100%(3)3 out of 3 people found this document helpful
This preview shows page 1 - 4 out of 17 pages.
MOAC 70-412: Configuring Advanced Windows Server 2012 R2 ServicesLAB 6IMPLEMENTING DYNAMIC ACCESS CONTROLTHIS LAB CONTAINS THE FOLLOWING EXERCISES AND ACTIVITIES:Exercise 6.1Using Dynamic Access Control (DAC)Exercise 6.2Implementing a Central Access PolicyLab ChallengePerforming Access-Denied RemediationBEFORE YOU BEGINThe lab environment consists of student workstations connected to a local area network, along with a server that functions as the domain controller for a domain called contoso.com. The computers required for this lab are listed in Table 6-1.
MOAC 70-412: Configuring Advanced Windows Server 2012 R2 ServicesTable 6-1Computers required for Lab 6ComputerOperating SystemComputer NameServer (VM 1)Windows Server 2012 R2RWDC01Server (VM 2)Windows Server 2012 R2Server01In addition to the computers, you will also require the software listed in Table 6-2 to complete Lab 6. Table 6-2Software required for Lab 6SoftwareLocationLab 6 student worksheetLab06_worksheet.docx (provided by instructor)Working with Lab WorksheetsEach lab in this manual requires that you answer questions, shoot screen shots, and perform other activities that you will document in a worksheet named for the lab, suchas Lab06_worksheet.docx. You will find these worksheets on the book companion site. It is recommended that you use a USB flash drive to store your worksheets, so you can submit them to your instructor for review. As you perform the exercises in each lab, open the appropriate worksheet file, fill in the required information, and savethe file to your flash drive. After completing this lab, you will be able to:Enable and configure DACCreate and implement a Central Access PolicyEnable Access-Denied AssistantEstimated lab time: 90 minutesExercise 6.1Using Dynamic Access Control (DAC)OverviewIn this exercise, you will configure Dynamic Access Control by enabling KDC support for claims and creating a resource property and resource rule. MindsetHow does Dynamic Access Control allow you to secure files for an organization?Completion time40 minutes
MOAC 70-412: Configuring Advanced Windows Server 2012 R2 Services1.Log in to RWDC01 as contoso\administratorwith the password of Pa$$w0rd.2.In Server Manager, click Tools>Group Policy Management. 3.In the Group Policy Management console, expand Forest: contoso.com \Domains\contoso.com and then expand Domain Controllers. Then right-click Default Domain Controllers Policy and choose Edit.4.In the Group Policy Management Editor, navigate to Computer Configuration\Policies\Administrative Templates\System\KDCand double-click KDC support for claims, compound authentication, and Kerberos Armoring.5.Click Enabled. Under Options, Supported is already selected.6.Take a screen shot of theKDC support for claims, compound authentication and Kerberos Armoring dialog box by pressing Alt+Prt Scr and then paste it into your Lab 6 worksheet file in the page provided by pressing Ctrl+V.