Checklist PAGE 1 version 1

01. One machine should be a PDC and one should be a workstation. Check with NET ACCOUNTS.

02. Log on locally to workstation, domain logon to PDC. (Administrator)

03. Workstation: set Workstation to be the default operating system when booting up.

System Configuration:

04. Check the location of your NT system folder. (Open NT Explorer or use SET command.)

05. In NT Explorer, show hidden files and show file extensions. Show file details.

06. Put Notepad and Wordpad (write.exe) in the Send To menu.

07. Install a Printer (call it "MyPrinter", Print to File, Generic Text Driver, share it as PRINT01 etc.)

08. Install a network printer. (Install a printer from another student's machine).

09. Create an Emergency boot disk (NTLDR, NTDETECT, BOOT.INI).

10. Change the CD to R:. Add a new 100MB NTFS partition F:. Edit boot.ini if necessary.

Program Installation:

11. Open command prompt and add a permanent 300 line scrollback. (Control Panel).

12. Copy \\Instructor1\Clients\Joe\Zip to your Desktop. Install Winzip Classic.

13. Unzip and install other programs from Zip folder. sbooks.zip must be unzipped

to C:\JLABS. Don't reboot yet.

14. Copy the \\Instructor1\Clients\Joe\Util folder to your desktop.

15. Map N: to the c drive on the instructor's machine. (Use NET USE). View in Explorer.

16. Convert your D: and E: drives to NTFS. Reboot.

17. Add the folder containing sbm.exe to the Path. Start ScreenBook Maker from Command Prompt.

18. Install WinVNC as a service (winvnc -install, start in Services applet)

19. New groups in Start->Programs: Apps, Util, Reference, Internet. Sort programs appropiately.

Registry: regedit.exe and regedt32.exe

20. Turn on numlock when booting (HKU..\Keyboard\InitialKeyboardIndicators = 2).

21. Set filename completion character to Tab (CompletionChar = 9).

22. Set registry permissions: HKLM\System\CurrentControlSet\Control\SecurePipeServers\winreg

System Policy:

PDCs use System Policy Editor; save policy as NTCONFIG in the NETLOGON share.

(The NETLOGON share is usually SYSTEM32\Repl\Import\Scripts)

Workstations use System Policy Editor to edit registry directly.

23. Workstation: copy .adm files to WINNT\INF. Run POLEDIT from D:\UTIL

24. Customize the logon banner for your domain (PDC) or local computer (Workstation).

25. Don't show last logged-on user in logon dialog box. Hide the Run box. Log on and test settings.

Users and Permissions:

26. Remove the "Everyone" group from all NTFS permissions on the D: and E: drives. Replace with

<auth users full control> <SYSTEM full control>.

(Be careful to check "Replace Permissions on Subdirectories").

27. Add three users to the SAM: Ken, Lisa and Trudy, password: "pass"

28. Make a folder F:\Test <auth users full control>

29. Make the following files:

F:\Test\Ken.txt <administrators full control> <Ken full control>

F:\Test\Lisa.txt <administrators full control> <Lisa full control>

F:\Test\Secret.txt <auth users full control>

30. PDC: Create System Policies for Ken and Lisa (Desktop color scheme).

31. Generate an "Access is Denied" message by trying to access a file for which you do not

have Read permission. (Log on as Ken and try to access Lisa's file, for example.)

32. Display a message in the Security log showing Ken accessed Secret.txt.

33. Make a folder F:\PUBLIC. Share this folder as "PUBLIC". Put a file "student01.bmp" in PUBLIC.

34. Make a folder F:\COLLECTION and place student01.bmp from other students in COLLECTION.

35. Make a folder F:\BACKUP and make a batch file bkp.bat to backup the files from PUBLIC and

COLLECTION. Subdirectories should be copied and only files newer than the destination should

be copied. (Use XCOPY /S /D).

36. Schedule bkp.bat to run every weekday at 5:00. (N.B. Path).

Roaming Profiles and User Configuration

01. PDC: add a user for each student at table.

02. Add the Workstation to the domain from the Network applet on Workstation. The PDC can add the

Workstation first to avoid having to enter the Administrative password from the Workstation.

03. Workstation: logon to the domain. Logon twice to test the logon banner (installed above).

04. On the PDC create F:\USERS shared as USERS and F:\PROFILES shared as PROFILES.

05. Create the following registry DWORD value on both PDC and Workstation:

HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon DeleteRoamingCache:1

06. Create a user: _profile. Log on to the PDC as _profile and configure the user's profile with the

settings specified at the start of this checklist (snap-to, command scrollback, etc.)

07. Log on as administrator. Check for SP4. If you have SP4, make a copy of the profile of _profile for

each user that you added in step 01. (Copy Profile in System applet to \\MYSERVER\PROFILES\

[Username] No need to create folder first.)

08. In User Manager, configure the user info for each student: (folders will be created automatically).

Home folder: \\[PDC]\USERS\[username]

Profile: \\[PDC]\PROFILES\[username]

Logon Script: logon1.bat.

09. Create a file named "index.html" in home folder of each user. Create a batch file "logon1.bat" that

will open a browser with index.html in the home folder of the current user. Save in NETLOGON.

10. Logon under a student user name and test the Roaming Profile, Home Folder, and Logon Script.

Groups and Permissions

11. PDC: Create these (empty) global groups: Researchers, Librarians, Public Users, Temps.

12. PDC & WKS: Create these (empty) local groups: Research Library, Library Admin, Public Library.

13. On PDC and Workstation create F:\LIB <auth users full control>, share as LIB.

14. PDC: create F:\Lib\PDC Public Library, F:\Lib\PDC Research Library.

15. Workstation: create F:\Lib\WKS Public Library, F:\Lib\WKS Research Library.

16. Permissions: (Assign permissions to local groups ONLY (except NO ACCESS)):

a. Adminstrator and SYSTEM full control to all folders.

b. Librarians get full control of all library folders.

c. Public Users can read files in the Public Library folders.

d. Researchers can read files in the Public Library or Research Library folders.

e. Temps should never have access to the PDC Research Library even if later put in Researchers.

17. Display the permissions on LIB on both machines using DumpACL. Display with CACLS.

18. Using templates (e.g. _tmp) create users in each group, 5 per group.

Public Users: Can't change password. Can't log on to server. Mandatory profile. Log on limited

to 9-9 Weekdays, 9-5 Sundays. No home folder.

Researchers: Must change password at next logon. Can't log on to server. Roaming Profile

and home folder on server. Can't log on 12 midnight to 6 AM. Can dial in.

Librarians: Password never expires. Can log on to server. Roaming profile and home folder

on server. Can dial in.

Temps: Account expires in one month. Can't logon on weekends. Can't logon to PDC.

Home folder and Roaming Profiles. Put a few temps in the Researchers group.

19. Display groups and users with DumpACL.

20. Trust another domain. (Adding a Trust - User Manager, add trusting from trusted first).

21. View the trust relationship with NLMON.EXE.

22. Share LIB so that groups from another domain (including Librarians) are NOT allowed access to

LIB, except Researchers. Set permissions so that Researchers from another domain have read-

only access. Test access.

23. Create bkp2.bat to copy the LIB folder to D:\BACKUP with all permissions intact. (SCOPY). Test.

24. Make a folder: PDC Research Library #2 on a PDC FAT volume with access as for PDC Res Library.

25. (Advanced) Start the C2 Configuration utility and fix security on as many items as possible.

26. (Advanced) Automate: Winbatch or batch file with REG.EXE and NET. (Using REGMON will help).

A. Basic IP Configuration:

IPCONFIG, IPCONFIG /ALL, IPCONFIG /RENEW, IPCONFIG /RELEASE

01. Find out your IP address and ethernet address using IPCONFIG /ALL.

02. Release your IP address, configure for static IP,

use 10.0.0.[MachineNumber], subnet mask: 255.0.0.0.

03. Ping some computers again to test connectivity.

04. Change back to DHCP. Check your IP address with IPCONFIG.

05. Release your IP address and check with IPCONFIG.

06. Retrieve another IP address from the DHCP server. Check again with IPCONFIG.

B. More IP practice (for at least two machines working together):

Set up the following configurations and then ping each other:

01. Class A address: Network ID = Table number, Host ID = machine number.

IP Address 1: ____________ Subnet Mask: _____________

02. Class B address: Network ID += Table number, Host ID = machine number.

IP Address 1: ____________ Subnet Mask: _____________

03. Class C address: Network ID += Table number, Host ID = machine number.

IP Address 1: ____________ Subnet Mask: _____________

04. Access the Subnet Quiz page and practice subnetting.

05. PDC: Class A address: Network ID = Table number, Host ID = machine number.

Install DHCP on PDC. Have the second machine at the table get a reserved

IP address from the DHCP server (Host ID = table number). N.B. DO NOT

ACTIVATE THE SCOPE UNTIL YOU HAVE CREATED THE RESERVATION.

06. Remove the DHCP server from the PDC, and have both machines get an IP

address from the teacher's machine.

C. IP Resolution: ARP -a, ARP -d, ARP -s

01. Examine your ARP cache. Delete all entries.

02. Ping the instructor's machine by IP address and then examine your ARP cache again.

03. Delete all entries in the ARP cache.

04. Install Network monitor.

05. Ping the instructor's machine by IP address and view the frames in Network monitor. In NM

highlight the data in the ICMP packet. You should see 2 ARP Frames and 6 ICMP (ping) frames.

View the data in the arp frames and ICMP frames.

06. Add a permanent ARP mapping for the teachers machine.

D. Name Resolution: NBTSTAT -c, NBTSTAT -R

00. Change to a static IP address. Using IPCONFIG /ALL, check to see if you have a WINS server and/or

DNS server specified. If you do, remove them and check again with IPCONFIG /ALL.

01. Display your TCP-IP Hostname.

02. Display your NETBIOS computer name.

Hostname Resolution

03. Change your hostname but not your NETBIOS name. (DO NOT DO THIS AT THE WORKPLACE!)

04. Ping the hostname. Ping the NETBIOS name. Are the names resolved?

Ping the hostname and NETBIOS name of another computer. Are the names resolved?

05. Add the target machine in 04 to the HOSTS file. Ping again. Is the name resolved?

06. Delete the HOSTS file. Install DNS. Make a domain called "NOTHING.COM". Configure DNS on your

machine so that you can ping the target hostname.

07. Add a CNAME record and show that you can ping this new name.

NETBIOS Name Resolution

08. Remove DNS from your machine (client and server).

09. Examine your NetBIOS name table. Clear the table if there are any entries.

10. Start capture in NM. Ping the instructor's machine by name. Examine the NetBIOS name table

again. NM stop capture. Find the NetBIOS name resolution frames in NM.

11. Send a message to another computer by name, then examine cache and name table again.

12. Clear the NETBIOS Name Table. Add a WINS server to your machine. Configure your machine

as a WINS client of this server. Ping the NETBIOS name of another machine. Display the WINS

resolution frames in NM.

13. Uncheck "DNS Resolution" in the WINS server client configuration dialog box. Ping another machine's

hostname. Is the name resolved?

14. Check "DNS Resolution" in the WINS server client configuration dialog box. Ping the other machine's

hostname again. Is the name resolved?

15. Change the hostname back to match the NETBIOS name.

E. Network Applications:

NETSTAT /R, NETSTAT /S, NETSTAT /P, NETMON

01. Examine the list of well-known ports.

02. Use NETSTAT to view ports. Open an FTP site. View ports again. End the FTP session.

03. Start Capture in Network monitor.

04. FTP to ftp.microsoft.com. Log on as anonymous and download a file. View the file.

05. End capture. Filter the packets so that you only see frames to and from Microsoft.

Minimize the Mac Address and Time columns. You should be able to identify:

a. Establishment of TCP-IP session. (ACK and SYN)

b. FTP client request for file.

c. Server response with file data.

d. End session.

06. Install CuteFTP and repeat 04.

07. Telnet to rainmaker.wunderground.com, get the NYC weather forecast, and

make a web page out of it.

08. Install a telnet server on your machine (Resource Kit). Telnet to some other student machines.

09. Access Usenet (e.g. msnews.microsoft.com). Read some articles from different groups.

10. Install a News Server on your intranet. Set up some new groups. Set up at least

one moderated group.

F. WWW:

00. Convert your system partition to NTFS.

01. Install a web (intranet) server.

02. Using notepad, create an html page named mypage.htm. Put it on your intranet site and surf to it.

03. Display the directory of your website in the browser.

04. Make mypage.htm be a default page. Display in browser without typing file name.

05. Create a virtual directory, create another html page in the virtual directory, display in browser.

06. Create a second site running on a different port, create page and display in browser.

07. Create a third site running on a different IP address. Create a page and display in browser.

08. Create a fourth site identified by a different name (DNS). Create page and display in browser.

09. Create an html page using Frontpage Express.

10. Download the class home page and put it on your intranet. Change some of the content.

11. Use Telnet to fetch a page from the class site.

12. Download the Html Examples page from the class site and install the first 5 example html

pages on your internet.

13. Install and test the SSI example from the Html Examples page.

14. Install and test the first two ASP examples from the Html Examples page.

15. Set up an ODBC database for the third ASP example and install the ASP page. Test.

16. Create your own ODBC database using the Text driver. Create an ASP page to access your

database.

17. Apply for a Thawte free certificate.

18. Install and test the ASP certificate example on your intranet.

20. Install Dreamweaver demo. Install Paintshop Pro demo.

21. Create a page with layers, mouseovers, and softshadow graphics.

22. Download and install perl for win32.

23. Create a form. Install a cgi script on your server to email you the data in the form.

Desktop Optimization

Diskuse

Perf monitor disk tools disk usage

performance monitor

ipconfig

netstat

nbtstat

route

tracert

arp

lmhosts

hosts

dns

wins

network applet

NTRK

pulist

tlist

rkill

sclist = list services

showdisk

disk use

== NT Workstation and Server Checklist

Skills Checklist

General:

__ Install

__ Registry

Command Line:

__ Net util: ping, ipconfig, ipconfig /all

__ Net use, net user, net send

__ batch files (e.g. XCOPY /S /D)

Control Panel:

__ System applet

__ Server applet

__ Display

__ Network

__ Printers

__ Services

__ Telephony

Administrative Tools

__ User Manager

__ Event Viewer

__ Server Manager

__ Backup

__ Disk Administrator

__ Network Client Administrator

__ Performance Monitor

__ System Policy Editor

__ User Manager for Domains

__ Win NT Diagnostics

Explorer Dialogs:

__ Configure

__ Partion size, format type

__ Resource permissions

__ Resource auditing

__ Resource sharing

__ Network Monitor

__ Net util: ping, ipconfig, nbtstat, route, arp

folders project1, project2

xFrom both machines, test that the domain logon banner.

xMake a logon script that will delete all scheduled jobs and add a new one to backup all

x files in the Public Share to \\instructor1\backup. (xcopy /s /d)

Add the following groups and users:

User: one for each student at table.

Global groups: MyTable, Guests from Table1, Guests from Table2 etc.

Local groups: Clearance Level 0, Clearance Level 1

======================================

make folder for yourself on the teachers machine

put the lab page in the folder