Managing Users and Computers with Group Policy 3

Lab 8

Managing Users

and Computers

with Group Policy

This lab contains the following projects and activities:

Project 8.1
Project 8.2
Project 8.3
Project 8.4 / Configuring Account Policies
Configuring Audit Policies
Configuring Folder Redirection
Enabling Disk Quotas
Lab Review Questions
Lab Challenge 8.1 / Creating a Fine-Grained Password Policy
Post-Lab Cleanup
Project 8.1 / Configuring Account Policies
Overview / Some departments in your company require a 14-character password for user accounts. You want to ensure that users are required to use 14-character passwords. Furthermore, you need to address the issue that the security consultants identified concerning account lockout. The security consultants were able to run a password cracker on your network without locking out a single user account. You want to ensure that anyone attempting to gain access to a user account by trying different passwords is locked out.
Outcomes / After completing this exercise, you will know how to:
Configure a domain-wide password policy.
Configure a domain-wide account lockout policy.
Completion time / 20 minutes
Precautions / During this exercise, you will be switching back and forth between the odd- and even-numbered computers. When you switch from one computer to another, it is important that you remain on that computer for the steps that follow until you are instructed to switch again.
Question 1 / MSPress#1 is a nine-character password. Why are you not required to use a 14-character password?
Question 2 / Are you able to log on with a password that has fewer than 14 characters?
Question 3 / What happened after you clicked OK?
Question 4 / Does this password work? What does this teach you about password policy inheritance?
Question 5 / What happens to the Lab8User1 account?
Question 6 / Are you able to log on using the correct password?
Project 8.2 / Configuring Audit Policies
Overview / The security consultants found that confidential files were not monitored for hacking attempts. You want to configure auditing of all confidential files.
Outcomes / After completing this exercise, you will know how to:
Configure auditing of the Windows file system.
Completion time / 30 minutes
Precautions / This exercise will be performed on both computers. When you perform this exercise on the odd-numbered computer, you will be working with the Group Policy Management MMC snap-in. When you perform this exercise on the even-numbered computer, you will be working with the local group policy by opening the Group Policy Object Editor on the even-numbered computer.
Project 8.3 / Configuring Folder Redirection
Overview / Many of the production users in your company have important files stored in their My Documents folders. You want to redirect all of the mobile users' documents to a central location to facilitate backup.
Outcomes / After completing this exercise, you will know how to:
Configure folder redirection.
Completion time / 15 minutes
Precautions / During this exercise, you will be switching back and forth between the odd- and even-numbered computers. When you switch from one computer to another, it is important that you remain on that computer for the steps that follow until you are instructed to switch again.
Question 7 / Do you see a folder named Lab8User1?
Question 8 / Is the Documents folder for Lab8User1 redirected?
Project 8.4 / Enabling Disk Quotas
Overview / You are concerned that users are saving too much data to the servers on your network. You want to enable disk quotas as a possible solution for the problem.
Outcomes / After completing this exercise, you will know how to:
Enable disk quotas.
Completion time / 30 minutes
Precautions / N/A

Lab Review Questions

Completion time / 15 minutes

1. In your own words, describe what you learned during this lab.

2. When you create a GPO to implement a new password policy, where must you link the GPO to have the policy affect Active Directory domain accounts?

3. If you want to configure auditing on domain controllers, where must you create and link a GPO or modify an existing GPO?

4. Which items can you redirect under Folder Redirection in Group Policy?

5. If you configure the Reset Account Lockout Counter After setting to 0, what does this mean?

LAB CHALLENGE 8.1 / CONFIGURE A FINE-GRAINED PASSWORD POLICY
Overview / Management has decided that the 14-character domain-wide password policy is too stringent and should be reduced to 8 characters. However, all members of the Domainxx.local\Domain Admins group need to have a 14-character password.
Outcomes / After completing this exercise, you will know how to:
Modify a domain-wide password policy.
Configure a Fine-Grained Password policy.
Completion time / 20 minutes
Precautions / If you skip Lab Challenge 8.1, you must complete the Post-Lab Cleanup activities before continuing to Lab B.
Post-Lab Cleanup
Overview / The following cleanup activities must be performed before moving on to Lab B.
Completion time / 15 minutes