Beruflich Dokumente
Kultur Dokumente
Administration
Group Policies
Last Updated: 11/13/2014 5:43 PM Version 2
Document Prepared for: Professor Lindstrom's Student
Overview
In this lab you will experiment with Group Policy Objects to discover the flexibility
and power of a central directory that can provide configuration directives for your
organizations infrastructure.
Setup
Start your pfsense, GUI, Win10 and Win8 computers.
Objectives
Edit the Default Domain Policy. This policy is effective for all computers in a
domain.
Steps
1. Using either the Active Directory Administration Center or PowerShell, create
a new Organizational Unit named GPO Demo OU.
PS Command: New-ADOrganizationalUnit -name "GPO Demo OU"
Craig Lindstrom 2013-2014 all rights reserved, use or duplication without permission is
prohibited.
1
Value
LogonName/SAM Account
Name
GPOUser
First name
GPO
Last Name
User
aaaa
Password options
1.
Craig Lindstrom 2013-2014 all rights reserved, use or duplication without permission is
prohibited.
2
Craig Lindstrom 2013-2014 all rights reserved, use or duplication without permission is
prohibited.
3
9. Create two more users in GPO Demo OU named Daydreamer, and EJFudd
with the password aaaa (make sure you clear the user must change
password at next logon box).
10.These accounts must be created before you can continue.
Objectives:
Steps
1. From your GUI server ping your other VMs
a. ping win10 What was the result? Yes
b. ping win8 What was the result? Yes
Craig Lindstrom 2013-2014 all rights reserved, use or duplication without permission is
prohibited.
4
Craig Lindstrom 2013-2014 all rights reserved, use or duplication without permission is
prohibited.
5
d. For this exercise we won't configure the other profiles but you would do
it the same way. When you are done it should look like this.
Craig Lindstrom 2013-2014 all rights reserved, use or duplication without permission is
prohibited.
6
c. The inbound rule wizard allows you to make rules several different
ways. You can create rules by program, port, predefined, or custom.
Craig Lindstrom 2013-2014 all rights reserved, use or duplication without permission is
prohibited.
7
Craig Lindstrom 2013-2014 all rights reserved, use or duplication without permission is
prohibited.
8
Objectives
Create a Policy that contains a restricted group to manage who can remote to
client computers and enables remote desktop on the client computers.
Steps
1) Add (or Verify) Domain Users group is a member of the RDClientAccess
group.
2) Create a new Group policy named Client Remote Desktop.
a) Add a Restricted Group
i) Navigate to Computer Configuration/Policies/Windows
Settings/Security Settings
ii) Right click on Restricted Groups select Add group.
iii) Enter Remote Desktop Users for the group (this is the group that grants
access permissions to remote desktop)
iv) In the Members of this group list add esage\RDClientAccess.
b) Make sure Remote access is turned on
Craig Lindstrom 2013-2014 all rights reserved, use or duplication without permission is
prohibited.
9
Objectives
Steps
1. The folder you shared in the storage lab will be used for folder redirection.
2. Edit the Default Domain Policy locate Folder Redirection Settings (User
configuration/Policies/Windows Settings/Folder
Redirection/Documents)
a. Modify the Documents properties (right click on the Documents node in
the tree and select properties)
b. On the Target tab configure as follows
i. Setting Basic
ii. Target folder location
1. Create a folder for each user under the root path
iii. Root path
1. \\gui\users
c. Close the Properties window. Say yes to the Warning.
d. Close the Policy Editor to save the updated policy.
Craig Lindstrom 2013-2014 all rights reserved, use or duplication without permission is
prohibited.
10
Objectives
Test policy
Steps
1. Download the file (from any VM)
http://classfiles.esage.com/labs/aws/GoogleChromeStandaloneEnterprise.msi
and save it to the software share on gui (\\gui\software)
2. Create a new GPO Named Software Installation.
3. Edit the policy to Create a user installation rule
a. Right click on Software Installation (Computer
Configuration/Policies/Software Settings/Software Installation) select
NewPackage
b. Browse to the install file IMPORANT: Make sure you browse to it
via the network share! (\\gui\software)
c. Select Assigned as the deployment method.
4. Link the policy to the Client Computers OU
5. Test the Policy
a. Restart the Win8 computer from gui use PowerShell
restart-computer win8 force
or from Win7
shutdown r
b. Wait a few minutes then log on to the Win7 chrome should be
installed. If it is not force the group policy to update.
Objectives
Craig Lindstrom 2013-2014 all rights reserved, use or duplication without permission is
prohibited.
11
Steps
1. Create another GPO named Exploring GPOs
2. Explore at least 3 other GPO settings. Describe what you discovered. Some
other Group Policy tasks include Link GPO, Delegate GPO, or Backup GPO.
There is lots to explore with GPOs. Also you can use these commands by
using Get-Command or Measure-Object
Objectives
Steps
1. From the GPO management tool right click on your ExploringGPOs policy and
Select Backup
2. Save your GPO in c:\GPOBackups (you will need to create the folder)
3. Explore c:\GPOBackups with the file explorer.
4. Zip up your backups GPOBackups folder
Deliverable
Upload this document & your GPOBackups.zip file with completed answers to
canvas.
Craig Lindstrom 2013-2014 all rights reserved, use or duplication without permission is
prohibited.
12