Project Type: Windows Server | File Sharing | Hybrid Lab Management
Skill Level: Beginner–Intermediate
Lab Platform: Hyper-V + VMware + Windows Server 2022
Why I Built This
Day 4 of my 10-day hands-on IT lab series focuses on simulating real-world help desk scenarios involving file access and permissions troubleshooting. This lab helps build skills to manage shared folders, configure NTFS permissions, and resolve access issues across departments. The goal is to strengthen my understanding of permissions management and simulate practical, everyday IT tasks.
In this day, I used PowerShell to configure folder permissions, shared resources across multiple departments, and simulated help desk issues related to folder access.
Lab Setup Overview
| Component | Details |
|---|---|
| Hypervisor | Hyper-V (Main Hypervisor) |
| VMware Platform | VMware Workstation Pro |
| Domain Name | wired.com |
| Subnet | 192.168.1.0/24 |
| DC IP Address | 192.168.1.10 (Static) |
| Client DNS | 192.168.1.10 (Domain Controller) |
| New Clients | FL-CLI1-W10 (Windows 10 on VMware) |
Step-by-Step Breakdown
Phase 1: Create Department Shared Folders
- Log in to NYC-DC1 (your main file server + DC).
- Create the following shared folder paths:
- Ensure the folders are set up under C:\Shared.
Phase 2: Share Each Folder
- Right-click each folder > Properties > Sharing tab > Advanced Sharing.
- Set up the following sharing settings:
| Folder | Share Name | Permissions |
|---|---|---|
| IT | IT | Allow: Everyone = Full Control (temporary) |
| HR | HR | Allow: Everyone = Full Control (temporary) |
| Sales | Sales | Allow: Everyone = Full Control (temporary) |
Note: This is to ensure the share works. Real control will come from NTFS permissions.
Phase 3: Configure NTFS Permissions (Security Tab)
- Right-click each folder > Properties > Security tab > Edit.
- Remove “Everyone” and add the appropriate department group (or users as fallback):
| Folder | NTFS Access |
|---|---|
| IT | Add: IT OU Users or Group = Full Control |
| HR | Add: HR OU Users or Group = Modify |
| Sales | Add: Sales OU Users or Group = Read Only |
Note: If groups aren’t created, you can manually add users like HR-User1 or Sales-User3 for now.
Phase 4: Simulate and Resolve Permission Issues
- Log in to each department user via FL-CLI1 (or NYC-CLI1).
- Examples:
- HR-User3 should be able to open \NYC-DC1\HR and save a file.
- Sales-User3 should NOT be able to write into \NYC-DC1\Sales.
- Simulate Help Desk Issues:
- Temporarily remove NTFS write access from HR and try saving a file → simulate a ticket.
- Add access back → show the fix.
- Test Sales User: Try to open \NYC-DC1\IT — they should be denied (correct configuration).
Key Problems Solved
- File Sharing Configuration: Ensured shared folders were properly set up and accessible.
- Permissions Management: Correctly configured NTFS and sharing permissions to meet departmental requirements.
- Help Desk Simulation: Practiced troubleshooting permissions issues, mimicking a real-world help desk ticket scenario.
Troubleshooting Tips
- GPO Not Applying?
- Check Windows Firewall and ensure GPO settings can apply.
- Use gpresult /r to identify missing or applied policies.
- Can’t Access Shared Folder?
- Ensure NTFS permissions are correctly configured.
- Verify the shared folder exists and is correctly mapped.
What I Learned
- File Access Management: The importance of NTFS permissions in controlling access to shared folders.
- PowerShell for Permissions: How to quickly configure permissions across multiple folders using PowerShell.
- Simulating Help Desk Tasks: Understanding how to troubleshoot and resolve permissions issues in a timely manner.
What’s Next?
In Day 5, I will focus on:
- Deploying virtual printers via Group Policy.
- Setting up remote tools for IT support and troubleshooting.
- Testing remote management and support tools like PowerShell remoting and RDP.
- Capturing screenshots of printer configurations and remote sessions for blog documentation.
Stay tuned as I explore printer deployment and remote troubleshooting techniques!
Follow the Journey
This blog post is part of my Real-World IT Lab in 10 Days series. Stay tuned for Day 5 where I will dive into virtual printer deployment and remote management.
Follow me on LinkedIn for more updates and insights!
Leave a Reply