DFN 50233

WINDOWS SERVER ADMINISTRATIONS

CODE & COURSE : DFN 50233 – WINDOWS SERVER ADMINISTRATION

PROGRAMME : DDT
ASSESSMENT : PRACTICAL TASK 3 – VPN Configuration
CLO : CLO1: Construct tasks related to networking features and
functionalities of Windows Server in enterprise network (P4,
PLO3)
DURATION : 3 HOURS
MARKS : 100 MARKS

Activity Outcomes:
By the end of this hands-on session, you should be able to:
• Show steps to install DNS Server and create a Primary zone in Windows Server 2019.
Prerequisites:

In order to complete these tasks, students need to have a Windows Server 2019 and
Windows 10 Enterprise Evaluation in VMware or VirtualBox installed.

BACKGROUND:
VPN stands for Virtual Private Network that has been used for many years to provide remote
connectivity and support. VPN is one of the most popular, secure, and cheap technique to connect
remote branch offices and remote users over the Internet. There are various VPN authentication
protocols such as PPTP, L2TP, SSTP, and IKEv2 that can be used by an administrator for
authenticating remote users. Each VPN authentication protocol supports the different level of
security. To properly implement and support a VPN environment within your organization, you must
understand how to select a suitable tunneling protocol, configure VPN authentication, and configure
the server role to support your chosen configuration. For this task, you need to use Windows Server
2019 and Windows 10 as a client which is all running in VMware/VirtualBox.

REQUIREMENT TOOLS:
• Personal Computer or any device with at least dual-core Intel i5 or i7 CPU (Or AMD) and
Virtualization Support.
• At least 8GB FREE memory (16GB or 32GB is best) on the host operating system.
• VMWare/VirtualBox application as a platform to running Windows Server 2019.
• Windows Server 2019 Volume License ISO media or 180-day evaluation media.
• Windows 10 Enterprise Evaluation.
 DFN 50233
WINDOWS SERVER ADMINISTRATIONS

Diagram 1

INSTRUCTIONS:

Step 1: Add roles and features for a VPN server

Add roles and features for Remote Access:
i) DirectAccess and VPN (RAS)
ii) Deploy VPN only

Step 2: Assign an IP Address to VPN Server and VPN Client.

a) IP Address for VPN Server:
IP Address: 10.0.1.9
Subnet Mask: 255.255.255.0
Default Gateway:10.0.1.1

b) IP Address for VPN Client:

IP Address: 192.168.10.99
Subnet Mask: 255.255.255.0
Default Gateway:192.168.10.1

Step 3: Creating Organizational Unit (OU) & User in Active Directory

a) Create New Organizational Unit: VPNUser

b) Create a New User under VPNUser OU: Your_Name.
c) Right Click User Properties, Control Access through NPS Network Policy under Dial in
Tab
d) Create a group under VPNUser: Security, select Security and Global on the properties.
e) Move Your_Name user to the Security group.

Step 4: Configure Routing and Remote Access

a) Configure and Enable Routing and Remote Access

b) Configure a custom configuration and choose VPN
Access
c) Add Static Address Pool IPv4: 10.0.1.200 – 10.0.1.220
 DFN 50233
WINDOWS SERVER ADMINISTRATIONS
Step 5: Configure NPS Network Policy

a) Create a new policy under Network Policies: VPN Policy

b) Choose a Remote Access Server (VPN Dial-up) under Type of Network Access Server
c) Specify Conditions: Add new condition and select Windows Groups, add the Security group
that have been created on Step 3.
d) Select Access Granted on Specify Access Permission.
e) Untick MS-CHAP under Configure Authentication Methods.

Step 6: VPN Functionality Verification on Client (Windows 10)

a) Add a VPN connection and provide the details:

I. VPN Provider: Windows (built-in)
II. Connection Name: VPN_YourName
III. Server name or address: 10.0.1.9
IV. VPN Type: Automatic
V. Type of sign in info: User name and password
VI. Enter a user name and password created under VPNUser OU.
b) Connect to the VPN connection and make sure it is connected.
c) Verify the connectivity on VPN Server, connected VPN client will be listed under Remote
Access Client on Routing and Remote Access.
 DFN 50233
WINDOWS SERVER ADMINISTRATIONS
DOCUMENTATION FORMAT:

1. Record your whole process with narration and upload to youtube and share the link on
below box :

https://youtu.be/Ve5PfmSJ1sw

Prepared by: Verified by:

........................................................ ........................................................
21/11/2022
MOHD FAIZAL YAHAYA
21/11/2022 NURUL AIN BT AMIR ADLI
Ketua Program Diploma Teknologi
Maklumat (Teknologi Digital)
Trek Sistem Rangkaian
Jabatan Teknologi Maklumat dan
Komunikasi Politeknik Sultan Idris Shah
 DFN 50233
WINDOWS SERVER ADMINISTRATIONS
VPN CONFIGURATION
CLO1: Construct tasks related to networking features and functionalities of Windows Server in enterprise
network (P4, PLO3).
Student Information Matric no.

1. MUHAMMAD SYAHMI AFNAN BIN ABD RAHMAN 17DDT21F1065

PRACTICAL TASK 3 RUBRIC

WEIGHTAGE FINAL
MARKS
CRITERIA SUPERIOR - 5 EXCELLENT - 4 GOOD - 3 FAIR - 2 POOR - 1 (%) MARKS

Student
Student highly Student
competently
competently attempt to
able to add
able to add add roles and Students only
roles and Student
roles and features for aware to
Add roles and features for VPN ready to add
features for VPN Server as add roles
features for a Server roles and 10
VPN Server demonstrated and features
VPN server appropriately features for
appropriately by lecturer for VPN
with confidence VPN Server
with expertise and Server
and proficiency
and instruction
by their own.
proficiency by given.
their own.
Student
Student
Student highly attempt to
competently
competently Assign an IP
able to Assign Student Students only
able to Assign Address to
an IP Address to ready to aware to
Assign an IP an IP Address VPN Server
VPN Server and Assign an IP Assign an IP
Address to VPN to VPN Server and VPN
VPN Client Address to Address to 10
Server and VPN and VPN Client Client as
appropriately VPN Server VPN Server
Client appropriately demonstrated
with confidence and VPN and VPN
with expertise by lecturer
and proficiency Client Client
and and
by their own.
proficiency by instruction
their own. given.
Student
Student
Student highly attempt to
competently
competently perform the
able to perform Student
able to proper
the proper ready to
creating new sequence to Students only
sequence to demonstrate
Creating New VPN OU & User creating new aware to
creating new the proper
VPN OU & User in Active VPN OU & creating new
VPN OU & User sequence to 20
in Active Directory User in Active VPN OU &
in Active creating new
Directory appropriately Directory as User in Active
Directory with VPN OU &
with expertise demonstrated Directory
confidence and User in Active
and by lecturer
proficiency by Directory
proficiency by and
their own.
their own. instruction
given.
Student
Student highly attempt to
competently perform the
Student Student
able to setup proper
Setup Remote competently ready to
Remote Access sequence to Students only
Access able to setup demonstrate
appropriately setup Remote aware to
-Enable and Remote Access the proper
with expertise Access as setup 20
configure with confidence sequence to
and demonstrated Remote
Routing and and proficiency setup
proficiency by by lecturer Access.
Remote Access by their own. Remote
their own. and
Access.
instruction
given.

Student
Student highly attempt to
competently perform the
Student
able to proper Student
competently
configure NPS sequence to ready to
able to Students only
Network Policy configure NPS demonstrate
configure NPS aware to
Configure NPS appropriately Network the proper
Network Policy configure 20
Network Policy with expertise Policy as sequence to
with confidence NPS Network
and demonstrated configure
and proficiency Policy
proficiency by by lecturer NPS Network
by their own.
their own. and Policy
instruction
given.
 DFN 50233
WINDOWS SERVER ADMINISTRATIONS
Student
Student highly attempt to
competently perform the
able to do a Student proper Student
VPN competently sequence to ready to
Students only
functionality able do a VPN do a VPN demonstrate
VPN aware to do
verification on functionality functionality the proper
Functionality a VPN
client verification on verification on sequence to 20
Verification on functionality
appropriately client with client as do a VPN
Client verification
with expertise confidence and demonstrated functionality
on client
and proficiency by by lecturer verification
proficiency by their own. and on client.
their own. instruction
given.

Total marks /100

Prepared by: Verified by:

..................................................... ......................................................
21/11/2022
MOHD FAIZAL YAHAYA
NURUL AIN BT AMIR ADLI
21/11/2022 Ketua Program Diploma Teknologi
Maklumat (Teknologi Digital)
Trek Sistem Rangkaian
Jabatan Teknologi Maklumat dan
Komunikasi Politeknik Sultan Idris Shah