Extra Credit 1 - CYB 608 - Challenge #499 – Secure Roots: Domain Organization and Access Controls w/purpose, PDF

Preview

Summary

Challenge #499 – Secure Roots: Domain Organization and Access Controls w/purpose, lessons learned, steps taken, and screenshot...

Description

CYB 608 – Ethical Hacking Extra Credit – 1 10/20/2017

Purpose I did the first challenge (Secure Roots: Domain Organization and Access Controls) during week one, thinking the first lab assignment required two challenges to be completed. You told me I can submit it for extra credit, so I’m including it here. The purpose of that challenge was to familiarize us with Windows group policy. This lesson familiarized me more with three different applications that dealt with group policy, including Group Policy Management, Active Directory Users and Computers, and Server Manager.

Lessons Learned I learned a lot about Windows Group Policy doing challenge #499. I was real stuck at a couple points. Everything had to be perfect before the objectives would register. Windows Server has really great tools that are a must-know as a network administrator, so I’m glad I picked that challenge because I’m now more familiar with the tools. The tools I’m referring to I listed above in ‘Purpose’ – Group Policy Management, Active Directory Users and Computers, And Server Manager. I’ve always known about the advanced security tab when you right-click on folders, but now I’m much more familiar with how to use everything it has to offer an admin.

Challenge #499 – Secure Roots: Domain Organization and Access Controls

Domain Controller VM Start -> Administrative Tools -> Group Policy Management Forest: ad.daswebs.com -> Domains -> ad.daswebs.com I right-clicked on ad.daswebs.com, and select “New Organizational Unit”. I named it Accounting and selected okay. I did it again for Human Resources. Start -> Administrative Tools -> Active Directory Users and Computers I clicked on Users, then dragged and dropped Brimlock Stones to Accounting and Sergio Chanel to Human Resources.

Start -> Administrative Tools -> Server Manager Roles -> Active Directory Domain Services -> Active Directory Users and Computers -> ad.daswebs.com -> Users I right-clicked Users and selected New -> Group, typed “HRsec”, and clicked okay (leaving Group Type as Security). I did the same for “Accountingsec”. I moved the HRsec security group I just created to the Human Resources folder and the Accountingsec security group to the Accounting folder. It took me forever to figure out why it wasn’t registering. Turns out it’s because they weren’t in these folders. I double-clicked on Accountingsec under Account, clicked on the Members tab, then added Brimlock Stones. I did the same for HRsec with Sergio Chanel. Start -> Administrative Tools -> Group Policy Management Edit DasGroup GPO Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Autoplay Policies From here I enabled the option “Turn off AutoPlay” and selected “CD-ROM and removable media drives” from the drop-down menu. Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Security Options From here I selected “Interactive logon: Do not display last user name” and enabled it. For the last step, I opened Windows Explorer and went to the root of C drive. From here, I right-clicked on the Accounting folder, clicked the Security tab, clicked Continue, clicked Add, typed HRsec, and selected Check Names. I then clicked okay. After that, I denied Read and Write access. This way HRsec

does not have read or write privileges with the Accounting folder on C drive’s root. I did the same for the HRsec folder with Accounting....