LAB 5 ANSWER KEY - mywiley.info

LAB 5 ANSWER KEY WORKING WITH

FIREWALLS,

ENCRYPTED FILE

SYSTEMS (EFS) AND

USER ACCOUNT

CONTROL (UAC)

This lab contains the following exercises:

Exercise 5.1 Installing Internet Information Server

Exercise 5.2 Testing IIS Connectivity

Exercise 5.3 Allowing a Program through the Firewall

Exercise 5.4 Creating Windows Firewall Rules

Exercise 5.5 Using NTFS Compression

Exercise 5.6 Using EFS Encryption

Estimated lab time: 85 minutes

Exercise 5.1 Installing Internet Information Server

Overview

Because this is only a test deployment, you will be using a Windows 7

computer to function as the web server. In Exercise 5.1 you install Internet

Information Services on your workstation and configure it to host two web

sites.

Completion time 10 minutes

1. Click VM > Settings and change Network Adapter settings to bridged.

70-680 Configuring Windows 7

Working with Firewalls, Encrypted File Systems (EFS) and User Account Control (UAC)

2. Turn on the Workstation## computer and log on using your Student## account and the

password P@ssw0rd.

3. Click Start and then click Control Panel. The Control Panel window appears.

4. Click Programs > Program and Features. The Uninstall or change a program window

appears.


5. Click Turn Window features on or off. The Windows Features dialog box appears.


6. Browse to the Internet Information Services\World Wide Web Services.

7. Select the Common HTTP Features, Health and Diagnostics, and Security check boxes.

8. Expand the Web Management Tools folder and select the IIS Management Console

check box. Then click OK. Windows 7 installs the selected components.


9. Close the Programs and Features control panel window.

10. Click Start, and click Control Panel. The Control Panel window appears.

11. Click System and Security > Administrative Tools. The Administrative Tools window

appears.

12. Double click Internet Information Services (IIS) Manager. The Internet Information

Services (IIS) Manager console appears.


13. Expand the Workstation container, and then expand the Sites folder.


14. Right click the sites folder and, from the context menu, select Add Web Site. The Add

Web Site dialog box appears.

15. In the Site name text box, type Intranet.

16. In the Physical path text box, type c:\intepub\wwwroot.

17. Change the value in the Port text box to 4444.

18. Click OK. The new intranet Web site appears in the Sites folder.

19. Take a screen shot of the Internet Information Services (IIS) Manager console, showing

the new site you created, by pressing Alt+ Prt Scr, and then paste the resulting image

into the Lab05_worksheet file in the page provided by pressing Ctrl + V.

20. The URL for your new intranet Web site will be http://IP_Address:4444 (where IP

Address is the IP Address of your virtual machine).

21. Close the Internet Information Services (IIS) Manager console.

22. Leave the computer logged on for the next exercise.

http://ip_address/


Exercise 5.2 Testing IIS Connectivity

Overview

In Exercise 5.2, you test the functionality of the web server you just

installed.


1. Click Start and then click All Programs > Internet Explorer. An Internet Explorer window

appears.

2. In the address box, type http://127.0.0.1 and press Enter.

Question

1

What is the result, and what does the result indicate?

Answer: IIS is functioning.

http://127.0.0.1/


3. Next, test the intranet Web site by using the URL you specified in Exercise 5.1.

Question

2

What is the result, and what does it indicate?

Answer: The web site that was created is functioning.

4. On the host computer (NOT YOUR VIRTUAL MACHINE) open Internet Explorer and

attempt to access the IIS web server running on your workstation by typing

http://IP_Address (where IP Address is the IP Address of your virtual machine) and

pressing Enter.

http://ip_address/


Question

3

What is the result?

Answer: Internet Explorer cannot display the webpage.


5. Now, try to connect to the intranet Web site from the host computer.

Question

4

What is the result?

Answer: Internet Explorer cannot display the webpage.

Question

5

List three possible reasons why you might be unable to

connect to your computers web server using a browser on

another computer.

Answer: Firewall, Antivirus, improperly configured network

connections, permissions etc.


6. Back on your virtual machine, click Start, and the click Control Panel > System and

Security > Windows Firewall. The Windows Firewall control panel appears.


7. Click Turn Windows Firewall on or off. The Customize settings for each type of network

window appears.


8. Under Home or work (private) network location setting, select the Turn off Windows

Firewall (not recommended) option and click OK.


9. Return to your host computer (NOT YOUR VIRTUAL MACHINE) and Clear the Internet

Explorer cache by clicking Tools >Internet Options. The Internet Options dialog box

appears.

10. Under Browsing History, click the Delete button. The Delete Browsing History dialog box

appears.


11. Click Delete all. Then click OK to close the Internet Options dialog box.

Question

6

Why is it necessary to clear the cache before you retest the

web server connections?

Answer: Because the cache will point to the previous URL

that was not functioning correctly.

12. Attempt to access both of the sites on the web server using Internet Explorer.


Question

7

What are the results, and what do the results indicate?

Answer: The web page is displayed.

Question

8

What other test could you perform to prove that it was your

computer’s firewall that was blocking the connection and not

the firewall on the computer you are using as a client?

Answer: Disabling the clients firewall, enabling the firewall on the

Virtual Machine and opening the port, use netstat to determine if the

port is open etc.

13. Back on your virtual machine in the Windows Firewall control panel, open the

Customize settings for each type of network window again.

14. Under Home or work (private) network location settings, select the Turn on Windows

Firewall option and click OK.


Question

9

Why can you not simply leave Windows Firewall turned off

when you deploy an actual web server?

Answer: Because the machine would be open to attack from external

sources

15. Leave the Windows Firewall control panel open and the workstation logged on for the

next exercise.

Exercise 5.3 Allowing a Program Through the Firewall

Overview

Windows Firewall is preventing clients from connecting to the web

server. In Exercise 5.3 to enable client access, you will use the

Windows Firewall control panel to allow access to the web server.


1. On your workstation, in the Windows Firewall control panel, click Allow a program or

feature through Windows Firewall. The Allow programs to communicate through

Windows Firewall window appears.


2. Click Change settings, scroll down in the Allowed programs and features list, select the

World Wide Web Services (HTTP) check box, and click OK.

3. Return to your host computer (NOT YOUR VIRTUAL MACHINE) and try to access the web

server again using Internet Explorer and trying to connect to http://IP_Address (where

IP Address is the IP Address of your virtual machine) and pressing Enter.

Question

10

Why are you now able to connect to the Web site from the

client?

Answer: The HTTP port is open.

4. Now test the connection to the intranet Web site.

Question

11

Why are you unable to connect to the intranet site from the

client?

Answer: The port the intranet site uses was not open.

http://ip_address/


5. Open the Allow programs to communicate through Windows Firewall window again and

clear the World Wide Web Services (HTTP) check box. Then, click OK.

6. Leave the remaining windows open and the workstations logged on for the next

exercise.


Exercise 5.4 Creating Windows Firewall Rules

Overview

The port you opened in Exercise 5.3 enables clients to access the

default Web site hosted by your web server, but not the intranet Web

site. In this exercise, you use the Windows Firewall with Advanced

Security console to create rules that will enable clients to access both

Web sites.


1. On your workstation, click Start. Then click Control Panel > System and Security >

Administrative Tools. The Administrative Tools window appears.

2. Double click Windows Firewall with Advanced Security. The Windows Firewall with

Advanced Security console appears.


3. Select the Inbound Rules container. The list of default inbound rules appears.


4. Scroll down to the bottom of the list and locate the rules for World Wide Web Services

(HTTP Traffic-In).

Question

12

Why are there two separate rules for the World Wide Web

Services?

Answer: One is for the Domain profile and one is for the Public and

Private profiles.

5. Double click each of the two rules and examine their properties.


Question

13

How do the properties of the two rules differ?

Answer: They are exactly the same except for the profile

assignments.

Question

14

How would the opening of the port you performed in Exercise

5.3 affect the World Wide Web Services (HTTP Traffic-In)

rules you just examined?

Answer: Opening the port activates the rule for the Domain profile,

causing its check mark to appear red in the console.

6. Select the Inbound Rules container and, from the Action menu, select Filter By Profile >

Filter By Private Profile.

Question

15

What happens to the list of rules?

Answer: It changes to display only the rules that apply to the Private

profile.


7. Right click the Inbound Rules container and, from the context menu, select New Rule.

The New Inbound Rule Wizard launches, displaying the Rule Type page.


8. Select the Port option and click Next. The Protocol and Ports page appears.


9. Leave the default TCP and Specific local ports options selected. In the Specific local ports

text box, type 80, 4444 and click Next. The Action page appears.


10. Leave the default Allow the connection option selected and click Next. The Profile page

appears.


11. Clear the Public check box, leaving only the Private and Domain check box selected, and

then click Next. The Name page appears.


12. In the Name text box, type Lab Web Server – Ports 80 & 4444 and click Finish. The

wizard creates and enables the new rule and then adds it to the Inbound Riles list.


Question

16

How would the rule creation procedure you just performed

differ if you wanted to restrict client access to the intranet

Web site to computers on the local network only?

Answer: You would have to create separate rules for ports 80 and

4444. In the rule for port 4444, you would specify a scope limiting

access to your local network address.


13. Click Clear All Filters on the Action pain in order to view the new rule. Double click the

rule you just created. The Lab Web Server – Ports 80 & 4444 Properties sheet appears.

14. Take a screen shot of the Properties sheet for the new rule by pressing Alt+ Prt Scr, and

then paste the resulting image into the Lab05_worksheet file in the page provided by

pressing Ctrl + V.


15. Return to your host computer (NOT YOUR VIRTUAL MACHINE) and Clear the Internet

Explorer cache by clicking Tools >Internet Options. The Internet Options dialog box

appears.

16. Under Browsing History, click the Delete button. The Delete Browsing History dialog box

appears.


17. Click Delete all. Then click OK to close the Internet Options dialog box.

18. Attempt to access both of the sites on the web server using Internet Explorer.

Question

17

What are the results, and why are they different from the

results you experienced with the program exception?

Answer: The client successfully connects to both websites. This

occurs because the rule you created opens up both port 80 and port

4444.

19. Click VM > Settings and change Network Adapter settings back to Host-only.

20. Close all windows and leave the computer logged on for the next exercise.


Exercise 5.5 Using NTFS Compression

Overview

The graphic design department uses lots of image files, which are quite

large. To save room, they have been saving images as .jpg files, but

they are starting to notice degradation in the images when they are

printed. They have therefore decided to use Windows bitmap (.bmp)

files to store images, which are uncompressed. You need to implement

NTFS compression, to save space, on a folder in which they store the

.bmp images.


1. On your workstation, click Start and select Computer.

2. In the Computer windows, browse to C:\Users\Public\Public Documents.


3. In the Public Documents folder click New Folder in the toolbar.

4. Name the folder Brochure Images.

5. Right click the Brochure Images folder, and then select Properties.


6. In the Brochure Images Properties dialog box, on the General tab, click Advanced.


7. In the Advanced Attributes dialog box, select the Compress contents to save disk space

check box and click OK.

8. In the Brochure Images Properties dialog box, click OK.

Question

18

What color is the font for the Brochure Images folder?

Answer: Blue

9. In the Public Documents folder, right click blank space, point to New > Bitmap Image.

10. Name the image Picture1.


11. Right click Picture1, and then select Edit.


12. In Microsoft Paint click the Microsoft Paint File menu tab and select Properties.

13. In the Properties dialog box, in the Width and Height text boxes, type 2048, and then

click OK.


14. From the Microsoft Paint File menu tab and select Save.

15. Close Microsoft Paint.

16. In the Public Documents folder, right click Picture1 and then select Properties.


Question

19

How large is the Picture1file on the disk?

Answer: 12.0 MB (but could vary)

17. Close the Picture1 Properties dialog box.

18. In the Public Documents folder, move the Picture1 file into the Brochure Images folder

by dragging the file into the folder.

19. Open the Brochures Images folder.


20. In the Brochure Images folder, right click Picture1 and then select Properties.


Question

20

The image file has been moved into a folder using NTFS

compression. Why isn’t the file any smaller?

Answer: Because the file was moved it did not inherit the properties

of the Brochure Images folder.


22. Right click Picture1, and then select Cut.

23. Click the Back icon in the standard buttons toolbar.

24. In the Public Documents folder, right click blank space, and select Paste.


25. Right click Picture1, and then select copy.

26. Open the Brochure Images folder.

27. In the Brochure Images folder, right click blank space, and select Paste.


28. Right click Picture1, and then select Properties.


Question

21

What is the size on disk of the Picture1 file now?

Answer: 1.75 MB (but could vary)

Question

22

Why did the file shrink, when it remained full size when it was

moved?

Answer: Because the file was copied, it inherited the properties of

the Brochure Images folder.



30. Take a screen shot of the Brochure Images folder showing Picture1 by pressing Alt+ Prt

Scr, and then paste the resulting image into the Lab05_worksheet file in the page

provided by pressing Ctrl + V.

31. Click the Back icon in the standard buttons toolbar to return to the Public Documents

folder for the next exercise.

Exercise 5.6 Using EFS Encryption

Overview

The graphic design team is working on a brochure for proprietary

software that Contoso is going to use. The software is expected to give

the company an edge over other companies, and management is very

paranoid about keeping the new concepts secret. To help protect this

data, you need to create an encrypted data store using EFS on the

computers of all the members in the graphic design team who are

assigned to the project.


1. In the Public Documents folder click New Folder in the toolbar.

2. Name the folder Sensitive Data.

3. Right click the Sensitive Data folder, and then select Properties.


4. In the Sensitive Data Properties dialog box, on the General tab, click Advanced.

5. In the Advanced Attributes dialog box, select the Encrypt contents to secure data check

box and click OK.


6. In the Sensitive Data Properties dialog box, click OK.

Question

23

What color is the font for the Sensitive Data folder?

Answer: Green

7. In the Public Documents folder, right click blank space, point to New > Text Document.

8. Name the document Sensitive Text.


9. Open the Sensitive Text file.

10. In Notepad type Encrypted Data.

11. Exit Notepad, when asked if you want to save changes, click Yes.

12. In the Public Documents folder, move the Sensitive Data file into the Sensitive Data

folder by dragging the file into the folder.


13. Open the Sensitive Data folder.

14. Open the Sensitive Data text file.

Question

24

Can you read the Sensitive Text file?

Answer: Yes

15. Close Notepad.

16. Minimize the Sensitive Data folder.

17. Click Start, and in the Search programs and files box, type mmc and press Enter. A blank

Microsoft Management Console window appears.


18. Click File > Add/Remove Snap-in. The Add or Remove Snap-ins dialog box appears.

19. In the Available snap-ins list, select Certificates and click Add. The This snap-in will

always manage certificates for: dialog box appears.

20. Select My user account, and click Finish.


21. Click OK. The snap-in appears in the MMC console.

22. In the console tree, expand Certificates > Personal > Certificates.


23. In the Details pane, on the right hand side, right click the certificate and then select

Delete.

24. In the Certificates message box, click Yes to delete the certificate.


25. Close the Console1 console, and click No when asked if you want to save changes.

26. Log off Workstation## and log back on using your Student## account and the password

P@ssw0rd.

27. Open the Sensitive Data folder (C:\Users\Public\Public Documents\Sensitive Data)


28. In the Sensitive Data folder, open Sensitive Text.

Question

25

What occurs when you try to open the Sensitive Text file?

Answer: Access is denied

29. Take a screen shot of the Sensitive Data folder showing the Sensitive Text document by

pressing Alt+ Prt Scr, and then paste the resulting image into the Lab05_worksheet file

in the page provided by pressing Ctrl + V.

30. Close all open windows and log off the computer.

LAB 5 ANSWER KEY - mywiley.info

Documents

Transcript of LAB 5 ANSWER KEY - mywiley.info