This course comes with a virtual lab environment where you can practice what you learn.

Similar documents
This course comes with a virtual lab environment where you can practice what you learn.

Module 3 Remote Desktop Gateway Estimated Time: 90 minutes

Module 1 Web Application Proxy (WAP) Estimated Time: 120 minutes

Module 4 Network Controller Estimated Time: 90 minutes

INF220x Security Practical Exercises

Lab: Configuring and Troubleshooting DNS

INF204x Module 1, Lab 3 - Configure Windows 10 VPN

In most cases, the userid is Adatum\Administrator and the password is Pa55w.rd, but read the instructions carefully.

20411D D Enayat Meer

INF204x Module 2 Lab 2: Using Encrypting File System (EFS) on Windows 10 Clients

Course CLD221x: Enabling Office 365 Clients

LAB 5 IMPLEMENTING WINDOWS IN AN ENTERPRISE ENVIRONMENT

INF204x Module 1 Lab 1: Configuring and Troubleshooting Networking Part 1

Course CLD209.1x Microsoft Exchange Server 2016 Hybrid Topologies

Student Lab Manual MS100.1x: Office 365 Management

List of Virtual Machines Used in This Lab

Course CLD211.5x Microsoft SharePoint 2016: Search and Content Management

Overview. Directory Services Practical Exercises

Working with AD RMS Clients

Step-by-step installation guide for monitoring untrusted servers using Operations Manager

In most cases, the userid is Adatum\Administrator and the password is Pa55.w0rd, but read the instructions carefully.

Microsoft ADRMS Integration Guide for Windows Server 2012 Integration Guide

INF204x Module 1 Lab 2: Configuring and Troubleshooting Networking Part 2

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server

INF214x Basic Networking Practical Exercises

ms-help://ms.technet.2004apr.1033/ad/tnoffline/prodtechnol/ad/windows2000/howto/mapcerts.htm

Configuring Claims-based Authentication for Microsoft Dynamics CRM Server. Last updated: May 2015

OFFICIAL MICROSOFT LEARNING PRODUCT 10135B Lab Instructions and Lab Answer Key: Configuring, Managing and Troubleshooting Microsoft Exchange Server

Windows Server 2012 Immersion Experience Enabling Secure Remote Users with RemoteApp, DirectAccess, and Dynamic Access Control

Dell Storage Compellent Integration Tools for VMware

29 March 2017 SECURITY SERVER INSTALLATION GUIDE

Deploying Windows 8.1 with ConfigMgr 2012 R2 and MDT 2013

Dell Storage Integration Tools for VMware

Implementing Messaging Security for Exchange Server Clients

Student Lab Manual MS101.1x: Microsoft 365 Security Management

AvePoint Governance Automation 2. Release Notes

Course Content of MCSA ( Microsoft Certified Solutions Associate )

Symantec Managed PKI. Integration Guide for ActiveSync

User Account Manager

OpenText RightFax 10.0 Connector for Microsoft SharePoint 2007 Administrator Guide

Dealing with Event Viewer

CLIQ Web Manager. User Manual. The global leader in door opening solutions V 6.1

Installing and Configuring vcenter Multi-Hypervisor Manager

Configure DHCP for Failover Step-by-Step.

Test Lab Guide: Windows Server 2012 Base Configuration

VMware AirWatch Certificate Authentication for EAS with ADCS

Configure the IM and Presence Service to Integrate with the Microsoft Exchange Server

Configuring Claims-based Authentication for Microsoft Dynamics CRM Server. Last updated: June 2014

Install and Configure Windows Server 2016 Core on Hyper-V Step by Step (V1.1)

SAS Viya 3.3 Administration: Mobile

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP

Using Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

Workspace ONE UEM Certificate Authority Integration with Microsoft ADCS Using DCOM. VMware Workspace ONE UEM 1811

VMware AirWatch Certificate Authentication for EAS with NDES-MSCEP. For VMware AirWatch

Copyright 2017 Trend Micro Incorporated. All rights reserved.

Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

LepideAuditor for File Server. Installation and Configuration Guide

ZL UA Exchange 2013 Archiving Configuration Guide

PST for Outlook Admin Guide

HOL122 Lab 1: Configuring Microsoft Windows Server 2003 RPC Proxy

Tenant Administration. vrealize Automation 6.2

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

VMware AirWatch Integration with Microsoft ADCS via DCOM

CDP Data Center Console User Guide CDP Data Center Console User Guide Version

Configuring Remote Access using the RDS Gateway

Assureon Installation Guide Client Certificates. for Version 6.4

ENTRUST CONNECTOR Installation and Configuration Guide Version April 21, 2017

Dell Storage Compellent Integration Tools for VMware

SQL AlwaysOn - Skype for Business

Course CLD211.5x Microsoft SharePoint 2016: Search and Content Management

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

Hypertext Transfer Protocol Over Secure Sockets Layer (HTTPS)

Send the Ctrl-Alt-Delete key sequence to the Guest OS one of two ways: Key sequence: Ctlr-Alt-Ins Menu Sequence: VM / Guest / Send Ctrl-Alt-Delete

'phred dist acd.tar.z'

NBC-IG Installation Guide. Version 7.2

Craig Pelkie Bits & Bytes Programming, Inc.

Connect to Wireless, certificate install and setup Citrix Receiver

10ZiG Manager Cloud Setup Guide

Integration Guide. SafeNet Authentication Manager. SAM using RADIUS Protocol with Microsoft DirectAccess

Publication date: December 17, 2012, updated Feb. 10, Product version: Windows Server 2003, Windows Server 2008, Windows Server 2012

Lasso Continuous Data Protection Lasso CDP Client Guide August 2005, Version Lasso CDP Client Guide Page 1 of All Rights Reserved.

Using ZENworks with Novell Service Desk

ActivIdentity 4TRESS AAA Web Tokens and F5 BIG-IP Access Policy Manager. Integration Handbook

Perceptive Content Licensing

Installation Guide. 3CX CRM Plugin for ConnectWise. Single Tenant Version

Tenant Administration

Azure for On-Premises Administrators Practice Exercises

Storage Manager 2018 R1. Installation Guide

ZENworks Service Desk 8.0 Using ZENworks with ZENworks Service Desk. November 2018

Lab: Implementing SMS 2003 SP1 Features

Installation on Windows Server 2008

edp 8.2 Info Sheet - Integrating the ediscovery Platform 8.2 & Enterprise Vault

Password Reset Utility. Configuration

Installing and Configuring vcloud Connector

Anonymous Group Manager GUI Tool

Aventail Connect Client with Smart Tunneling

CLD206x Compliance in Office 365: Data Governance

Privileged Access Agent on a Remote Desktop Services Gateway

ILTA HAND 6A. Implementing and Using. Windows Server In the Legal Environment

Enabling Smart Card Logon for Mac OS X Using Centrify Suite

Transcription:

INF220x Security Practical Exercises Overview This course comes with a virtual lab environment where you can practice what you learn. In most cases, the userid is Adatum\Administrator and the password is Pa55w.rd, but read the instructions carefully. Remember in the lab environment you can copy information to the virtual machines by using the Actions > Paste Content window. Before you paste the content, be sure your cursor is where you want the copied data. And, be sure to check the hyphens (dashes) in PowerShell code. Those characters may not copy correctly. NOTE: These practical exercises are designed to provide you experience as a working System Administrator. The lab steps are not written to be prescriptive, because as part of your day to day tasks you will need to troubleshoot and test different configurations. No one set of steps will be applicable in all cases, you will need to adjust for your situation. These steps were tested when the course was released. You may find changes to the interface as well as changes in how procedures are implemented.

2 Implementing Active Directory Rights Management Services Configure AD RMS prerequisites In this exercise, you will create a service account for AD RMS, create groups for later use, and create the DNS record for the AD RMS service. Create the AD RMS service account 1. Sign in to LON-DC1 by using the account Adatum\Administrator with the password Pa55w.rd. 2. Start Active Directory Administrative Center. 3. In the navigation pane, click Adatum (local), and in the content pane, double-click Users. 4. In the tasks pane, in the Users section, click New, and then click User. 5. In the Create User dialog box, provide the following details, and then click OK: First name: ADRMSService User UPN logon: ADRMSService User SamAccountName logon: Adatum\ADRMSService Password: Pa55w.rd Confirm Password: Pa55w.rd Password never expires: Enabled (you should select the Other password options option first) User cannot change password: Enabled Create groups for AD RMS 1. In the tasks pane, in the Users section, click New, and then click Group. 2. In the Create Group dialog box, type the following details, and then click OK: Group name: ADRMS_SuperUsers

E-mail: ADRMS_SuperUsers@adatum.com 3. In the tasks pane, in the Users section, click New, and then click Group. 4. In the Create Group dialog box, type the following details, and then click OK: Group name: Management E-mail: management@adatum.com 5. In the navigation pane, click Adatum (local), and then in the content pane, double-click Managers. 6. Ctrl+click the following users: Abigail Rees Adam Hobbs 7. In the Tasks pane, click Add to group. 8. In the Select Groups dialog box, type Management, and then click OK. 9. In the content pane, double-click Abigail Rees. 10. In the Abigail Rees window, in the E-mail box, type abigail@adatum.com. 11. Close the Active Directory Administrative Center. Create DNS host record for the AD RMS service 1. Start DNS Manager. 2. In the DNS Manager console, expand LON-DC1, expand Forward Lookup Zones, and then click Adatum.com. 3. Right-click Adatum.com, and then click New Host (A or AAAA). 4. In the New Host window, in the Name box, type adrms. 5. In the IP address box, type 172.16.0.21, and then click Add Host. 6. In the DNS window, click OK. 7. Click Done. 8. Close DNS Manager.

Install AD RMS In this exercise, you will install and configure the AD RMS role service. Note: In this exercise, you configure ADRMS to use unencrypted http and enable anonymous authentication. This should not be done in a production environment. Install the AD RMS role service 1. Sign in to LON SVR1 by using the account Adatum\Administrator with the password Pa55w.rd. 2. Start an administrative Windows PowerShell window. 3. In Windows PowerShell, run the following command: Install-WindowsFeature ADRMS-Server -IncludeManagementTools Configure the AD RMS role service 1. Start Server Manager. 2. In Server Manager, click the Notifications ( ) icon, and then click Perform additional configuration. 3. In the AD RMS configuration wizard, on the AD RMS page, click Next. 4. On the AD RMS Cluster page, ensure that Create a new AD RMS root cluster is selected, and then click Next. 5. On the Configuration Database page, click Use Windows Internal Database on this server, and then click Next. 6. On the Service Account page, click Specify. 7. In the Windows Security dialog box, type the following details, click OK, and then click Next: User name: ADRMSService Password: Pa55w.rd

8. On the Cryptographic Mode page, ensure that Cryptographic Mode 2 is selected, and then click Next. 9. On the Cluster Key Storage page, ensure that Use AD RMS centrally managed key storage is selected, and then click Next. 10. On the Cluster Key Password page, in both password boxes, type Pa55w.rd, and then click Next. 11. On the Cluster Web Site page, ensure that Default Web Site is selected, and then click Next. 12. On the Cluster Address page, provide the following information, and then click Next: Connection Type: Use an unencrypted connection (http://) Fully Qualified Domain Name: adrms.adatum.com Port: 80 13. On the Licensor Certificate page, type Adatum RMS, and then click Next. 14. On the SCP Registration page, ensure that Register the SCP now is selected, and then click Next. 15. On the Confirmation page, click Install. 16. When installation finishes, click Close. 17. Open Internet Information Services (IIS) Manager. 18. In the Internet Information Services (IIS) Manager console, expand LON-SVR1 (ADATUM\Administrator), expand Sites, expand Default Web Site, and then click _wmcs. 19. In the content pane, in the IIS section, double-click Authentication, click Anonymous Authentication, and then, in the Actions pane, click Enable. 20. In the Connections pane, expand _wmcs, and then click licensing. 21. In the content pane, in the IIS section, double-click Authentication, click Anonymous Authentication, and then, in the Actions pane, click Enable. 22. Close the Internet Information Services (IIS) Manager console. 23. Sign out.

Configure AD RMS In this exercise, you will configure rights protection using AD RMS rights policy templates and their distribution. You will also configure the Super Users group for disaster recovery scenarios, and an exclusion policy to prevent an application from using AD RMS. Configure AD RMS templates 1. Sign in to LON SVR1 by using the account Adatum\Administrator with the password Pa55w.rd. 2. Open Active Directory Rights Management Services. 3. In the AD RMS console, expand the lon-svr1 (Local) node, and then click the Rights Policy Templates node. 4. In the Actions pane, click Create Distributed Rights Policy Template. 5. In the Create Distributed Rights Policy Template Wizard, on the Add Template Identification information page, click Add. 6. On the Add New Template Identification Information page, provide the following information, click Add, and then click Next: Language: English (United States) Name: ManagementReadOnly Description: Management read access only. No copy or print. 7. Language: English (United States) 8. Name: ManagementReadOnly 9. Description: Management read access only. No copy or print. 10. On the Add User Rights page, click Add. 11. On the Add User or Group page, type management@adatum.com, and then click OK.

12. When management@adatum.com is selected, under Rights for management@adatum.com, click View. Ensure that Grant owner (author) full control right with no expiration is selected, and then click Next. 13. On the Specify Expiration Policy page, select the following settings, and then click Next: Content Expiration: Expires after the following duration (days): 7 Use license expiration: Expires after the following duration (days): 7 14. On the Specify Extended Policy page, click Require a new use license every time content is consumed (disable client-side caching), and then click Next. 15. On the Specify Revocation Policy page, click Finish. Configure distribution of rights policy templates 1. On LON-SVR1, open Windows PowerShell. 2. At the Windows PowerShell command prompt, execute the following four commands: New-Item c:\rms -ItemType Directory New-SmbShare -Name RMS -Path c:\rms -FullAccess ADATUM\ADRMSService New-Item c:\documents -ItemType Directory New-SmbShare -Name Documents -Path c:\documents -FullAccess Everyone 3. Close Windows PowerShell. 4. In the AD RMS console, in the navigation pane, click the Rights Policy Templates node, and then, in the Distributed Rights Policy Template Information area, click Change distributed rights policy templates file location. 5. In the Rights Policy Templates dialog box, click Enable export. 6. In the Specify templates file location (UNC) box, type \\LON-SVR1\RMS, and then click OK. 7. Open File Explorer.

8. Navigate to the C:\RMS folder, and verify that ManagementReadOnly.xml is present. 9. Close the File Explorer window. Configure AD RMS Super Users group 1. In the AD RMS console, in the navigation pane, click Security Policies. 2. In the Security Policies area, in the Super Users section, click Change super user settings. 3. In the Actions pane, click Enable Super Users. 4. In the Super Users area, click Change super user group. 5. In the Super Users dialog box, in the Super user group box, type ADRMS_SuperUsers@adatum.com, and then click OK. Configure exclusion policies 1. In the AD RMS console, in the navigation pane, expand the Exclusion Policies node, and then click Applications. 2. In the Actions pane, click Enable Application Exclusion. 3. In the Actions pane, click Exclude Application. 4. In the Exclude Application dialog box, type the following information, and then click Finish: Application File name: Powerpnt.exe Minimum version: 14.0.0.0 Maximum version: 17.0.0.0 5. Close the AD RMS console.

Protect content using AD RMS In this exercise, you will protect content with the ManagementReadOnly template using Microsoft Word. Protect content using Microsoft Word 1. Sign in to LON-CL1 by using the account Adatum\Administrator with the password Pa55w.rd. 2. Open Internet Explorer. 3. In Internet Explorer, click the Gear ( )icon, and then click Internet Options. 4. In the Internet Properties window, click the Security tab. 5. On the Security tab, click Local intranet, and then click Sites. 6. In the Local intranet window, click Advanced. 7. In the Local intranet window, in the Add this website to the zone box, type http://adrms.adatum.com, and then click Add. 8. Click Close. 9. Click OK twice. 10. Close Internet Explorer. 11. Sign out. 12. Sign in to LON-CL1 by using the account Adatum\Adam with the password Pa55w.rd. 13. Open Word 2016. 14. If the Microsoft Office Activation Wizard appears, click Close. If the First things first window appears, click Ask me later, and then click Accept. If the Welcome to your new Office window appears, close it. 15. In Microsoft Word 2016, click Blank document. 16. In the Word document, type the following text: This information is for management only, and it should not be modified. Click File, click Protect

Document, click Restrict Access, and then click Connect to Rights Management Servers and get templates. 17. In the Windows Security dialog box, sign in as Adatum\Adam with the password Pa55w.rd. 18. Click Protect Document, click Restrict Access, and then click ManagementReadOnly. 19. Click Save, and then click Browse. 20. In the Save As dialog box, save the document in the \\lon-svr1\documents share with the name Management Only.docx. 21. Close Word 2016. 22. Sign out.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback