70-411 Module 10 - Configuring Encryption and Advanced Auditing

IT Daily 9 Mon
POSTED BY
ITDAILY9MON
POSTED ON
OCTOBER 13, 2014

POSTED UNDER
MCSA-LAB, WINDOWS SERVER 2012 R2

COMMENTS
LEAVE A COMMENT
Module 10: Configuring Encryption and

Advanced Auditing
Module 10: Configuring Encryption and Advanced Auditing
Lab: Configuring Encryption and Advanced
Auditing
Exercise 1: Using BitLocker® Drive Encryption to Secure Data Drives
Task 1: Use Group Policy to Prepare the Server for Implementing BitLocker
1. Log in to LON-DC1 as Adatum\Administrator with the password Pa$$w0rd.
2. In Server Manager, click Tools, and then click Group Policy Management.
3. In Group Policy Management, double-click Forest: Adatum.com, double-click Domains,
doubleclick
Adatum.com, expand Group Policy Objects, right-click the Default Domain Policy, and
then click Edit.
(https://itdaily9mon.files.wordpress.com/2014/10/image95.png)
4. In the Group Policy Management Editor, under Computer Configuration, expand Policies, expand
Administrative Templates, expand Windows Components, expand BitLocker Drive Encryption, and
then click Fixed Data Drives.
5. In the right pane, double-click the Choose how BitLocker-protected fixed drives can be recovered
setting.
6. In the Choose how BitLocker-protected fixed drives can be recovered window, click Enabled.
Ensure
that the checkbox next to the Save BitLocker recovery information to AD DS for fixed data
drives option is selected, click the Do not enable BitLocker until recovery information is stored
to AD DS for fixed data drives option, and then click OK.
7. Close the Group Policy Management Editor.
8. Switch to LON-SVR1.
9. If necessary, log in to LON-SVR1 as Adatum\Administrator with the password Pa$$w0rd.
10. Click Windows PowerShell on the taskbar.
11. At the Windows PowerShell® command prompt, run the gpupdate /force command.
12. Restart LON-SVR1.
Task 2: Enable BitLocker for a Data Drive
Add the BitLocker Drive Encryption feature
1. Log in to LON-SVR1 as Adatum\Administrator with the password Pa$$w0rd.
2. In Server Manager, click Manage, and then click Add Roles and Features.
3. In the Before you begin window, click Next.
4. In the Select installation type window, click Next.
5. In the Select destination server window, click Next.
6. In the Select server roles window, click Next.
7. In the Select features window, click BitLocker Drive Encryption. In the Add features that are
required for BitLocker Drive Encryption window, click Add Features, and then click Next.
8. In the Confirm installation selections window, click Restart the destination server automatically if
required, click Yes on the warning dialog box, and then click Install.
9. After restarting, log in to LON-SVR1 as Adatum\Administrator with the password Pa$$w0rd. The
BitLocker Drive Encryption installation progress should show that the installation succeeded within a
couple of minutes. Click Close once the installation succeeds.
Turn on BitLocker, and then validate that BitLocker is encrypting the data drive
1. Go to Control Panel, and then type BitLocker in the Search Control Panel search box.
2. In the search results, click BitLocker Drive Encryption. If you do not see BitLocker Drive
Encryption,
then restart LON-SVR1 again and go back to Step 1 to search Control Panel.
3. In the BitLocker Drive Encryption window, click the Down Arrow icon next to the drive F, and then
click Turn on BitLocker.
4. In the Choose how you want to unlock this drive window, click Use a password to unlock the
drive,
type the password Pa$$w0rd into the Enter your password text box and into the Reenter your
password text box, click to confirm, and then click Next.
5. In the How do you want to back up your recovery key window, click Save to a file.
6. In the Save BitLocker recovery key as window, navigate to E:\Labfiles\Mod10, and then click Save.
7. In the BitLocker Drive Encryption dialog box, click Yes to save the recovery key to the computer.
8. Click Next after the recovery key is saved to the file.
9. In the Are you ready to encrypt this drive window, click Start encrypting.
10. Click Close when the encryption is complete.
11. Click the Windows PowerShell button on the taskbar.
12. At the Windows PowerShell command prompt, run the manage-bde -status command to view the
current status. The F: volume should show “Protection On” as the protection status.
Task 3: Move the Data Drive to Another Server
1. In the Virtual Machine Connection window for LON-SVR1, click File, and then click Settings.
2. In the left pane, click Hard Drive under SCSI Controller. Note that the name of the virtual hard disk
(VHDX) file includes 20411D-LON-SVR1-Encrypted.
3. In the right pane, click Remove, and then click OK. If a Settings dialog box appears, click Continue
to remove the virtual hard disk.
4. Switch to LON-DC1.
5. In the Virtual Machine Connection window for LON-DC1, click File, and then click Settings.
6. In the left pane of the Settings window, click SCSI Controller.
7. In the right pane, click Hard Drive, and then click Add.
8. In the right pane, click Browse, browse to D:\Program Files\Microsoft
Learning\20411\Drives\20411DLON-
SVR1\Virtual Hard Disks\, click the .avhdx file, and then click Open.
9. Click OK. If a Settings dialog box appears, click Continue.
10. Right-click the Start menu, and then click Computer Management.
11. In the Computer Management window, click Disk Management.
12. In the list of disks, right-click Disk 2, and then click Online.
Task 4: Recover the Data
Add the BitLocker Drive Encryption feature on LON-DC1
1. Log in to LON-DC1 as Adatum\Administrator with the password Pa$$w0rd.
2. In Server Manager, click Manage, and then click Add Roles and Features.
3. In the Before you begin window, click Next.
4. In the Select installation type window, click Next.
5. In the Select destination server window, click Next.
6. In the Select server roles window, click Next.
7. In the Select features window, click BitLocker Drive Encryption. In the Add features that are
required for BitLocker Drive Encryption window, click Add Features, and then click Next.
8. In the Confirm installation selections window, click Restart the destination server automatically if
required, click Yes on the warning dialog box, and then click Install.
9. After restarting, log in to LON-DC1 as Adatum\Administrator with the password Pa$$w0rd. The
BitLocker Drive Encryption installation progress should show that the installation succeeded within a
couple of minutes. Click Close once the installation succeeds.
10. Go to Control Panel, and then type BitLocker in the Search Control Panel search box.
11. In the search results, click BitLocker Drive Encryption. If BitLocker Drive Encryption does not
appear
in the search results, click the Windows PowerShell icon on the taskbar, run the gpupdate /force
command, and then restart LON-DC1. Then, start again from Step 10.
Recover the data on LON-DC1
1. On LON-DC1, click the File Explorer button on the taskbar. Note that Local Disk (F:) is shown with
a
lock icon to indicate that the drive is locked with BitLocker.
2. Double-click the Local Disk (F:) drive.
3. In the BitLocker (F:) window, click More options. Note the option for entering a recovery key.
4. Leave the BitLocker window open, and then switch to Server Manager.
5. In Server Manager, click Tools and then click Active Directory Users and Computers.
6. In Active Directory Users and Computers, click View, and then click Advanced Features.
7. Right-click Adatum.com, and then click Find.
8. In the Find Users, Contacts, and Groups window, select Computers from the Find drop-down
menu.
9. In the Computer name field, type LON-SVR1, and then click Find Now.
10. In the search results, double-click LON-SVR1, and then click the BitLocker Recovery tab.
11. Bring up the BitLocker window, type the 48-digit recovery password into the recovery key field,
and
then click Unlock.
12. Go back to File Explorer and note that the drive F has an unlocked icon. The drive is now
unlocked
and data can be recovered.
Results: After completing this exercise, you will have configured Group Policy for BitLocker, enabled
BitLocker on a data drive, moved the data drive to a different server, and then prepared for
recovering
data from the drive.
Exercise 2: Encrypting and Recovering Files

Task 1: Update the Recovery Agent Certificate for the Encrypting File System (EFS)
1. On LON-DC1, in Server Manager, click Tools, and then click Group Policy Management.
2. In Group Policy Management, expand Forest: Adatum.com, expand Domains, expand
Adatum.com, and then click Default Domain Policy.
3. In the Group Policy Management Console dialog box, click OK to clear the message.
4. Right-click Default Domain Policy, and then click Edit.
5. In the Group Policy Management Editor window, under Computer Configuration, expand Policies,
expand Windows Settings, expand Security Settings, expand Public Key Policies, and then click
Encrypting File System.
6. Right-click the Administrator certificate, and then click Delete.
7. In the Certificates window, click Yes.
8. Right-click Encrypting File System, and then click Create Data Recovery Agent.
9. Read the information for the new certificate that was created. Notice that this certificate was
obtained
from AdatumCA.
10. Close the Group Policy Management Editor.
11. Close Group Policy Management.
Task 2: Update Group Policy on the Computers
1. On LON-DC1, on the taskbar, click Windows PowerShell.
2. At the Windows PowerShell prompt, type the following command, and then press Enter:
gpupdate /force
3. Close the Windows PowerShell Command Prompt window.
4. Switch to LON-CL1.
5. On LON-CL1, at the Start screen, type cmd, and then press Enter.
6. At the command prompt, type the following command, and then press Enter:
gpupdate /force
7. Close the Command Prompt window.
8. Sign out of LON-CL1.
Task 3: Obtain a Certificate for EFS
1. On LON-CL1, log in as Adatum\Doug with a password of Pa$$w0rd.
2. Click the Desktop tile, right-click the Start button, click Command Prompt, type MMC, and then
press Enter.
3. In the Console1 window, click File, and then click Add/Remove Snap-in.
4. In the list of available snap-ins, click Certificates, and then click Add.
5. In the Add Or Remove Snap-ins dialog box, click OK.
6. In the left pane, click Certificates – Current User, right-click Personal, point to All Tasks, and then
click Request New Certificate.
7. In the Certificate Enrollment wizard, click Next.

8. On the Select Certificate Enrollment Policy page, click Next to use the Active Directory®
Enrollment Policy.
9. On the Request Certificates page, select the Basic EFS check box, and then click Enroll.
10. On the Certificate Installation Results page, click Finish.
11. In the Console1 window, in the left pane, expand Certificates – Current User, expand Personal,
and
then click Certificates.
12. Read the certificate details, and note that it was issued by AdatumCA.
13. Close the Console1 window, and do not save the settings.
Task 4: Encrypt a File
1. On LON-CL1, open File Explorer, type \\LON-DC1\Mod10Share\Marketing in the address field,
and then press Enter.
2. Right-click DougFile, and then click Properties.
3. On the General tab, click Advanced.
4. In the Advanced Attributes dialog box, select the Encrypt contents to secure data check box, and
then click OK.
5. In the DougFile Properties dialog box, click OK.
6. In the Encryption Warning dialog box, click Encrypt the file only, and then click OK. Wait a few
seconds for the file to encrypt and the dialog box to close automatically.
7. Look at the color of the file name.
8. Close the File Explorer window.
9. Sign out of LON-CL1.
Task 5: Use the Recovery Agent to Open the File
1. On LON-DC1, on the taskbar, click the File Explorer button.
2. In File Explorer, browse to E:\Labfiles\Mod10\Mod10Share\Marketing.
3. Double-click DougFile.txt.
4. In Notepad, add some text to the file, click File, and then click Save.
5. Close Notepad, and then close File Explorer.
Results: After completing this exercise, you will have encrypted and recovered files.
Exercise 3: Configuring Advanced Auditing

Task 1: Create a Group Policy Object (GPO) for Advanced Auditing
1. On LON-DC1, open Server Manager, click Tools, and then click Active Directory Users and
Computers.
2. In Active Directory Users and Computers, right-click Adatum.com, click New, and then click
Organizational Unit.
3. Type File Servers, and then press Enter.
4. Click the Computers container, right-click LON-SVR1, click Move, click the File Servers
organizational unit (OU), and then click OK.
5. In Server Manager, click Tools, and then click Group Policy Management.
6. In Group Policy Management, expand Forest: Adatum.com, expand Domains, expand
Adatum.com, click and then right-click File Servers, and then click Create a GPO in this domain
and Link it here.
7. In the New GPO window, type File Audit, and then press Enter.
8. Double-click the Group Policy Objects container, right-click File Audit, and then click Edit.
9. In the Group Policy Management Editor, under Computer Configuration, expand Policies, expand
Windows Settings, expand Security Settings, expand Advanced Audit Policy Configuration,
expand Audit Policies, and then click Object Access.
10. Double-click Audit Detailed File Share.
11. In the Properties dialog box, select the Configure the following audit events check box.
12. Select both the Success and Failure check boxes, and then click OK.
13. Double-click Audit Removable Storage.
14. In the Properties dialog box, select the Configure the following audit events check box.
15. Select both the Success and Failure check boxes, and then click OK.
16. Close the Group Policy Management Editor and the Group Policy Management Console.
17. Restart LON-SVR1.
18. Log in to LON-SVR1 as Adatum\Administrator with a password of Pa$$w0rd.
Task 2: Verify Audit Entries
1. Log in to LON-CL1 as Adatum\Allan with a password of Pa$$w0rd.
2. On the Start screen, type \\LON-SVR1\Mod10, and then press Enter.
3. Double-click testfile to open it in Notepad.
4. Close Notepad.
5. Switch to LON-SVR1.
6. On LON-SVR1, in Server Manager, click Tools, and then click Event Viewer.
7. In Event Viewer, double-click Windows Logs, and then click Security.
8. Double-click one of the log entries with a Source of Microsoft Windows security auditing, and a
Task Category of Detailed File Share.
9. Click the Details tab, and then note the access that was performed.
Task 3: To Prepare for the Next Module

When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. In the Virtual Machines list, right-click 20411D-LON-DC1, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat these steps for 20411D-LON-SVR1 and 20411D-LON-CL1.
Results: After completing this exercise, you will have configured advanced auditing.
Advertisements
Report this ad
Report this ad
Blog at WordPress.com.

70-411 Module 10 - Configuring Encryption and Advanced Auditing

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

70-411 Module 10 - Configuring Encryption and Advanced Auditing

Diunggah oleh

Hak Cipta:

Format Tersedia

IT Daily 9 Mon

OCTOBER 13, 2014

MCSA-LAB, WINDOWS SERVER 2012 R2

Module 10: Configuring Encryption and

Exercise 2: Encrypting and Recovering Files

7. In the Certificate Enrollment wizard, click Next.

Exercise 3: Configuring Advanced Auditing

Task 3: To Prepare for the Next Module

Anda mungkin juga menyukai