Lab 8 Configuring Remote Access

Lab 8 Configuring Remote Access

Services Configuring

Lab Assessment 3 Requirements:

You are given time until Thursday 11:30pm to complete Lab 8 on a provided platform independently without assistance from other people including your Lab Tutor and classmates:

Rename this word document as Lab_Assessment_3_YourName_YourID.docx where YourName is your real name and YourID is your VU Student ID with s.

In this lab assessment, you are required to INSERT 22 captured screens (with figure captions) and answer 2 questions. All screen shots must show date and time from Azure VM task bar. Each picture is worth 4 points and each answer worth 6 points, and make up a total of 100 points.

Capture the required screenshots and insert them underneath their step instructions. Then save to your file. Marks will be subject to quality of screenshots and figure captions.

Upon completion, upload the following two files via dropbox on VU Collaborate:

CoES Assignment Cover Sheet and

Lab_Assessment_3_YourName_YourID.docx

Late Submission Penalty

< 1 day 20 points

1-3 days 30 points each day

After 3 days 0 (zero) mark

Deduction

Missing Cover Sheet 10 points

Wrong file name 10 points

Combined cover sheet file with Lab Assessment file 10 points

Missing figure numbers (step numbers) 10 points

Missing figure captions 10 points

Captured screens without VM task bar up to 50 points

You must complete Lab 3 to do some Lab activities.

Task 3 Activity

Activity 8-1: Installing Network Policy and Access Services and Remote Access

Objective: Learn how to install the Network Policy and Access Services and Remote Access roles.

Description: VPN servers enable remote users to access a Windows Server 2016 server through using secure tunneling protocols. In this activity, you install the Network Policy and Access Services role along with the Remote Access role as a first step in implementing a VPN server.

Requirements: Take Screenshots on Steps 1.8, 1.14, 1.24 and 1.31. Capture Screens before Click Next/OK.

1.0Open PowerShell prompt, type: date; ipconfig (two commands in one line) as below. PressEnter.

Figure 1.0 Windows Server 2016 Info 1Capture your screen with date and time from Azure VM task bar, replace the above and save to your file.

1.1Open Server Manager, if it is not open.

1.2Click Manage and click Add Roles and Features.

1.3If you see the Before you begin window, click Next.

1.4In the Select installation type window, ensure Role-based or feature-based installation is selected. Click Next.

1.5Your server should be selected in the Select destination server window. Click Next.

1.6Click the check box for Network Policy and Access Services.

1.7Click Add Features to install the Network Policy and Access Services Tools in the Add Roles and Features Wizard dialog box.

1.8Click the check box for Remote Access in the Select server roles window. The Network Policy and Access Services and Remote Access roles should now be selected.

1.9Click Next in the Select features window.

1.10Read the introductory information in the Network Policy and Access Services window. Click Next.

1.11Read the introductory information in the Remote Access window. Click Next.

1.12Click the box for DirectAccess and VPN (RAS) in the Select role services window.

1.13Click Add Features in the Add Roles and Features Wizard dialog box.

1.14Click Next in the Select role services window.

1.15Click Install.

1.16Make sure the installation succeeded in the Installation progress window and then click Close.

1.17Open Server Manager, if it is not open.

1.18Click the exclamation point near Manage in the top part of the window.

1.19Click Open the Getting Started Wizard.

1.20In the Configure Remote Access window, select Deploy VPN only.

1.21In the Routing and Remote Access window, right-click the server and click Configure and Enable Routing and Remote Access.

1.22Click Next.

1.23You can select from five options. Click Custom configuration. Click Next.

1.24Click VPN access.

1.25Click Next.

1.26Click Finish.

1.27If you see the Routing and Remote Access box, click OK.

1.28Click Start service to start the Routing and Remote Access service. (Wait for a while to start the service, and then go to next step, maybe around 30s)

1.29Click Local Server from Server Manager in the left pane and in the right pane within the PROPERTIES box, click the Windows Firewall parameter, such as Domain: On.

1.30In the Windows Firewall window, click Allow an app or feature through Windows Firewall.

1.31In the Allowed apps window scroll to find Remote Access and ensure there is a check in its box and in the boxes for Domain, Private, and Public. Check the boxes for Routing and Remote Access and for Secure Socket Tunneling Protocol, if they are not checked. Make sure that Domain, Private, and Public are checked for these as well. Click OK.

1.32Close the Windows Firewall window.

Activity 8-2: Configuring a DHCP Relay Agent

Objective: Set up a DHCP relay agent.

Description: In this activity, you configure the VPN server you set up to be a DHCP relay agent. Because you have already set up your server as a DHCP server in Activity 7, you can use the IP address of your server. Or ask your instructor what address to use for the DHCP server. (If you dont know the address of your server, click Start and click the Windows Power- Shell tile, enter the command ipconfig, and record the IPv4 address.)

Requirements: Take screenshots on Steps 2.4, 2.5, 2.12, 2.18, 2.20, 2.25, and answer question on Step 2.22. Capture Screens before Click Next/OK.

2.0Open PowerShell prompt, type: date; ipconfig /all (two commands in one line) as below. PressEnter.

Figure 2.0 Windows Server 2016 Info 2Capture your screen with date and time from Azure VM task bar, replace the above and save to your file.

2.1Access the Routing and Remote Access window, or if it is closed, access Server Manager, click Tools, and click Routing and Remote Access.

2.2Double-click the name of the server in the tree in the left pane, if the items under the name are not displayed.

2.3Double-click IPv4 in the tree.

2.4In the left pane, right-click DHCP Relay Agent, and click Properties.

2.5In the Server address box within the DHCP Relay Agent Properties window, enter the IP address of the DHCP server and click Add. (If the DHCP servers address has already been added automatically, you dont need to put it in; otherwise add your current servers private IP address)

2.6Click OK.

2.7Make sure the Routing and Remote Access window is open and that you see DHCP Relay Agent in the tree under IPv4.

2.8Click DHCP Relay Agent in the tree.

2.9In the right pane, right-click the interface, such as Internal and click Properties. (If no interface is shown, right-click DHCP Relay Agent, click New Interface, click an interface such as Internal, click OK, click OK, right-click the interface in the right pane, and click Properties.)

2.10Be certain that the Relay DHCP packets box is checked.

2.11In the Hop-count threshold text box, enter 2 for this activity. Note that the maximum number you can enter is 16.

2.12If necessary, set the Boot threshold (seconds) value at 4 (the default). This parameter is used to give the DHCP server on the local network time to respond (in this case, four seconds) before a DHCP server on a remote network is contacted.

2.13Click OK.

2.14Go to left panel of Routing and Remote Access window, click your server.

2.15Make sure that the tree is expanded to show the elements under the server.

2.16First click (to activate, if necessary) and then right-click the folder for Remote Access Logging & Policies and click Launch NPS.

2.17Be sure that the Network Policies folder in the left pane is highlighted, or click it if it is not.

2.18In the right pane, right-click Connections to Microsoft Routing and Remote Access server and click Properties.

2.19The Overview tab is displayed. In the Access Permission section, notice that access to the VPN server is denied by default. Click Grant access. Grant access if the connection request matches this policy.

2.20Under the Network connection method section, make sure that Type of network access server is selected. Click the down arrow for the box associated with this option and click Remote Access Server (VPN-Dial up).

2.21Click the Constraints tab.

2.22In the left pane under Constraints, if necessary click Authentication Methods. Under EAP Types, notice that the two default selections are Microsoft: Secured password (EAP- MSCHAP v2) and Microsoft: Smart Card or other certificate. What options are selected by default under Less secure authentication methods?

2.23In the left pane, click Idle Timeout. In the right pane, click Disconnect after the maximum idle time. Enter 30 in the box to configure this for 30 minutes. This action disconnects users who have been idle and helps reduce the connection load on the server.

2.24Click Day and time restrictions in the left pane. In the right pane, click Allow access only on these days and at these times.

2.25Click the Edit button in the right pane. Notice that all of the times are blocked out as Permitted. Click the left most block under 12 for the Sunday row of times and drag your pointing device to block all of Sunday. Click Denied. Next, click the left most block for the Saturday row of times and drag the cursor to highlight the entire row. Click Denied. This action secures the VPN server so that it cannot be accessed on the weekends. Click OK.

2.26Click NAS Port Type in the left pane. Under Common dial-up and VPN tunnel types, click Virtual (VPN). Also, under Common 802.1X connection tunnel types, make the selection appropriate to your type of network, such as Ethernet.

2.27Click the Conditions and then the Settings tabs to see what they offer.

2.28Click OK in the Connections to Microsoft Routing and Remote Access server Properties window to save your changes.

2.29Close the Network Policy Server window.

2.30Close the Routing and Remote Access window.

Activity 8-3: Installing and Configuring Remote Desktop Services

Objective: Learn how to install the Remote Desktop Services role.

Description: Using Remote Desktop Services can save a company money on client computer hardware, and it can be used for secure remote communications as an alternative to a VPN/ DirectAccess server. Further, it offers a sound way to manage which applications users can access and how they use the applications. In this activity,

you install the Remote Desktop Services role. Youll need to restart the server after you install the role.

Requirements: Take screenshots on Steps 3.14, 3.23, 3.24, 3.27, 3.30, 3.32, 3.36, 3.45 and 3.53, and answer question in Step 3.37. Capture Screens before Click Next/OK.

3.0Open PowerShell prompt, type: date; ipconfig /all (two commands in one line) as below. PressEnter.

Figure 3.0 Windows Server 2016 Info 3Capture your screen with date and time from Azure VM task bar, replace the above and save to your file.

3.1Open Server Manager, if it is not open.

3.2Click Manage and click Add Roles and Features.

3.3If you see the Before you begin window, click Next.

3.4Use Role-based or feature-based installation in the Select installation type window and click Next.

3.5Make sure your server is highlighted in the Select destination server window and click Next.

3.6In the Select server roles window, click the check box for Remote Desktop Services and click Next.

3.7In the Select features window click Next.

3.8Review the information about Remote Desktop Services and click Next.

3.9In the Select role services window, click the check box for Remote Desktop Connection Broker.

3.10Click the check box for Remote Desktop Web Access.

3.11In the Add Roles and Features Wizard dialog box, click Add Features.

3.12Click the check box for Remote Desktop Session Host.

3.13In the Add Roles and Features Wizard dialog box, click Add Features.

3.14Review your choices in the Select role services window and click Next.

3.15In the Confirm installation selections window, click Install.

3.16Click Close when you see the message that you need to restart the server (under the blue bar).

3.17Right-click the Start button, point to Shut down or sign out, and click Restart.

3.18Specify the reason for the restart and click Continue. Wait for the server to restart and sign back in.

3.19Open Server Manager, if necessary.

3.20Click Manage and click Add Roles and Features.

3.21If you see the Before you begin window, click Next.

3.22Click Remote Desktop Services installation and click Next.

3.23Ensure Standard deployment is selected in the Select deployment type window. Click Next.

3.24Click Session-based desktop deployment in the Select deployment scenario window and click Next.

3.25In the Review role services window, notice that the role services listed are those you selected earlier: Remote Desktop Connection Broker, Remote Desktop Web Access, and Remote Desktop Session Host. Click Next.

3.26Use your server as the selected broker server in the Server Pool box within the Specify RD Connection Broker server window; and, if necessary, click the right- pointing arrow between the boxes to add your server to the Selected box. Click Next.

3.27Ensure your server is selected in the Specify RD Web Access server window in the Server Pool box. Click the right-pointing arrow between the boxes to add your server to the Selected box. Click Next.

3.28Be sure your server is selected in the Specify RD Session Host servers window in the Server Pool box. Click the right-pointing arrow between the boxes to add your server to the Selected box. Click Next.

3.29In the Confirm selections window, click the check box for Restart the destination server automatically, if required. Click Deploy.

3.30In the View progress window, wait for the three role services to finish installing. Click Close.

3.31Restart the server. Right-click the Start button, point to Shut down or sign out, and click Restart. Specify the reason for the restart and click Continue.

3.32Open Server Manager, if it is not open. In the left pane, click Remote Desktop Services to see the Overview window. (You may need to click Remote Desktop Services again after it connects.)

3.33Notice that in the QUICK START section you have already completed the first step, which is to set up the RDS deployment. Also, you can decide to add RD session host servers or virtualization host servers (additional servers) in the second step, and you can create session collections or virtual desktop collections in the third step, which consists of pointing to disks that contain user profiles to be used. In this activity, we omit these last two steps because you can still have a basic setup without them.

3.34Click the down-arrow for TASKS for the DEPLOYMENT OVERVIEW box, and click Edit Deployment Properties.

3.35In the Configure the deployment box, leave Do not use an RD Gateway server selected as the default.

3.36In the left pane, click RD Licensing. For this activity, select Per User.

3.37Click RD Web Access in the left pane. What server is the default selection for web access?

3.38In the left pane, click Certificates. The Manage certificates window enables you to configure a certificate for security and to specify the certificate level.

3.39Click OK in the Deployment Properties window.

3.40In the DEPLOYMENT OVERVIEW box, notice that you can further configure RD Gateway (with a green plus sign) to add an RD gateway to the deployment. Also, you can further con- figure RD Licensing to add additional licensing servers.

3.41In the left pane of Server Manager, click Remote Desktop Services.

3.42Click Collections on the left side of the window.

3.43At the top of the window, click the down arrow for TASKS in the COLLECTIONS section and click Create Session Collection.

3.44In the Before you begin window, click Next.

3.45In the Name the collection window, enter a name for the collection, such as RDS plus your initials, such as RDSJR. Click Next.

3.46In the Specify RD Session Host servers window, click the right-pointing arrow between the boxes to add your server to the Selected box. Click Next.

3.47In the Specify user groups window, use the default Domain Users security group and click Next.

3.48In the Specify user profile disks window, remove the check from the box for Enable user profile disks. Click Next.

3.49In the Confirm selections window, click Create.

3.50In the View Progress window, wait for the progress bars to complete and then click Close.

3.51Now in Server Manager, the collection you created appears under Collections in the left side of the window. Click the collection, such as RDSJR.

3.52At the top of the REMOTEAPP PROGRAMS box, click the down-arrow for TASKS and click Publish RemoteApp Programs.

3.53Wait for a moment as the system finds programs that can be published and then scroll through the programs.

3.54Click the check box for Paint in the Select RemoteApp programs window. Click Next.

3.55In the Confirmation window, click Publish.

3.56In the Completion window, click Close.

3.57Notice that the Paint program appears in the REMOTEAPP PROGRAMS box in Server Manager.

3.58Close Server Manager.

Congratulations! You reach the end of Lab Assessment 3. Logon VU Collaborate and upload two separated files:

CoES Assignment Cover Sheet

Lab_Assessment_3_YourName_YourID.docx

via dropbox.

Turn off your virtual machine on a provided platform.