Content

Sr. Scheduled Actual

Title of Experiment Remarks
No. date date
Installing and Configuring Windows Server 2012
1 Core Version and Converting from Core version
to GUI
Configuring Local storage using Disk
2
management and Diskpart commands
Installing and Configuring FSRM for Quota
3
management and File Screening

4 Configuring EFS and creating recovery agent.

Securing Disk and Drive using Bit Locker Drive

5
Encryption
6 Installing and Configuring Primary DNS Server

Installing and Configuring Secondary and Stub

7
Zone for DNS Server
8 Installing and Configuring Windows Server
Update Services [WSUS]
Configuring Group Policies for Updates so that
9
clients can target WSUS Server
Creating and Configuring Data Collector Set.
10
 Experiment No. 1
Title: Installing and Configuring Windows Server 2012 Core Version and Converting from
Core version to GUI.
Steps of installing and configuring Windows Server 2012 Core:
Step 1: We can download the evaluation ISO of Windows Server 2012 R2 from the following
link: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2012-r2
Step 2: After downloading the ISO of Microsoft, create a boot USB driver.
Step 3: After completing the above given steps, plug-in the USB to the server and wait for a
while till it loads the files.
Step 4: After the files are loaded, you will see the screen of language settings of installation,
keyboard, time and currency format. Generally, all the default ones are also good enough to
start with.

Step 5: Click “Install now”

Step 6: Once you have clicked on Install Now, the setup will start and it will load all the files
and the screen will look as shown in the following screenshot.
Step 7: Wait until the files are loaded and then you will see the following screen. Let’s select
Windows Server 2012 Datacentre Evaluation (Server with GUI) and click Next.

Step 8: Click “I accept the license terms” and then click on the Next button as shown in the
following screenshot.

Step 9: The following screen will appear. In “Driver Options” you can create a new partition,
delete or format the Hard disk. After you have done this process then you can select the partition
where the Windows server 2012 R2 will be installed in our case we have one partition. Once
all this is done, then click on Next.
Step 10: Let’s wait until this process finishes during this time and then the server will reboot.

Step 11: Once the reboot is done the following screen will appear. Set the password for the
server and then click on “Finish”.
Step 12: It will take some minutes until the setup finishes completely.

Step 13: Once all this is done, you have completed the installation process and the following
screen will appear.

Step 14: Enter password and press enter.

Step 15: The Desktop will be displayed and Server Manager will be opened automatically
or you can open from Administrative Tools option.

The following steps are to be adhered for the configuring of Windows Server 2012
Configuration:
1. Changing the computer name.
2. Configuring network interfaces.
3. Joining the domain.
4. Installing (and activating) the license key.
5. Enabling the firewall.
6. Installing roles and/or features.
7. Adding hardware.
8. Configuring Windows Update.

To change the computer name, you would perform the following steps:
1. Locate the current name of the server by typing hostname or ipconfig.
2. Type netdom renamecomputer /NewName .
3. Restart the computer, which you can do by using the shutdown command.
To make changes to the static IP settings on the server, you first need to identify your network
interfaces

• To join your domain you would type this:

Netdom join <Name of Your Computer>/domain:<Name of Your
Domain>/userd:<UserName>/password:*
• Before you activate, you are going to want to make sure you put in a license key. You
may have done this during the installation process, but if you didn’t, you need to now
type the following:
Slmgr.vbs -ipk <License Key>
 If you want to activate the server, you type the following:
Slmgr.vbs –ato
• To configure the firewall, you use the netsh advfirewall command, although this takes
a bit of work. A better method may be to take the Firewall snap-in from a system
running Windows Vista or Windows Server 2008 and configure the settings
remotely.However, you first need to enable remote management of the firewall by
typing the following:

Netsh advfirewall set currentprofile settings remotemanagement enable

Moving on to the installation of hardware, you may find that simply plugging it in will
work because the driver may be included with Windows Server 2008. If that is the case,
you can install the hardware, and you are all set. If that is not the case, perform the
following:
1. Copy the driver files to the Server Core system. To do this, from the command
prompt type the following:
pnputil -i -a <Name of the INF file for the driver>
2. If you want to see a list of drivers on the system, type the following:
sc query type=driver
3. While there are many other configuration commands you might want to investigate
and use, for now, use the following to enable automatic updates:
cscript scregedit.wsf /AU /4

Install Roles and Features-

1. The first thing you might want to do is see a list of the roles and features that are
currently installed. To do this, simply type oclist.exe at the command prompt.
2. Using this list, you can now use the ocsetup.exe command to install roles and/or
features by typing the following:
Start /w ocsetup “role/feature name”
Eg: For example, if you want to install the DNS Server role, you type the following:
Start /w ocsetup DNS-Server-Core-Role

Switch from GUI to Core Command Mode

Via the Windows Server GUI using the ‘Remove Roles and Features’ wizard

Step 1: Open server manager -> Select “Manage” from the menu -> Select “Remove Roles
and Features” as shown below.
Step 2: Press next on the welcome page.

Step 3: In the next screen, select the server from the server pool. By default our local server is
selected, but we can perform add/remove feature task to remove server by adding server IP in
server pool.

Step 4: Select User Interface Features

• You can select or unselect the options under user interface and infrastructure
features option as per your requirement.
• To change user interface from GUI mode to Command mode:
• For full command (core) mode: Uncheck both “Graphical Management and
infrastructure” and “Server Graphical shell”.
• For graphical management tools and infrastructure: Uncheck only “Server
Graphical shell” option
Step 5: Remove GUI Features

• Select the features that you like to remove. This will also automatically select any
dependent features that need to be removed.

Step 6: After the above step, the server will reboot. After the reboot, when the system
comes back up, you’ll see not see GUI anymore. You’ll get only the command
prompt with powershell.

Switch from Core Version to GUI Mode :

Switch from Core Version to GUI Mode

Step 1: Launch Powershell
:\> powershell
PS C:\>
Step 2: Import Server Modules
PS C:\> import-module serverManager
Step 3: Change User Interface Mode
3.1 For full GUI mode:
Install-windowsfeature Server-Gui-Mgmt-Infra, Server-Gui-Shell -Restart
3.2- For graphical management tools and infrastructure:
Install-Windowsfeature Server-Gui-Mgmt-Infra –Restart

Conclusion:
 Experiment No. 2

Title: Configuring Local storage using Disk management and Diskpart commands

Step 1: Opening Disk Management

->Log in to the Windows Server 2012 GUI.
->Press the Windows key + X and select "Disk Management" from the context
menu.
->Alternatively, you can open the Run dialog (Windows key + R) and type
"diskmgmt.msc" before pressing Enter.

Step 2: Creating a New Partition Using Disk Management

->In the Disk Management window, locate the disk that you want to partition.
->Right-click on the unallocated space or an existing partition and select "New
Simple Volume."
->The New Simple Volume Wizard will open. Click "Next" to proceed.
->Specify the size for the new partition. The default value is usually set to use the
maximum available space. Adjust it if needed and click "Next."
->Assign a drive letter or mount point to the new partition and click "Next."
->Choose a file system format (e.g., NTFS) and set a volume label if desired. Click
"Next."
->Review the settings on the Summary page and click "Finish."
->Disk Management will create the new partition and format it with the specified
settings.
Using Diskpart Commands
->Press the Windows key + X and select "Command Prompt (Admin)" from the context
menu.
->Alternatively, open the Run dialog (Windows key + R) and type "cmd" before pressing
Enter. Right-click on the ->Command Prompt shortcut and choose "Run as administrator."
->In the elevated Command Prompt window, type "diskpart" and press Enter to open the
DiskPart utility.
{Note: Exercise caution when using Diskpart, as it directly interacts with disks and
partitions. Ensure that you select the correct disk and partition to avoid accidental data
loss.}
->To list all available disks, type "list disk" and press Enter.
->Identify the disk number for the disk you want to manage.
->To select a disk, type "select disk X" (replace X with the disk number) and press Enter.
->To list all partitions on the selected disk, type "list partition" and press Enter.
->Identify the partition number for the partition you want to manage.
->To select a partition, type "select partition Y" (replace Y with the partition number) and
press Enter.
->Use the available DiskPart commands to perform specific actions, such as:
"delete partition" to delete the selected partition.
"extend" to extend the selected partition if there is unallocated space.
"shrink" to shrink the selected partition and create unallocated space.
"format fs=ntfs quick" to format the selected partition with the NTFS file system
quickly.
{Remember to use the commands carefully, verifying the disk and partition numbers, as
incorrect operations can lead to data loss.}
Congratulations! You have successfully configured local storage using Disk Management
and Diskpart commands in Windows Server 2012.

Conclusion:
 Experiment No. 3
Title: Installing and Configuring FSRM for Quota management and File Screening
Step 1: Install FSRM role.
• Launch the 'Server Manager' and click on 'Manage'---> 'Add Role and Features'.

• Navigate through the stages of 'Before you begin'. Click on next.

• Select Role-based or feature-based installation and click Next.

• Under the Select Server Roles stage look for File and Storage Services, expand File and
iSCI services and check the box near File Server Resource Manager.
Click Add Features --->Next.
• Click 'Next' on the 'Select features pane' after accepting defaults. Click 'Install'. FSRM
installation will take a while. Close the wizard when done.

Step 2: Set a storage quota

• Under 'Tools'--->File Server Resource Manager.Expand File Server Resource
Manager (Local) to reveal the 'Quota Management' option. Expand this and
select 'Quota Templates'. You'll be provided a list of Quota Templates to help you
assign a quota limit for storage.
• Double-click the desired limit from the list and expand the 'Copy properties from
quota template (optional)'. Select the desired template and click on 'Copy'.

• Select the 'Hard quota: Do not allow users to exceed limit' to prevent users from
exceeding the limit you've set for a specific folder. Click on Add. You can set
notification thresholds as desired to warn if any thresholds have been exceeded.
• You can set a warning to be triggered in the Event Log. There is an 'Event log' tab under which
you can select 'Send warning to event log'. Under the 'Report' tab you can generate a report
of any quota that was exceeded and send it to the following administrators.

• After that create a customized quota, specify the path you want it applied to, derive properties
from a quota template and add to it. To do this, expand the 'Quota Management' to display
the 'Quota' menu. Right-click this menu and select 'Create Quota'. This brings up the Create
Quota Wizard.

• Select 'Create quota on path'. You can also select 'Derive properties from this quota
template', and select the limit from the list. and click 'Create'. You can test this by trying to
move a folder with a size that exceeds the limit.
Step 3: File Screen Configuration

• When you expand the 'File Server Resource Manager' node, you'll find the 'File
Screening Management node. Expand this node and click on the 'File
Groups' option. This provides a list of file types. When we apply any of these file
extensions in the list we block that particular file type from being stored in the location
we will define in the 'File Screens' in the next step.

• Once the file group configuration is done, you can select the 'File Screen
Template'. This gives you a template that is associated with the file group you had
specified earlier. Double-click this template.
• In the dialog box that opens up, select 'Active Screening: Do not allow users to save
unauthorized files' option. If you select the 'Passive Screening' option, you allow
users to save the blocked type of files but an alert is generated to the administrator.
• As we did before we can allow a warning to be triggered in the event log if an unauthorized
type of file is added.
• After this you can create a File Screen. Right-click 'File Screen' from the left pane,
select 'Create File Screen'. This brings up a pop-up window for you to specify the path of the
file where these rules must be applied to. Also, select 'Derive properties from this file screen
template' option and check if the right file screen template has been chosen here.
Click 'Create'.

Conclusion:
 Experiment No. 4
Title: Configuring EFS and creating recovery agent.
Step 1: Right-click the file and select Properties.

Step 2: On the General tab, click Advanced. The Advanced Attributes dialogue box opens.
Step 3: Click Details. The User Access dialog box opens.

Step 4: Click the Add button. The Encrypting File System dialog box opens.

Step 5: Select the user you want to grant access to and click OK to close the Encrypting File
System dialog box.
Step 6: Click OK to close the User Access dialogue box.

Step 7: Click OK to close the Advanced Attributes dialogue box.

Step 8: Click OK to close the Properties dialogue box.

Add recovery agents for EFS

Step 1: Open the Group Policy Management Console by clicking on the Start button, searching
for "gpmc.msc," and clicking on the "gpmc.msc" result.

Step 2: In the Group Policy Management Console window, expand the domain and navigate
to the organizational unit (OU) or group to which you want to apply the recovery policy.

Step 3: Right-click on the desired OU or group and select "Create a GPO in this domain, and
Link it here."

Step 4: Give the new GPO a meaningful name and click "OK."

Step 5: Right-click on the newly created GPO and select "Edit" to open the Group Policy
Management Editor.

Step 6: In the Group Policy Management Editor window, navigate to "Computer

Configuration" > "Policies" > "Windows Settings" > "Security Settings" > "Public Key
Policies" > "Encrypting File System."

Step 7: Right-click on "Encrypting File System" and select "Add Data Recovery Agent."

Step 8: The Add Recovery Agent wizard will open. Click "Next" to proceed.

Step 9: Choose the recovery agent certificate from the list of available certificates and click
"Next."

Step 10: Review the summary of the settings and click "Finish" to assign the recovery agent.

Conclusion
 Experiment No. 5
Title: Securing Disk and Drive using Bit Locker Drive Encryption
Step 1: Enabling BitLocker
->Log in to the Windows Server 2012 GUI as an administrator.
->Open the File Explorer by clicking on the folder icon in the taskbar or by pressing
the Windows key + E.
->Right-click on the drive you want to encrypt and select "Turn on BitLocker."
->The BitLocker Drive Encryption wizard will open. Click "Next" to proceed.
->Choose how you want to unlock the drive. You can select either "Enter a password"
or "Insert a USB flash drive."
->If you choose the password option, enter a strong password and click "Next."
->If you choose the USB flash drive option, insert the USB drive and click "Next."
->Choose whether to encrypt the whole drive or only the used disk space. Select the
desired option and click "Next."
->Choose whether to run BitLocker system check or skip it. Select the desired option
and click "Next."
->Click "Start encrypting" to begin the encryption process.

Step 2: Saving the BitLocker Recovery Key

->In the BitLocker Drive Encryption wizard, choose how you want to back up your
recovery key.
-->You can select options such as saving it to a file, printing it, or saving it to your
 Microsoft account.
-->Choose the appropriate option and click "Next."
-->Follow the on-screen instructions to complete the backup process.

Step 3: Completing the Encryption Process

->Wait for the encryption process to complete. This may take some time depending on
the size of the drive.
->Once the encryption is finished, click "Close" to exit the BitLocker Drive Encryption
wizard.
Step 4: Unlocking the Encrypted Drive
->After encrypting the drive, restart the server if necessary.
->When prompted, enter the password or insert the USB flash drive associated with the
encrypted drive.
->The encrypted drive will be unlocked, and you can access its contents.
Congratulations! You have successfully secured a disk and drive using BitLocker Drive
Encryption in Windows Server 2012.
Conclusion:
 Experiment No. 6
Title: Installing and Configuring Primary DNS Server.
Step 1: Launch the Server Manager, as illustrated below:
Step 2: Select Add roles and features.

Step 3: Press next.

Step 4: Click on Next after selecting Role based and feature based installation.
Step 5: Choose a server from the pool and press Next.

Step 6: Pick the DNS server and click Next.

Step 7: Double check all settings before clicking the Install button to begin the installation.
Step 8: Allow some time for the installation to complete. Once done, click the Close to exit
the installation wizard.

Configuration:
Step 1: On the server manager, navigate to Tools > DNS to access the DNS manager, as shown
below:

Step 2: Right click on the server name and select Properties.

Step 3: Select the New Zone option.
Step 4: Press Next.

Step 5: Choose the Primary zone and press Next.

Step 6: Click Next after selecting the Forward lookup zone.

Step 7: Enter the name of our zone and press Next.

Step 8: Choose “Create a file with the file name” and press Next.

Step 9: Check the box next to “Do not allow dynamic update” and click Next.
Step 10: Press the Finish button.

Conclusion:
 Experiment No. 7
Title: Installing and Configuring Secondary and Stub Zone for DNS Server
Step 1: Click on Start button, select the down arrow and select DNS.
Step 2: To configure secondary DNS server, right-click Forward lookup zone and select “New
Zone”.
Step 3: Click on next to continue.
Step 4: In the “Zone type” window, select the type of zone that you want to use. For this
practical we’ll use Secondary. Click on next to continue.
Step 5: To configure secondary DNS server, type the name.
Step 6: To configure secondary DNS server, type an IP address of Primary. IP address of
Primary DNS is 192.168.1.10. Hit enter.
Step 7: A green check confirms that Secondary is able to communicate with Primary. In case
of failure check the communication. Click on next to continue.
Step 8: Click on Finish to close the wizard.
Step 9: On the Secondary we can see an error message “Zone Not Loaded by DNS Server”.
Step 10: To allow “Zone Transfer”, go to Primary. Right click the domain name and select
properties.
Step 11: In the Domain properties window, select “Zone Transfer” tab and select an option
“Allow zone transfer”
Step 12: After we allow Zone transfer in Primary. Go back to the Secondary DNS and refresh
the console. Now we can see all the data visible in Secondary. We cannot create any Resource
records in Secondary as it is read only copy of Primary.

Stub Zone for DNS Server

Step 1: Click on Start button, select the down arrow and select DNS. That would open DNS .
Step 2: To configure Stub Zone, in DNS manager, expand computer name. Right-click
Forward lookup and select “New Zone”.

Step 3: Click on next to continue.

Step 4: In the “Zone type” window, select the type of zone that you want to use. For this
practical we’ll use Stub. Click on next to continue.
Step 5: Type the name of domain. Click on next to continue.

Step 6: Select Create a new file with this file name and hit Next.
Step 7: Type an IP address of Primary. IP address of Primary DNS is 192.168.1.10. Hit enter.
A green check confirms that Stub is able to communicate with Primary. In case of failure check
the communication. Click on next to continue.

Step 8: Click on Finish to close the Wizard.

Step 9: On the Stub we can see an error message ‘Zone not Loaded by DNS Server’. This error
occurs because we didn’t complete the prerequisite of allowing zone transfer on
Primary\Active Directory Integrated.

Step 10: To allow “Zone Transfer”, go to Primary. Right click the domain name and select
properties.
Step 11: In the Domain properties window, select “Zone Transfer” tab and select an option
“Allow zone.

Step 12: After we allow Zone transfer in Primary. Go back to the Stub DNS and refresh the
console. Now we can see all the data visible in Stub. We cannot create any Resource records
in Stub as it is read only copy of Primary i.e. you cannot create any record or delete any record
from here.
 Experiment No. 8

Title: Installing and Configuring Windows Server Update Services [WSUS]

To install this role, we should follow the steps given below.
Step 1 − Go to “Server Manager” → Manage → Add Roles and Feature → Next → Select
“Role-based or feature-Based-Installation → Select a server from the pool server and then →
Next.

Step 2 − Check “Windows Server Update Service” a pop-up window table will come out →
click “Add Features” then → Next and then again → Next.
Step 3 − Check box of WID Database and WSUS Services

Step 4 − Choose the path for the content. If you have another partition other than C:, then
install it there because C: can risk to become full → Next.
Once this is done, you should wait for the installation to finish.
The following steps should be followed for configuring it.
Step 1 − When you open it for the first time, you should do it by going to “Server Manager”
→ Tools → Windows Server Update Services, then a Configuration wizard will be opened and
then click → Next.

Step 2 − Click “Start Connecting” → Wait until the green bar is full and then → Next.
Step 3 − Check the box for which the updates want to be taken, I did for English and then →
Next.

Step 4 − Check the box for all the products which you want to update. It is just for Microsoft
products and it is recommended to include all the products related to Microsoft and then →
Next.
Step 5 − Choose the classification updated to be downloaded, if you have a very good internet
speed, then check all the boxes, otherwise just check “Critical Updates”.

Step 6 − Now we should schedule the updates which I will recommend to do it automatically
during night time → Next.

Step 7 − Check Box “Begin initial synchronization” → Finish.

Step 8 − Now the WSUS console will be open and we must add the computer to WSUS. To
do this, go to Options → Computers.

Step 9 − If you have a Domain Controler environment, choose the second option like in my
case, otherwise choose the first option and then → OK.

Step 10 − After you have done all this, you should approve updates, which is similar like how
it is done in the previous version. To do this – Right click on the updates → Approve as shown
in the screenshot given below.
Step 11 − Then you should click Approve for install as shown in the screenshot given below.

Conclusion:
 Experiment No. 9
Title: Configuring Group Policies for Updates so that clients can target WSUS Server.

Step 1: Open Group Policy Management Console (gpmc.msc).

Step 2: Expand Forest\Domains\Your_Domain.

Step 3: Right-click Your_Domain, and then select Create a GPO in this domain, and Link
it here.

Step 4: In the New GPO dialog box, name the new GPO WSUS – Auto Updates and
Intranet Update Service Location.

Step 5: Right-click the WSUS – Auto Updates and Intranet Update Service Location GPO,
and then click Edit.

Step 6: In the Group Policy Management Editor, go to

Computer Configuration\Policies\Administrative Templates\Windows Components\Windows

Update.

Step 7: Right-click the Configure Automatic Updates setting, and then click Edit.
Step 8: In the Configure Automatic Updates dialog box, select Enable.

Step9: Under Options, from the Configure automatic updating list, select 3 - Auto
download and notify for install, and then click OK.

Step 10: Right-click the Specify intranet Microsoft update service location setting, and then
select Edit.

Step 11: In the Specify intranet Microsoft update service location dialog box,
select Enable.

Step 12: Under Options, in the Set the intranet update service for detecting
updates and Set the intranet statistics server options,
type http://Your_WSUS_Server_FQDN:PortNumber, and then select OK.

Conclusion :
 Experiment No. 10
Title: Creating and Configuring Data Collector Set
To create a DCS, perform the following steps:
Step 1: Open Server Manager.
Step 2: Click Tools > Performance Monitor.
Step 3: In the left pane, expand Data Collector Sets.
Step 4: Right-click the User Defined folder and choose New > Data Collector Set.

Step 5: On the Create new Data Collector Set page, when you are prompted to create a new
data collector set, type a name in the Name text box. Ensure that the Create from a template
(Recommended) option is selected and then click Next.

Step 6: When you are prompted to choose a template, click System Performance, and then
click Next.
Step 7: When you are prompted to choose where you would like the data to be saved, click
Next. If you run Performance Monitor to collect data over an extended period, you should
change the location to a non-system data drive.

Step 8: When you are prompted to create the data collector set, with the Save and close option
selected, click Finish.
Step 9: To start the Data Collector Set, right-click the DCS and choose Start.

Step 10: Close Performance Monitor.

Conclusion: