Dear All



This is My Fourteenth Video in My "Star trek lab" in English Audio That Discuss the Following



A Small Recap of What We Have Done With the DFS Naming Space and Folders they point to on the File server and Different NTFS and SMB Permissions on the Folders



Still Working with the DFS Naming Space and Add More Folders in it which points to More Folder Targets on the File Server.



Join a Workstation to the Domain and Test the DFS Naming Space Network Mapped Drive



Access the Workstation with a user From Engineering Department to Test the access based Enumeration option and See if we can see only the Engineering Department in the DFS Naming Network Mapped Drive.



https://www.youtube.com/watch?v=ncKGxSQ72tw

Dear All



This is My Fourteenth Video in My "Star trek lab" in Arabic Audio That Discuss the Following



A Small Recap of What We Have Done With the DFS Naming Space and Folders they point to on the File server and Different NTFS and SMB Permissions on the Folders



Still Working with the DFS Naming Space and Add More Folders in it which points to More Folder Targets on the File Server.



Join a Workstation to the Domain and Test the DFS Naming Space Network Mapped Drive



Access the Workstation with a user From Engineering Department to Test the access based Enumeration option and See if we can see only the Engineering Department in the DFS Naming Network Mapped Drive.



https://www.youtube.com/watch?v=p5rmok4Ckw8

Dear All



This is My Fifteenth Video in My "Star trek lab" in English Audio That Discuss the Following



Create Active Directory User Home Folder For all of the Users in the Domain Using PowerShell script



Create a Second DFS Naming Space To Point to the ColumbiaNX02 Folders on the File Server and Create Subfolders in it to point to different Target Subfolders in the ColumbiaNX02 Folder (Should Be done for all ships Folder)



The First DFS Naming Space Was Pointing to Allships Folder on the File server which is a global Folder all Ships can Access and and it is mapped as a network drive also using Group Policy As Letter M



Create An Entry in the Mapping Group Policy To Create A mapped Network drive to map the Second DFS Naming Space and Assign it the Columbia users as Letter N



https://www.youtube.com/watch?v=cYoT3hG_bok

Dear All



This is My Fifteenth Video in My "Star trek lab" in Arabic Audio That Discuss the Following



Create Active Directory User Home Folder For all of the Users in the Domain Using PowerShell script



Create a Second DFS Naming Space To Point to the ColumbiaNX02 Folders on the File Server and Create Subfolders in it to point to different Target Subfolders in the ColumbiaNX02 Folder (Should Be done for all ships Folder)



The First DFS Naming Space Was Pointing to Allships Folder on the File server which is a global Folder all Ships can Access and and it is mapped as a network drive also using Group Policy As Letter M



Create An Entry in the Mapping Group Policy To Create A mapped Network drive to map the Second DFS Naming Space and Assign it the Columbia users as Letter N



https://www.youtube.com/watch?v=RKYExKDVLJk

الجروب خاص بكل من هو مهتم بمجال الIT او يعمل في مجال الIT والجروب سبب عمله الاتي التواصل مع الناس الخبرة في المجال وكمان اي حد محتاج كورس معين نساعده بشكل فري من غير فلوس وكمان اي حد عنده معلومة او كورس مجاني في مجالنا وحابب يشارك يقدر يشاركه معاناhttps://t.me/itcommunitygroup

Dear All



This is My Sixteenth's Video in My "Star trek lab" in English Audio That Discuss the Following



Create a Group Policy To Add Every Active Directory IT Group for every spaceship in every local administrator group in every workstation in the ship to have full control for example colnx02_IT will be Members of Local Administrators Group in every computer on the ship ColumbiaNX02 in addition of course to Domain Admins that Starcom_IT (Main Office IT) is a Member of IT



Create a Group Policy to Restrict Every Users in Every Spaceship to Access only their Computers in the Ship



Test These Group Policies on a Recently created Virtual machine that has Joined the Domain



https://www.youtube.com/watch?v=jyZSNs04rHU

Dear All



This is My Sixteenth's Video in My "Star trek lab" in Arabic Audio That Discuss the Following



Create a Group Policy To Add Every Active Directory IT Group for every spaceship in every local administrator group in every workstation in the ship to have full control for example colnx02_IT will be Members of Local Administrators Group in every computer on the ship ColumbiaNX02 in addition of course to Domain Admins that Starcom_IT (Main Office IT) is a Member of IT



Create a Group Policy to Restrict Every Users in Every Spaceship to Access only their Computers in the Ship



Test These Group Policies on a Recently created Virtual machine that has Joined the Domain



https://www.youtube.com/watch?v=ksA6E5mWgtk

Dear All



This is My Seventeenth's Video in My "Star trek lab" in English Audio That Discuss the Following



To continue from where we stopped in the previous video we have joined a pc to the domain and put it in the Columbia NX02 organizational Unit (ColumbiaNX02 Ship)



Add the Network Card MAC Address of the Virtual Machine to the Allow Filter in the DHCP so it can take IP address from the DHCP and also then we can join it the Domain



Test the GPO that Will Put the ColumbiaNX02 IT Group in the Local Administrators group in the PC Using a User Called ColumbiaNX02 AI IT Admin which is a member of Columbia IT Active Directory Group



Test the Group Policy That Will Restrict Columbia_Allspecies Group To Logon Locally to the PC's in ColumbiaNX02 Organizational Unit Using a user Called James Kirk Which is a Member of Columbia_Allspecies Group This Group Contains all of the Users in the ColumbiaNX02 Organizational Unit



Log on with a User Called Rom from the Deep Space 9 Ship or Organizational Unit and see if he can log on to the PC in the Columbia Ship or Organizational Unit



James Kirk can see the DFS one (All Ships Share ) and Two (Columbia Ships Share )as Mapped Drives M and N and he can see his Active Directory Home Folder as L



https://www.youtube.com/watch?v=twk08UD0LgU

Dear All



This is My Seventeenth's Video in My "Star trek lab" in Arabic Audio That Discuss the Following



To continue from where we stopped in the previous video we have joined a pc to the domain and put it in the Columbia NX02 organizational Unit (ColumbiaNX02 Ship)



Add the Network Card MAC Address of the Virtual Machine to the Allow Filter in the DHCP so it can take IP address from the DHCP and also then we can join it the Domain



Test the GPO that Will Put the ColumbiaNX02 IT Group in the Local Administrators group in the PC Using a User Called ColumbiaNX02 AI IT Admin which is a member of Columbia IT Active Directory Group



Test the Group Policy That Will Restrict Columbia_Allspecies Group To Logon Locally to the PC's in ColumbiaNX02 Organizational Unit Using a user Called James Kirk Which is a Member of Columbia_Allspecies Group This Group Contains all of the Users in the ColumbiaNX02 Organizational Unit



Log on with a User Called Rom from the Deep Space 9 Ship or Organizational Unit and see if he can log on to the PC in the Columbia Ship or Organizational Unit



James Kirk can see the DFS one (All Ships Share ) and Two (Columbia Ships Share )as Mapped Drives M and N and he can see his Active Directory Home Folder as L



https://www.youtube.com/watch?v=frqvsQWtt08

Dear All



This is My Eighteenth's Video in My "Star trek lab" in English Audio That Discuss the Following



Create DAC (Dynamic Access Control) Rule to Limit Access to Certain Files Based on the Users Active Directory attribute (Department and Title) and Active Directory Computer Attribute (Location)



Add Location Attribute To All Active Directory Computer Objects in the Domain Using Powershell Script



Add NTFS Permissions to the Columbia Share Folders Which is Mapped Using DFS Naming Space by Powershell Script



Import the Active Directory Attributes (Department and Title and Location) to the File Server Classification Configuration and Tag Files With these Attributes (Used as Classification Types)



Active the Claim Option So the DAC Rules can work Using Group Policy and this Should be Applied To any File Server if there is multiple file servers



https://www.youtube.com/watch?v=8C5ZVuzFyu8

Dear All



This is My Eighteenth's Video in My "Star trek lab" in Arabic Audio That Discuss the Following



Create DAC (Dynamic Access Control) Rule to Limit Access to Certain Files Based on the Users Active Directory attribute (Department and Title) and Active Directory Computer Attribute (Location)



Add Location Attribute To All Active Directory Computer Objects in the Domain Using Powershell Script



Add NTFS Permissions to the Columbia Share Folders Which is Mapped Using DFS Naming Space by Powershell Script



Import the Active Directory Attributes (Department and Title and Location) to the File Server Classification Configuration and Tag Files With these Attributes (Used as Classification Types)



Active the Claim Option So the DAC Rules can work Using Group Policy and this Should be Applied To any File Server if there is multiple file servers



https://www.youtube.com/watch?v=7Sfx1JsRRx4

Dear All



This is My Nineteenth's Video in My "Star trek lab" in English Audio That Discuss the Following



Open the Active Directory Administrative Center To Begin Configuring the DAC Rules



The DAC (Dynamic Access Control) Rule Consists of Four Parts



Claim Types (Department , Title , Location ) Which is The Attribute Which we Will use From Active Directory To Control Access To Files and Tag the Files on the File server and import Them to File Server as Classification Types



Use PowerShell script to import the claim types to the File server in the section of classification properties (Classification File Type).



Tag the Files with Attributes Through Classification Rules or Manual



Resource Properties every Claim Type Should be Filled By Values For Example Department will be filled with the Department Names and the Location will be filled by ship names and the Title Will be filled By Titles in the Organization



Then Comes the Part for creating the Central Access Rule , the Condition on which the File will be accessed and the Permission to be Given to the One that the Condition will apply on.



Publish this Central Access Rule in the Domain using group policy and then Use it on the File or Folder through the security tab advanced button.



https://www.youtube.com/watch?v=cQfWu2yRKKw

Dear All



This is My Nineteenth's Video in My "Star trek lab" in Arabic Audio That Discuss the Following



Open the Active Directory Administrative Center To Begin Configuring the DAC Rules



The DAC (Dynamic Access Control) Rule Consists of Four Parts



Claim Types (Department , Title , Location ) Which is The Attribute Which we Will use From Active Directory To Control Access To Files and Tag the Files on the File server and import Them to File Server as Classification Types



Use PowerShell script to import the claim types to the File server in the section of classification properties (Classification File Type).



Tag the Files with Attributes Through Classification Rules or Manual



Resource Properties every Claim Type Should be Filled By Values For Example Department will be filled with the Department Names and the Location will be filled by ship names and the Title Will be filled By Titles in the Organization



Then Comes the Part for creating the Central Access Rule , the Condition on which the File will be accessed and the Permission to be Given to the One that the Condition will apply on.



Publish this Central Access Rule in the Domain using group policy and then Use it on the File or Folder through the security tab advanced button.



https://www.youtube.com/watch?v=qk7PfKUarZI

Dear All



This is My 20th Video in My "Star trek lab" in English Audio That Discuss the Following



Create a Hyper V Virtual Machine to be the Second Domain Controller and the DHCP Failover Partner and the Second File server and DFS Replication Partner and Add 8 Network Cards For the 8 Different Subnets to be Used (You cant add more than 8 Network Cards in one Virtual machine in Hyper V)



Install Windows Server Datacenter 2019 on the Virtual Machine Change the Server Name and Add IPv4 and IPv6 Static Ips for the 8 network Cards



Assign Vlans to the Different Network Cards of the Virtual Machine



Install Active Directory Domain Services and Then Promote the Server to be Domain Controller



Create Custom Console to Add Different Consoles to it (Active Directory users and computers and Group Policy Console , DNS ,etc)



Install Some Software like 7-zip and Firefox and classic shell



https://www.youtube.com/watch?v=l1XSU5mvgh0

Dear All



This is My 20th Video in My "Star trek lab" in Arabic Audio That Discuss the Following



Create a Hyper V Virtual Machine to be the Second Domain Controller and the DHCP Failover Partner and the Second File server and DFS Replication Partner and Add 8 Network Cards For the 8 Different Subnets to be Used (You cant add more than 8 Network Cards in one Virtual machine in Hyper V)



Install Windows Server Datacenter 2019 on the Virtual Machine Change the Server Name and Add IPv4 and IPv6 Static Ips for the 8 network Cards



Assign Vlans to the Different Network Cards of the Virtual Machine



Install Active Directory Domain Services and Then Promote the Server to be Domain Controller



Create Custom Console to Add Different Consoles to it (Active Directory users and computers and Group Policy Console , DNS ,etc)



Install Some Software like 7-zip and Firefox and classic shell



https://www.youtube.com/watch?v=b0ieY3YKKVc

Dear All



This is My 21th Video in My "Star trek lab" in English Audio That Discuss the Following



Configure DHCP failover Partner after add the DHCP Server Role on the Second Virtual Machine which acts as Domain Controller and DNS Server



Add DFS Naming Server and DFS Replication and File Server Resource on the Second Virtual Machine Acting as Domain Controller



Best Practice to have Domain Controller on separate server and DHCP on Separate server and File Server on Separate server and DFS Naming Space on a separate Server (but due to my hardware limitation i put all on one server)



Copy the File Server Folders from the First File server to the New File server Before Configuring DFS Replication



Configure DFS Replication Between First File server folders and Second File Server Folders



Use Active Directory Administrative Center to Copy the File Classification Types from First file server to the second file server



https://www.youtube.com/watch?v=cX7YTCbmC98

Dear All



This is My 21th Video in My "Star trek lab" in Arabic Audio That Discuss the Following



Configure DHCP failover Partner after add the DHCP Server Role on the Second Virtual Machine which acts as Domain Controller and DNS Server



Add DFS Naming Server and DFS Replication and File Server Resource on the Second Virtual Machine Acting as Domain Controller



Best Practice to have Domain Controller on separate server and DHCP on Separate server and File Server on Separate server and DFS Naming Space on a separate Server (but due to my hardware limitation i put all on one server)



Copy the File Server Folders from the First File server to the New File server Before Configuring DFS Replication



Configure DFS Replication Between First File server folders and Second File Server Folders



Use Active Directory Administrative Center to Copy the File Classification Types from First file server to the second file server



https://www.youtube.com/watch?v=rNaPR229iig

Dear All



This is My 22th Video in My "Star trek lab" in English Audio That Discuss the Following



Configure the Second DFS Naming Server (Backup) and Configure two Backup DFS Domain Naming Spaces To point to the Folders on the First File server and the Second File server which have Data Replicated Between Them



Configure NTFS Permissions on the Folders on the second file server for Different Active Directory Groups



Access the Network Connection Setting for the 8 Network Cards on the First Domain Controller and Second Domain Controller to add the secondary DNS Server IP address in the Alternative DNS Field (the IP of the second domain controller which is acting in the same time as DNS Server)



Configure the Scope Options for all IP Address Scopes on the First DHCP Server and the Failover DHCP to Add and Distribute the Secondary DNS Server IP Addresses (every ip address Range will Have two DNS Servers and we Have 8 IP subnet Ranges IP4 and IPv6)



https://www.youtube.com/watch?v=aC7r_Szqemw

Dear All



This is My 22th Video in My "Star trek lab" in Arabic Audio That Discuss the Following



Configure the Second DFS Naming Server (Backup) and Configure two Backup DFS Domain Naming Spaces To point to the Folders on the First File server and the Second File server which have Data Replicated Between Them



Configure NTFS Permissions on the Folders on the second file server for Different Active Directory Groups



Access the Network Connection Setting for the 8 Network Cards on the First Domain Controller and Second Domain Controller to add the secondary DNS Server IP address in the Alternative DNS Field (the IP of the second domain controller which is acting in the same time as DNS Server)



Configure the Scope Options for all IP Address Scopes on the First DHCP Server and the Failover DHCP to Add and Distribute the Secondary DNS Server IP Addresses (every ip address Range will Have two DNS Servers and we Have 8 IP subnet Ranges IP4 and IPv6)



https://www.youtube.com/watch?v=JMqr47pjZEI