Adalia Mahabir

Trimester III
Information Technology Networking System
Module-21001: Administering Windows
Server 2012 R2
Individual Competency
 Competency Assessment
For my individual assessment I were to use, Microsoft Windows Server 2012 R2
and Microsoft Server Manager to complete the following steps.

Task 1: Install and Configure BitLocker Drive Encryption role and perform the
initial configuration of BitLocker Policies.

Task 2: Using Server Manager Install and Configure Network Policy and Access
Services Role and configure NPS for radius server for VPN connections.

Task 3: Using Group Policy Management configure the Precedence of a Group

Policy Object (GPO)

Before I begin the process of completing any of the tasks above I cleared my
workspace making sure that my task are performed safely, I will first install and
configure the AD DS role in order to access some features available.
The Installation and Configuration of AD DS
Within a windows server 2012 R2, I opened the server manager and clicked on
Add roles and features

The Add roles and features wizard opened , I clicked next on the before you begin
page.
I selected the Role-based or feature-based Installation , on the select installation
type page.

I left the selected destination server as is and clicked next.

On the select server role page I selected Active Directory Domain Services and
clicked next.

For both features and ADDS pages I clicked next to continue. Fast forwarding to
the confirm installation selection I clicked install.
I waited for the role to be installed , then I closed the page

To begin Configuring AD DS
I clicked on the flag icon on the menu bar, and then I selected promote this server
to a domain controller

The active directory domain services configuration wized opened. And I began by
added a new forest named ADALIAM.internal and I clicked next.
On the domain controller options page I assigned a password “Password123”
confirmed it and clicked next.

On the DNS Options page I clicked next.

On the additional option page I clicked next.

On the paths page I specified and double checked the folders then I clicked next.
I reviewed the generated information on the review options page and clicked next.
After all the prerequisites checks were done I clicked install. The computer then
restarted.

NOTE: if there are errors with the prerequisite checks, verify your internet
connection.
When the computer restarted, I signed in my domain account and began the first
task of my practical I was to Install and Configure BitLocker.
To do this I firstly used the used the Add roles and features button in the server
manager to install BitLocker. (The same steps for installing AD DS can be
utilized), on the features page I selected BitLocker Drive Encryption, added it
features and clicked next, then I installed using the Install Button.
After the install was finished, I was prompted to restart the installation to complete
the process. Then I began the configuration process using the Group Policy
Manager. Using the tools button on the menu bar I located the Group policy
management

On the Group Policy management page I expanded the Forest >Domains >
ADALIAM.internal

Next, I right-clicked on Default Domain Policy and selected edit.

The Group Policy Management Editor page opened, below Computer
configuration I expanded Policies> Administrative Templates

Where I saw Windows Components I expanded it and looked for BitLocker Drive
Encryption and clicked on the expand arrow.
I began enabling the following to configure BitLocker. On the ones I wanted to
configure i double-clicked to open them
On the Fixed Data Drives Folder, I enabled: “Configure use of hardware-based
encryption for fixed data drives” and clicked Apply.

In the Operating System drives Folder, I firstly enabled: “Require Additional

Authentication at Startup” and clicked Apply.
Secondly, I enabled: “Allow Enhanced PINS for startup” then I clicked Apply.
Lastly, I enabled: “Choose How BitLocker-protected operating system drives can
be recovered” and I clicked Apply.
After I had finished, I opened Windows PowerShell which was pinned to the task
bar of the computer and ran the: gpupdate command.

To turn on or enable BitLocker on my computer. Used the start menu to locate the
control panel.
(For the Instance that BitLocker Dive Encryption did not show, you may want to
refresh or restart you PC)
I opened the control panel and selected System and Security.
Then I located and selected BitLocker Drive Encryption

On the BitLocker Drive Encryption page I clicked Turn on BitLocker.

When the page opened I chose the option enter a password, and I set the Password
as P@ssword.
To back up my recovery key, I chose the option to save to a file .

The next page opened up in file explorer and I selected my flash drive and named
the text file “AM”. (My reason for saving the file to a flash drive , instead of the
computers desktop is dure to the encrypted server) and I clicked Save.

Continuing, I clicked next.

When the option to choose how much drive to encrypt page opened I clicked next.

On the are you ready to encrypt this drive page , I deselected the Run BitLocker
system check and pressed Start encrypting. A message at the botton of the screen
was shown,
To start the last task of my practical, began installing Network
After it was installed , I used the tools option on the menu bar and located Network
Policy Server.

I opened it, and within the network policy server , I firstly began by selecting a
configuration scenario using the down arrow. I selected “ Radius sever for Dial-up
or VPN Connections” all withing the standard configurations.
Next, I clicked on “Configure VPN or Dial-Up” highlighted in blue

On the configure VPN or Dial-Up page I chose the second option as seen below
and clicked next.
To specify Dial-Up or VPN Server , I used the Add button to add a Radius Client
The new Radiud client page opened and I added both Friendly name and IP
address.
To get this information, you can use the server manager’s local server tab
I typed the information and clicked ok. And the new radius client was seen, then I
clicked next.
On the configure authentication ments page I choose the option selected below and
clicked next
On the specify user group page I clicked next.
On the specify IP filters page I clicked next.

On the specify encryption settings page I clicked next. Making sure all the boxes
are checked.
On the specify a realm name page , I didn’t add a realm name . so I clicked next
In the completing of the new Dial-Up or Virtual Private Network Connection and
RADIUS Client page. I clicked finish to complete this task.
The final task of this practical I was to set precedence, to do this I used the Group
Policy management Role.