Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Creating Group Policy Objects: LAB 16-B

    Hochgeladen von

    Matt Datt
    59 Ansichten4 Seiten
    This document describes exercises for configuring group policy objects (GPOs) in a Windows Server 2012 domain. Exercise 16.5 involves modifying the default domain policy's password settings. Exercise 16.6 creates a new GPO called "Paris Sec Policy" and configures security settings for objects in the Paris OU, such as logon messages, renaming the guest account, and restricting access to removable storage, the command prompt, and registry editing tools. The effectiveness of the Paris GPO is then demonstrated by logging onto member servers.

    Originalbeschreibung:

    Originaltitel

    70-410-Lab16 Part B - Group Policy.docx

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    DOCX, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    This document describes exercises for configuring group policy objects (GPOs) in a Windows Server 2012 domain. Exercise 16.5 involves modifying the default domain policy's password settings. Exercise 16.6 creates a new GPO called "Paris Sec Policy" and configures security settings for objects in the Paris OU, such as logon messages, renaming the guest account, and restricting access to removable storage, the command prompt, and registry editing tools. The effectiveness of the Paris GPO is then demonstrated by logging onto member servers.

    Copyright:

    © All Rights Reserved
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    59 Ansichten4 Seiten

    Creating Group Policy Objects: LAB 16-B

    Hochgeladen von

    Matt Datt
    This document describes exercises for configuring group policy objects (GPOs) in a Windows Server 2012 domain. Exercise 16.5 involves modifying the default domain policy's password settings. Exercise 16.6 creates a new GPO called "Paris Sec Policy" and configures security settings for objects in the Paris OU, such as logon messages, renaming the guest account, and restricting access to removable storage, the command prompt, and registry editing tools. The effectiveness of the Paris GPO is then demonstrated by logging onto member servers.

    Copyright:

    © All Rights Reserved
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 4

    MOAC 70-410 - Installing and Configuring Windows Server 2012 Lab

    Manual

    LAB 16-B
    CREATING GROUP
    POLICY OBJECTS

    THIS LAB CONTAINS THE FOLLOWING EXERCISES AND ACTIVITIES:

    Exercise 16.5 Modifying Default Domain Policy

    Exercise 16.6 Creating and Configuring Group Policy Settings

    BEFORE YOU BEGIN

    The lab environment consists of three servers connected to a local area network, one
    of which is configured to function as the domain controller for a domain called
    HCTX.AE. The computers required for this lab are listed in Table 16-1.

    Table 16-1
    Computers Required for Lab 16
    Computer Operating System Computer Name
    Domain controller 1 Windows Server 2012 SVR-DC-A
    Member server 2 Windows Server 2012 SVR-MBR-B
    Member server 3 Windows Server 2012 SVR-MBR-C

    CIN 2003: Enterprise Services Page 1 of 4


    MOAC 70-410 - Installing and Configuring Windows Server 2012 Lab
    Manual

    Exercise 16.5 Modifying Default Domain Policy


    Overview To complete this exercise, Modify existing Default Domain Policy to
    set the Accounts related security settings

    Mindset How do I use a starter GPO to create additional GPOs?


    Completion time 10 minutes

    You are required to change the your organization password policy as follows

    1. Logon to SVR-DC-AX with the username hctx\administrator and password as


    Pa$$w0rd or Network0

    2. Open Group Policy Management, from Server Manager  Tools

    3. Expand your HCTX domain and click group policy object

    4. Right click Default Domain Policy and click edit.

    5. Expand Computer Configuration  Policies  Windows Settings  Security


    Settings  Account Policy  Password Policy

    a. Users are not allowed to use last 3 passwords (Enforce Password


    History)

    b. Users are required to change their password every 90 Days (Maximum


    Password Age)

    c. Password should have 8 characters (Minimum Password Length)

    d. After changing the password users are required to use this password for
    next three days before they could change the password again (Minimum
    Password Age)

    CIN 2003: Enterprise Services Page 2 of 4


    MOAC 70-410 - Installing and Configuring Windows Server 2012 Lab
    Manual

    Exercise 16.6 Creating and configuring Group Policy settings


    Overview Paris OU has their own defined security policy, you need to create a
    new group policy and link it on Paris OU.

    Completion time 10 minutes


    1. Paris management has agreed to implement following security settings for all the
    objects in Paris OU and you are required to create a new GPO and apply the
    required policy.
    2. Logon to SVR-DC-A as HCTX\Administrator with the password as Pa$$w0rd
    or Network0
    3. Open Group Policy Management, from Server Manager  Tools
    4. Expand your HCTX domain and right-click group policy object and create New
    GPO  name it as Paris Sec Policy
    5. Configure following security policy settings on Paris Sec Policy GPO.
    a. All users should notified about the Authorized access policy upon logon

    i. Title: This is a highly secured Domain, Only Authorized users are


    allowed
    (Interactive Logon: Message Title ….) - Computer
    Configuration  Policies  Windows Settings  Security
    Settings  Local Policies  Security Options

    ii. Logon: Unauthorized access will be legally penalized.


    (Interactive Logon: Message Text ….) - Computer
    Configuration  Policies  Windows Settings  Security
    Settings  Local Policies  Security Options

    b. All computers built-in Guest account has to be renamed to cin2003 for


    security reason.
    (Accounts: Rename Guest Account) - Computer Configuration 
    Policies  Windows Settings  Security Settings  Local Policies 
    Security Options.

    c. Users should not have access to Run Command


    (Remove run from start menu) - User Configuration  Policies 
    Administrative Templates  Start Menu and Taskbar

    d. Users are not allowed to use command prompt


    (Prevent Access to Command Prompt) - User Configuration  Policies
     Administrative Templates  System

    e. Users are not allowed to use the registry editor


    (Prevent Access to Registry Editing Tools) - User Configuration 
    Policies  Administrative Templates  System

    CIN 2003: Enterprise Services Page 3 of 4


    MOAC 70-410 - Installing and Configuring Windows Server 2012 Lab
    Manual

    f. Users are not allowed to use any removable storage devices like USB
    flash disk, etc.,
    (All Removable Storage Classes: Deny all Access) - User Configuration
     Policies  Administrative Templates  System  Removable
    Storage Access

    6. Demonstrate the effectiveness of the above policy by logging on to SVR-MBR-B


    and SVR-MBR-C

    CIN 2003: Enterprise Services Page 4 of 4

    Das könnte Ihnen auch gefallen