微信客服:xiaoxionga100
微信客服:ITCS521
程序代写案例-COMP2013 LAN
时间:2022-05-09
COMP2013 LAN Workshop – Assignment Page 1 of 23
COMP2013 LAN Workshop
Assignment
Student Name: __________________________________________
Student ID: ______________________________________
Practical Class: ______________________________________
Instructions to students -
• The assignment must be each student's individual work. Joint work is
unacceptable.
• The assignment marking criteria are as given in the unit learning guide
• You need to submit the documentation (Project Report) as part of your
assignment through vUWS by the deadline (03 Jun 2022, Friday, 5:00 PM) and
demonstrate your project in class for PR/01 and via Zoom Breakout for PR/02
during the workshop sessions of the preceding weeks (Week 12 & 13).
COMP2013 LAN Workshop – Assignment Page 2 of 23
COMP2013 LAN Workshop
2022-1
Assignment Project
(Worth 30%)
PURPOSE
The purpose of this assignment project is to give students the opportunity to:
• Plan, organize and provide basic local area network (LAN) systems
administration and security functions.
• Provide network services, such as the Web server, FTP service, file and storage
service, and the active directory domain controller, DNS server, and NFS
server.
• Contribute to the risk analysis and the preparation of a disaster recovery plan
for a LAN and set up appropriate backup and recovery procedures.
ASSIGNMENT DESCRIPTION
Ruby Roof Service (RRS) is a roof maintenance specialist business located in Sydney
West. RRS is to provide up to full package roof service. With the rapid expansion of
business, the company needs a computer networking system to use various software
applications for company operation. The company considers larger storage and cost-
effective for customer onside pictures and custom roof drawings in high resolution.
As IT specialists, students are to provide the RRS with recommendations and solutions
in local area network system administration, including server and client system
configurations to meet the client's requirements. The prototype system is to be
developed as a LAN for a typical small-medium size enterprise. Through the designed
prototype system, the developer is to demonstrate to his/her supervisor and the RRS
that he/she can provide the LAN implementation and administration.
The RRS employs twenty-five people and comprises five divisions under the director
board (two members). The five divisions are Reception, Sales, Financial, Construction,
and Design. The company structure is illustrated in Figure 1, and the personnel are as
given in Table 1.
COMP2013 LAN Workshop – Assignment Page 3 of 23
Figure 1 Structure of Ruby Roof Service
Table 1: Ruby Roof Service (RRS)
Division Position Name Duties
Management
Office
Managing Director Jane Smith
Delivering the highest level of
service in the industry and
developing trustworthy
relationships with clients and
business partners based on
reliable performance
General Manager Roger Small
Managing the business and
supervising all staff, including
management of staff insurance
and training programs
Manager Assistant Florian Martin
Providing administrative support
to the management and all
divisions. Maintaining all staff
work roster, leave and other
human resources issues
Reception
Reception
Manager
Chloe Day
Managing the Reception
Division, customer support and
cooperation with other divisions
Receptionists Luis Gee, Marilyn Lu
Provide office administration and
customer liaison
IT Specialist Bruce Lee
Maintains RRS network in
addition to all the duties of a
receptionist
Sales
Sales Manager Charlie Brown
Managing the Sales Division and
responsible for new & used car
sale and rental service and
support recovery and data
divisions
Sales
Representatives
Dennis Lowry
Phillip Parker
Charles Wong
Work with customers for car
sales and rental
Finance
Finance Manager Sarah Jones Managing Finance Division and company finance reporting
Account Ian Dean
Assisting the manager to
manage the accounts for the
business
Cashier Nancy Johnson Processing all transactions of the company
COMP2013 LAN Workshop – Assignment Page 4 of 23
Construction team
Manager Aaliyah Ibrahim
Managing Division and provides
reports and recommendations for
customers
Onside spec Peter Wright Tim Wilson
Aliasing with the design team
and construction staff before
moving next phase or handing
over
Call out staff
Tong Williams
Tony Nguyen
Henry Taylor
David Karen
Todd Jennifer
Responsible for daily tasks
assign by the manager
Design team
Design Manager Gary Jones
Managing Division and provides
data dropped off from
construction team and customer
Planner Jason King
In contact with the construction
team, inspector and customer
need
Staff John Morrison Alex Tan
Responsible for daily tasks
assign by the manager
COMP2013 LAN Workshop – Assignment Page 5 of 23
NETWORK RESOURCES
Resources of the RRS network include computers (server and clients), printers, user
accounts, software, and company documents.
Computers & Printers
Each staff has his/her computer or shares computers with colleagues. To simplify the
design, however, you only need to create ONE COMPUTER ACCOUNT for each
division, in addition to the virtual machines Windows Server 2012, Windows 10 &
Windows 7, and the Linux Centos 8.
All staff must be able to use any Windows client computers within the business and
still be able to access the folders they are entitled to. There are only two Windows
client machines, i.e., Windows 10 & 7, in this prototype system for the demonstration.
Therefore, each staff should be able to login onto the network via either of the two
computers.
Every division is equipped with a printer that can only be used by its own staff. One
extra printer is installed in the Reception for all company staff. The IT staff, Bruce
Lee, should have access to all the printers for maintenance purposes.
User Accounts
The IT Support staff Bruce Lee has an ADMINISTRATOR ACCOUNT, i.e., is a
member of Administrators, while all OTHER USERS should be set as NORMAL
USER ACCOUNTS.
Each staff requires a home directory where he/she can save data that only he/she can
access. You should put the HOME DIRECTORIES of all company staff, including that
of Bruce Lee, in the WINDOWS Server 2012 R2. However, this directory must be
easily accessible from all Windows client machines (Windows 7 & 10), i.e., with a drive
map on the top of the client computers (This PC of Windows 10 and Computer of
Windows 7).
The user and computer accounts should be well organized in an appropriate number
of ORGANIZATION UNITS. While Bruce Lee is responsible for maintaining the whole
network, the administrative control (add, disable/delete and unlock an account etc.) of
the Construction and Design teams, i.e., Design Team, is delegated to Jason King
To ease the setting of the access control, you should also organize the domain users
into GROUPS according to the duties and the permissions set to them for accessing
system resources.
File and Storage Services
Apart from the home directory for each domain user, the folders/files that the RRS
staffs need to access should be set as follows:
• A network drive on client computers (Windows 7&10) for all RRS staff, the drive
is mapping to the company RRS Folder at the server (Windows 2012 R2), with
COMP2013 LAN Workshop – Assignment Page 6 of 23
all the members of the Management Office has Read/Write access and all other
RRS staff having read-only access.
• A network drive on client computers (Windows 7&10) for the Management
Office staff only, the drive is mapping to the Management Office Folder at the
server (Windows 2012 R2), with the Managing Director and the General
Manager having the Read/Write access and the Manager Assistant having the
read-only access.
• A network drive on client computers (Windows 7&10) for EACH Division is
mapping to the division folder at the server (Windows 2012 R2), with each
division manager having the Read/Write access and each division other staff
having the read-only access.
• A network drive on client computers (Windows 7&10) for all managers. The
drive is mapping to the Manager Folder at the server (Windows 2012 R2), with
all the members of the Management Office having the Read/Write access and
all the division managers having the read-only access.
• A Software Folder at the Windows Server 2012 R2). Only the IT Specialist Bruce
Lee has full control of access to the folder.
The folders that the staff need access to are as follows, with the accesses being set
as required by the above network drives and folders:
• RRS Folder
• Management Office Folder
• Reception Folder
• Sales Folder
• Finance Folder
• Construction Folder
• Design Folder
• Managers Folder
• Software Folder
Install NFS File Services
The Finance Division staff need to run some accounting software installed in the Linux
machine and require accessing (Read/Write) a share at the Windows Server 2012 R2
from the Linux. Therefore, an NFS server should be installed in the Windows Server
with the Linux connecting to the NFS share.
System Protection
The RRS LAN is concerned with the Internet. If unexpected incidents happen to the
network, the company might lose all data, including company business plans and
strategies, transaction records, business partners' information, staff and customers,
and other company confidential documents. Thus, a detailed risk analysis of the
whole network and a backup and recovery plan for all data in the folders described
above should be performed.
TASKS
COMP2013 LAN Workshop – Assignment Page 7 of 23
1. Delete all previous work of practical exercises by removing Domain Controller (DC)
and other roles of the server
Hint: Best and quickest method to have a clean MS Windows 2012 installed VM to starting
a new DC before working on your week 12 or 13 demonstrations.
2. Reinstall the domain controller and DNS server in the Windows Server 2012 R2 and
connect the two Windows client computers (Windows 10 & 7) to the domain created.
3. Configure Windows Server and Clients
§ The domain name created must reflect the company name Ruby Roof Service
§ Provide configured Server and Client operating systems that form the local area
network.
§ Create all user and computer accounts.
§ Set the group policy for network users:
- Password policy: use a strong password with a minimum length of EIGHT;
change password FIRST-time login; change the password every NINETY
days.
- Account lockout policy: After THREE times unsuccessful logins, the account
should be locked out, and only the IT support staff or the authorized delegate
can unlock the account.
- Apart from the original Administrator account and the one that has been
created for the IT Support staff Bruce Lee (a member of Administrators) who
can logon to the Windows Server 2012 R2 by default, Jason King should
be allowed to logon locally in the server as well for the delegated duties. All
other staff can only logon to the domain via client computers (the Windows
7 or 10 in this prototype system).
§ Install the Web Server and FTP Server. In the Exercise, students have learnt how
to install the servers in Windows Server 2012. For security and performance
consideration, the Internet Information Service (IIS) should be installed in an NTFS
volume of a standalone member server. Since there is only one server in the
prototype system, the IIS should be installed in Windows 10. Regarding this
aspect, the Windows client machine is playing the role of the Web Server.
§ Create a web page for RRS that only needs to contain the Company logo (use the
one provided in Appendix I or design it by students themselves) and BRIEF
DESCRIPTIONS about the online booking system and the business scope of the
company. Students are free to add whatever they want to publish here. Users
should be able to view the web pages from all three Windows computers and the
Linux machine.
§ Install all printers in Windows 10.
4. Setup and configure the file and storage services
§ Create all file folders at the Windows server 2012 R2 and map network drives on
the Windows clients.
§ Install the NFS services and configure an NSF share on the Windows server 2012
R2
COMP2013 LAN Workshop – Assignment Page 8 of 23
§ Connect the Linux client to the NFS share by creating a new directory at the Linux
and mounting the NFS share to the directory.
§ Create Linux accounts for all staff of the Finance Division staff.
5. Complete Documentation:
§ Provide technical documentation (in word format) for the system that has been
designed based on the information provided above.
§ The documentation should include enough information for a system administrator
to create or modify your system. Please refer to Appendix II for reference.
§ The document should contain at least the following:
- An executive summary
- Major steps in creating the local area network and configuring the server and
client machines.
- Usernames and passwords for all users (include the Administrator
Username and Password for your system)
- User and folder access permissions
- Computer accounts and printers - Any policies or settings that have been
applied to the system
- Installation configuration of IIS (HTTP and FTP)
- Installation and configuration of the NFS - A risk analysis table to list all the
resources of the network and the potential risks and countermeasures
- Backup and recovery plan
- Assignment Cover Sheet containing the Information on:
- Student name
- Student ID
- Practical class day/time
IMPLEMENTATION
§ Use all the three virtual Windows machines, i.e., the Windows Server 2012 and the
Windows 10 and 7, to demonstrate the design of the LAN. Upon setting up the
Windows Server 2012 as the domain controller and linking Windows 10 and 7 to
the domain, all the users can logon to the Company intranet via the client machines
(it is still required to create a computer account for each division as
aforementioned).
§ Connect the Linux to the NFS Share at the Windows Server 2012 R2.
SUBMISSION
COMP2013 LAN Workshop – Assignment Page 9 of 23
§ Documentation to be submitted on-line through the subject website (vUWS)
https://vuws.westernsydney.edu.au/ in A SINGLE WORD FILE, no later than
Friday 03 Jun 2022, 5:00 PM.
§ Configured Server and Client Machines to be demonstrated to the tutor during
Practical Sessions of the last two weeks of the semester.
§ All information and documentation, including configured server and client operating
systems, must be students' own work. Group work is not allowed.
REFERENCES
1. Windows Server 2012 R2 and Windows Server 2012 https://technet.microsoft.com/en-
us/library/hh801901(v=ws.11).aspx
2. Install Domain Controller in Windows Server 2012 http://www.mustbegeek.com/install-
domain-controller-in-windows-server-2012/
3. How to Install IIS on Windows 8 or Windows 10
https://www.howtogeek.com/112455/how-to-install-iis-8-on-windows-8/
4. Join computers to the new Windows Server 2012 Essentials network
https://technet.microsoft.com/en-us/library/jj200128(v=ws.11).aspx
5. Remove Active Directory Domain Services
https://technet.microsoft.com/en-us/library/hh472163(v=ws.11).aspx#BKMK_RemoveSM
6. How To Edit the Sudoers File on Ubuntu and CentOS
https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file-on-ubuntu-and-
centos
7. How to Map Network Drives on Windows Clients via Group Policy
https://www.howtogeek.com/99403/it-how-to-map-network-drives-on-windows-clients-via-group-
policy/
8. Textbook and references of the unit
9. The unit learning guide, lecture notes and practical exercises
10. Check Discussion for other support and URLs
COMP2013 LAN Workshop – Assignment Page 10 of 23
COM2013 LAN Workshop 2022-1
Assignment Marking Criteria
Marks
Tasks
High Distinction
(>=85%)
Distinction (>=75%) Credit (>=65%) Pass (=>50%) Fail <=49
Client and Server Machines (Demonstration) ____/75 Points
File and Storage
services
(15 Points)
Professional design and well
organization of all the folders in a
specified server machine, very
easy access by all domain users,
with appropriate network drive
mapping and no permission errors.
Very good configuration of NFS.
All the folders are well
organized in a server
machine with easy access by
domain users, with network
drive mapping and no
permission errors. Good
configuration NFS.
All the folders properly
reside in a server
machine and are
accessible by domain
users, and in general, no
permission errors.
Configuration of NFS.
File folders are
accessible without
major permission
errors.
Generally, file
folders are not
accessible or have
major permission
errors, or not
implemented.
_____/15 15.00- 12.68 12.66- 11.18 11.16- 9.68 9.66- 7.43 7.41-0
Users &
Computers
(20 Points)
All user and computer accounts
are built-up perfectly and are well
organized in OUs and groups in
the created domain, with password
protection and all required
information. No mistakes in
account types, delegation duties.
User profiles are set for each user,
and the home directory resides in
the specified machine.
Meet the most requirement
of HD, but lack of user
profiles or missing some
information of a certain user
and/or computer accounts.
All user and computer
accounts are created
correctly and properly
organized in OUs and
groups under the
domain, with password
protection. Generally,
correct in account types,
delegation duties and
home directory.
User and computer
accounts are
created without
major mistakes
with respect to
account types,
delegation
duties and home
directory. Some
work in creating
OUs and groups.
Many users and/or
Computer
accounts are
missing or have
severe mistakes.
_____/20 20.00- 16.90 16.88- 14.90 14.88- 12.90 12.88-9.90 9.88-0
Printers
(7 Points)
All printers are installed with
correct permission and easy to
access by the authorized users
regardless of which machine they
use to login.
All printers are
installed with
correct permission
by the authorized
users regardless
which machine they
use to login.
All printers are
installed with
correct permissions
and accessible.
Most printers are
created and
accessible.
Not installed or
installed
incorrectly
_____/7 7.00 – 5.92 5.91- 5.22 5.21 - 4.52 4.51 - 3.47 3.46 - 0
Client/Server
machines
(25 Points)
The AD domain is designed and
Implemented professionally with
the domain controller and DNS
server (Windows Server 2012)
and two client machines
(Windows 7 and 10) all
configured correctly. All the
group policies are set correctly
with respect to password, logon
locally, and account lockout.
The AD domain is designed
and implemented correctly
with the domain controller
and DNS server
(Windows Server 2012) and
two client machines
(Windows 7 and 10)
configured properly. The
group policies are set
correctly with respect to
password, logon locally, and
account lockout.
The AD domain is
created correctly with
the domain controller
and DNS server
(Windows Server 2012),
which is joined with the
two client machines
(Windows 7 and 10).
Group policy is set for
the created domain.
The AD domain is
created to form a
LAN with the
three Windows
machines, using
the default group
policy settings.
Not implemented
or very limited
work such as
unable to make
the client
machines join the
created domain.
_____/25 25.00- 21.13 21.10- 18.63 18.60- 16.13 16.10- 12.38 12. 35-0.
Web/FTP Servers
(8 Points)
Web and FTP servers are built-up
and accessible from any machine,
with the web page(s) containing
the logo and information of the
company and being able to
download and upload files on the
FTP server.
Web and FTP server are
built-up and accessible from
any machine, and
being able to download and
upload files on the FTP
server.
Web and FTP
server are built-up,
which are accessible
from a client
machine.
Web and FTP
server are built-up,
which are only
accessible locally
at the server
machine
Not implemented,
or not accessible
from any
machines.
_____/8 8.00 – 6.76 6.75 – 5.96 5.95 – 5.16 5.15 - 3.96 3.95 - 0
COMP2013 LAN Workshop – Assignment Page 11 of 23
Documentation 25 Points
Report on System
Design and
Implementation
(10 Points)
A professional technical report to
clearly describe the assignment
question, system design and
implementation, including steps
of creating the domain, the
configuration of the domain
controller and DNS server,
Web/FTP server, NFS, and client
machines, with sufficient
explanation plus screenshots,
diagrams, tables or charts
A good report to describe
the assignment question,
system design and
implementation, including
steps of creating the
domain, the configuration
of the domain controller
and DNS server, Web/FTP
server, NFS, and client
machines, with sufficient
explanations, using some
screenshots, diagrams,
tables or charts.
Clearly describe the
project and explain
your design about
domain, servers and
client machines.
Briefly explain the
project and provide
general information
about your work in
the assignment.
Not enough
information for the
reader to follow to
implement your
design.
____/10 10.00- 8.45 8.44- 7.45 7.44- 6.45 6.44- 4.95 4.94 -0
Report on System
Components
(5 Points)
Very clearly explain
the system
structure and each
component,
including OUs,
groups, user and
computer accounts,
file folders and
printers.
Explain the system
structure and each
component,
including OUs,
groups, user and
computer accounts,
file folders and
printers.
List all systems
components with
sufficient details.
Provide general
information about
system
components.
Not clearly explain
about system
components.
____/5 5.00 - 4.23 4.22 – 3.73 3.72 - 3.23 3.22—2.48 2.47 - 0
Report on Group
Policy (5 Points)
Very clearly
describe and justify
all your settings
about the Group
Policy required by
the assignment.
Describe your
settings about the
Group Policy
required by the
assignment with
certain explanation
to justify your
design.
Explain your
settings about all
the Group Policy
required by the
assignment.
Provide explanation
about your Group
Policy settings.
No or very limited
explanation about
the Group Policy.
____/5 5.00 - 4.23 4.22 – 3.73 3.72 - 3.23 3.22—2.48 2.47 - 0
Report on Risk
Analysis and
Backup (5 Points)
A full risk analysis,
professional backup
schedule and
sufficient
explanation about
your plan
Provide risk
analysis, reasonable
backup schedule
and explanation
about your plan.
Provide a backup
schedule based on
the risk analysis.
Provide the backup
schedule and brief
explanation about
it.
Not enough or no
explanation about
the issue.
____/5 5.00 - 4.23 4.22 – 3.73 3.72 - 3.23 3.22—2.48 2.47 - 0
COMP2013 LAN Workshop – Assignment Page 12 of 23
Appendix I
RRS Logo
Appendix II
Annotated Exempla
The documentation part of the assignment should contain sufficient information and explanation about
your design so that the reader can implement the design by following the steps provided. This sample
question set is for your reference in preparing the report of the assignment.
Encrypted File System (EFS)
(Sample Assignment Questions)
(1) Briefly explain the Encrypted File Systems (EFS) and demonstrate how to use
EFS to encrypt a folder on Windows 7.
The EFS is a file system filter that provides file system (NTFS)-level encryption. The technology enables files to be
transparently encrypted to protect confidential data from attackers with physical access to the computer.
Suppose that a folder C:\EncryptedFiles has been created, and all the computer users have full control on it. The folder can
be encrypted by following the steps given below:
1. Right-click the C:\EncryptedFiles folder and click Properties
2. In the Properties dialog box, click Advanced
3. To encrypt the folder, make sure the Encrypt contents to secure data checkbox is selected. Click OK to complete
the setting (Fig. 1)
Only the owner can then open all files created by a user in this folder. Any attempts to access these files from other users will
be denied.
COMP2013 LAN Workshop – Assignment Page 13 of 23
Fig.1 Encrypted File Folder
(2) Is it possible in Windows 7 to allow other users the ability to view/edit the
contents of an encrypted file? If so, how?
It is possible for users to access (view/edit) each other's encrypted files with the permission of the owner. Suppose that two
users have created encrypted files in the folder C:\EncryptedFiles (Personal Information Exchange Certificate will be
generated for the two users automatically). Then if one user what to give access to another user for one of his/her encrypted
files, he/she can just right-click that file and select Properties and in the Properties dialog box, click Advanced/ Details. Click
Add in the opened dialog box (Fig. 2) and select the user to whom the owner wants to give the access (Fig. 3). The selected
user can now view/edit the encrypted file.
COMP2013 LAN Workshop – Assignment Page 14 of 23
Fig. 2 Add user to access the file
Fig. 3 Select a user to access the file
(3) Decrypt Encrypted Files on Windows 7
The computer Administrator can be configured as the agent to decrypt encrypted files by following the steps given below:
COMP2013 LAN Workshop – Assignment Page 15 of 23
1. Login as Administrator
2. Go to Start/Run and type in cmd to open the console box.
At the prompt, type cipher /r: and press enter. This prompt will then display:
Please type in the password to protect your .PFX file:
Please retype the password to confirm:
After typing in the password and if no mistake occurring, the prompt will then display
Your .CER file was created successfully.
Your .PFX file was created successfully.
Fig.4 Generate the certificates
The .CER and .PFX files will be saved in the current directory that is shown at the command prompt. For example, if the
command prompt displays C:\Users\Administrator>, the two files are just saved in the Administrator folder (Fig. 4).
3. At the console prompt, type in certmgr.msc, and this will open a dialog box to launch the Certificates Manager. Navigate
to Personal and right-click on the folder, and select All Tasks/Import (Fig. 5). The Certificate Import Wizard will appear (Fig.
6). Click Next. Browse to the C:\Users\Administrator folder In the Open dialog box, change the Files of Type (at the bottom)
to personal Information Exchange (*.pfx,*.P12). Select the file fileName.pfx and click Open (Fig. 7a). Click Next to import
the certificate (Fig. 7b). Type in your password (leave the first two checkboxes blank, and the third checked as shown) and
click Next (Fig. 8). Make sure the Radio button is active for the first option (Automatically select the certificate store based
on the type of certificate, Fig. 9a). Click Next. Click Finish. (You'll receive a message that the import was successful).
COMP2013 LAN Workshop – Assignment Page 16 of 23
Fig. 5 Import the Certificate
Fig. 6 File to import
COMP2013 LAN Workshop – Assignment Page 17 of 23
Fig. 7a Select the certificate file
Fig. 7b Import the certificate file
COMP2013 LAN Workshop – Assignment Page 18 of 23
Fig. 8 Key in the password
COMP2013 LAN Workshop – Assignment Page 19 of 23
(a)
(b)
Fig. 9 Complete the certificate import
4. At the console prompt, type in secpol.msc and click OK. This will launch the Local Security Policy (Fig. 10). Expand the
Public Key Policies folder, right-click on the Encrypted File System subfolder, and select Add Ruby Roof Service (Fig.
11). The Wizard will then display (Fig. 12). Click Next. Click the Browse button. Browse to the C:\Users\Administrator
COMP2013 LAN Workshop – Assignment Page 20 of 23
folder. Select the certificate file and click Open. (Fig. 13), the wizard will display the status User_Unknown. That's ok. Click
Next. Click Finish (Fig. 14). You will see a new entry in the right-side column. Close the Local Security Policy.
You, the Administrator are now configured as the default Recovery Agent for all encrypted files that are afterwards created,
saved or just re-opened in the C:\EncryptedFile.
Fig. 10 Local Security Policy
COMP2013 LAN Workshop – Assignment Page 21 of 23
Fig. 11 Select Encrypt File System
Fig. 12 Add Recovery Agent Wizard
COMP2013 LAN Workshop – Assignment Page 22 of 23
Fig. 13 Select the certificate file
(a)
COMP2013 LAN Workshop – Assignment Page 23 of 23
(b)
Fig. 14 Select Recovery Agents
COMP2013 LAN Workshop
Assignment
Student Name: __________________________________________
Student ID: ______________________________________
Practical Class: ______________________________________
Instructions to students -
• The assignment must be each student's individual work. Joint work is
unacceptable.
• The assignment marking criteria are as given in the unit learning guide
• You need to submit the documentation (Project Report) as part of your
assignment through vUWS by the deadline (03 Jun 2022, Friday, 5:00 PM) and
demonstrate your project in class for PR/01 and via Zoom Breakout for PR/02
during the workshop sessions of the preceding weeks (Week 12 & 13).
COMP2013 LAN Workshop – Assignment Page 2 of 23
COMP2013 LAN Workshop
2022-1
Assignment Project
(Worth 30%)
PURPOSE
The purpose of this assignment project is to give students the opportunity to:
• Plan, organize and provide basic local area network (LAN) systems
administration and security functions.
• Provide network services, such as the Web server, FTP service, file and storage
service, and the active directory domain controller, DNS server, and NFS
server.
• Contribute to the risk analysis and the preparation of a disaster recovery plan
for a LAN and set up appropriate backup and recovery procedures.
ASSIGNMENT DESCRIPTION
Ruby Roof Service (RRS) is a roof maintenance specialist business located in Sydney
West. RRS is to provide up to full package roof service. With the rapid expansion of
business, the company needs a computer networking system to use various software
applications for company operation. The company considers larger storage and cost-
effective for customer onside pictures and custom roof drawings in high resolution.
As IT specialists, students are to provide the RRS with recommendations and solutions
in local area network system administration, including server and client system
configurations to meet the client's requirements. The prototype system is to be
developed as a LAN for a typical small-medium size enterprise. Through the designed
prototype system, the developer is to demonstrate to his/her supervisor and the RRS
that he/she can provide the LAN implementation and administration.
The RRS employs twenty-five people and comprises five divisions under the director
board (two members). The five divisions are Reception, Sales, Financial, Construction,
and Design. The company structure is illustrated in Figure 1, and the personnel are as
given in Table 1.
COMP2013 LAN Workshop – Assignment Page 3 of 23
Figure 1 Structure of Ruby Roof Service
Table 1: Ruby Roof Service (RRS)
Division Position Name Duties
Management
Office
Managing Director Jane Smith
Delivering the highest level of
service in the industry and
developing trustworthy
relationships with clients and
business partners based on
reliable performance
General Manager Roger Small
Managing the business and
supervising all staff, including
management of staff insurance
and training programs
Manager Assistant Florian Martin
Providing administrative support
to the management and all
divisions. Maintaining all staff
work roster, leave and other
human resources issues
Reception
Reception
Manager
Chloe Day
Managing the Reception
Division, customer support and
cooperation with other divisions
Receptionists Luis Gee, Marilyn Lu
Provide office administration and
customer liaison
IT Specialist Bruce Lee
Maintains RRS network in
addition to all the duties of a
receptionist
Sales
Sales Manager Charlie Brown
Managing the Sales Division and
responsible for new & used car
sale and rental service and
support recovery and data
divisions
Sales
Representatives
Dennis Lowry
Phillip Parker
Charles Wong
Work with customers for car
sales and rental
Finance
Finance Manager Sarah Jones Managing Finance Division and company finance reporting
Account Ian Dean
Assisting the manager to
manage the accounts for the
business
Cashier Nancy Johnson Processing all transactions of the company
COMP2013 LAN Workshop – Assignment Page 4 of 23
Construction team
Manager Aaliyah Ibrahim
Managing Division and provides
reports and recommendations for
customers
Onside spec Peter Wright Tim Wilson
Aliasing with the design team
and construction staff before
moving next phase or handing
over
Call out staff
Tong Williams
Tony Nguyen
Henry Taylor
David Karen
Todd Jennifer
Responsible for daily tasks
assign by the manager
Design team
Design Manager Gary Jones
Managing Division and provides
data dropped off from
construction team and customer
Planner Jason King
In contact with the construction
team, inspector and customer
need
Staff John Morrison Alex Tan
Responsible for daily tasks
assign by the manager
COMP2013 LAN Workshop – Assignment Page 5 of 23
NETWORK RESOURCES
Resources of the RRS network include computers (server and clients), printers, user
accounts, software, and company documents.
Computers & Printers
Each staff has his/her computer or shares computers with colleagues. To simplify the
design, however, you only need to create ONE COMPUTER ACCOUNT for each
division, in addition to the virtual machines Windows Server 2012, Windows 10 &
Windows 7, and the Linux Centos 8.
All staff must be able to use any Windows client computers within the business and
still be able to access the folders they are entitled to. There are only two Windows
client machines, i.e., Windows 10 & 7, in this prototype system for the demonstration.
Therefore, each staff should be able to login onto the network via either of the two
computers.
Every division is equipped with a printer that can only be used by its own staff. One
extra printer is installed in the Reception for all company staff. The IT staff, Bruce
Lee, should have access to all the printers for maintenance purposes.
User Accounts
The IT Support staff Bruce Lee has an ADMINISTRATOR ACCOUNT, i.e., is a
member of Administrators, while all OTHER USERS should be set as NORMAL
USER ACCOUNTS.
Each staff requires a home directory where he/she can save data that only he/she can
access. You should put the HOME DIRECTORIES of all company staff, including that
of Bruce Lee, in the WINDOWS Server 2012 R2. However, this directory must be
easily accessible from all Windows client machines (Windows 7 & 10), i.e., with a drive
map on the top of the client computers (This PC of Windows 10 and Computer of
Windows 7).
The user and computer accounts should be well organized in an appropriate number
of ORGANIZATION UNITS. While Bruce Lee is responsible for maintaining the whole
network, the administrative control (add, disable/delete and unlock an account etc.) of
the Construction and Design teams, i.e., Design Team, is delegated to Jason King
To ease the setting of the access control, you should also organize the domain users
into GROUPS according to the duties and the permissions set to them for accessing
system resources.
File and Storage Services
Apart from the home directory for each domain user, the folders/files that the RRS
staffs need to access should be set as follows:
• A network drive on client computers (Windows 7&10) for all RRS staff, the drive
is mapping to the company RRS Folder at the server (Windows 2012 R2), with
COMP2013 LAN Workshop – Assignment Page 6 of 23
all the members of the Management Office has Read/Write access and all other
RRS staff having read-only access.
• A network drive on client computers (Windows 7&10) for the Management
Office staff only, the drive is mapping to the Management Office Folder at the
server (Windows 2012 R2), with the Managing Director and the General
Manager having the Read/Write access and the Manager Assistant having the
read-only access.
• A network drive on client computers (Windows 7&10) for EACH Division is
mapping to the division folder at the server (Windows 2012 R2), with each
division manager having the Read/Write access and each division other staff
having the read-only access.
• A network drive on client computers (Windows 7&10) for all managers. The
drive is mapping to the Manager Folder at the server (Windows 2012 R2), with
all the members of the Management Office having the Read/Write access and
all the division managers having the read-only access.
• A Software Folder at the Windows Server 2012 R2). Only the IT Specialist Bruce
Lee has full control of access to the folder.
The folders that the staff need access to are as follows, with the accesses being set
as required by the above network drives and folders:
• RRS Folder
• Management Office Folder
• Reception Folder
• Sales Folder
• Finance Folder
• Construction Folder
• Design Folder
• Managers Folder
• Software Folder
Install NFS File Services
The Finance Division staff need to run some accounting software installed in the Linux
machine and require accessing (Read/Write) a share at the Windows Server 2012 R2
from the Linux. Therefore, an NFS server should be installed in the Windows Server
with the Linux connecting to the NFS share.
System Protection
The RRS LAN is concerned with the Internet. If unexpected incidents happen to the
network, the company might lose all data, including company business plans and
strategies, transaction records, business partners' information, staff and customers,
and other company confidential documents. Thus, a detailed risk analysis of the
whole network and a backup and recovery plan for all data in the folders described
above should be performed.
TASKS
COMP2013 LAN Workshop – Assignment Page 7 of 23
1. Delete all previous work of practical exercises by removing Domain Controller (DC)
and other roles of the server
Hint: Best and quickest method to have a clean MS Windows 2012 installed VM to starting
a new DC before working on your week 12 or 13 demonstrations.
2. Reinstall the domain controller and DNS server in the Windows Server 2012 R2 and
connect the two Windows client computers (Windows 10 & 7) to the domain created.
3. Configure Windows Server and Clients
§ The domain name created must reflect the company name Ruby Roof Service
§ Provide configured Server and Client operating systems that form the local area
network.
§ Create all user and computer accounts.
§ Set the group policy for network users:
- Password policy: use a strong password with a minimum length of EIGHT;
change password FIRST-time login; change the password every NINETY
days.
- Account lockout policy: After THREE times unsuccessful logins, the account
should be locked out, and only the IT support staff or the authorized delegate
can unlock the account.
- Apart from the original Administrator account and the one that has been
created for the IT Support staff Bruce Lee (a member of Administrators) who
can logon to the Windows Server 2012 R2 by default, Jason King should
be allowed to logon locally in the server as well for the delegated duties. All
other staff can only logon to the domain via client computers (the Windows
7 or 10 in this prototype system).
§ Install the Web Server and FTP Server. In the Exercise, students have learnt how
to install the servers in Windows Server 2012. For security and performance
consideration, the Internet Information Service (IIS) should be installed in an NTFS
volume of a standalone member server. Since there is only one server in the
prototype system, the IIS should be installed in Windows 10. Regarding this
aspect, the Windows client machine is playing the role of the Web Server.
§ Create a web page for RRS that only needs to contain the Company logo (use the
one provided in Appendix I or design it by students themselves) and BRIEF
DESCRIPTIONS about the online booking system and the business scope of the
company. Students are free to add whatever they want to publish here. Users
should be able to view the web pages from all three Windows computers and the
Linux machine.
§ Install all printers in Windows 10.
4. Setup and configure the file and storage services
§ Create all file folders at the Windows server 2012 R2 and map network drives on
the Windows clients.
§ Install the NFS services and configure an NSF share on the Windows server 2012
R2
COMP2013 LAN Workshop – Assignment Page 8 of 23
§ Connect the Linux client to the NFS share by creating a new directory at the Linux
and mounting the NFS share to the directory.
§ Create Linux accounts for all staff of the Finance Division staff.
5. Complete Documentation:
§ Provide technical documentation (in word format) for the system that has been
designed based on the information provided above.
§ The documentation should include enough information for a system administrator
to create or modify your system. Please refer to Appendix II for reference.
§ The document should contain at least the following:
- An executive summary
- Major steps in creating the local area network and configuring the server and
client machines.
- Usernames and passwords for all users (include the Administrator
Username and Password for your system)
- User and folder access permissions
- Computer accounts and printers - Any policies or settings that have been
applied to the system
- Installation configuration of IIS (HTTP and FTP)
- Installation and configuration of the NFS - A risk analysis table to list all the
resources of the network and the potential risks and countermeasures
- Backup and recovery plan
- Assignment Cover Sheet containing the Information on:
- Student name
- Student ID
- Practical class day/time
IMPLEMENTATION
§ Use all the three virtual Windows machines, i.e., the Windows Server 2012 and the
Windows 10 and 7, to demonstrate the design of the LAN. Upon setting up the
Windows Server 2012 as the domain controller and linking Windows 10 and 7 to
the domain, all the users can logon to the Company intranet via the client machines
(it is still required to create a computer account for each division as
aforementioned).
§ Connect the Linux to the NFS Share at the Windows Server 2012 R2.
SUBMISSION
COMP2013 LAN Workshop – Assignment Page 9 of 23
§ Documentation to be submitted on-line through the subject website (vUWS)
https://vuws.westernsydney.edu.au/ in A SINGLE WORD FILE, no later than
Friday 03 Jun 2022, 5:00 PM.
§ Configured Server and Client Machines to be demonstrated to the tutor during
Practical Sessions of the last two weeks of the semester.
§ All information and documentation, including configured server and client operating
systems, must be students' own work. Group work is not allowed.
REFERENCES
1. Windows Server 2012 R2 and Windows Server 2012 https://technet.microsoft.com/en-
us/library/hh801901(v=ws.11).aspx
2. Install Domain Controller in Windows Server 2012 http://www.mustbegeek.com/install-
domain-controller-in-windows-server-2012/
3. How to Install IIS on Windows 8 or Windows 10
https://www.howtogeek.com/112455/how-to-install-iis-8-on-windows-8/
4. Join computers to the new Windows Server 2012 Essentials network
https://technet.microsoft.com/en-us/library/jj200128(v=ws.11).aspx
5. Remove Active Directory Domain Services
https://technet.microsoft.com/en-us/library/hh472163(v=ws.11).aspx#BKMK_RemoveSM
6. How To Edit the Sudoers File on Ubuntu and CentOS
https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file-on-ubuntu-and-
centos
7. How to Map Network Drives on Windows Clients via Group Policy
https://www.howtogeek.com/99403/it-how-to-map-network-drives-on-windows-clients-via-group-
policy/
8. Textbook and references of the unit
9. The unit learning guide, lecture notes and practical exercises
10. Check Discussion for other support and URLs
COMP2013 LAN Workshop – Assignment Page 10 of 23
COM2013 LAN Workshop 2022-1
Assignment Marking Criteria
Marks
Tasks
High Distinction
(>=85%)
Distinction (>=75%) Credit (>=65%) Pass (=>50%) Fail <=49
Client and Server Machines (Demonstration) ____/75 Points
File and Storage
services
(15 Points)
Professional design and well
organization of all the folders in a
specified server machine, very
easy access by all domain users,
with appropriate network drive
mapping and no permission errors.
Very good configuration of NFS.
All the folders are well
organized in a server
machine with easy access by
domain users, with network
drive mapping and no
permission errors. Good
configuration NFS.
All the folders properly
reside in a server
machine and are
accessible by domain
users, and in general, no
permission errors.
Configuration of NFS.
File folders are
accessible without
major permission
errors.
Generally, file
folders are not
accessible or have
major permission
errors, or not
implemented.
_____/15 15.00- 12.68 12.66- 11.18 11.16- 9.68 9.66- 7.43 7.41-0
Users &
Computers
(20 Points)
All user and computer accounts
are built-up perfectly and are well
organized in OUs and groups in
the created domain, with password
protection and all required
information. No mistakes in
account types, delegation duties.
User profiles are set for each user,
and the home directory resides in
the specified machine.
Meet the most requirement
of HD, but lack of user
profiles or missing some
information of a certain user
and/or computer accounts.
All user and computer
accounts are created
correctly and properly
organized in OUs and
groups under the
domain, with password
protection. Generally,
correct in account types,
delegation duties and
home directory.
User and computer
accounts are
created without
major mistakes
with respect to
account types,
delegation
duties and home
directory. Some
work in creating
OUs and groups.
Many users and/or
Computer
accounts are
missing or have
severe mistakes.
_____/20 20.00- 16.90 16.88- 14.90 14.88- 12.90 12.88-9.90 9.88-0
Printers
(7 Points)
All printers are installed with
correct permission and easy to
access by the authorized users
regardless of which machine they
use to login.
All printers are
installed with
correct permission
by the authorized
users regardless
which machine they
use to login.
All printers are
installed with
correct permissions
and accessible.
Most printers are
created and
accessible.
Not installed or
installed
incorrectly
_____/7 7.00 – 5.92 5.91- 5.22 5.21 - 4.52 4.51 - 3.47 3.46 - 0
Client/Server
machines
(25 Points)
The AD domain is designed and
Implemented professionally with
the domain controller and DNS
server (Windows Server 2012)
and two client machines
(Windows 7 and 10) all
configured correctly. All the
group policies are set correctly
with respect to password, logon
locally, and account lockout.
The AD domain is designed
and implemented correctly
with the domain controller
and DNS server
(Windows Server 2012) and
two client machines
(Windows 7 and 10)
configured properly. The
group policies are set
correctly with respect to
password, logon locally, and
account lockout.
The AD domain is
created correctly with
the domain controller
and DNS server
(Windows Server 2012),
which is joined with the
two client machines
(Windows 7 and 10).
Group policy is set for
the created domain.
The AD domain is
created to form a
LAN with the
three Windows
machines, using
the default group
policy settings.
Not implemented
or very limited
work such as
unable to make
the client
machines join the
created domain.
_____/25 25.00- 21.13 21.10- 18.63 18.60- 16.13 16.10- 12.38 12. 35-0.
Web/FTP Servers
(8 Points)
Web and FTP servers are built-up
and accessible from any machine,
with the web page(s) containing
the logo and information of the
company and being able to
download and upload files on the
FTP server.
Web and FTP server are
built-up and accessible from
any machine, and
being able to download and
upload files on the FTP
server.
Web and FTP
server are built-up,
which are accessible
from a client
machine.
Web and FTP
server are built-up,
which are only
accessible locally
at the server
machine
Not implemented,
or not accessible
from any
machines.
_____/8 8.00 – 6.76 6.75 – 5.96 5.95 – 5.16 5.15 - 3.96 3.95 - 0
COMP2013 LAN Workshop – Assignment Page 11 of 23
Documentation 25 Points
Report on System
Design and
Implementation
(10 Points)
A professional technical report to
clearly describe the assignment
question, system design and
implementation, including steps
of creating the domain, the
configuration of the domain
controller and DNS server,
Web/FTP server, NFS, and client
machines, with sufficient
explanation plus screenshots,
diagrams, tables or charts
A good report to describe
the assignment question,
system design and
implementation, including
steps of creating the
domain, the configuration
of the domain controller
and DNS server, Web/FTP
server, NFS, and client
machines, with sufficient
explanations, using some
screenshots, diagrams,
tables or charts.
Clearly describe the
project and explain
your design about
domain, servers and
client machines.
Briefly explain the
project and provide
general information
about your work in
the assignment.
Not enough
information for the
reader to follow to
implement your
design.
____/10 10.00- 8.45 8.44- 7.45 7.44- 6.45 6.44- 4.95 4.94 -0
Report on System
Components
(5 Points)
Very clearly explain
the system
structure and each
component,
including OUs,
groups, user and
computer accounts,
file folders and
printers.
Explain the system
structure and each
component,
including OUs,
groups, user and
computer accounts,
file folders and
printers.
List all systems
components with
sufficient details.
Provide general
information about
system
components.
Not clearly explain
about system
components.
____/5 5.00 - 4.23 4.22 – 3.73 3.72 - 3.23 3.22—2.48 2.47 - 0
Report on Group
Policy (5 Points)
Very clearly
describe and justify
all your settings
about the Group
Policy required by
the assignment.
Describe your
settings about the
Group Policy
required by the
assignment with
certain explanation
to justify your
design.
Explain your
settings about all
the Group Policy
required by the
assignment.
Provide explanation
about your Group
Policy settings.
No or very limited
explanation about
the Group Policy.
____/5 5.00 - 4.23 4.22 – 3.73 3.72 - 3.23 3.22—2.48 2.47 - 0
Report on Risk
Analysis and
Backup (5 Points)
A full risk analysis,
professional backup
schedule and
sufficient
explanation about
your plan
Provide risk
analysis, reasonable
backup schedule
and explanation
about your plan.
Provide a backup
schedule based on
the risk analysis.
Provide the backup
schedule and brief
explanation about
it.
Not enough or no
explanation about
the issue.
____/5 5.00 - 4.23 4.22 – 3.73 3.72 - 3.23 3.22—2.48 2.47 - 0
COMP2013 LAN Workshop – Assignment Page 12 of 23
Appendix I
RRS Logo
Appendix II
Annotated Exempla
The documentation part of the assignment should contain sufficient information and explanation about
your design so that the reader can implement the design by following the steps provided. This sample
question set is for your reference in preparing the report of the assignment.
Encrypted File System (EFS)
(Sample Assignment Questions)
(1) Briefly explain the Encrypted File Systems (EFS) and demonstrate how to use
EFS to encrypt a folder on Windows 7.
The EFS is a file system filter that provides file system (NTFS)-level encryption. The technology enables files to be
transparently encrypted to protect confidential data from attackers with physical access to the computer.
Suppose that a folder C:\EncryptedFiles has been created, and all the computer users have full control on it. The folder can
be encrypted by following the steps given below:
1. Right-click the C:\EncryptedFiles folder and click Properties
2. In the Properties dialog box, click Advanced
3. To encrypt the folder, make sure the Encrypt contents to secure data checkbox is selected. Click OK to complete
the setting (Fig. 1)
Only the owner can then open all files created by a user in this folder. Any attempts to access these files from other users will
be denied.
COMP2013 LAN Workshop – Assignment Page 13 of 23
Fig.1 Encrypted File Folder
(2) Is it possible in Windows 7 to allow other users the ability to view/edit the
contents of an encrypted file? If so, how?
It is possible for users to access (view/edit) each other's encrypted files with the permission of the owner. Suppose that two
users have created encrypted files in the folder C:\EncryptedFiles (Personal Information Exchange Certificate will be
generated for the two users automatically). Then if one user what to give access to another user for one of his/her encrypted
files, he/she can just right-click that file and select Properties and in the Properties dialog box, click Advanced/ Details. Click
Add in the opened dialog box (Fig. 2) and select the user to whom the owner wants to give the access (Fig. 3). The selected
user can now view/edit the encrypted file.
COMP2013 LAN Workshop – Assignment Page 14 of 23
Fig. 2 Add user to access the file
Fig. 3 Select a user to access the file
(3) Decrypt Encrypted Files on Windows 7
The computer Administrator can be configured as the agent to decrypt encrypted files by following the steps given below:
COMP2013 LAN Workshop – Assignment Page 15 of 23
1. Login as Administrator
2. Go to Start/Run and type in cmd to open the console box.
At the prompt, type cipher /r: and press enter. This prompt will then display:
Please type in the password to protect your .PFX file:
Please retype the password to confirm:
After typing in the password and if no mistake occurring, the prompt will then display
Your .CER file was created successfully.
Your .PFX file was created successfully.
Fig.4 Generate the certificates
The .CER and .PFX files will be saved in the current directory that is shown at the command prompt. For example, if the
command prompt displays C:\Users\Administrator>, the two files are just saved in the Administrator folder (Fig. 4).
3. At the console prompt, type in certmgr.msc, and this will open a dialog box to launch the Certificates Manager. Navigate
to Personal and right-click on the folder, and select All Tasks/Import (Fig. 5). The Certificate Import Wizard will appear (Fig.
6). Click Next. Browse to the C:\Users\Administrator folder In the Open dialog box, change the Files of Type (at the bottom)
to personal Information Exchange (*.pfx,*.P12). Select the file fileName.pfx and click Open (Fig. 7a). Click Next to import
the certificate (Fig. 7b). Type in your password (leave the first two checkboxes blank, and the third checked as shown) and
click Next (Fig. 8). Make sure the Radio button is active for the first option (Automatically select the certificate store based
on the type of certificate, Fig. 9a). Click Next. Click Finish. (You'll receive a message that the import was successful).
COMP2013 LAN Workshop – Assignment Page 16 of 23
Fig. 5 Import the Certificate
Fig. 6 File to import
COMP2013 LAN Workshop – Assignment Page 17 of 23
Fig. 7a Select the certificate file
Fig. 7b Import the certificate file
COMP2013 LAN Workshop – Assignment Page 18 of 23
Fig. 8 Key in the password
COMP2013 LAN Workshop – Assignment Page 19 of 23
(a)
(b)
Fig. 9 Complete the certificate import
4. At the console prompt, type in secpol.msc and click OK. This will launch the Local Security Policy (Fig. 10). Expand the
Public Key Policies folder, right-click on the Encrypted File System subfolder, and select Add Ruby Roof Service (Fig.
11). The Wizard will then display (Fig. 12). Click Next. Click the Browse button. Browse to the C:\Users\Administrator
COMP2013 LAN Workshop – Assignment Page 20 of 23
folder. Select the certificate file and click Open. (Fig. 13), the wizard will display the status User_Unknown. That's ok. Click
Next. Click Finish (Fig. 14). You will see a new entry in the right-side column. Close the Local Security Policy.
You, the Administrator are now configured as the default Recovery Agent for all encrypted files that are afterwards created,
saved or just re-opened in the C:\EncryptedFile.
Fig. 10 Local Security Policy
COMP2013 LAN Workshop – Assignment Page 21 of 23
Fig. 11 Select Encrypt File System
Fig. 12 Add Recovery Agent Wizard
COMP2013 LAN Workshop – Assignment Page 22 of 23
Fig. 13 Select the certificate file
(a)
COMP2013 LAN Workshop – Assignment Page 23 of 23
(b)
Fig. 14 Select Recovery Agents
