LOMBA KOMPETENSI SISWA

PENDIDIKAN MENENGAH
TINGKAT PROVINSI JAWA BARAT
TAHUN 2025

TEST PROJECT
MODUL C –WINDOWS ENVIRONMENT
IT NETWORK SYSTEMS ADMINISTRATION
Introduction
You are working as a system administrator for itnsa.id organization. This organization utilizes products from
Microsoft for providing resources and services. Meanwhile, Ansible is used as the open-source solutions for
automation purposes. As a good system administrator, you must be able to complete all of these tasks within
fixed time.

Main purpose of this test project is to provide services and resources like active directory for centralized
management, web service, file sharing, and automation using ansible. In addition, you must ensure all hosts
inside itnsa.id can access INET server. You don’t need to configure anything on INET, just leave it as it is.

On every host, except INET, there is one network adapter called Management. This network adapter will be
used for assessment or marking. DO NOT CHANGE OR MODIFY IT!

Normaly, you don’t NEED to access INET server because it’s already pre-configured, but if you need to access
INET server, use password P@ssw0rd

Credential Information

Windows
Username: User / Administrator
Password: P@ssw0rd2025

Linux
Username: root / user
Password: P@ssw0rd2025
Description of project and tasks
Basic Configuration
Configure hostname, FQDN and IP address on all hosts of itnsa.id refer to the information table and set
timezone to (UTC+07:00) Bangkok, Hanoi, Jakarta.

Active Directory
dc.itnsa.id
1. Configure initial domain controller (new forest) for itnsa.id domain
2. Join srv, fw, and workstation host to itnsa.id domain
3. Create the following organizational units (OU) inside itnsa.id domain:
a) Direksi
b) Manager
c) Karyawan
4. Create following AD groups inside their corresponding OU:
a) Direksi
b) Manager
c) Karyawan
5. Create AD users refer to the table below and make sure user doesn’t need to change their password at
logon:

Username Password Group OU

drs1-3 Skill39! Direksi Direksi

mng1-10 Skill39! Manager Manager

kyw1-100 Skill39! Karyawan Karyawan

Note:
drs1-3 means you must create drs1, drs2 and drs3. This applied to the other like mng1, mng2 until mng10
same as kyw1, kyw2, kyw3 until kyw100
6. All created domain users must use \\filesrv.itnsa.id\Home\%username% as their home drive and it must
be mapped into H:\ drive.
7. Configure group policy and name it as MAIN GPO to the prevent the welcome animation from appearing
on first login
DNS Service
dc.itnsa.id
1. Create DNS record refer to the table below:

Type Record Value

NS itnsa.id dc.itnsa.id

A dc.itnsa.id 172.16.0.1

A srv.itnsa.id 172.16.0.10

A fw.itnsa.id 172.16.0.254

CNAME www.itnsa.id srv.itnsa.id

CNAME private.itnsa.id srv.itnsa.id

CNAME filesrv.itnsa.id srv.itnsa.id

PTR 172.16.0.1 dc.itnsa.id

PTR 172.16.0.10 srv.itnsa.id

PTR 172.16.0.254 fw.itnsa.id

2. Set DNS root hint ONLY to IP address of INET server.

3. Set DNS forwarder ONLY to IP address of INET server.

Certificate Authority
dc.itnsa.id
1. Configure Enterprise Root CA for itnsa.id. Set common name to ITNSA-CA
2. Distribute Root CA certificate to all host inside itnsa.id site, excluding ansible-srv
3. Use certificate generated by this CA for securing any services that needs certificate
DHCP Service
fw.itnsa.id
1. Configure DHCP for itnsa.id clients with specification refer to the list below:
● Scope name: Internal
● Network: 172.16.0.0/24
● Range: 172.16.0.100 – 172.16.0.250
● Exclude: 172.16.0.200 – 172.16.0.210
● Default gateway: 172.16.0.254
● Default DNS: 172.16.0.1
● Default Domain: itnsa.id
● Duration: 1 days, 1 hours, 1 minutes
2. Make sure DHCP client can automatically register their hostname into domain zone of itnsa.id

File Service
srv.itnsa.id
1. Configure shared folder refer to the table below:

Share Name Directory Permission Description

Direksi R:\Shares\Direksi Direksi only Direksi group shared folder

Manager R:\Shares\Manager Manager only Manager group shared folder

Karyawan R:\Shares\Karyawan Karyawan only Karyawan group shared folder

Home R:\Shares\Home Domain Users Shared folder for home drive

2. Set quota to 100MB for each group shared folder and 50MB for home shared folder.
3. Prevent executable files like .bat and .ps1 from being saved on group and home shared folder.
 IIS Web Service
srv.itnsa.id
1. Each created website below must be secured with certificate signed by ITNSA-CA
2. Configure www.itnsa.id website with specification below:
● Set website root directory into R:\inetpub\www\
● Set website content to “Welcome to www.itnsa.id”
3. Configure private.itnsa.id website with specification below:
● Set website root directory into R:\inetpub\private\
● Set website content to “Private site of itnsa.id”
● Only Direksi and Manager group can access this website

Routing
fw.itnsa.id
1. Install Routing and Remote Access feature
2. Configure Routing feature to make fw can forward traffic from internal client of itnsa.id
3. Configure NAT to make traffic from itnsa.id to INET translated into public IP address of fw
4. After Routing & NAT configured, make sure workstation can access www.public.net

Ansible
ansible-srv
IP address, Ansible inventory, and other utility for automation inside ansible-srv already installed and
preconfigured. Your task is ONLY to create Ansible playbook for automate Windows Server. Ansible
configuration for connecting to Windows server and inventory with credentials already preconfigured on this
machine, you can check it on /etc/ansible directory. You can also modify any ansible configuration, except
inventory file defined on /etc/ansible/hosts. Create ansible playbook refer to the list below:

1. Create playbook /etc/ansible/install_features.yml to install NFS-Client and TFTP-Client features on all

hosts defined in the ansible inventory
2. Create playbook /etc/ansible/dns_record.yml to create a DNS record with type A on itnsa.id domain
zone. Use record and value as the variables for the playbook.
For example, creating test.itnsa.id record with value 172.16.0.1 can be done using this command :
# ansible-playbook /etc/ansible/dns_record.yml -e record=test -e value=172.16.0.1

Playbook executed...
 3. Create playbook /etc/ansible/shared_folder.yml to create shared folder on SRV. Use list of variables
below for the playbook:
● share_name for shared folder name.
● path for shared folder path.
● access for specify active directory user or group that has Read permission on shared folder.
● owner for specify active directory user or group that has Full permission on shared folder. This
variable is optional, so if it’s not defined, the created shared folder should NOT have any Full
permission given to active directory user or group.

For example, creating shared folder Test with path C:\Sharing\Test while Domain Users will have read permission
and Manager group have Full permission can be done using this command:
# ansible-playbook /etc/ansible/shared_folder.yml -e share_name=Test \
-e path='C:/sharing/test' \
-e access='"Domain Users"' \
-e owner='Manager'

Playbook executed...
Appendix
Topology Diagram

Information Table

Domai
Hostname FQDN IP Address Services n
Joined
Active
Ethernet0: 172.16.0.1/24
Directory,
dc dc.itnsa.id Yes
Management: 10.0.0.1/24 (preconfigured) Certificate
Authority, DNS
Ethernet0: 172.16.0.10/24 IIS Web
srv srv.itnsa.id Service, File Yes
Management: 10.0.0.2/24 (preconfigured)
Server
Ethernet0: 172.16.0.254/24

fw fw.itnsa.id Ethernet1: 192.1.1.1/24 DHCP, Routing Yes

Management: 10.0.0.3/24 (preconfigured)

Ethernet0: DHCP
workstation workstation.itnsa.id - Yes
Management: 10.0.0.4/24 (preconfigured)

ens192: 172.16.0.151/24 (preconfigured)

ansible-srv - Ansible No
Management: 10.0.0.151/24 (preconfigured)

Ethernet0: 192.1.1.100/24 (preconfigured) DNS, IIS Web

INET - No
Service