Save As Type – All Files

16.4. Click Save button (Figure 0406).

Figure 0406 : Save Button

17. Close the Notepad editor.

18. Close the Script windows by clicking the X button at the right top corner of the windows
(Figure 0407).

Figure 0407 : Script Windows
19. On the Logon Properties window, click Add… button (Figure 0408).

Figure 0408 : Logon Properties – Add…
20. Click Browse… button on the Add a Script window (Figure 0409).

Figure 0409 : Add a Script – Browse…

21. Select Stkm.cmd file from the list (Figure 0410).

Figure 0410 : Browse – Stkm.cmd
22. Click Open button (Figure 0411).

Figure 0411 : Open Button
23. Now you can see the Stkm.cmd appear in the “Script Name:” box. Click OK button to

continue (Figure 0412).

Figure 0412 : Add a Script Window

24. Stkm.cmd now listed under Logon Properties Script. Click OK button to close the
Logon Properties window (Figure 0413).

Figure 0413 : Logon Properties window
25. Close the Group Policy Management Editor window.
26. On the Group Policy Management window, right-click STKM Group Policy and uncheck

all options except Link Enabled (Figure 0414).

Figure 0414 : Link Enabled
27. Open STKM Group Policy.

Right-click the STKM Group Policy and select Edit (Figure 0415).

Figure 0415 : STKM Group Policy - Edit
28. In the Group Policy Management Editor, expand User Configuration (Figure 0416).

Figure 0416 : Group Policy Management Editor – User Configuration
29. Expand the Policies folder (Figure 0417).

Figure 0417 : Group Policy Management Editor – Policies
30. Expand the Administrative Templates folder (Figure 0418).

Figure 0418 : Group Policy Management Editor – Administrative Templates
31. Expand the System folder (Figure 0419).

Figure 0419 : Group Policy Management Editor – System
32. Click the Scripts folder (Figure 0420).

Figure 0420 : Group Policy Management Editor – Scripts
33. Double-click the Run logon scripts visible option (Figure 0421).

Figure 0421 : Group Policy Management Editor – Run logon scripts visible
34. The Run logon scripts visible Properties appear. Click the Enabled button to enable this

setting (Figure 0422).

Figure 0422 : Run logon scripts visible Properties
35. Click OK to apply setting (Figure 0422).
36. In the same folder, double-click the Run logon scripts synchronously option (Figure

0423).

Figure 0423 : Group Policy Management Editor – Run logon scripts synchronously
37. The Run logon scripts synchronously Properties appear. Click the Enabled button to

enable this setting (Figure 0424).

Figure 0424: Run logon scripts visible Properties
38. Click OK to apply setting (Figure 0424).
39. The setting now displays as Enabled in the Group Policy Editor (Figure 0425).

Figure 0425 : Run logon scripts visible – Enabled
40. Close the Group Policy Management Editor.

41. On Group Policy Management, click Refresh button and close the Group Policy
Management window.

Update Group Policy

42. Launch the Run application. Click Start ► Run… (Figure 0426).

Figure 0426 : Launch the Run Application
43. Key-in gpupdate in the Open : box (Figure 0427).

Figure 0427 : Run Window
44. Click OK to run the gpupdate (Figure 0428).

Figure 0428 : Updating Policy

45. Log off the server.

Test The Logon Script

46. Log on to the client computer as ocah.blue (Figure 0429).

Figure 0429 : Log On To Server Using Client Workstation
47. The logon script should appear same as figure below (Figure 0430).

Figure 0430 : Logon Script
48. Press ENTER or any key to continue.
49. Log off the client computer.
Summary
Scripts allow for both user and computer environments to be configured. The four scripts
available are startup, shutdown, logon and logoff.

Exercise 13

HOME
DIRECTORIES

Exercise 13 : Home Directories

In this exercise, you will create a shared folder on the server that will be used for user home
directories. You will map a home directory for a specific user, so that when they log on to the
network, they will have a drive mapped to their home directory on the server.
EXERCISE 13.1
Create Sharing Folder

1. Log on to the server as Administrator (Figure 0431).

Figure 0431: Administrator Login
2. Launch Windows Explorer. Click Start ► Right-click Computer ► select Explore

(Figure 0432).

Figure 0432 : Launch Windows Explorer

3. Access D: drive (Figure 0433).

(Make sure your D drive are NTFS formatted. If not, you have to convert or format it to
NTFS)

Figure 0433: Windows Explorer – D Drive
4. Create a folder named UserSN (SN represents you’re Station Number).

In previous exercise I use number 21 as my Station Number. So in this exercise my
folder named will be User21.
4.1. Right-click D drive ► select New ► Folder (Figure 0434).

Figure 0434 : Windows Explorer – Create New Folder

4.2. Rename the folder as User21 (Figure 0435).
Figure 0435: Rename Folder

5. Open the User21 folder properties. Right-click User21 folder ► select Properties
(Figure 0436).

Figure 0436: Open The User21 Folder Properties

6. Click the Sharing tab (Figure 0437).

Figure 0437 : User21 Folder Properties - Sharing
7. Click Advanced Sharing… button (Figure 0438).

Figure 0438 : Advanced Sharing… button
8. Enable the Share this folder option (Figure 0439).

Figure 0439 : Advanced Sharing
9. Specify the share name as Users (Figure 0440).

Figure 0440 : Advanced Sharing – Share name
Set Sharing Folder Permissions

10. Click Permissions button (Figure 0441).
Figure 0441 : Permissions button

11. Select Everyone and click Remove button to remove Everyone from the “Group or user
names:” list (Figure 0442).

Figure 0442 : Remove Everyone
12. Click Add… button (Figure 0443).

Figure 0443 : Add button
13. Click the Advanced… button (Figure 0444).

Figure 0444 : Select Users, Computers, or Groups
14. Click the Find Now button (Figure 0445).

Figure 0445 : Select Users, Computers, or Groups – Advanced
15. Select Ahmad Akmal account from the list (Figure 0446).

Figure 0446 : Select Users, Computers, or Groups – Find Now
16. Click OK (Figure 0446).
17. Click OK (Figure 0447)

Figure 0447 : Select Users, Computers, or Groups – User Added

18. Tick Allow box for Full Control permission. This will give Ahmad Akmal full control over
the folder User21. So he can read and write to the User21 folder on the myserver.com
server (Figure 0448).

Figure 0448: Folder Permissions For Users
19. Now we add Administrator account to give Administrator permission to manage the

shared folder. Click Add… button (Figure 0449).
Figure 0449 : Add button

20. Click the Advanced… button (Figure 0450).

Figure 0450 : Select Users, Computers, or Groups

21. Click the Find Now button (Figure 0451).

Figure 0451 : Select Users, Computers, or Groups – Advanced
22. Select Administrator user account from the list (Figure 0452).

Figure 0452 : Select Users, Computers, or Groups – Find Now

23. Click OK (Figure 0452).
24. Click OK (Figure 0453)

Figure 0453 : Select Users, Computers, or Groups – User Added
25. Tick Allow box for Full Control permission. This will give Administrator full control over

the folder User21. So the Administrator can manage the User21 folder on the
myserver.com server (Figure 0454).

Figure 0454 : Folder Permissions For Users
26. Click OK (Figure 0454).

27. Click OK for Advanced Sharing window (Figure 0455).

Figure 0455 : Advanced Sharing window
28. Click OK again for User21 Properties window (Figure 0456).

Figure 0456 : User21 Properties window
29. Click Close all remaining windows.

Set User Home Directories
30. Launch Active Directory Users and Computers. Click Start ► Administrative Tools ►
Active Directory Users and Computers (Figure 0457).

Figure 0457 : Launch Active Directory Users and Computers
31. Expand myserver.com (Figure 0458).

Figure 0458 : Active Directory Users and Computers – domain
32. Click the Sted Organization Unit (Figure 0459).

Figure 0459 : Active Directory Users and Computers – Sted OU

33. Right-click Ahmad Akmal and select Properties (Figure 0460).
Figure 0460 : Active Directory Users and Computers – Ahmad Akmal

34. Click Profile tab (Figure 0461).

Figure 0461 : Ahmad Akmal Properties - Profile

35. Select drive L: connect to \\Server21\Users\zul.akmal under Home folder section (Figure
0462).
(Specify the name of your server instead of Server21 as in this example).

Figure 0462: Ahmad Akmal Properties – Home Folder
36. Click OK (Figure 0462).
37. Click Sted OU and click Refresh button .
38. Close Active Directory Users and Computer window.
39. Log off server.

Test User Home Directories
40. On the client computer, press CTRL+ALT+DEL to display the logon dialog box (Figure
0463).

Figure 0463: Windows XP Welcome Window
41. Log on the Windows XP Professional as zul.akmal and akmal as password (Figure

0464).

Figure 0464 : Log On To Server Using Client Workstation

42. Launch My Computer. Start ► My Computer (Figure 0465).

Figure 0465 : Launch My Computer
43. There are now one additional drive appears at the bottom (Figure 0466).

Figure 0466 : My Computer

44. Double-click the Network Drives to access the zul.akmal folder on the server (Figure
0467).
The folders are empty.

Figure 0467 : Ahmad Akmal Home Directory
1. Create new text document.

Right-click inside the new windows and select New ► Text Document (Figure 0468).

Figure 0468 : Create New Text Document
45. Rename the file as Test (Figure 0469).

Figure 0469: Computer
46. Log off the client computer.
Checking The Users Home Directories
47. Log on to the server as Administrator (Figure 0470).

Figure 0470 : Administrator Login

48. Launch Windows Explorer. Click Start ► Right-click Computer ► select Explore
(Figure 0471).

Figure 0471 : Launch Windows Explorer
49. Expand D: drive (Figure 0472).

Figure 0472 : Windows Explorer – D: Drive
50. Expand User21 folder (Figure 0473).

Figure 0473 : Windows Explorer – User21 Folder

51. You can see the folder zul.akmal is automatically created. Click zul.akmal folder (Figure
0474).

Figure 0474 : Windows Explorer – zul.akmal Folder
What are the contents of the zul.akmal folder?
Are there any files on it?
You should see the Test.txt file (created earlier from the client computer) listed in the
zul.akmal home directory.
52. Log off the server.
Summary
Home directories allow users to store their files on the network. This is especially suited to
roaming users.

Exercise 14

DISK
QUOTAS

Exercise 14 : Disk Quotas

In this exercise you will apply disk space restrictions to users.
EXERCISE 14.1
Create Disk Quotas

1. Log on to the server as Administrator (Figure 0475).

Figure 0475 : Administrator Login
2. Launch Windows Explorer. Click Start ► Right-click Computer ► select Explore

(Figure 0476).

Figure 0476 : Launch Windows Explorer

3. Right-click D: drive and select Properties (Figure 0477).

Figure 0477 : Windows Explorer – D Drive Properties
4. Click the Quota tab (Figure 0478).

Figure 0478 : Quota Tab

5. Enable the check box Enable quota management (Figure 0479).

Figure 0479 : Enable quota management
6. Enable the check box Deny disk space to users exceeding quota limit (Figure 0479).
7. Select Limit disk space to option and set to 25 MB (Figure 0480).
8. Set the Set warning level to option to 5 MB (Figure 0480).

Figure 0480 : Limit Disk Space

Add Quota Entries
9. Click the Quota Entries… button (Figure 0481).
Figure 0481 : Quota Entries… button
10. A list of quota entries will be displayed (Figure 0482).

Figure 0482 : Quota Entries
11. On the Menu Bar, click Quota ► New Quota Entry… (Figure 0483).

Figure 0483 : Add New Quota Entry

12. Key-in zul.akmal and click Check Names button (Figure 0484).

Figure 0484 : Select Users
13. After button Check Names are clicked, Active Directory will locate all matching or similar

object names for zul.akmal. If there are matching or similar object names found, the
complete name with email will be shown (Figure 0485).

Figure 0485 : Select Users – Ahmad Akmal
14. Click OK button to confirm (Figure 0485).

15. Set the following parameters for zul.akmal quota entry (Figure 0486).
Select the option Limit disk space to and set the value to 10MB.
Set the value for Set warning level to option to 8MB.

Figure 0486 : Add New Quota Entry
16. Click OK (Figure 0486).
17. Now there is a new quota entries added to the Quota Entries list for zul.akmal (Figure

0487).

Figure 0487 : Quota Entries For D: Drive
18. Close the Quota Entries window.

19. Click OK button to close the Local Disk (D:) Properties window (Figure 0489).

Figure 0489 : Local Disk (D:) Properties window
20. The Disk Quota confirmation message appear, just click OK to enable the quota system

now (Figure 0490).

Figure 0490 : Disk Quota Confirmation Message

Test The Quota Setting
21. Log on the client computer as zul.akmal and akmal as password (Figure 0491).

Figure 0491 : Log On To Server Using Client Workstation
22. Launch My Computer. Start ► My Computer (Figure 0492).

Figure 0492 : Launch My Computer