Docstoc

Lab Exercise - Download Now DOC

Document Sample
Lab Exercise - Download Now DOC Powered By Docstoc
					Network Administration-Intermediate                                                Page: 1 of 3
Lab exercise                                                                      June 3, 2010

Group Policies.
Group Policy is administered through the use of Group Policy Objects, data
structures that are attached in a specific hierarchy to selected Active
Directory Objects, such as Sites, Domains, or Organizational Units. These
GPOs, once created, are applied in a standard order: LSDOU, which stands
for (1) Local, (2)Site, (3)Domain, (4)OU, with the later policies being
superior to the earlier applied policies. Quiz material!!! LSDOU

When a computer is joined to a domain with the Active Directory and Group Policy
implemented, a local Group Policy Object is processed. Note that LGPO policy is
processed even when the Block Policy Inheritance option has been specified.

Local Group Policy Objects are processed first, and then domain policy. If a
computer is participating in a domain and a conflict occurs between domain and local
computer policy, domain policy prevails. However, if a computer is no longer
participating in a domain, local Group Policy object is applied.
Lab Exercise
Refer to your Mastering W2K3 Chapter 9, pp. 735-795 book for further reference.
Note which settings are Computer Configuration Settings and which ones are User
Configuration Settings.

1. On the File Server/Domain Controller, browse to:
   http://www.microsoft.com/windowsserver2003/technologies/management/grouppolicy/default.mspx
2. Download the Group Policy Management Console (GPMC) Service Pack 1
3. Install the GPMC onto the Domain Controller
4. After installation is complete, click Start->Programs->Administrative Tools-
    >Group Policy Management Console
5. Expand the trees by clicking the plus signs. Find the Domain Controllers OU.
    Best practice, right mouse click on the Domain Controllers OU and select Block
    Policy Inheritance. This prevents any policy settings from applying to objects
    within this container.
6. Open Active Directory Users and Computers.
7. Open the Users folder. Find the Administrator account, right mouse click and
    move this account into the Domain Controllers OU. This will prevent any Group
    Policy User Configuration settings from applying to the Administrator account.
8. In the GPMC, right Click on the Group Policy Objects folder and select New.
9. Name the Policy yourlastname_policy. ie. Teske_Policy
10. Right click on the policy just created and select Edit. This will display the Group
    Policy Object Editor (GPOE). Make the following policy setting changes.
11. Enable Always wait for the network at computer startup and logon
     This policy tells XP boxes to wait for the network, therefore network policies
        can be applied.
         Computer Configuration->Administrative Templates->System-
            >Logon->
                a. Set Always wait for network at computer startup and logon
                   to be enabled. Read the description for this setting thoroughly.
2. Turn on auditing (success and failure) for the all events except process tracking
         Computer Configuration->Windows Settings->Security Settings-
            >Local Policies->Audit Policy
3. Set your limits on the Event view
         Computer Configuration->Windows Settings->Security Settings-
            >Event Log

                                 Verify if this is the current
                                      Check Master at
                              http://network.nwtc.edu/mteske
Network Administration-Intermediate                                      Page: 2 of 3
Lab exercise                                                            June 3, 2010

          This will allow your event logs domain wide to grow or overwrite older
           events as needed.
                a. Maximum Application, Security and System log should be set to
                   2048kb
                b. Retention method for Application, Security, and System log should
                   be to overwrite events as needed.
4. Set an Interactive Logon Message text for users to be: Welcome to Lab
         Computer Configuration->Windows Settings->Security Settings-
           >Local Policies->Security Options->Interactive logon.
5. Set a Message Title for the Interactive Logon: Welcome to NWTC.
         Computer Configuration->Windows Settings->Security Settings-
           >Local Policies->Security Options->Interactive Logon
6. Set your domain to not require CTRL+ALT+DELETE to logon
         Computer Configuration->Windows Settings->Security Settings-
           >Local Policies->Security Options->Interactive Logon
7. In Active Directory Users and Computers, move your workstation from the
    computers folder to the Sale_OU
         Click on the Computers Folder in Active Directory
         Right Mouse click on your Computer and select Move
         Select the Sale_OU
In the GPMC, create a group policy in the GPO Folder
SALE_COMPUTER_POLICY
         Right click on this object and Click Edit
8. Rename guest account to TEMP
         Computer Configuration->Windows Settings->Security Settings-
           >Local Policies->Security Options
9. Rename administrator account to Sale_ADM->MAKE SURE YOU DOCUMENT!!!
         Computer Configuration->Windows Settings->Security Settings-
           >Local Policies->Security Options
10. Audit all account and logon events
         Computer Configuration->Windows Settings->Security Settings-
           >Local Policies->Audit Policy
11. Disable the Computer Browser Service
         Computer Configuration->Windows Settings->Security Settings-
           >System Services->Computer Browser
                a. Check Define this policy
                b. Select Disabled
12. In the Group Policy Objects Folder, create Sale_User_Policy and edit.
13. In the User configuration, make the following configuration settings
14. Force IE home page of http://www.google.com
         User Configuration->Windows Settings->Internet Explorer
           Maintenance->URLs->Important Urls->Home page URL
                a. Check Customize Home Page URL
                b. Type http://www.google.com
15.User Configuration->Windows Settings->Internet Explorer Maintenance-
    >URLs->Favorites and Links
         Click Add URL
                a. Name: Teskes Network Specialist Site
                b. URL: http://network.nwtc.edu
16. Prohibit Access to Control Panel
         User Configuration->Administrative Templates->Control Panel
                a. Double click on Prohibit and check enabled.

                               Verify if this is the current
                                    Check Master at
                            http://network.nwtc.edu/mteske
Network Administration-Intermediate                                        Page: 3 of 3
Lab exercise                                                              June 3, 2010

17. Once all three policies are created, the next step is to link these GPO’s to their
    respective containers. Right Mouse click on the Sale_OU and select Link an
    Existing GPO and select the Sale_Computer_Policy.
18. Repeat for the Sale_User_Policy
19. Right click on the domain object, ie..teske.local and link the Lastname_policy.
20. Log on to your workstation with a User from the Sale_OU and verify the settings.
21. Now Log on from a User that is not from the Sale_OU. Are the settings still
    present?
22.On the server, refer to step 16 and undo the Prohibit access to control panel
23. At the workstation, bring up a command prompt. Start->Run->CMD
24. At the command prompt, type: gpupdate /force
         This forces the policy to be updated
         Type gpupdate /?
         Note the options, you may update either user or computer
           configuration at different intervals.
25. Log out of your workstation and log back in. Can you now get into Control Panel
26. Review additional policy settings. Review Mastering Windows 2003 Chapter 9,
    page 735-795 for quiz




                               Verify if this is the current
                                    Check Master at
                            http://network.nwtc.edu/mteske

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:24
posted:6/3/2010
language:English
pages:3