70-410-Lab16 Part B - Group Policy PDF

Preview

Summary

70-410-Lab16 Part B - Group Policy...

Description

MOAC 70-410 - Installing and Configuring Windows Server 2012 Lab Manual

LAB 16-B CREATING GROUP POLICY OBJECTS

THIS LAB CONTAINS THE FOLLOWING EXERCISES AND ACTIVITIES: Exercise 16.5

Modifying Default Domain Policy

Exercise 16.6

Creating and Configuring Group Policy Settings

BEFORE YOU BEGIN The lab environment consists of three servers connected to a local area network, one of which is configured to function as the domain controller for a domain called HCTX.AE. The computers required for this lab are listed in Table 16-1. Table 16-1 Computers Required for Lab 16 Computer Domain controller 1

Operating System Windows Server 2012

Computer Name SVR-DC-A

Member server 2

Windows Server 2012

SVR-MBR-B

Member server 3

Windows Server 2012

SVR-MBR-C

CIN 2003: Enterprise Services

Page 1 of 4

MOAC 70-410 - Installing and Configuring Windows Server 2012 Lab Manual

Exercise 16.5 Modifying Default Domain Policy Overview

To complete this exercise, Modify existing Default Domain Policy to set the Accounts related security settings

Mindset

How do I use a starter GPO to create additional GPOs?

Completion time

10 minutes

You are required to change the your organization password policy as follows 1. Logon to SVR-DC-AX with the username hctx\administrator and password as Pa$$w0rd or Network0 2. Open Group Policy Management, from Server Manager  Tools 3. Expand your HCTX domain and click group policy object 4. Right click Default Domain Policy and click edit. 5. Expand Computer Configuration  Policies  Windows Settings  Security Settings  Account Policy  Password Policy a. Users are not allowed to use last 3 passwords (Enforce Password History) b. Users are required to change their password every 90 Days (Maximum Password Age) c. Password should have 8 characters (Minimum Password Length) d. After changing the password users are required to use this password for next three days before they could change the password again (Minimum Password Age)

CIN 2003: Enterprise Services

Page 2 of 4

MOAC 70-410 - Installing and Configuring Windows Server 2012 Lab Manual

Exercise 16.6 Creating and configuring Group Policy settings Overview

Paris OU has their own defined security policy, you need to create a new group policy and link it on Paris OU.

Completion time

10 minutes

1. Paris management has agreed to implement following security settings for all the objects in Paris OU and you are required to create a new GPO and apply the required policy. 2. Logon to SVR-DC-A as HCTX\Administrator with the password as Pa$$w0rd or Network0 3. Open Group Policy Management, from Server Manager  Tools 4. Expand your HCTX domain and right-click group policy object and create New GPO  name it as Paris Sec Policy 5.

Configure following security policy settings on Paris Sec Policy GPO. a. All users should notified about the Authorized access policy upon logon i. Title: This is a highly secured Domain, Only Authorized users are allowed (Interactive Logon: Message Title ….) - Computer Configuration  Policies  Windows Settings  Security Settings  Local Policies  Security Options

ii. Logon: Unauthorized access will be legally penalized. (Interactive Logon: Message Text ….) - Computer Configuration  Policies  Windows Settings  Security Settings  Local Policies  Security Options b. All computers built-in Guest account has to be renamed to cin2003 for security reason. (Accounts: Rename Guest Account) - Computer Configuration  Policies  Windows Settings  Security Settings  Local Policies  Security Options. c. Users should not have access to Run Command (Remove run from start menu) - User Configuration  Policies  Administrative Templates  Start Menu and Taskbar d. Users are not allowed to use command prompt (Prevent Access to Command Prompt) - User Configuration  Policies  Administrative Templates  System e. Users are not allowed to use the registry editor (Prevent Access to Registry Editing Tools) - User Configuration  Policies  Administrative Templates  System f.

Users are not allowed to use any removable storage devices like USB flash disk, etc.,

CIN 2003: Enterprise Services

Page 3 of 4

MOAC 70-410 - Installing and Configuring Windows Server 2012 Lab Manual

(All Removable Storage Classes: Deny all Access) - User Configuration  Policies  Administrative Templates  System  Removable Storage Access 6. Demonstrate the effectiveness of the above policy by logging on to SVR-MBR-B and SVR-MBR-C

CIN 2003: Enterprise Services

Page 4 of 4...