Creation of network drive via GPO Windows 2012

Creation of network drive via GPO Windows 2012

Within the server administrator select Tools and group policy management:  gpo01

  1. Appear the domain GPO.
  2. To create a new GPO from scratch, click right-click Group Policy objects, and select new: gpo02
  3. Do not select any source GPO. Clicking OK:gpo04
  4. Click the new GPO with the right button and select Edit… gpo09

Once inside the GPO editing should assign the network drive that users must mount, following the appropriate policies.

  1. Navigate to user configuration-> preferences-> settings on Windows-> drive mappings and edit unit that is assigned in the GPO by clicking on it with the right button and select properties: gpo10
  2. Select the location, the name with which you want to show unity, the letter that will be assigned and the user to be connected: gpo11

Creation of Active Directory

Using Active Directory, we will be able to create a management infrastructure of centralized resources, both in regards to user accounts, computer accounts, privileges or permissions in our Organization, all in a centralized way.

There are several services or roles related to Active Directory. The most important, no doubt, is going to allow the promotion of a server to domain controller. This will be the "Services of domain from Active Directory" (ADDS) role.

There are several services or roles related to Active Directory. The most important, no doubt, is going to allow the promotion of a server to domain controller. This will be the "Services of domain from Active Directory" (ADDS) role.

Let's look at the steps to define the Active Directory in our Organization.

Before promoting a server to domain controller we must be confident in assigning his name because, once installed and assigned domain controller you cannot switch, unless we previously despromocionemos this server.

If there is no other driver in our Organization, the above would be to lose the Active Directory database.

If there at least another domain controller in the domain, it could be such operations without fear of losing accounts and information.

To change the name of the computer we need to go to 'System' within 'Control Panel'.

If we are going to change the name to a domain controller (DC) an Assistant will appear for your despromocion (passage of Server CD to a normal server).

The DCPROMO command is not used for those who have worked with earlier versions of the Server, Windows Server 2012 already.

Assign the name to our server.

Once assigned the correct name, open "Server Manager" and go to "Add Roles and features":

Choose the features and roles-based Setup:

And choose the server on which to install the DA:

Select "Active Directory domain services" and continued:

It now shows us the features that you need to install to promote the server to domain controller (DC):

Then we it is reported the different requirements that are needed to install this role.

A summary of the tasks to be carried out will appear. We will give to "Install" and start the installation process.

The process will conclude with the DA installed, with their corresponding management console. Will be pending promote the server to CD. This option appears in the window of the domain controller installation or we can go to "Server Manager" and the AD DS tab select the server you want to promote.

Select "promote this server to domain controller" and will be shown us another window in which we will have to define in what location you will find our driver (new or existing forest) and if this driver is new in the domain or in an existing domain:

In our case, we will create a tree in a new forest.

We need to define the directory services restore mode password:

We invites you to indicate what functional level are going to give to our new domain in the forest.

This section is very important if we had other domains already installed in our Organization, i.e., domain controllers already existing, supported by versions of Windows Server earlier than Windows Server 2012.

Choose the functional level Windows Server 2012, gives advantages to using versions improved (latest) protocols (Kerberos) authentication and transport of data, among others. It will always be convenient to choose the highest functional level.

You can set independently of the domain and forest functional level. As we start a new forest, install both the forest and the domains in the higher functional level (Windows Server 2012).

We see that, by default, the Global catalog will be installed. The Global Catalog (GC) is the set of all the objects in an Active Directory (AD DS) domain services forest. A global catalog server is a domain controller that stores a full copy of all objects in the directory for your domain host and a partial copy of read-only for all objects in other domains in the forest. Global catalog servers respond to global catalog queries.

A global catalog server allows:

  • Search objects.
  • It provides authentication of the user principal name.
  • It validates a forest object references.
  • Provides information on the membership of universal groups in a multiple domain environment.

Then appears a window that will allow you to choose if we admit the DNS delegation. This option is available in the event that we had an active DNS server with the DNS delegation enabled, i.e., be allowed to have another additional server DNS enabled. In our case it is disabled.

He then asks us to indicate the NetBIOS name of the new domain. We see, although it would not be necessary to operate our network using these names, Windows Server 2012 still asking it to keep compatibility with older computers.

It will show the locations which will store the database of the domain, the log files folder and the folder SYSVOL.

These locations are modified even if there is no important reason they should leave in those locations.

NTDS folder

This folder is stored in the Data Base of the Active Directory, i.e., all the public attributes of the domain together with your records.


The NetLogon folder is maintained for compatibility with legacy clients

Windows NT4 / 98 going to find policies and "login script".

SYSVOL folder

The volume of the system (Sysvol) is a shared directory that stores the server copy of the public files of the domain that must be shared for common access and replication throughout a domain tasks.

The folder Sysvol on a controller of domain contains the following elements:

‐ Network login scripts: these tend to stay the scripts of login and the GPOs for computers network client.

Scripts logon user domain that uses the Active Directory administrator.

Windows group policy.

File replication service (FRS), folders, and files that must be available and synchronized between domain controllers.

‐ The description of volumes in the domain file systems.

This folder should not be 'never' manipulated or modified.

The NETLOGON and SYSVOL folders are folders shared so visible on the network and located on each domain controller. They must be always present, as if they were missing, users could not validated on the domain.

Once accepted these options, appears a window with choices.

It allows us to generate a "script" if we were willing to perform this function automatically in more servers, using the "PowerShell", i.e., by using commands.

Then, the system will check all the prerequisites. If all goes well, we will give to "Install". If you are missing setup, selecting the corresponding warning.

After completing the installation and reboot the system, the typical login screen will appear. You will have to enter the domain administrator account.

We will see now are two roles in "ServerManager" the of the DA (AD DS) and DNS:

The first thing is to see if everything works fine, if we have network and do not appear "critical errors" in the "Server Manager".

In the event that any service appeared in red, you should study what is the reason that causes it. "Event Viewer" is an option, although the "recommended procedures Analyzer" located in the same "Server Manager" recommended is a good tool to check demand and find the reason for the failure.

Installing the DHCP service

DHCP allows you to control the allocations of addresses from a central location, and therefore we can configure the DHCP server to assign IP addresses to a single or multiple subnets. In addition, the DHCP server can assign another IP configuration to clients automatically, i.e. not only management, but also other network configuration parameters.


We will install the DHCP server role on our first server.

Before you begin, you will have to disable the DHCP service of our router.

There should be more than 1 DHCP server in a same network segment. Failure to comply with this may result in one of the main attacks on a LAN.

Remember that on servers we never configure your DHCP, but way static (fixed) IP address.

Here are the steps to configure our DHCP server on the computer Server1:

The fastest way is from the "Server Manager" and then click the "Add roles and features" tab:

It will show us home a screen to add all and each one of the functions:

The first step will be the indicate the type of installation:

Select the first option: "Features or roles-based installation".

In the next step asks us where we want to install the service. In the available server.

Since we can install on your physical computer or a virtual hard disk, select which best suits your installation.

We continue and select the DHCP service, the box that must be activated is "DHCP Server".

An additional screen will indicate if any additional component is necessary.

In this case, is the administrative console of the DHCP service that we need to be installed, so we check the option and continue with the button "Add features".

An additional screen will indicate if any additional component is necessary.

In our case, it is not necessary to install any of these features, so we select "Next".

Now we only have to give the "Install" button to get you started the installation.

Once installation is complete we will only have to close the window and the DHCP service is installed.

In the Server Manager, we can see that added a new tab of the DHCP service and the "tools" tab will show the role of DHCP.

From the two sites we reach the administrative console of this service. But if we use the main console we also complete this service state information selected on the left.

The appearance of the console is as follows:

It appears in green so that the service is running properly on the server.

We could add more by clicking with right button on DHCP servers by selecting the "Add Server" option:

The DHCP server authorization

DHCP authorization is the process of registering the DHCP service in an Active Directory domain, with the purpose of supporting DHCP clients. DHCP authorization is only for DHCP servers running Windows Server 2012, 2008, 2003, and Windows 2000 Active Directory.

To authorize a DHCP server in Active Directory, follow the steps:

  1. Open the DHCP console.
  2. Select "Manage authorized servers…" the IPv4 node.
  3. We add to the DHCP server.
  4. To check it check it holds the green arrow in the icon of the server:

We have installed our server. Now we need to configure it according to the needs of our network.

A scope is a range of valid IP addresses that are available to assign to computers on a subnet (we'll talk about subnets because sometimes will be segments of a larger). Configure a scope on the DHCP Server to determine the Group of IP addresses that is assigned to the customer.

The scopes determine IP addresses that are assigned to clients. We can define and activate a scope until customers can use the DHCP server, i.e., we'll first define it and then activate it.

In addition, you can configure as many scopes on the DHCP server as we want or need in our network, although it will usually be one and we can always expand it if we stay without addresses.

To define a DHCP scope we will initiate the DHCP console and follow the following steps, we'll define a new field of IPv4 (New Scope):

It launches a Wizard for the creation of the area.

To define a DHCP scope we will initiate the DHCP console and follow the steps:

The range of addresses we want to grant is from the to As we see, in the subnet mask we have put ( that corresponds to the IP addresses of type C as our network.

We can make exclusions. In other words, we can define a range of addresses that shall not be assigned to any computer by the DHCP server. In this case the range of exclusions will be to

We give to next and the window appears to us to set the lease time:

Click next and invites us to define the DHCP options:

At this point we are asked the connection parameters that will be assigned to teams within this area, in particular: Gateway address, DNS, WINS, metric, etc.

Firstly our router address (where we leave to the Internet or to the following hierarchical network):

Second, the server or DNS servers that will need the equipment.

Now it is up to the WINS service. This service is very easy to install but it is usually not install unless you have old equipment that meet only (not for DNS) Netbios name

WINS is the Windows Netbios name resolution service. This service maintains a simple list of names of computers and their IP addresses, was used in the old networks with Windows 95 and Windows NT.

If you have or are going to have the WINS service in our Organization, we put the @ipaddr from our server, then click on "Add" to add it to the list and

Then we continue with the wizard in 'Next' which is activated the scope:

We already have our DHCP server configured and active: