$1.$ Optionally remove any existing virtual machines from the class within Hyper$-$V Manager on your

Windows host $($to prevent using unnecessary storage space$).$

$2.$ Ensure that you have the same two virtual switches within Hyper$-$V Manager that we used in class:

$$ An external virtual switch that is bound to the network interface on your host OS that provides

Internet access

$$ A private virtual switch

$3.$ Create a Hyper$-$V virtual machine called DC$01(2$GB of RAM minimum, connected to external

virtual switch$)$ and install Windows Server $2019$ Standard Edition.

$4.$ On your DC virtual machine:

$$ Set the correct time$/$zone and disable Windows Firewall for all profiles.

$$ Rename your network interface to External. Note the IP address obtained from DHCP on this

External IP for a later step: $\_\_\_\_\_\_\_\_\_\_\_.$

$$ Change the computer name to DC$01($rebooting afterwards$).$

$$ Install AD DS and configure your system as a domain controller for a new forest and domain

called yourname.com $($where yourname is your full name$).$

$5.$ Within the virtual machine Settings for DC$01$ in Hyper$-$V Manager, add a second network interface

that is connected to the private virtual switch.

$6.$ Within your DC$01$ virtual machine:

$$ Rename your second network interface to Private and configure a static IP address of

$$ Install the DHCP Server role, authorize it in AD$,$ and configure a new scope that hands out the

range $172\mathrm{.}16\mathrm{.}0\mathrm{.}100-172\mathrm{.}16\mathrm{.}0\mathrm{.}200($subnet mask $255\mathrm{.}255\mathrm{.}255\mathrm{.}0).$

$$ Install WDS and configure it to deploy the boot.wim and install.wim from your Windows $10$

DVD ISO, ensuring that computers are not automatically joined to the domain following the

imaging process.

$7.$ Create a Hyper$-$V virtual machine called Wkstn$01(3$GB of RAM minimum, connected to private

virtual switch$)$ and configure it to install an operating system from across the network. Proceed to

boot this virtual machine and install Windows $10$ from your WDS image.

$8.$ Following the installation of your Wkstn$01$ virtual machine, change the network interface within

virtual machine Settings in Hyper$-$V Manager to use the external virtual switch $($instead of the

private virtual switch$).$

$9.$ Perform an upgrade of your Windows $10$ system to Windows $11.$

$10.$ On your Wkstn$01$ virtual machine:

$$ Set the correct time$/$zone$.$

$$ Rename your network interface to External.

$$ In the properties of your External network interface, configure a static DNS server address of

IPofDC $($where IPofDC is the IP address on the External interface on DC$01$ that you recorded

earlier in Step $4).$

$$ Change the computer name to Wkstn$01($rebooting afterwards$).$

$$ Join your Windows system to the yourname.com domain $($where yourname is your full name:

FirstnameLastname$).$

$$ Log in to the domain using the domain Administrator account and install the Remote Server

Administration Tools $($RSAT$).$

$11.$ Within Active Directory Users and Computers $($either on DC$01$ or within RSAT$)$:

$$ Create a Marketing OU under your domain.

$$ Create a user for yourself $($Firstname$.$Lastname$)$ within the Marketing OU that has a password

of your choice.

$$ Create a Marketing Global group that includes your user account.

$$ Move the Wkstn$01$ computer account into the Marketing OU$.$

$12.$ Within Group Policy Management $($either on DC$01$ or within RSAT$)$:

$$ Create a GPO called Marketing Lockdown.

$$ Configure the Marketing Lockdown GPO to restrict users from accessing Settings and Control

Panel.

$$ Link the Marketing Lockdown GPO to the Marketing OU$.$

$$ Modify the Default Domain Policy GPO to ensure that users in the domain must have complex

passwords that are a minimum of $10$ characters in length, and must be changed every $30$ days

$13.$ Log off Wkstn$01,$ and log in again as your user $($Firstname$.$Lastname$).$ Attempt to access Settings,

and run the control command from the Run dialog box to verify that the Settings and Control

panel are inaccessible.

$14.$ Log off Wkstn$01,$ and log in again as the domain Administrator.

$$ Add your domain user account $($Firstname$.$Lastname$)$ to the local Administrators group.

$$ Create a folder called C:$\backslash$FirstnameShare on your computer and share it$,$ ensuring that only

your domain user account has Full Control share permission.

IT$1$B$($Win$10$Ad$)-$FinalProject$2$ Version $3\mathrm{.}2$ Page $2$ of $3172\mathrm{.}16\mathrm{.}0\mathrm{.}1($subnet mask $255\mathrm{.}255\mathrm{.}0\mathrm{.}0).$ Set the NTFS permissions on the C:$\backslash$FirstnameShare folder to ensure that your domain user

account $($Firstname$.$Lastname$)$ has Full Control $($leaving existing permissions in place$).$

$$ Create a System Restore checkpoint.

$$ Create an exception in Windows Firewall for DOOM traffic $($TCP port $666).$

$$ Enable WinRM $($test remote PowerShell access using Enter$-$PSSession from DC$01).(6$ marks, $1$

for each task$)$

$15.$ Log off Wkstn$01,$ and log in again as your user $($Firstname$.$Lastname$).$

$$ Access your shared folder and create a new file within it called SecretData.txt that contains a

line of your choice. Next, encrypt the SecretData.txt file using EFS.

$$ Open PowerShell as Administrator and run the following commands:

gpresult $/$r $/$z $>$c:$\backslash$file$9.$txt

Get$-$TimeZone $>$c:$\backslash$file$10.$txt

Get$-$NetIP