1
00:00:08,600 --> 00:00:18,030
And this lab will be deploying and configure an air to tire C hierarchy here in this scenario for this

2
00:00:18,030 --> 00:00:26,850
lab a datum has expanded therefore its security requirements also have increased the security department

3
00:00:26,880 --> 00:00:35,850
is particularly interested in enabling secure access to critical websites and to provide an additional

4
00:00:35,850 --> 00:00:44,160
security for some features to address these and other security requirements aided and has decided to

5
00:00:44,220 --> 00:00:52,630
implement PTI by using the ADC as role in Windows Server 2016.

6
00:00:52,730 --> 00:01:02,710
Other senior network administrator at a datum you're responsible for implementing and the ADC s deployment.

7
00:01:03,000 --> 00:01:11,220
So after completing this slip you'll be able to deploy and or flying route C and deploy an enterprise

8
00:01:11,220 --> 00:01:17,000
subordinate C no exercises.

9
00:01:17,020 --> 00:01:26,530
There are two exercises in this lab so exercise one is deploying an off line route C let's start with

10
00:01:26,530 --> 00:01:27,800
this exercise.

11
00:01:27,930 --> 00:01:34,810
The scenario for this exercise is that aid Ayton wants to use certificates for various purposes.

12
00:01:34,930 --> 00:01:43,740
Unit to stole the appropriate C infrastructure because a datum uses Windows Server 2016 aided yes.

13
00:01:43,750 --> 00:01:54,090
You decided to implement the ADC s role whenever you reviewed the available designs you decided to implement

14
00:01:54,090 --> 00:02:03,970
a standard route C this will be taken off line after it issues a certificate for a subordinate C after

15
00:02:03,970 --> 00:02:12,250
installation you must make that make sure that you configure the C DP and FIA locations correctly you

16
00:02:12,250 --> 00:02:19,660
must also make sure that you have a domain name system record for the off line rude C so that it is

17
00:02:19,720 --> 00:02:21,970
accessible from the network.

18
00:02:23,160 --> 00:02:26,670
The main tasks for this exercise are as follows.

19
00:02:26,670 --> 00:02:31,050
First you have to create file and printer share and exceptions.

20
00:02:31,050 --> 00:02:40,980
Second you have to install and configure Active Directory cert services on C S we are 1 and so 2 you

21
00:02:40,980 --> 00:02:47,060
have to create a domain name system or DNS record for a no fly zone route.

22
00:02:47,190 --> 00:02:50,220
C So let's start off this task.

23
00:02:50,220 --> 00:02:55,670
1 which is to create a file and print or share exceptions.

24
00:02:55,750 --> 00:03:04,260
Just sign into the server as administrator and then on the server in the network and Sharon Center told

25
00:03:04,270 --> 00:03:13,220
non violent printer of Sharon on guest and public networks and finally on aloneness as we are one.

26
00:03:14,330 --> 00:03:20,680
In the network and Sharon center turn on file and print or sharing on the demand network.

27
00:03:20,680 --> 00:03:28,040
Task 2 in which you have to install and configure Active Directory cert services on CDL shows.

28
00:03:28,040 --> 00:03:36,350
We are one so you have to switch to a C S we are one and then started server manager use the at roles

29
00:03:36,350 --> 00:03:45,600
and features to install the Active Directory cert services role after installation completes click the

30
00:03:45,630 --> 00:03:51,350
configure Active Directory cert services on the destination server.

31
00:03:51,350 --> 00:04:00,470
Text then configure the ADC as role as a stand alone route see it with the name a datum route C then

32
00:04:00,480 --> 00:04:06,420
set the key lands to 49 to 6 and then accept all other default values.

33
00:04:07,470 --> 00:04:15,720
Then on C as we are one open certification authority council and open the properties dialog box for

34
00:04:16,020 --> 00:04:25,260
8 a.m. routes C configure the new locations for the city appear to be registered to B column slash slash

35
00:04:25,260 --> 00:04:37,440
long as we are one dot a datum dot com slash saw data and specify C names CRL name Sapphic sound Delta

36
00:04:37,710 --> 00:04:48,420
CRL allowed and to finally select the following options include in the city B extension of issued certificates

37
00:04:48,450 --> 00:04:58,790
and include in serials clients used to find this Delta Sierra location then configure new locations

38
00:04:58,790 --> 00:05:12,160
for a IEEE to be on a state to be call on slash slash launder says we are dot a datum dot com and their

39
00:05:12,160 --> 00:05:23,170
full address again and select the including the extension of 4 issued certificates check books then

40
00:05:23,170 --> 00:05:32,420
publish the CRL on see this as we are 1 and export the route C certificate and then copy the DOT Sarah

41
00:05:32,440 --> 00:05:43,860
file to backslash backslash long does as we are a 1 backslash C $ character copy the contents two fold

42
00:05:43,890 --> 00:05:55,080
of folder of Windows system so to to serve as a server we sort and Rule 2 long dash as we are 1 server

43
00:05:55,080 --> 00:06:06,200
on disks see on C drive and finally task 3 where you have to create a domain name system a record for

44
00:06:06,200 --> 00:06:16,190
an offline route see so on lambda C1 ints or manager open DNS manager console and create a cost resource

45
00:06:16,190 --> 00:06:17,740
record for C.

46
00:06:17,750 --> 00:06:18,350
There she is.

47
00:06:18,350 --> 00:06:24,610
We are 1 in the 8 8 on dot com for work low carb zone use IP address.

48
00:06:24,620 --> 00:06:34,910
In my case it's 172 one daughter sixteen dot zero dot forty four there C as we are one host a resource

49
00:06:34,910 --> 00:06:42,290
record after completing this exercise you should have successfully installed and configure the stand

50
00:06:42,290 --> 00:06:50,570
along Route certification authority or C a role on the C dash as we are a 1 server additionally you

51
00:06:50,570 --> 00:06:58,040
should have created an appropriate Dennis record an active directory domain services and so that other

52
00:06:58,040 --> 00:07:07,670
service can connect to see a dash as we are 1 and when you are done with this exercise switch to exercise

53
00:07:07,670 --> 00:07:15,950
2 which is deploy in an enterprise subordinate say here with this scenario for this exercise after deploying

54
00:07:15,950 --> 00:07:23,330
the standalone route see the next step is to deploy an enterprise subordinate see a datum and wants

55
00:07:23,330 --> 00:07:31,490
to use the enterprise subordinate say to utilize a tedious integration Additionally because the route

56
00:07:31,490 --> 00:07:40,430
C is a stand alone C you want to publish its certificate to all clients the main tasks for this exercise

57
00:07:40,790 --> 00:07:41,660
are as follows.

58
00:07:41,660 --> 00:07:46,580
First you have to install and configure ADC s on long as we are 1.

59
00:07:47,060 --> 00:07:50,240
Then install a subordinate C certificate.

60
00:07:50,290 --> 00:07:54,370
Third publish a route C certificates through group policy.

61
00:07:55,200 --> 00:08:01,950
And here is the task one for this exercise where you have to install and configure ADC s on long as

62
00:08:01,950 --> 00:08:03,010
we are 1.

63
00:08:03,150 --> 00:08:11,580
So first on long as we are 1 in server manager install the Active Directory cert services role include

64
00:08:11,580 --> 00:08:19,350
the certification authority and certification authority web enrollment role servers.

65
00:08:19,410 --> 00:08:26,540
Second after and stolen is successful installation is successful click the configure active directory

66
00:08:26,540 --> 00:08:35,610
cert services on the destination server text then select the certification authority and certification

67
00:08:35,610 --> 00:08:40,850
authority weapon Roman troll services and configure LAWN dishes.

68
00:08:40,850 --> 00:08:50,820
We are one to be an enterprise C then configure this C type to be a subordinate C and for the C name

69
00:08:50,820 --> 00:09:00,000
type a datum this issue and C say save the request file to the local drive task to where you have to

70
00:09:00,000 --> 00:09:02,660
install a subordinate C certificate.

71
00:09:02,880 --> 00:09:15,110
So long as we are one install the C drive colon backslash Beirut C DOD c e r cert to the drastic route

72
00:09:15,350 --> 00:09:25,100
certification authorities tor then go to the local disk C and then copy the a datum rootsy dot CRL and

73
00:09:25,490 --> 00:09:38,710
see this as we are 1 underscore a D to maroon C dot see our t files to see ion it pop dub dub dub Beirut

74
00:09:39,260 --> 00:09:49,860
backslash serve data copy the along as we are one dot edit dot com underscore a datum load it launches

75
00:09:49,910 --> 00:10:04,710
we are 1 thus C dot req request file to C as we are 1 share which is backslash backslash C dish as we

76
00:10:04,710 --> 00:10:15,120
are 1 backslash C $ assign backslash this will Coreper this file to this chair then switch to C as we

77
00:10:15,120 --> 00:10:21,930
are 1 and from certification authority console on C as we are 1 submit a new certificate to request

78
00:10:21,930 --> 00:10:29,580
by using the DOT req file let your corporate in step 3 then issue the certificate and then exported

79
00:10:29,880 --> 00:10:40,830
to dot p. 7 be format with a complete change save their file to long as we are 1 backslash C drive with

80
00:10:40,850 --> 00:10:49,620
Kerrick $ character backslash sub C that B 7 be switched to long as we are 1 and install the subordinate

81
00:10:49,620 --> 00:10:57,420
C certificate on aloneness we are 1 by using the certification authority council staff the service and

82
00:10:57,420 --> 00:11:04,950
ensure that the ADC a service successfully starts then switch to C as we are 1 and then shop down the

83
00:11:04,950 --> 00:11:16,300
server the task task 3 is to publish a route C certificate from group policy so on Long D C1 in server

84
00:11:16,350 --> 00:11:24,450
manager open the group policy management console and added the default domain policy publish their route

85
00:11:24,710 --> 00:11:35,440
C that Sarah file to backslash backslash long dashes we are one backslash C $ character 2 is a trusted

86
00:11:35,440 --> 00:11:43,810
route certification authority store which is located in computer configuration policies windows settings

87
00:11:44,020 --> 00:11:53,460
security settings public key policies folder after completing this exercise you should have successfully

88
00:11:53,460 --> 00:12:02,070
deployed and configure an enterprise subordinate C you also should have a subordinate C certificate

89
00:12:04,170 --> 00:12:12,540
issued by a route C and installed on longs as we are one to establish trust between the routes in and

90
00:12:12,530 --> 00:12:18,800
the main member class you will use group policy to deploy route C certificate.

91
00:12:18,960 --> 00:12:27,410
Now if you failed to complete some of those tasks or exercises you can always refer to the second to

92
00:12:27,440 --> 00:12:34,860
to the next file to the next video in which I'll show the steps how to complete each of these tasks

93
00:12:34,890 --> 00:12:39,300
and complete two of these exercises.

94
00:12:39,570 --> 00:12:40,750
So I'll see you there.