To: WSUK Networksystems Administrator Candidate

To: WSUK Networksystems Administrator Candidate

To: WSUK NetworkSystems Administrator Candidate

From: Network Support Team Manager.

Hello,

I need you to take a look at the Microsoft side of our proposed expansion project. Myself and the rest of the team are going to be kept busy with the configuration of the security, routers and switches and of course liaising with the ISP.

The basic idea is to provide connectivity for the first of four branch offices and one of the directors from his home. Because of the possibility of this all going horribly wrong in the short term (until we have all the wrinkles ironed out) I want you to create a solution using Oracle Virtual Box.

Using the addressing spaces detailed later in this email, you will need to create a number of subnets and allocate them to the appropriate network segments. Once this has been accomplished you will need to allocate the appropriate addresses to the interfaces on the computers that will make up the topology and then populate an instance of the corp.com domain with a number of user accounts and groups to simulate the real domain (You will need to inform the judges once you have made your calculations and filled in the information on the “Topology Diagram” provided elsewhere in this pack).

I need you to prepare a WordPad document (on your host computers desktop) containing screenshots of the effective permissions for each share and group listed below(You will need to ensure this is available to the judges to avoid the loss of any associated marks).

You will need to implement technologies appropriately using your own knowledge and experience to facilitate a successful solution that meets all of the requirements.

The virtual environment has been pre-populated with three Microsoft Windows Server 2008R2 computers as well as two Microsoft Windows 7 workstations.

Take your time reading through all of the requirements below and plan your implementation strategy, remember an extra few minutes in the planning stage can save considerable time when it comes to implementing your solution.

The following table contains Computer, Interface naming and IP addressing information for the five machines in the topology (all capitalisation in names must be adhered to. Subnet zero is to be counted as the first subnet in all calculations):

Machine Type / Interface / Machine Name / IP Addressing
Microsoft Windows Server 2008R2 Interface "Corp-LAN" / corp-HQ-DC / First usable address from the third subnet using address block A
Microsoft Windows Server 2008R2 "Corp-LAN" / corp-HQ-Gateway / Last usable address from the third subnet using address block A
Microsoft Windows Server 2008R2 "Corp-WAN" / corp-HQ-Gateway / First usable address from the ISP allocated block C
Microsoft Windows Server 2008R2 Interface "BO-LAN" / corp-BO-RODC / First usable address from the seventh subnet using address block B
Microsoft Windows Server 2008R2 Interface "Corp-WAN" / corp-BO-RODC / Fifth usable address from the ISP allocated block C
Microsoft Windows 7
“BO-LAN” / corp-BO-WS001 / Seventh usable address from the seventh subnet using address block B
Microsoft Windows 7 “Corp-WAN” / corp-HQ-ws2034 / Last usable address from the ISP allocated block C

The address blocks mentioned above are as follows:

Address block A 10.0.42.0/8 / Subnetted to provide blocks of 16 usable host addresses
Address block B 172.16.0.0/16 / Subnetted to provide blocks of 30 usable host addresses
Address block C 212.74.96.8/29 / Allocated by the ISP

The following user account and group information must be used to populate Active Directory:

User name / login name / Account Settings / Group Membership
robert fisher / bob.fisher / Password never expires / Domain Admins, Bacup operators
david cameron / dave.cameron / Must change password. Logon only 9 to 5 / Mon to Fri. / Temp_Workers
alice fisher / alice.fisher / Must change password. Logon only 9 to 5 / Mon to Fri. / Accountants
thomasthornborough / tom.thornborough / Must change password. Logon only 9 to 5 / Mon to Fri. / Account_clerks
albertentwistle / bert.entwistle / Must change password. / Managers
roger bannister / roger.bannister / Must change password. Logon only 9 to 5 / Mon to Fri. / Temp_Workers
william gates / bill.gates / Password never expires / Senior_Managers
Group name / Scope / Member of / Members
Administrators / Domain Admins
Account_clerks / Domain Global Security / Database_Users / thomasthornborough
Accountants / Domain Global Security / Confidential_Access / alice fisher
Managers / Domain Global Security / RODC_Admins / albertentwistle
Backup operators / robert fisher
Senior_Managers / Domain Global Security / Confidential_Access / william gates
Database_Users / Domain local Security / Account_clerks
Confidential_Access / Domain local Security / Senior_Managers, Accountants
RODC_Admins / Domain local Security / Managers
Temp_Workers / Domain local Security / david cameron, roger bannister

In addition to the requirements already specified above, the following must be complied with:

  1. The ISP’s infrastructure does not support IPv6 and as such the stack should be disabled on all ISP facing interfaces
  2. Domain access must be configured for corp-HQ-ws2034 to participate as part of the corp.com.
  3. corp-BO-RODC must be configured to be an RODC in the corp.com domain
  4. corp-BO-RODC must be configured to route traffic between the BO-LAN segment and the Corp-WAN segments
  5. corp-HQ-DC must be configured to be the root DC and DNS provider in the corp.com domain
  6. corp-HQ-Gateway must be configured to be a DC and the site GC in the corp.com domain
  7. corp-BO-RODC must be configured not to cache password information
  8. corp-BO-RODC must be configured to be the GC for the site
  9. corp-BO-RODC must provide secondary zone DNS services to the site and look to corp-HQ-DC for its primary zone
  10. corp-HQ-Gateway must be configured to route traffic between the Corp-LAN and the Corp-WAN segments
  11. corp-BO-WS001 must look to corp-BO-RODC for login authentication as part of the corp.com domain

You will need to create a number of shared folders to simulate the business activity on the network as follows:

Share Name / Share Location / Group Access / Access Level
Confidential_Data / \\corp-HQ-DC\c: / Administrators Senior_Managers Managers / Full Access Full Access Read & Execute
System_Backups / \\corp-HQ-Gateway\ C: / Administrators Backup_Operators / Full Access Full Access
Database_Store / \\corp-HQ-Gateway\C: / Database_Users / Read & Write
Access_Codes / \\corp-HQ-DC\c: / Administrators Senior_Managers / Read Full Access
Account_Records / \\corp-HQ-Gateway\C: / Account_Clerks Accountants Managers Senior_Managers / Read Full_Access Read Full Access

That should be enough to get you started.

I’ll send you another email tomorrow with further instructions.

Top View