Title | 70-410-Lab16 Part B - Group Policy |
---|---|
Course | Access Network Technologies |
Institution | Universiti Putra Malaysia |
Pages | 4 |
File Size | 173.6 KB |
File Type | |
Total Downloads | 80 |
Total Views | 116 |
70-410-Lab16 Part B - Group Policy...
MOAC 70-410 - Installing and Configuring Windows Server 2012 Lab Manual
LAB 16-B CREATING GROUP POLICY OBJECTS
THIS LAB CONTAINS THE FOLLOWING EXERCISES AND ACTIVITIES: Exercise 16.5
Modifying Default Domain Policy
Exercise 16.6
Creating and Configuring Group Policy Settings
BEFORE YOU BEGIN The lab environment consists of three servers connected to a local area network, one of which is configured to function as the domain controller for a domain called HCTX.AE. The computers required for this lab are listed in Table 16-1. Table 16-1 Computers Required for Lab 16 Computer Domain controller 1
Operating System Windows Server 2012
Computer Name SVR-DC-A
Member server 2
Windows Server 2012
SVR-MBR-B
Member server 3
Windows Server 2012
SVR-MBR-C
CIN 2003: Enterprise Services
Page 1 of 4
MOAC 70-410 - Installing and Configuring Windows Server 2012 Lab Manual
Exercise 16.5 Modifying Default Domain Policy Overview
To complete this exercise, Modify existing Default Domain Policy to set the Accounts related security settings
Mindset
How do I use a starter GPO to create additional GPOs?
Completion time
10 minutes
You are required to change the your organization password policy as follows 1. Logon to SVR-DC-AX with the username hctx\administrator and password as Pa$$w0rd or Network0 2. Open Group Policy Management, from Server Manager Tools 3. Expand your HCTX domain and click group policy object 4. Right click Default Domain Policy and click edit. 5. Expand Computer Configuration Policies Windows Settings Security Settings Account Policy Password Policy a. Users are not allowed to use last 3 passwords (Enforce Password History) b. Users are required to change their password every 90 Days (Maximum Password Age) c. Password should have 8 characters (Minimum Password Length) d. After changing the password users are required to use this password for next three days before they could change the password again (Minimum Password Age)
CIN 2003: Enterprise Services
Page 2 of 4
MOAC 70-410 - Installing and Configuring Windows Server 2012 Lab Manual
Exercise 16.6 Creating and configuring Group Policy settings Overview
Paris OU has their own defined security policy, you need to create a new group policy and link it on Paris OU.
Completion time
10 minutes
1. Paris management has agreed to implement following security settings for all the objects in Paris OU and you are required to create a new GPO and apply the required policy. 2. Logon to SVR-DC-A as HCTX\Administrator with the password as Pa$$w0rd or Network0 3. Open Group Policy Management, from Server Manager Tools 4. Expand your HCTX domain and right-click group policy object and create New GPO name it as Paris Sec Policy 5.
Configure following security policy settings on Paris Sec Policy GPO. a. All users should notified about the Authorized access policy upon logon i. Title: This is a highly secured Domain, Only Authorized users are allowed (Interactive Logon: Message Title ….) - Computer Configuration Policies Windows Settings Security Settings Local Policies Security Options
ii. Logon: Unauthorized access will be legally penalized. (Interactive Logon: Message Text ….) - Computer Configuration Policies Windows Settings Security Settings Local Policies Security Options b. All computers built-in Guest account has to be renamed to cin2003 for security reason. (Accounts: Rename Guest Account) - Computer Configuration Policies Windows Settings Security Settings Local Policies Security Options. c. Users should not have access to Run Command (Remove run from start menu) - User Configuration Policies Administrative Templates Start Menu and Taskbar d. Users are not allowed to use command prompt (Prevent Access to Command Prompt) - User Configuration Policies Administrative Templates System e. Users are not allowed to use the registry editor (Prevent Access to Registry Editing Tools) - User Configuration Policies Administrative Templates System f.
Users are not allowed to use any removable storage devices like USB flash disk, etc.,
CIN 2003: Enterprise Services
Page 3 of 4
MOAC 70-410 - Installing and Configuring Windows Server 2012 Lab Manual
(All Removable Storage Classes: Deny all Access) - User Configuration Policies Administrative Templates System Removable Storage Access 6. Demonstrate the effectiveness of the above policy by logging on to SVR-MBR-B and SVR-MBR-C
CIN 2003: Enterprise Services
Page 4 of 4...