1
00:00:07,040 --> 00:00:13,590
And this slip out show how to deploy and configure our 2 2 hour CIA hierarchy.

2
00:00:13,590 --> 00:00:15,380
Demonstration steps.

3
00:00:15,420 --> 00:00:17,550
Here is a scenario for this lab.

4
00:00:17,770 --> 00:00:24,810
Edit them has expanded therefore its security requirements also have increased the security department

5
00:00:24,810 --> 00:00:33,030
is particulary interested in enabling security access to critical websites and in providing additional

6
00:00:33,030 --> 00:00:39,570
security for some features to address these and other security requirements.

7
00:00:39,570 --> 00:00:45,390
A datum has decided to implement a big pay package.

8
00:00:45,930 --> 00:00:55,470
By using the ADC as role in Windows Server 2016 as an administrator at a datum you're responsible for

9
00:00:55,740 --> 00:00:59,540
implementing the ADC as deployment.

10
00:00:59,670 --> 00:01:05,570
So let's start with exercise one where we have to deploy on offline route C..

11
00:01:05,790 --> 00:01:11,030
First we have to create file and print or share an exceptions.

12
00:01:11,040 --> 00:01:16,410
I'll go to see a is we are one as administrator and tech start and then click.

13
00:01:16,410 --> 00:01:19,470
Control Panel in the control panel window.

14
00:01:19,490 --> 00:01:24,950
I'll click view network status and tasks and to the network sharing center window.

15
00:01:25,020 --> 00:01:31,780
I'll click change advanced share and Saddam's other guest or public current profile.

16
00:01:31,780 --> 00:01:37,890
I'll select the tour on file and print or share an option and then click save.

17
00:01:37,890 --> 00:01:43,440
Change it then switch to long as we are 1 and click start and then click.

18
00:01:43,440 --> 00:01:46,760
Control Panel and the control panel window.

19
00:01:46,770 --> 00:01:52,780
I'll click view network status and tasks out the network and share center window.

20
00:01:52,810 --> 00:01:59,820
I'll click change advanced share and sadness and under the main current profile.

21
00:01:59,820 --> 00:02:07,530
I'll select turn on file and print or share an option and then click save changes and switch to task

22
00:02:07,560 --> 00:02:18,760
to where we have to install them configure active directory cert services on Swedish S3 are 1 so I first

23
00:02:19,150 --> 00:02:27,310
will switch to C as we are 1 and click Start and click store manager and server manager I'll click Add

24
00:02:27,310 --> 00:02:35,050
roles and features on the before you begin page click next and on the Select installation type page

25
00:02:35,050 --> 00:02:36,280
click next.

26
00:02:36,280 --> 00:02:43,720
Then on the Select destination server page click Next down to on the Select server rolls page select

27
00:02:43,840 --> 00:02:53,050
active directory cert services while the ad rolls and features resume Vizard window displays click add

28
00:02:53,050 --> 00:03:00,640
features and then click next on the select features page click Next out on the Active Directory cert

29
00:03:01,150 --> 00:03:03,590
services page click next.

30
00:03:03,820 --> 00:03:10,570
Although select roll services page ensure that certification authority is selected and then click next

31
00:03:11,110 --> 00:03:14,110
on the conform installation selection page.

32
00:03:14,110 --> 00:03:21,430
Click install and all the installation progress page after installation complete successfully click

33
00:03:21,430 --> 00:03:27,440
that configure Active Directory cert services on the destination server.

34
00:03:27,520 --> 00:03:37,730
Tax in the ADC has configuration reserved on the credentials page click next and all the roll services

35
00:03:37,730 --> 00:03:38,360
page.

36
00:03:38,360 --> 00:03:41,090
Select certification authority.

37
00:03:41,120 --> 00:03:44,960
Then click next on the set top typed page.

38
00:03:44,960 --> 00:03:51,660
Ensure that stand alone C is selected and then click Next out on the CIA type page.

39
00:03:51,740 --> 00:03:58,020
Ensure that route C is selected and then click next on the private key page.

40
00:03:58,100 --> 00:04:07,940
Ensure that create new private key is selected and then click next on the cryptography for A C page.

41
00:04:07,940 --> 00:04:15,950
Keep the default selections for the selector Cryptographic Provider and select the hash algorithm for

42
00:04:15,950 --> 00:04:26,530
assigning certificates issued by this C but set the key lands to 49 to 6 and then click next on the

43
00:04:26,540 --> 00:04:35,690
CNN page in the common name for this C text box type a data maroon C and then click next and on the

44
00:04:35,960 --> 00:04:44,030
validity period page click next on the C database page click Next down on the confirmation page.

45
00:04:44,030 --> 00:04:51,350
Click configure on the results page click close and all the installation progress page clicked closed

46
00:04:52,220 --> 00:05:00,950
on the C as we are 1 in server manager I'll click tools and then click certification authority and in

47
00:05:00,980 --> 00:05:10,250
the sort as our re certification authority local council I'll right click a data maroon C and then click

48
00:05:10,250 --> 00:05:19,950
properties and turn the ADA to route C proper to a dialog box I'll click the ext step out into select

49
00:05:20,040 --> 00:05:28,770
extensions dropdown list I'll click CRL distribution point or city B and then click Add in the location

50
00:05:28,770 --> 00:05:37,650
textbooks I'll type to to be a call and slash slash long dash as we are wont do it a datum dot com slash

51
00:05:37,650 --> 00:05:46,530
served data and in the wearable dropdown list will click see a name and then click insert and in the

52
00:05:46,800 --> 00:05:55,200
wearable dropdown list or click CRL name suffix and then click and saw and in the wearable dropdown

53
00:05:55,200 --> 00:06:06,690
list I'll click Delta CRL allowed and then click insert then in the location text box position the car

54
00:06:06,740 --> 00:06:13,450
course or at the end of the your rail and I'll type dot CRL and then click Okay.

55
00:06:14,570 --> 00:06:17,960
Select the following options and then click apply.

56
00:06:18,200 --> 00:06:26,510
Include in the city B extension of issued certificates and include in CRL glands.

57
00:06:26,510 --> 00:06:29,620
Use this to find Delta several occasions.

58
00:06:30,500 --> 00:06:35,220
Then in the certification authority pop up window click No.

59
00:06:35,270 --> 00:06:43,700
And in the select extension dropdown list click authority information access or HIPAA and then click

60
00:06:43,790 --> 00:06:52,730
Add in the location text box type H to typical on slash less long dashes were one dot a datum dot com

61
00:06:53,060 --> 00:07:01,130
slash survey data out in the variable dropdown list click server DNS name and then click and saw and

62
00:07:01,140 --> 00:07:10,760
in the location text books type and underscore in the variable dropdown list click see a name and then

63
00:07:10,760 --> 00:07:19,700
click insert positions of course or that of the your real add to the variable dropdown list click certification

64
00:07:19,700 --> 00:07:29,030
name and then click insert location text box position the chorus or that of the your real type a dot

65
00:07:29,120 --> 00:07:31,720
CRT and then click Okay.

66
00:07:32,090 --> 00:07:41,960
Then select the include in the AAA extension of issued certificates checkbox and then click Okay click

67
00:07:41,990 --> 00:07:48,950
yes to restore the certification authorities service learning the certification authority council expand

68
00:07:48,980 --> 00:07:57,230
a datum route see right click revoke certificates point to all tasks and then click publish and the

69
00:07:57,230 --> 00:08:04,610
published zero window click Okay right click a datum rootsy and then click properties enter the atrium

70
00:08:04,610 --> 00:08:12,380
route see properties dialog box click view certificate enter the certificate dialog box click the details

71
00:08:12,380 --> 00:08:20,990
step and then click corporate to file in the certificate X expert will visa turn on the welcome page

72
00:08:21,230 --> 00:08:33,140
click next and on the export file format page select their encoded binary X dot 5 0 9 and then click

73
00:08:33,140 --> 00:08:42,590
next or the 5 file to export page Click browse enter the file name text box type backslash backslash

74
00:08:42,620 --> 00:08:52,730
long dash S3 are one backslash C $ character and then press enter and then the file name text books

75
00:08:52,730 --> 00:09:01,910
type route see click save and then click next click finish and then click Okay three times open file

76
00:09:01,910 --> 00:09:10,760
explorer window and then browse to Windows system so to to sort as a ruby sort and roll folder in the

77
00:09:10,900 --> 00:09:17,750
sort in row folder select both files right click the highlighted files and then click copied in the

78
00:09:17,750 --> 00:09:27,410
file explorer address by bar type backslash backslash long as we are 1 backslash C $ character and then

79
00:09:27,470 --> 00:09:36,470
press enter right click them to space and then click based and closed file explorer then will switch

80
00:09:36,470 --> 00:09:46,190
to task 3 which is created a man named system record for and off line route C so on long this C1 in

81
00:09:46,190 --> 00:09:53,670
server manager I'll click tools and then click DNS and in DNS manager council I'll expand long this

82
00:09:53,760 --> 00:10:02,920
one expand forward look up zone click edit and dot com right click edit am dot com and then click and

83
00:10:02,920 --> 00:10:12,440
you host a record and the new host window in the name text books cell type C dash as 3 are 1 and 2 the

84
00:10:12,710 --> 00:10:22,100
IP address window all type 172 dots extend of zero dot forty in my case and click Add host click OK

85
00:10:22,140 --> 00:10:30,840
and then click down and close DNS manager now we are ready for exercise to where we'll be deploying

86
00:10:30,850 --> 00:10:38,870
an enterprise subordinates see task one for this exercise is to install and configure ADC s on long

87
00:10:38,930 --> 00:10:46,070
as three are 1 along this 1 as we are 1 I'll click stratum click server manager and Lampley add draws

88
00:10:46,070 --> 00:10:54,800
and features I'll click next three times sound select server roll page sails select active directory

89
00:10:54,800 --> 00:11:03,710
cert services then when the a at rolls and features with displays I'll click add features and click

90
00:11:03,710 --> 00:11:12,800
next three times on this electoral services page I am sure the certification authority is selected tolerate

91
00:11:12,820 --> 00:11:20,890
it and then select certification authority web enrollment when the ad rolls and features with displays.

92
00:11:21,030 --> 00:11:29,280
I'll click ad features and then click next on the confirmed installation selection page I'll click install

93
00:11:29,280 --> 00:11:36,780
and all the installation progress page after installation is a successful I'll click configure active

94
00:11:36,780 --> 00:11:47,280
directory cert services on this destination source then I'll click next four times out on the private

95
00:11:47,280 --> 00:11:57,270
key page child ensure that create and use private key is selected and again leak next three times then

96
00:11:57,270 --> 00:12:04,470
on the certificate request page I'll ensure that surface certificate request to file on the target machine

97
00:12:04,470 --> 00:12:12,300
is selected and then click next on the C database page I'll click next and on the confirmation page

98
00:12:12,330 --> 00:12:16,350
I'll click configure and or the results page challenge no.

99
00:12:16,350 --> 00:12:25,420
Ignore the Warren message and click close Tusk to for this exercise where we have to install a subordinate

100
00:12:25,430 --> 00:12:35,440
C certificate so long as we are one I'll open a file explorer and browse to a local disk see right click

101
00:12:35,590 --> 00:12:45,250
rootsy Dodd sir file and then click install certificate and in the certificate import result click local

102
00:12:45,250 --> 00:12:52,840
machine and then click next on the certificate store page I'll click Place all certificates in the following

103
00:12:52,840 --> 00:12:54,940
store and then click browse.

104
00:12:55,090 --> 00:13:02,680
Select trusted root certificate of sources authorities click okay and click next and then click finish

105
00:13:03,030 --> 00:13:11,700
when the certificate import Vizard window appear resale click Okay enter the file explorer window I'll

106
00:13:11,740 --> 00:13:25,930
select the edit on my route see Dot CRL and see a dash as we are 1 underscore datum rootsy see CRT files

107
00:13:26,470 --> 00:13:34,300
right click the files and then click corporate double click on it play out pop and double click dub

108
00:13:34,360 --> 00:13:45,730
dub dub en route then click a new folder and then name it sort data based layer to corporate files into

109
00:13:45,730 --> 00:13:56,230
that folder then I'll switch to local disk C and track all right click long as we are one dot a datum

110
00:13:56,260 --> 00:14:09,110
dot com underscore a datum that this long dashes we are one dash C dot req file and then click corporate

111
00:14:09,670 --> 00:14:18,310
enter in the file explorer address borrowed time backslash backslash seed Dash is free one does see

112
00:14:18,320 --> 00:14:26,000
a dollar character and then press enter and in the file explorer window or right click on them to space

113
00:14:26,030 --> 00:14:39,140
and then click paste make sure that the request file corpus to this folder switch to the C as C is as

114
00:14:39,140 --> 00:14:46,730
we are one of sort or enter the certificate authority console out right click a data Maruti C point

115
00:14:46,850 --> 00:14:55,640
all task and then click click submit your request then I'll open a request file window navigate to local

116
00:14:55,640 --> 00:15:07,490
C drive click the launch sphere one dot Iraq file and then click open the certification sorry to console

117
00:15:07,520 --> 00:15:15,380
I'll click the band and request container and right click band and request and then click refresh and

118
00:15:15,500 --> 00:15:25,810
the details Spain L right click the request with idea to point to all tasks and then click issue and

119
00:15:26,260 --> 00:15:34,250
enter the certification authority console I'll click the issue certificates container in the details

120
00:15:34,260 --> 00:15:42,370
pay and I'll double click left certificate click the details tab and then click copied to file in the

121
00:15:42,370 --> 00:15:50,070
certificate export visa to the welcome page I'll click Next down on the expert file format page I'll

122
00:15:50,150 --> 00:16:01,790
look cryptographic message syntax standard or dot P 7 B file click include all certificates of the certification

123
00:16:01,790 --> 00:16:10,190
pass if possible and then click next on their filed two x per page show click browse enter the file

124
00:16:10,190 --> 00:16:17,520
name text books all type sub C click save click next click finish and then click Okay twice.

125
00:16:18,610 --> 00:16:27,610
And switch to lawn as we are one fountain server manager or click tools and then click certification

126
00:16:27,610 --> 00:16:30,530
authority and the certification authority.

127
00:16:30,530 --> 00:16:38,560
Council right click item issue and see point to all tasks and then click install says certificate.

128
00:16:38,800 --> 00:16:46,180
Go to a local C drive click the sub see a dot P so and B file and then click open.

129
00:16:46,210 --> 00:16:54,160
I'll wait for 15 20 minutes seconds and then all the toolbar click the green icon to start.

130
00:16:54,160 --> 00:17:01,660
This is Soros and ensure that this is successful this starts and switch to a smaller one.

131
00:17:02,710 --> 00:17:12,070
Shut down the server and finally task three where we have to publish a root C certificate through a

132
00:17:12,060 --> 00:17:13,170
group policy.

133
00:17:13,800 --> 00:17:20,580
So on long DC 1 and server manager I'll click tools and then click group policy management in group

134
00:17:20,580 --> 00:17:29,340
policy management council I'll expand for us expand demands expand a datum dot com right click default

135
00:17:29,340 --> 00:17:36,690
demand bolus and then click added and in the computer configuration note I'll expand policies expand

136
00:17:36,690 --> 00:17:45,300
vendors sentence security to certain public policies and the right click trusted route certification

137
00:17:45,300 --> 00:17:52,860
authorities and click import and then click next on the file to import page shall click browse sound

138
00:17:52,860 --> 00:18:02,310
to the file name text I'll type backslash backslash long dashes where one backslash C $ character and

139
00:18:02,310 --> 00:18:10,950
then press enter click their route C dot sir then click open then I'll click next two times and then

140
00:18:10,950 --> 00:18:20,600
click finish when the certificate import reserved window appear so click okay it might take 15 to 20

141
00:18:20,600 --> 00:18:29,930
seconds for this window to appear at last that will finish the demonstration steps for this slap where

142
00:18:29,930 --> 00:18:36,440
we've successfully deployed and configured to to see a hierarchy.