Download - Unit8
Objectives
Configure Account Policies
Configure Audit Policies
Enable Disk Quotas
Requirements
Active Directory Installed on the odd numbers computer
The second server installed as a member server. Configuration Summary
Textbook Reference Role Domain
RWDCxx (Odd-numbered computers) Domain Controller (DC) lastname.local
RWDCyy (Even-numbered computers) Member Server lastname.local
SCDCxx (Server Core Installation) Domain Controller (DC) lastname.local
NOTE: RWDCzz Means perform these steps on the parent and child Procedure Complete Project 8-1, as described. Include a screenshot after part A step 6 The following screenshots are related to project 8.1-Part-A. At first I am logged on as default Administrator on my domain controller with domain soi.local.
COMP2017 Server Administration
Unit #8: Managing Users and Computers with GPO
Name:____Aryan_Soi__________________
A GPO named as PwdPoll was created and linked to the OU Marketing and Password Policy – Minimum Password Length was defined.
Supply Answer to question 1, 2 in lab manual on page 138. Include screen shot after part B step 1 Answer question 5, 6 on page 139. The following screenshot(relevant to project 8.1-Part-B) clearly illustrates setting of Account Lockout Threshold policy in the PwdPoll GPO linked to the OU Marketing in my domain so.local.
Complete Project 8-2, as described. Include a screenshot demonstrating the configured audit policies and event created. The following screenshot relevant to Project-8.2 illustrates logged on as user Administrator and I have also created a folder called ConfidentialFiles in the C-drive root:
The following screenshot clearly indicates configuration of type of Auditing for the folder ConfidentialFiles:
A GPO called Audit1 was created and linked to the OU Domain Controllers in domain soi.local and in this GPO, the Audit Policy – Audit Object Access was configured as shown below:
To test the configured audit policies, users – Lab8User1 and Lab8User2 were created and I logged on with these users in my domain controller with domain soi.local and I accessed the files in the folder ConfidentialFiles in the C-drive root. The following screenshots illustrates the events created:
******************************
Review Questions
1) When you create a GPO to implement a new password policy, where must you link the GPO to have the policy affect Active Directory domain accounts?
Ans: By creating and linking a GPO to implement a new password policy at
the domain-level, all Active Directory domain accounts will be affected. All
OUs that do not have the Block Inheritance setting enabled will inherit the
new password policy as well.
2) What does the Reset Account Lockout Counter After setting do? Ans. The ‘Reset Account Lockout Counter After’ setting resets the counter which has locked the user account after certain number of failed logon attempts. The reset is done after the number of minutes (as defined in this setting) elapsed.