Installing Windows Server 2008

92. Expand the Domains (Figure 0597).

Figure 0597 : Group Policy Management – Domains
93. Expand your domain.com (Figure 0598).

Figure 0598 : Group Policy Management – myserver.com
94. Right-click the SKLR Group Policy and select Edit (Figure 0599).

Figure 0599 : Default Domain Policy - Edit

95. Expand User Configuration (Figure 0600).

Figure 0600 : Group Policy Management Editor – User Configuration
96. Expand the Policies folder (Figure 0601).

Figure 0601 : Group Policy Management Editor – Policies
97. Expand the Software Settings folder (Figure 0602).

Figure 0602 : Group Policy Management Editor – Software Settings

98. Right-click Software installation and select New ► Package… (Figure 0603).

Figure 0603 : Software installation – New - Package
99. Browse the network and locate the FP11.msi file.

99.1 Click the Network (Figure 0604).

Figure 0604 : Network

99.2 Double-click your server icon (Figure 0605).

Figure 0605 : Network – Server21
99.3 Double-click the ESoftware folder (Figure 0606).

Figure 0606 : Network – Server21 - ESoftware

99.4 Double-click the FrontPage folder (Figure 0607).

Figure 0607: Network – Server21 – ESoftware – FrontPage
99.5 Double-click the FRONTPAGE folder (Figure 0608).

Figure 0608 : Network – Server21 – ESoftware – FrontPage – FRONTPAGE
99.6 Select the FP11.msi file and click Open button (Figure 0609).

Figure 0609 : Network – Server21 – ESoftware – FP11.msi

100. Select Advanced (Figure 0610).

Figure 0610 : Deploy Software
101. Click OK button (Figure 0610).
102. Click the Deployment tab and select Assigned (Figure 0611).

Figure 0611 : Assigned Software
103. Click OK button (Figure 0611).

104. Now you can see the Microsoft Office FrontPage package are listed under “Software
installation” policy (Figure 0612).

Figure 0612 : SKLR Group Policy
105. Close all remaining windows.
Update Group Policy
106. Launch the Run application. Click Start ► Run… (Figure 0613).

Figure 0613 : Launch the Run Application
107. Key-in gpupdate in the Open : box (Figure 0614).

Figure 0614 : Run Windows

108. Click OK to run the gpupdate (Figure 0615).

Figure 0615 : Updating Policy

109. Log off the server.

EXERCISE 15.9
Test the software deployment
Now you will test the deployment of FrontPage 2003 by logging onto the client computer as a
member of the Sklr OU.

110. Log on to the server from client computer as ain.syahmi.
110.1 Press CTRL+ALT+DEL to display the logon dialog box (Figure 0616).

Figure 0616 : Windows XP Logon

110.2 Key-in “User name:” as ain.syahmi and ain as password. (Figure 0617).

Figure 0617: Log on to Windows XP
110.3 Select Log on to: MYSERVER (Figure 0617).
110.4 Click OK button (Figure 0617).
111. Click Start ► All Programs ► Microsoft Office ► Microsoft Office FrontPage 2003. Note
how FrontPage appears on the start menu (Figure 0618).

Figure 0618 : Start Menu - Microsoft Office FrontPage 2003

112. The installation process will begin. When requested, enter the CD key and click Next
button (Figure 0619).

Figure 0619 : Microsoft Office FrontPage 2003 - Setup
113. Click Next button until reach the Summary windows (Figure 0620).

Figure 0620 : Microsoft Office FrontPage 2003 - Install
114. Click the Install button (Figure 0620).

115. Wait until the installations complete (Figure 0621).

Figure 0621 : Setup Completed
116. Click Finish button to complete the FrontPage 2003 installation (Figure 0621).
117. After running FrontPage 2003, log off the client computer.
118. Log on to the client computer as zul.akmal.
119. Is FrontPage 2003 available on the Start menu? YES NO

Your answer must be NO. Why?
Because we zul.akmal were member of Sted OU not the Sklr OU. We only deployed a
software application to a Sklr OU users.

120. Log off the client computer.
121. Log off the server.

Summary
In this exercise you deployed a software application to a group of users. The application was not
supported by Windows Installer so required you to create a ZAP file.
The software application and Zap file were placed on a network share. This software was then
associated with a group policy for the Sklr Organizational Unit. The software deployment was
then tested when a user of the Sklr OU logged onto a client computer.
In installing software on the client computer, the installer needed the required permissions. In
this exercise, the users were made members of the Power Users group to enable the
installation of the software. In actual use, members would be set up with the required
permissions, rather than perhaps being made a member of this group on the local computer.
Managing the software distribution can simply the administration of the network and ensure that
users only get the applications that have been assigned to them.

Exercise 16

VIEWING
EVENTS

Exercise 16 : Viewing Events

In this exercise you will look at events generated on the server. This is important because when
there is a problem, often the cause is logged by the system. The event logs are a good source
to look for problems in configuration or access.
EXERCISE 16.1
Running Event Viewer
1. Log on to the server as Administrator (Figure 0622).

Figure 0622 : Administrator Login

2. Launch Event Viewer. Click Start ►Administrative Tools ►Even Viewer (Figure 0623).

Figure 0623 : Launch Event Viewer
3. Expand Windows Logs ►System. The Event Viewer windows displays the current event

logs. There are a number of logs available (Figure 0624).

Figure 0624 : Even Viewer windows

EXERCISE 16.2
Viewing the Different Log Files
To view events, you need to select a specific log file.
4. Under Windows Logs, click the Security log.

Note the large number of events that are listed in the middle windows (Figure 0625).

Figure 0625 : Even Viewer – Security Logs
5. All events have a Source and Task Category. Note these two columns in the window

(Figure 0625).
It is handy to sometimes restrict the events being viewed to just those events that are of
interest.

EXERCISE 16.3
Filtering Events
In this exercise you will use the filtering function to display only those events of interest.
Often the event log has hundreds of events listed, so you need the ability to look for
only those events that are relevant to what you are trying to resolve.
6. On the right window, click the Filter Current Log… (Figure 0626).

Figure 0626 : Even Viewer – Security Logs
7. Select all Event level: (Figure 0627).

Figure 0627 : Filter Current Log window - Event level

8. In Event sources: drop-down menu, select Microsoft Windows security auditing (Figure
0628).

Figure 0628 : Filter Current Log window - Event sources
9. Set the Task category: to Logon (Figure 0629).

Figure 0629 : Filter Current Log window - Task category

10. Click OK button (Figure 0630).

Figure 0630 : Filter Current Log window
11. Note that only Microsoft Windows security auditing events with Logon task category are

now listed (Figure 0631).

Figure 0631 : Even Viewer – Security events
12. Double-click the first event to see the event properties (Figure 0631).

13. The event properties of the first event appeared. The dialog box gives an indication of the
event [including the event ID, which is helpful when exploring your server as to possible
problems] (Figure 0632).

Figure 0632 : Event Properties
14. Click Close button (Figure 0632).
15. Close the event viewer.
16. Log off the server.
Summary
Windows Server 2008 logs activity to event logs. These events can be viewed with Event
Viewer. Typical events are printing, security, auditing, logon and logoff, as well as other events
generated by application software or other services such as DNS.
Events are helpful in determining problems with configuration or security.

Exercise 17

AUDITING

Exercise 17 : Auditing

In this exercise, you shall look at enabling auditing on selected resources, so that their usage
and access can be monitored. You will use event viewer to view the logged accesses. Often, if
you find that you cannot resolve problems in user access, enabling auditing and viewing the
audit logs with event viewer can help you determine the cause of the problem.
EXERCISE 17.1
1. Log on to the server as Administrator (Figure 0633).

Figure 0633 : Administrator Login
2. Launch Group Policy Management. Click Start ► Administrative Tools ► Group Policy

Management (Figure 0634).

Figure 0634 : Launch Group Policy Management

3. Expand Forest: myserver.com (Figure 0635).

Figure 0635 : Group Policy Management - Forest
4. Expand the Domains (Figure 0636).

Figure 0636 : Group Policy Management – Domains
5. Expand your domain.com (Figure 0637).

Figure 0637 : Group Policy Management – myserver.com

6. Edit the Default Domain Policy. Right-click Default Domain Policy ►Edit (Figure 0638).

Figure 0638 : Edit the Default Domain Policy.
7. Expand Computer Configuration (Figure 0639).

Figure 0639 : Expand Computer Configuration.
8. Expand Policies (Figure 0640).

Figure 0640 : Expand Policies.

9. Expand Windows Settings (Figure 0641).

Figure 0641 : Expand Windows Settings.
10. Expand Security Settings (Figure 0642).

Figure 0642 : Expand Security Settings.
11. Expand Local Policies (Figure 0643).

Figure 0643 : Expand Local Policies.
12. Expand Audit Policy (Figure 0644).

Figure 0644 : Expand Audit Policy.
13. Open Audit logon events properties. Right-click Audit logon events ►Properties (Figure 0645).

Figure 0645 : Open Audit logon events properties.
14. Enable the Success and Failure attempts (Figure 0646).

Figure 0646 : Define policy settings.
15. Click Apply button (Figure 0646).

16. Click OK button to close (Figure 0646).
17. Enable the following events (Figure 0647):

i. Audit account logon events – Success
ii. Audit account management – Success
iii. Audit directory service access – Success
iv. Audit logon events – Success, Failure
v. Audit object access - Success, Failure
vi. Audit policy change – Success
vii. Audit system events - Success

Figure 0647 : Group policy management editor.
18. Close the group policy management editor.
19. Close all remaining windows.

Update Group Policy

20. Launch the Run application. Click Start ► Run… (Figure 0648).

Figure 0648 : Launch the Run Application
21. Key-in gpupdate in the Open : box (Figure 0649).

Figure 0649 : Run Windows
22. Click OK to run the gpupdate (Figure 0650).

Figure 0650 : Updating Policy

23. Log off the server.

EXERCISE 17.2

Set Auditing at the file object level.
1. Log on to the server as Administrator (Figure 0651).

Figure 0651 : Administrator Login
2. Launch Windows Explorer. Click Start ► Right-click Computer ► select Explore (Figure 0652).

Figure 0652 : Launch Windows Explorer

3. Access D: drive (Figure 0653).

Figure 0653 : Windows Explorer – D Drive
4. Right-click D: drive and select Properties (Figure 0654).

Figure 0654 : Windows Explorer – Properties
5. Select Security tab; and then click the Advanced button (Figure 0655).

Figure 0655 : D: drive properties
6. Select Auditing tab (Figure 0656).

Figure 0656 : Advanced Security Settings for Local Disk (D:).
7. Click the Edit … button (Figure 0656).
8. Click Add … button (Figure 0657).

Figure 0657 : Advanced Security Settings for Local Disk (D:) – Auditing tab.
9. Key-in zul.zcomby in the box, and click Check Names button (Figure 0658).

Figure 0658 : Select User, Computer, or Group.
10. Click OK button (Figure 0659).

Figure 0659 : Select User, Computer, or Group – Check Names.

11. Enable the following options (Figure 0660):

 List folder read data – Successful and Failed
 Create files / write data - Successful and Failed

Figure 0660 : Auditing Entry for Local Disk (D:).
12. Click OK button (Figure 0660).

13. Click OK button (Figure 0661).

Figure 0661 : Advanced Security Settings for Local Disk (D:) – Auditing tab.
14. Click OK button (Figure 0662).

Figure 0662 : Advanced Security Settings for Local Disk (D:)
15. Click OK button (Figure 0663).

Figure 0663 : D: drive properties

16. Log off the server.

EXERCISE 17.3

Access the resource to generate the audit event.
Now it is time to test the auditing. What you did in the previous exercise was setup a group policy for
domain controllers. You enabled auditing on the server using Local Security Policy. Next, you enabled
auditing on the files and sub-folder D:\tempx. In the next step you will log on and access this resource,
thus generating an audit event.

17. Log on to the server computer as zul.zcomby.

17.1. Press Ctrl + Alt + Del.

17.2. Click Switch User button (Figure 0664).

17.3. Figure 0664 : Switch User button
Click Other User button (Figure 0665).

17.4. Figure 0665 : Other User button
Enter user as zul.zcomby and password as comby (Figure 0666).

Figure 0666 : Logon to server using user account

17.5. Press ENTER.

18. Launch Notepad. Click Start ►All Programs ►Accessories ►Notepad.

19. Write your name (Figure 0667).

Figure 0667 : Notepad
20. Press Ctrl + S to save the files.
21. Click the Browse Folder button (Figure 0668).

Figure 0668 : Save As - Browse Folder
22. Access the Local Disk (D:). Click Computer ►double-click Local Disk (D:) (Figure 0669).

Figure 0669 : Save As - Access the Local Disk (D:)
23. Double-click the D:\tempx folder (Figure 0670).

Figure 0670 : Save As – D:\tempx folder
24. Set the files name as Readme and click the Save button (Figure 0671).

Figure 0671 : Save As – Readme.txt

25. Close the Notepad editor.
26. Log off the server.

EXERCISE 17.4

View the audit events.
In the last exercise, you accessed the resource and this would have generated an audit event.
These events are stored in the security log and are viewed with event viewer.
27. Log on to the server as Administrator (Figure 0672).

Figure 0672 : Administrator Login
28. Launch Event Viewer. Click Start ►Administrative Tools ►Even Viewer (Figure 0673).

Figure 0673 : Launch Event Viewer

29. Expand Windows Logs ►Security. The Event Viewer window displays the current event logs.
There are a number of logs available (Figure 0674).

Figure 0674 : Even Viewer windows
30. On the right window, click the Filter Current Log… (Figure 0675).

Figure 0675 : Even Viewer – Security Logs

31. Now configure the Filter Current Log. Please refer to the following table for configuration (Figure
0676).

Logged: Any time

Event level: Information

Event sources: Microsoft Windows security auditing.

Task category: File System

Keywords: Audit Success

User: <All Users>

Computer(s): <All Computer>

Figure 0676 : Filter Current Log window
32. Click OK button (Figure 0676).

33. Note that only Microsoft Windows security auditing events with File System task category are now
listed (Figure 0677).

Figure 0677 : Even Viewer – Security events
34. Double-click the first event to see the event properties (Figure 0677).
35. The event properties of the first event appeared. The dialog box gives an indication of the event

[including the event ID, which is helpful when exploring your server as to possible problems] (Figure
0678).

Figure 0678 : Event Properties
36. You will notice from Account Name: section, there are user name zul.zcomby are login into the

server (Figure 0678).

37. Drag the right-hand side scroll bar until you see the Process Information: section (Figure 0679).

Figure 0679 : Event Properties
38. From this section, you can see the process or application zul.zcomby run while he login to the server.

As you can see, zul.zcomby are launch Notepad application software. Maybe he writing something or
maybe he open a text file (Figure 0679).
39. Click Close button (Figure 0679).
40. Now let find the location of the text file zul.zcomby opened. Double-click the second event to see the
event properties (Figure 0680)

Figure 0680 : Even Viewer – Security events

41. Scroll until you find the Object: section. As you can see the log reports same as the first event
(Figure 0681).

Figure 0681 : Event Properties
42. Click the Close button (Figure 0681).
43. Now try double-click the third event to see the event properties (Figure 0682).

Figure 0682: Even Viewer – Security events

44. Scroll until you find the Object: section. Can you find the differences between third event and the
first event?
In the third event there is extra information under Object: section. Object Type: and Object Name:
(Figure 0683).
Object Type: state the type of the object.
Object Name: state the object name.

Figure 0683: Even Viewer – Security events
From this event log, you can trace and viewed the security log. You can check what happened to the
server behind the screen or while you were gone. This also can help you to determine the cause of the
problem in user access.
45. Click the Close button (Figure 0683).
46. Close the event viewer.

EXERCISE 17.5
Disable Auditing
Auditing places a performance penalty overhead on the computer. In this step, you will disable
auditing.
47. Launch Group Policy Management. Click Start ► Administrative Tools ► Group Policy

Management (Figure 0684).

Figure 0684 : Launch Group Policy Management
48. Expand Forest: myserver.com (Figure 0685).

Figure 0685 : Group Policy Management - Forest

49. Expand the Domains (Figure 0686).

Figure 0686 : Group Policy Management – Domains
50. Expand your domain.com (Figure 0687).

Figure 0687 : Group Policy Management – myserver.com
51. Edit the Default Domain Policy. Right-click Default Domain Policy ►Edit (Figure 0688).

Figure 0688 : Edit the Default Domain Policy.

52. Expand Computer Configuration (Figure 0689).

Figure 0689 : Expand Computer Configuration.
53. Expand Policies (Figure 0690).

Figure 0690 : Expand Policies.
54. Expand Windows Settings (Figure 0691).

Figure 0691 : Expand Windows Settings.

55. Expand Security Settings (Figure 0692).

Figure 0692 : Expand Security Settings.
56. Expand Local Policies (Figure 0693).

Figure 0693 : Expand Local Policies.
57. Expand Audit Policy (Figure 0694).

Figure 0694 : Expand Audit Policy.

Change auditing to No Auditing.
58. Open Audit logon events properties. Right-click Audit logon events ►Properties (Figure 0695).

Figure 0695 : Open Audit logon events properties.
59. Disable the Success and Failure attempts; uncheck both boxes (Figure 0696).

Figure 0696 : Define policy settings.
60. Click Apply button (Figure 0696).
61. Click OK button to close (Figure 0696).